Mile2 C)PTE Certified Penetration Testing Engineer (self-study + esame)
Descrizione corso
Un Certified Penetration Testing Engineer immagina tutti i modi in cui un hacker può penetrare in un sistema di dati. Dovete andare oltre ciò che avete imparato come Ethical Hacker, perché il pen testing esplora modi tecnici e non tecnici di violare la sicurezza per ottenere l’accesso a un sistema. Il corso Mile2 C)PTE Certified Penetration Testing Engineer si basa su metodi pratici e comprovati, utilizzati dal gruppo internazionale di consulenti sulle vulnerabilità di Mile2.
In questo corso imparerete i 5 elementi chiave del Penetration Testing: raccolta di informazioni, scansione, enumerazione, sfruttamento e reporting. Inoltre, scoprirete le ultime vulnerabilità e le tecniche che gli hacker utilizzano per acquisire e distruggere i dati. Infine, imparerete a conoscere le competenze aziendali necessarie per identificare le opportunità di protezione, giustificare le attività di test e ottimizzare i controlli di sicurezza in base alle esigenze aziendali, al fine di ridurre il rischio d’impresa.
Questo prodotto è un’ottima soluzione per l’autoapprendimento rivolta, inoltre, a chi ha bisogno di acquisire le conoscenze necessarie per sostenere con competenza l’esame associato.
Module 1 – Business and Technical Logistics of Pen Testing
- Section 1 – What is Penetration Testing?
- Section 2 – Today’s Threats
- Section 3 – Staying up to Date
- Section 4 – Pen Testing Methodology
- Section 5 – Pre-Engagement Activities
Module 2 – Information Gathering Reconnaissance- Passive (External Only)
- Section 1 – What are we looking for?
- Section 2 – Keeping Track of what we find!
- Section 3 – Where/How do we find this Information?
- Section 4 – Are there tools to help?
- Section 5 – Countermeasures
Module 3 – Detecting Live Systems – Reconnaissance (Active)
- Section 1 – What are we looking for?
- Section 2 – Reaching Out!
- Section 3 – Port Scanning
- Section 4 – Are there tools to help?
- Section 5 – Countermeasure
Module 4 – Banner Grabbing and Enumeration
- Section 1 – Banner Grabbing
- Section 2 – Enumeration
Module 5 – Automated Vulnerability Assessment
- Section 1 – What is a Vulnerability Assessment?
- Section 2 – Tools of the Trade
- Section 3 – Testing Internal/External Systems
- Section 4 – Dealing with the Results
Module 6 – Hacking Operating Systems
- Section 1 – Key Loggers
- Section 2 – Password Attacks
- Section 3 – Rootkits & Their Friends
- Section 4 – Clearing Tracks
Module 7 – Advanced Assessment and Exploitation Techniques
- Section 1 – Buffer Overflow
- Section 2 – Exploits
- Section 3 – Exploit Framework
Module 8 – Evasion Techniques
- Section 1 – Evading Firewall
- Section 2 – Evading Honeypots
- Section 3 – Evading IDS
Module 9 – Hacking with PowerShell
- Section 1 – PowerShell – A Few Interesting Items
- Section 2 – Finding Passwords with PowerShell
Module 10 – Networks and Sniffing
- Section 1 – Sniffing Techniques
Module 11 – Accessing and Hacking Web Techniques
- Section 1 – OWASP Top 10
- Section 2 – SQL Injection
- Section 3 – XSS
Module 12 – Mobile and IoT Hacking
- Section 1 – What devices are we talking about?
- Section 2 – What is the risk?
- Section 3 – Potential Avenues to Attack
- Section 4 – Hardening Mobile/IoT Devices
Module 13 – Report Writing Basics
- Section 1 – Report Components
- Section 2 – Report Results Matrix
- Section 3 – Recommendations
Detailed Lab Outline
Lab 1 – Introduction to Pen Testing Setup
- Section 1 – Recording IPs and Logging into the VMs
- Section 2 – Research
Lab 2 – Linux Fundamentals
- Section 1 – Command Line Tips & Tricks
- Section 2 – Linux Networking for Beginners
- Section 3 – Using FTP during a pentest
Lab 3 – Using tools for reporting
- Section 1 – Setting up and using magictree
Lab 4 – Information Gathering
- Section 1 – Google Queries
- Section 2 – Searching Pastebin
- Section 3 – Maltego
- Section 4 – People Search Using the Spokeo Online Tool
- Section 5 – Recon with Firefox
- Section 6 – Documentation
Lab 5 – Detecting Live Systems – Scanning Techniques
- Section 1 – Finding a target using Ping utility
- Section 2 – Footprinting a Target Using nslookup Tool
- Section 3 – Scanning a Target Using nmap Tools
- Section 4 – Scanning a Target Using Zenmap Tools
- Section 5 – Scanning a Target Using hping3 Utility
- Section 6 – Make use of the telnet utility to perform banner grabbing
- Section 7 – Documentation
Lab 6 – Enumeration
- Section 1 – OS Detection with Zenmap
- Section 2 – Enumerating a local system with Hyena
- Section 3 – Enumerating services with nmap
- Section 4 – DNS Zone Transfer
- Section 5 – LDAP Enumeration
Lab 7 – Vulnerability Assessments
- Section 1 – Vulnerability Assessment with SAINT
- Section 2 – Vulnerability Assessment with OpenVAS
Lab 8 – Software Goes Undercover
- Section 1 – Creating a Virus
Lab 9 – System Hacking – Windows Hacking
- Section 1 – System Monitoring and Surveillance
- Section 2 – Hiding Files using NTFS Streams
- Section 3 – Find Hidden ADS Files
- Section 4 – Hiding Files with Stealth Tools
- Section 5 – Extracting SAM Hashes for Password cracking
- Section 6 – Creating Rainbow Tables
- Section 7 – Password Cracking
- Section 8 – Mimikatz
Lab 10 – System Hacking – Linux/Unix Hacking
- Section 1 – Taking Advantage of Misconfigured Services
- Section 2 – Cracking a Linux Password
- Section 3 – Setting up a Backdoor
Lab 11 – Advanced Vulnerability and Exploitation Techniques
- Section 1 – Metasploitable Fundamentals
- Section 2 – Metasploit port and vulnerability scanning
- Section 3 – Client-side attack with Metasploit
- Section 4 – Armitage
Lab 12 – Network Sniffing/IDS
- Section 1 – Sniffing Passwords with Wireshark
- Section 2 – Performing MitM with Cain
- Section 3 – Performing MitM with sslstrip
Lab 13 – Attacking Databases
- Section 1 – Attacking MySQL Database
- Section 2 – Manual SQL Injection
Lab 14 – Attacking Web Applications
- Section 1 – Attacking with XSS
- Section 2 – Attacking with CSRF
Il pubblico principale del corso Mile2 C)PTE Certified Penetration Testing Engineer è costituito da:
- Pen Testers
- Security Officers
- Ethical Hackers
- Network Auditors
- Vulnerability assessors
- System Owners
- Cyber Security Engineers
Al termine del corso Mile2 C)PTE Certified Penetration Testing Engineer, l’allievo avrà una solida conoscenza delle procedure di test e reporting che lo preparerà a ricoprire ruoli di gestione superiore all’interno di un sistema di cybersecurity. Sarà in grado di sostenere con competenza l’esame C)PTE.
Per seguire con profitto il corso Mile2 C)PTE Certified Penetration Testing Engineer è consigliato essere in possesso dei seguenti prerequisiti:
- aver frequentato il corso Mile2 C)PEH Certified Professional Ethical Hacker o possedere conoscenze equivalenti
- 12 mesi di esperienza in ambito networking
- conoscenza di TCP/IP
- conoscenza di base di Linux
- esperienza nella gestione della security in ambienti Microsoft
Il materiale didattico è in lingua inglese
- libro
- video dove un istruttore vi guida attraverso il libro
- guida di preparazione all’esame
- simulazioni illimitate dell’esame
- esame di certificazione