Duration

5 Days

Prerequisites

To ensure your success in this course, you should have:
Intermediate knowledge of information security concepts, including but not limited to identity and access management (IAM), cryptographic concepts and implementations, computer networking concepts and implementations, and common security technologies.
Practical experience in securing various computing environments, including small to medium businesses, as well as enterprise environments.

Audience:

Employees of federal, state and local governments; and businesses working with the government.

What You’ll Learn

After completing this course, you will be able to plan, conduct, analyze, and report on penetration tests, including the ability to…

  • Plan and scope penetration tests
  • Conduct passive reconnaissance
  • Perform non-technical tests to gather information
  • Conductive active reconnaissance
  • Analyze vulnerabilities
  • Penetrate networks
  • Exploit host-based vulnerabilities
  • Test applications Complete post-exploit tasks
  • Analyze and report pen test results

Outline

1 – PLANNING AND SCOPING PENETRATION TESTS

  • Introduction to Penetration Testing Concepts
  • Plan a Pen Test Engagement
  • Scope and Negotiate a Pen Test Engagement
  • Prepare for a Pen Test Engagement

2 – CONDUCTING PASSIVE RECONNAISSANCE

  • Gather Background Information
  • Prepare Background Findings for Next Steps

3 – PERFORMING NON-TECHNICAL TESTS

  • Perform Social Engineering Tests
  • Perform Physical Security Tests on Facilities

4 – CONDUCTING ACTIVE RECONNAISSANCE

  • Scan Networks
  • Enumerate Targets
  • Scan for Vulnerabilities
  • Analyze Basic Scripts

5 – ANALYZING VULNERABILITIES

  • Analyze Vulnerability Scan Results
  • Leverage Information to Prepare for Exploitation

6 – PENETRATING NETWORKS

  • Exploit Network-Based Vulnerabilities
  • Exploit Wireless and RF-Based Vulnerabilities
  • Exploit Specialized Systems

7 – EXPLOITING HOST-BASED VULNERABILITIES

  • Exploit Windows-Based Vulnerabilities
  • Exploit *nix-Based Vulnerabilities

8 – TESTING APPLICATIONS

  • Exploit Web Application Vulnerabilities
  • Test Source Code and Compiled Apps

9 – COMPLETING POST-EXPLOIT TASKS

  • Use Lateral Movement Techniques
  • Use Persistence Techniques
  • Use Anti-Forensics Techniques

10 – ANALYZING AND REPORTING PEN TEST RESULTS

  • Analyze Pen Test Data
  • Develop Recommendations for Mitigation Strategies
  • Write and Handle Reports
  • Conduct Post-Report-Delivery Activities