Penetration Testing Training: Tools and Techniques
Level: Intermediate
1990
In this Penetration Testing training course you learn how hackers compromise operating systems and evade antivirus software. You will learn to discover weaknesses in your own network by using the same mindset and methods as hackers. You then acquire the skills to test and exploit your defenses and implement countermeasures to reduce risk in your enterprise.
Key Features of this Penetration Testing Training:
After-course instructor coaching benefit
David Tech end-of-course exam included
You Will Learn How To:
Deploy ethical hacking to expose weaknesses in your organization
Gather intelligence by employing reconnaissance, published data, and scanning tools
Test and improve your security by compromising your network using hacking tools Protect against privilege escalation to prevent intrusions
Important Penetration Testing Course Information
Requirements
Experience with security issues at the level of:
Course Security +
Recommended Experience
Knowledge in TCP/IP concepts
Lab Bundle Available
Reinforce your pentesting skills with CYBRScore Lab Bundles: {course:e006}
Penetration Testing Course Outline
Introduction to Ethical Hacking
Defining a penetration testing methodology
Creating a security testing plan
Footprinting and Intelligence Gathering
Acquiring target information
Locating useful and relevant information
Scavenging published data
Mining archive sites
Scanning and enumerating resources
Identifying authentication methods
Harvesting e–mail information
Interrogating network services
Scanning from the inside out with HTML and egress busting Identifying Vulnerabilities
Correlating weaknesses and exploits
Researching databases
Determining target configuration
Evaluating vulnerability assessment tools
Leveraging opportunities for attack
Discovering exploit resources
Attacking with Metasploit
Attacking Servers and Devices to Build Better Defenses
Bypassing router Access Control Lists (ACLs)
Discovering filtered ports
Manipulating ports to gain access
Connecting to blocked services
Compromising operating systems
Examining Windows protection modes
Analyzing Linux/UNIX processes
Subverting web applications
Injecting SQL and HTML code
Hijacking web sessions by prediction and Cross–Site Scripting (XSS)
Bypassing authentication mechanisms
Manipulating Clients to Uncover Internal Threats
Baiting and snaring inside users
Executing client–side attacks
Gaining control of browsers
Manipulating internal clients
Harvesting client information Enumerating internal data Deploying the social engineering toolkit
Cloning a legitimate site
Diverting clients by poisoning DNS
Exploiting Targets to Increase Security
Initiating remote shells
Selecting reverse or bind shells
Leveraging the Metasploit Meterpreter
Pivoting and island–hopping
Deploying portable media attacks
Routing through compromised clients
Pilfering target information
Stealing password hashes
Extracting infrastructure routing, DNS and NetBIOS data
Uploading and executing payloads
Controlling memory processes Utilizing the remote file system
Testing Antivirus and IDS Security
Masquerading network traffic
Obfuscating vectors and payloads
Side–stepping perimeter defenses
Evading antivirus systems
Discovering stealth techniques to inject malware
Uncovering the gaps in antivirus protection Mitigating Risks and Next Steps
Reporting results and creating an action plan
Managing patches and configuration
Recommending cyber security countermeasures
Team Training
Penetration Testing Training FAQs
What is penetration testing?
Penetration testing tests a computer system, network or web app to make sure there are not any vulnerabilities that a potential attacker could use.
Can I take this Network Security course online?
Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.