Caricamento...
CAST611

CAST - Advanced Penetration Testing

Prezzo

€ 3,500.00
(Iva esclusa)

Scheda tecnica

Scarica

Giorni

5 gg
Il corso è Hands-On al 100%.
Il corso insegnerà come fare un test di sicurezza professionale e produrre la cosa più importante da un test: i risultati e la relazione.
Con l'avanzare del corso aumenterà il livello di difficoltà.
Ci saranno difese da sconfiggere e sfide da superare. Questa non sarà la tipica rete FLAT.
Si incontreranno le migliori difese di oggi e si impareranno le più recenti tecniche di evasione.
Il formato utilizzato si è dimostrato valido ed efficace ed è stato utilizzato per addestrare più di 1000 penetration tester a livello mondiale
 
Gli studenti, dopo la frequenza di questo corso avranno una profonda conoscenza delle seguenti aree:
  • Advanced Scanning methods
  • Attacking from the Web
  • Client Side Pen-testing
  • Attacking from the LAN
  • Breaking out of Restricted Environments
  • Bypassing Network-Based IDS/IPS
  • Privilege Escalation
  • Post-Exploitation

Nella quota di iscrizione al corso è incluso il voucher esame

    Il corso è rivolto a Information security professionals, Penetration Testers, IT managers, IT auditors


    Information gathering and OSINT
    • Nslookup
    • Dig
    • dnsenum
    • dnsrecon
    • dnsmap
    • reverseraider
    • Enumeration of DNS with fierce
    • Internet registrars and whois
    • Enumeration with the Harvester
    • ServerSniff
    • Google Hacking Database
    • metagoofil
    • Cloud Scanning with Shodan

    Scanning

    • Scanning with the Nmap tool
      • Scan for live systems
      • Scan for open ports
      • Identify services
      • Enumerate
      • Output the scanner results in an XML format for display
    • Scanning with autoscan
    • Scanning with Netifera
    • Scanning with sslscan
    • Scanning and Scripting with Hping3
    • Building a Target Database

    RANGE: Live Target Range Challenge Level One

    Enumeration

    • Enumerating Targets
    • Enumerating SNMP
    • Using the nmap scripting engine
    • Enumerating SMB
    • OS Fingerprinting

    Vulnerability Analysis

    • Vulnerability Sites
    • Vulnerability Analysis with OpenVAS
    • Vulnerability Analysis with Nessus
    • Firewalls and Vulnerability Scanners
    • Vulnerability Analysis of Web Applications
      • XSS
      • CSRF
      • SQL Injection
      • Others
    • Vulnerability Scanning with W3AF
    • Vulnerability Scanning with Webshag
    • Vulnerability Scanning with Skipfish
    • Vulnerability Scanning with Vega
    • Vulnerability Scanning with Proxystrike
    • Vulnerability Scanning with Owasp-zap

    RANGE: Live Target Range Challenge Level Two

    Exploitation

    • Exploit Sites
    • Manual Exploitation
      • Scanning the target
      • Identifying vulnerabilities
      • Finding exploit for the vulnerability
      • Prepare the exploit
      • Exploit the machine
    • Exploitation with Metasploit
      • Scan from within Metsaploit
      • Locate an exploit, and attempt to exploit a machine
    • Exploiting with Armitage
      • Scan from within Armitage
      • Managing targets in Armitage
      • Exploiting targets with Armitage
    • Exploitation with SET
      • Setup SET
      • Access compromised web site using Java attack vector
      • Gain user-level access to the latest Windows machines
      • Perform privilege escalation
      • Gain system-level access to the latest Windows machines
      • Extract data with scraper
      • Extract data with winenum
      • Analyze the pilfered data
      • Kill the antivirus protection

    Post Exploitation

    • Conduct local assessment
      • Conduct the scanning methodology against the machine
      • Identify vulnerabilities
      • Search for an exploit
      • Compile the exploit
      • Attempt to exploit the machine
      • Migrate the exploit to another process
      • Harvest information from an exploited machine
      • Capture and crack passwords
      • Copy files to and from an exploited machine

    RANGE: Live Target Range Challenge Four

    Data Analysis and Reporting

    • Compiling Data in MagicTree
      • Take tool output and store it in a usable form
    • Compiling Data in Dradis
      • Storing OpenVAS results
    • Developing a Professional Report
      • Identify the components of a report.
        • Cover Page
        • Table of Contents
        • Executive Summary
        • Host Table
        • Summary of findings
        • Detailed Findings
        • Conclusion
        • Appendices
    • Reviewing findings and creating report information
      • Conducting systematic analysis
        • Validation and verification
        • Severity
        • Description
        • Analysis/Exposure
        • Screenshot
        • Recommendation
    • Reviewing sample reports
    • Creating a custom report

    Advanced Techniques

    • Scanning against defenses
      • Routers
      • Firewalls
      • IPS
    • Exploitation through defenses
      • Source port configuration
    • Detecting Load Balancing
      • DNS
      • https
    • Detecting Web Application Firewalls
      • wafW00f
    • Evading Detection
      • Identifying the threshold of a device
      • Slow and controlled scanning
      • Obfuscated exploitation payloads
    • Exploit writing
      • Writing custom exploits
      • Exploit writing references

    Practical Phase One

    • External penetration testing

    Practical Phase two

    • External and Internal testing

    Practical Phase Three

    • Internal testing


    Sede Data P
    Milano 23/07/2018