Penetration Testing Training: Tools and Techniques

Level: Intermediate
1990

In this Penetration Testing training course you learn how hackers compromise operating systems and evade antivirus software. You will learn to discover weaknesses in your own network by using the same mindset and methods as hackers. You then acquire the skills to test and exploit your defenses and implement countermeasures to reduce risk in your enterprise.

Key Features of this Penetration Testing Training:

After-course instructor coaching benefit

David Tech end-of-course exam included

You Will Learn How To:

Deploy ethical hacking to expose weaknesses in your organization

Gather intelligence by employing reconnaissance, published data, and scanning tools

Test and improve your security by compromising your network using hacking tools Protect against privilege escalation to prevent intrusions

Important Penetration Testing Course Information

Requirements

Experience with security issues at the level of:

Course Security +

Recommended Experience

Knowledge in TCP/IP concepts

Lab Bundle Available

Reinforce your pentesting skills with CYBRScore Lab Bundles: {course:e006}

Penetration Testing Course Outline

Introduction to Ethical Hacking

Defining a penetration testing methodology

Creating a security testing plan

Footprinting and Intelligence Gathering

Acquiring target information

Locating useful and relevant information

Scavenging published data

Mining archive sites

Scanning and enumerating resources

Identifying authentication methods

Harvesting e–mail information

Interrogating network services

Scanning from the inside out with HTML and egress busting Identifying Vulnerabilities

Correlating weaknesses and exploits

Researching databases

Determining target configuration

Evaluating vulnerability assessment tools

Leveraging opportunities for attack

Discovering exploit resources

Attacking with Metasploit

Attacking Servers and Devices to Build Better Defenses

Bypassing router Access Control Lists (ACLs)

Discovering filtered ports

Manipulating ports to gain access

Connecting to blocked services

Compromising operating systems

Examining Windows protection modes

Analyzing Linux/UNIX processes

Subverting web applications

Injecting SQL and HTML code

Hijacking web sessions by prediction and Cross–Site Scripting (XSS)

Bypassing authentication mechanisms

Manipulating Clients to Uncover Internal Threats

Baiting and snaring inside users

Executing client–side attacks

Gaining control of browsers

Manipulating internal clients

Harvesting client information Enumerating internal data Deploying the social engineering toolkit

Cloning a legitimate site

Diverting clients by poisoning DNS

Exploiting Targets to Increase Security

Initiating remote shells

Selecting reverse or bind shells

Leveraging the Metasploit Meterpreter

Pivoting and island–hopping

Deploying portable media attacks

Routing through compromised clients

Pilfering target information

Stealing password hashes

Extracting infrastructure routing, DNS and NetBIOS data

Uploading and executing payloads

Controlling memory processes Utilizing the remote file system

Testing Antivirus and IDS Security

Masquerading network traffic

Obfuscating vectors and payloads

Side–stepping perimeter defenses

Evading antivirus systems

Discovering stealth techniques to inject malware

Uncovering the gaps in antivirus protection Mitigating Risks and Next Steps

Reporting results and creating an action plan

Managing patches and configuration

Recommending cyber security countermeasures

Team Training

Penetration Testing Training FAQs

What is penetration testing?

Penetration testing tests a computer system, network or web app to make sure there are not any vulnerabilities that a potential attacker could use.

Can I take this Network Security course online?

Yes! We know your busy work schedule may prevent you from getting to one of our classrooms which is why we offer convenient online training to meet your needs wherever you want. This course is available in class and live online.