 |
Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
 |
|
 |
| |
You Will Learn How To
- Deploy ethical hacking to expose weaknesses in your organisation and select countermeasures
- Gather intelligence by employing reconnaissance, published data and scanning tools
- Probe and compromise your network using hacking tools to test and improve your security
- Discover how malicious hackers exploit weaknesses to "own" the network
- Protect against privilege escalation to prevent intrusions
- Evade antivirus software, firewalls and IDS
Course Benefits
As network breaches become increasingly sophisticated, proactive defences are essential to counter malicious attacks. In this course, you learn to discover weaknesses in your network using the same mindset and methods as hackers. You acquire the knowledge to systematically test and exploit internal and external defences. You learn countermeasures and how to reduce risk to your enterprise.
Who Should Attend
Security consultants, Information Assurance auditors, firewall/IDS personnel, programmers, PCI security testers and others responsible for securing enterprise systems. Security knowledge at the level of Course 468, "System and Network Security Introduction", and strong TCP/IP experience is assumed.
Hands-on Training
Hands-on exercises model hacking methods and include:
- Preparing the hacker toolkit
- Executing advanced port scanning
- Linking vulnerabilities and exploits
- Determining the vulnerabilities of a network
- Performing injection attacks
- Predicting and hijacking Web sessions
- Luring clients to hostile servers
- Configuring and using the Metasploit Framework
- Defeating stateless firewalls, IDS and antivirus software
- Deploying rootkits
Course Content
- Defining a penetration testing methodology
- Creating a security testing plan
- Adhering to PCI standards
- Assembling the hacking tools
- Locating useful and relevant information
- Scavenging published data
- Mining archive sites
- Identifying authentication methods
- Analysing firewalls
- Harvesting e-mail information
- Interrogating network services
- Scanning from the inside out with HTML
- Researching databases
- Determining target configuration
- Evaluating Vulnerability Assessment tools
- Discovering exploit resources
- Attacking with Metasploit
- Discovering filtered ports
- Manipulating ports to gain access
- Connecting to blocked services
- Examining Windows protection modes
- Analysing Linux/UNIX processes
- Injecting SQL and HTML code
- Hijacking Web sessions by prediction and fixation
- Bypassing authentication mechanisms
- Poisoning DNS
- Executing Cross Site Scripting (XSS)
- Gaining control of browsers
- Harvesting client information
- Enumerating internal data
- Selecting reverse or bind shells
- Leveraging the Metasploit Meterpreter
- Attacking new victims
- Routing through compromised clients
- Forwarding and redirecting ports
- Stealing password hashes
- Extracting infrastructure routing, DNS and NetBIOS data
- Controlling memory processes
- Utilising the remote file system
- Obfuscating vectors and payloads
- Side-stepping perimeter defences
- Falsifying file headers to inject malware
- Discovering the gaps in antivirus protection
- Hooking API and system calls
- Controlling memory and execution with Direct Kernel Object Manipulation (DKOM)
- Reporting results and creating an action plan
- Managing patches and configuration
- Recommending defensive countermeasures
- Staying current with tools, trends and technology
|
|
|
|
|
|
| |
| Customer Service or Enrol: 0800 282 353 or +44 1372 364610 |
|
|
Print Friendly
E-mail a Colleague
Course PDF
Course FAQ
Home
