Certified Penetration Testing Consultant (CPTC)

We offer you the following benefits for this Mile2 course:

This e-learning includes an exam.

The material is accessible 365 days after activation.

The exam voucher is valid 365 days after activation.

The vendor neutral Certified Penetration Testing Consultantcourse is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific Penetration tests and techniques against operating systems.

This course will teach you the necessary skills to work as a penetration testing team, the exploitation process, how to create a buffer overflow against programs running on Window and Linux while subverting features such as DEP and ASLR.

This course will guide you through OWASP Top 10, teach you how to create shellcode to gain remote code execution, and understand and build different proof of concept code based on exploits pulled from exploit-db and testing using a debugger.

The course starts by explaining how to build the right penetration testing team, covers scanning with NMAP, leading into the exploitation process, a little fuzzing with spike to help guide our proof of concept code, writing buffer overflows, understanding OWASP, Linux stack smashing, Windows exploit protection and getting around those protection methods, a section on report writing, and capping off the course with a scenario that will improve your skills as a penetration testing team.

This course uses in-depth lab exercises after most modules. Students may spend 16 hours+ performing labs that emulate a real-world Pen Testing and exploit development.

This e-learning is in English

Doel

Upon completion, Certified Penetration Testing Consultant students will be able to both establish an industry acceptable pen testing processas well as be prepared to competently take the C)PTC exam.

Doelgroep

IS Security Officers, Cyber Security Managers/Admins, Penetration Testers, Ethical Hackers, Auditors

Voorkennis

Certified Penetration Testing Engineer (CPTE) – e-learning of vergelijkbare kennis.

C)PTE or equivalent knowledge

A minimum of 24 months experience in Networking Technologies

Sound knowledge of TCP/IP

Computer hardware knowledge

Fabian Klostermann

accountmanager

Onderwerpen

Module 1 – Pentesting Team Formation
Module 2 – NMAP Automation
Module 3 – Exploitation Process
Module 4 – Fuzzing with Spike
Module 5 – Simple Buffer Overflow
Module 6 – Stack Based Windows Buffer Overflow

Module 7 – Web Application Security and Exploitation
Module 8 – Linux Stack Smashing
Module 9 – Linux Address Space Layout Randomization
Module 10 – Windows Exploit Protection
Module 11 – Getting Around SEHand ASLR (Windows)
Module 12 – Penetration Testing Report Writing

Bekijk meer onderwerpenBekijk minder onderwerpen

Module 1 – Pentesting Team Formation
- Section 1 – Project Management
- Section 2 – Pentesting Metrics
- Section 3 – Team Roles, Responsibilities and Benefits
- Lab Exercise – Skills Assessment
Module 2 – NMAP Automation
- Section 1 – NMAP Basics
- Section 2 – NMAP Automation
- Section 3 – NMAP Report Documentation
- Lab Exercise – Automation Breakdown
Module 3 – Exploitation Process
- Section 1 – Purpose
- Section 2 – Countermeasures
- Section 3 – Evasion
- Section 4 – Precision Strike
- Section 5 – Customized Exploitation
- Section 6 – Tailored Exploits
- Section 7 – Zero Day Angle
- Section 8 – Example Avenues of Attack
- Section 9 – Overall Objective of Exploitation
Module 4 – Fuzzing with Spike
- Section 1 – Vulnserver
- Section 2 – Spike Fuzzing Setup
- Section 3 – Fuzzing a TCP Application
- Section 4 – Custom Fuzzing Script
- Lab Exercise – Fuzzing with Spike
Module 5 – Simple Buffer Overflow
- Section 1 – Exploit-DB
- Section 2 – Immunity Debugger
- Section 3 – Python
- Section 4 -ShellcodeLab Exercise – Let’s Crash and Callback
Module 6 – Stack Based Windows Buffer Overflow
- Section 1 – Debugger
- Section 2 – Vulnerability Research
- Section 3 – Control EIP, Control the Crash
- Section 4 – JMP ESP Instruction
- Section 5 – Finding the Offset
- Section 6 – Code Execution and Shellcode
- Section 7 – Does the Exploit Work?
- Lab Exercise – MiniShare for the Win

Module 7 – Web Application Security and Exploitation
- Section 1 – Web Applications
- Section 2 – OWASP Top 10 -2017
- Section 3 – Zap
- Section 4 – Scapy
Module 8 – Linux Stack Smashing
- Section 1 – Exploiting the Stack on Linux
- Lab Exercise – Stack Overflow. Did we get root?
Module 9 – Linux Address Space Layout Randomization
- Section 1 – Stack Smashing to the Extreme
- Lab Exercise – Defeat Me and Lookout ASLR
Module 10 – Windows Exploit Protection
- Section 1 – Introduction to Windows Exploit Protection
- Section 2 -Structured Exception Handling
- Section 3 – Data Execution Prevention (DEP)
- Section 4 – SafeSEH/SEHOP
Module 11 – Getting Around SEHand ASLR (Windows)
- Section 1 – Vulnerable Server Setup
- Section 2 – Time to Test it Out
- Section 3 -“Vulnserver” meets Immunity
- Section 4 – VulnServer Demo
- Lab Exercise – Time to overwrite SEH and ASLR
Module 12 – Penetration Testing Report Writing
- Section 1 – Reporting

Planning & Prijs

* *Een cursus met start gegarandeerd.
*Een cursus met valt onder de actie Summer Academy.

Alle prijzen zijn excl. BTW.

Wil je meer informatie ontvangen, een vrijblijvende offerte ontvangen of een brochure van deze cursus downloaden? Vul onderstaande gegevens in en je ontvangt de brochure of informatie binnen één werkdag.

Gerelateerde cursussen

Vervolgcursussen

Ervaringen

ervaringen verzameld via

"Training was prima, goede tips gekregen met af en toe een grap en grol. Locatie was prima, goed verzogd vwb koffie/thee, fruit en koekje. Mensen ook zeer vriendelijk. Lunch was perfect en zeer uitgebreid."

9

"De cursus was goed, en de verzorging ook!Ik heb er veel van opgestoken! De lokatie in Nieuwegein is goed te bereiken met het openbaar vervoer, dus dat is prettig. Tot een volgenden keer."

10

"Ik vond de training erg leerzaam. De inhoud was van een hoog niveau en de docent was goed thuis in de materie. Ik stel het vooral op prijs dat er diep op de concepten werd ingegaan."

9

Categorieën

Onderwerpen

Leveranciers

Prijs