Caricamento...
EC001

EC-Council Certified Ethical Hacker (CEHv10)

Prezzo

€ 3,500.00
(Iva esclusa)

Scheda tecnica

Scarica

Giorni

4.5 gg
Nell'iscrizione a calendario è incluso il Kit CEHv9 che comprende:
  • 2 student books
  • 1 lab manual
  • Accesso della durata di 1 anno alla piattaforma ASPEN per usare gli strumenti online di supporto alla formazione
  • 1 voucher per il relativo esame di certificazione con validità 1 anno
 
Questo corso permetterà agli studenti di lavorare in un ambiente interattivo dove verrà mostrato come eseguire scansioni, prove, attacchi e come rendere sicuri i propri sistemi.
L'ambiente di laboratorio offre ai partecipanti una conoscenza approfondita e un’esperienza pratica attraverso l’utilizzo dei principali e attuali sistemi di sicurezza. Gli studenti  potranno comprendere come  lavorano  i sistemi  di difesa perimetrali e vedere la scansione e l’attacco delle proprie reti.
Si acquisiranno le tecniche di intrusione, come fare privileges escalation e  quali  misure possono essere adottate per  garantire  la sicurezza del sistema. Si affronteranno inoltre argomenti quali:
Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows e Virus Creation.
Il corso è organizzato in una parte di aula con il docente e una parte in autoapprendimento. Il docente, all’inizio del corso, fornirà i dettagli delle parti da studiare in autoapprendimento.



Security officers; auditors; security professionals; site administrators; in generale a coloro che si occupano dell’integrità delle infrastrutture di rete.

Consigliati:

  • conoscenza del protocollo TCP / IP 
  • conoscenza base del sistema operativo Windows
  • conoscenza base del sistema operativo LINUX

Module 01: Introduction to Ethical Hacking

  • Essential Terminologies
  • Elements of Information Security
  • Authenticity and Non-Repudiation
  • The Security, Functionality, and UsabilityTriangle
  • Security Challenges
  • Effects of Hacking
  • Effects of Hacking on Business
  • What Does a Hacker Do?
  • Phase 1 - Reconnaissance
  • Reconnaissance e Types
  • Phase 2 - Scanning
  • Phase 3 – Gaining Access
  • Phase 4 – Maintaining Access
  • Phase 5 – Covering Tracks
  • Types of Attacks on a System
  • Op rating System Attacks
  • Application-Level Attacks
  • Shrink Wrap Code Attacks
  • Misconfiguration Attacks
  • Why Ethical Hacking is Necessary?
  • Defense in Depth
  • Scope and Limitations of Ethical Hacking
  • What Do Ethical Hackers Do?
  • Skills of an Ethical Hacker
  • Vulnerability Research
  • Vulnerability Research Websites
  • What is Penetration Testing?
  • Why Penetration Testing?
  • Penetration Testing Methodology

Module 02: Footprinting and Reconnaissance

  • Footprinting Terminologies
  • What is Footprinting?
  • Objectives of Footprinting
  • Footprinting Threats
  • Finding a company’s URL
  • Search for Company’s Information
  • Tools to Extract Company’s Data
  • Footprinting Through Search Engines
  • People Search
  • People Search Online Services
  • People Search on Social NetworkingServices
  • Footprinting Through Job Sites
  • WHOIS Lookup
  • WHOIS Lookup Result Analysis
  • Extracting DNS Information
  • DNS Interrogation Tools
  • Locate the Network Range
  • Traceroute
  • Traceroute Analysis
  • Traceroute Tools
  • Mirroring Entire Web site
  • Website Mirroring Tools
  • Mirroring Entire Website Tools
  • Extract Website Information fromhttp://www.archiv.org
  • Footprinting Google Hacking Techniques
  • What a Hacker Can Do With Google Hacking?
  • Google Advance Search Operators
  • Finding Resources using Google AdvanceOperator
  • Google Hacking Tool: Google HackingDatabase (GH  B)
  • Google Hacking Tools
  • Additional Footprinting Tools
  • Footprinting Countermeasures
  • Footprinting Pen Testing

Module 03: Scaning Networks

  • Network Scanning
  • Types of Scanning
  • hacking for Live Systems - IC
  • Ping Sweep
  • Ping Sweep Tools
  • Three-Way Handshake
  • TCP Communication Flags
  • Create Custom Packet using TCP Flags 
  • Scanning techniques
  • TCP Connect / Full Open Scan
  • Stealth Scan (Half-open Scan)
  • Xmas Scan
  • FIN Scan
  • NULL Scan
  • IDLE Scan
  • ICMP Echo Scanning/List Scan
  • SYN/FIN Scanning Using IP Fragments
  • UDP Scanning
  • Inverse TCP Flag Scanning
  • ACK Flag Scanning
  • Scanning: IDS Evasion Techniques
  • IP Fragmentation Tools
  • Scanning Tool: Nmap
  • Scanning Countermeasures
  • OS Fingerprinting
  • Active Banner Grabbing Using Telnet
  • Banner Grabbing Tool: ID Serve
  • GET REQUESTS
  • Banner Grabbing Tool: Netcraft
  • Banner Grabbing Tools
  • Banner Grabbing Countermeasures: Disablingor Changing Banner
  • Hiding File Extensions
  • Hiding File Extensions from Webpages
  • Vulnerability Scanning
  • Vulnerability scanning Tool: Nessus
  • Network Vulnerability Scanners
  • Network Mappers
  • Proxy Servers
  • Why Attackers Use Proxy Servers?
  • Use of Proxies for Attack
  • HTTP Tunneling Techniques
  • Why do I need HTTP Tunneling?
  • SSH Tunneling
  • Spoofing IP Address
  • IP Spoofing Countermeasures
  • Scanning Pen Testing

Module 04: Enumeration

  • What is Enumeration?
  • Techniques for Enumeration
  • Netbios Enumeration
  • Enumerating User Accounts
  • Enumerate Systems Using Default Passwords
  • SNMP (Simple Network Management Protocol)Enumeration
  • Management Information Base (MIB)
  • SNMP Enumeration Tools
  • SMTP Enumeration
  • SMTP Enumeration Tool: NetScanTools Pro
  • DNS Zone Transfer Enumeration Usingnslookup
  • Enumeration Countermeasures
  • SMB Enumeration Countermeasures
  • Enumeration Pen Testing

Module 05: System Hacking

  • Information at Hand Before System HackingStage
  • System Hacking: Goals
  • CEH Hacking Methodology (CHM)
  • Password Cracking
  • Password Complexity
  • Password Cracking Techniques
  • Types of Password Attacks
  • Passive Online Attacks: Wire Sniffing
  • Password Sniffing
  • Passive Online Attack: Man in-the-Middleand Replay Attack
  • Active Online Attack: Password Guessing
  • Active Online Attack:Trojan/Spyware/Keylogger
  • Active Online Attack: Hash InjectionAttack
  • Rainbow Attacks: Pre-Computed Hash
  • Distributed Network Attack
  • Non-Electronic Attacks
  • Default Passwords
  • Manual Password Cracking (Guessing)
  • Automatic Password Cracking Algorithm
  • How Hash Passwords are Stored in WindowsSAM?
  • What is LAN Manager Hash?
  • LM “Hash” Generation
  • LM, NTLMv1, and NTLMv2
  • NTLM Authentication Process
  • Kerberos Authentication
  • Cain & Abel
  • Password Cracking Tools
  • LM Hash Backward Compatibility
  • How to Disable LM HASH?
  • How to Defend against Password Cracking?
  • Implement and Enforce Strong SecurityPolicy
  • Privilege Escalation
  • Escalation of privileges
  • Privilege Escalation Tools
  • How to Defend against PrivilegeEscalation?
  • Executing Applications
  • Keylogger
  • Spyware
  • What Does the Spyware Do?
  • How to Defend against Keyloggers?
  • How to Defend against Spyware?
  • Rootkits
  • Types of Rootkits
  • How Rootkit Works?
  • Detecting Rootkits
  • Steps for Detecting Rootkits
  • How to Defend against Rootkits?
  • NTFS Data Stream
  • What is Steganography?
  • Steganography Techniques
  • How Steganography Works?
  • Why Cover Tracks?
  • Covering Tracks
  • Ways to Clear Online Tracks
  • System Hacking Penetration Testing 

Module 06: Trojans and Backdoors

  • What is a Trojan?
  • Overt and Covert Channels
  • Purpose of Trojans
  • What Do Trojan Creators Look For?
  • Indications of a Trojan Attack
  • How to Infect Systems Using a Trojan?
  • Wrappers
  • Different Ways a Trojan can Get into aSystem
  • How to Deploy a Trojan?
  • Evading Anti-Virus Techniques
  • How to Detect Trojans?
  • Scanning for suspicious Ports
  • Scanning for suspicious Processes
  • Process Monitoring Tool: What's Running
  • Process Monitoring Tools
  • Scanning for Suspicious Registry Entries
  • Registry Entry Monitoring Tools
  • Scanning for Suspicious Device Drivers
  • Scanning for Suspicious Windows Services
  • Scanning for Suspicious Startup Programs
  • Scanning for Suspicious Files and Folders
  • Scanning for Suspicious Network Activities
  • Trojan Countermeasures
  • Backdoor Countermeasures
  • Pen Testing for Trojans and Backdoors

Module 07: Viruses and Worms

  • Introduction to Viruses
  • Stages of Virus Life
  • Working of Viruses: Infection Phase
  • Working of  Viruses: Attack Phase
  • Why Do People Create Computer Viruses?
  • Indications of Virus Attack
  • How does a Computer get Infected byViruses?
  • Transient and Terminate and Stay ResidentViruses
  • Computer Worms
  • How is a Worms Different from a Virus?
  • Anti-Virus Sensors Systems
  • Malware Analysis Procedure
  • Compression and Decompression Tool: UPX
  • Process Monitoring Tools: Process Monitor
  • Debugging Tool: Ollydbg
  • Online Malware Testing:
  • Virus Total
  • Online Malware Analysis Services
  • Virus Detection Methods
  • Virus and Worms Countermeasures
  • Anti-virus Tools
  • Penetration Testing for Virus

Module 08: Sniffers

  • Lawful Intercept
  • Benefits of Lawful Intercept
  • Network Components Used for Lawful Intercet
  • Wiretapping
  • Sniffing Threats
  • How a Sniffer Works?
  • Hacker Attacking a Switch
  • Types of Sniffing: Passive Sniffing
  • Types of Sniffing: Active Sniffing
  • Protocols vulnerable to Sniffing
  • Tie to Data Link Layer in OSI Model
  • Hardware Protocol Analyzers
  • SPAN Port
  • MAC Flooding
  • MAC Address/CAM Table
  • How CAM Works?
  • What Happens When CAM Table is Full?
  • Mac Flooding Switches with macof
  • MAC Flooding Tool: Yersinia
  • How to Defend against MAC Attack ?
  • How DHCP Works?
  • DHCP Request/Reply Messages
  • IPv4 DHCP Packet Format
  • What is Address Resolution Protocol (ARP)?
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work?
  • Threats of ARP Poisoning
  • ARP Poisoning Tool: Cain and Abel
  • ARP Poisoning Tool: Ettercap
  • How to Defend Against ARP Poisoning? Use Dand Dynamic ARP Inspection
  • MAC Spoofing/Duplicating
  • Spoofing Atta k Threats
  • MAC Spoofing Tool: SMAC
  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Sniffing Tool: Tcpdump/Windump
  • How an Attacker Hacks the Network UsingSniffers?
  • How to Defend Against Sniffing?
  • Sniffing Prevention Techniques
  • How to Detect Sniffing?

Module 09: Social Engineering

  • What is Social Engineering?
  • Behaviors Vulnerable to Attacks
  • Factors that Make Companies Vulnerable toAttacks
  • Why is Social Engineering Effective?
  • Warning Signs of an Attack
  • Phases in a Social Engineering Attack
  • Impact on the Organization
  • Command Injection Attacks
  • Common Targets of Social Engineering
  • Common Targets of Social Engineering:Office Workers
  • Types of Social Engineering
  • Human-Based Social Engineering
  • Technical Support Example
  • Authority Support Example
  • Human-based Social Engineering: DumpsterDiving
  • Computer-Based Social Engineering
  • Computer-Based Social Engineering: Pop-Ups
  • Computer-Based Social Engineering:Phishing
  • Insider Attack
  • Disgruntled Employee
  • Preventing Insider Threats
  • Common Intrusion Tactics and strategiesfor Prevention
  • Social Engineering Through Impersonationon Social Networking Sites
  • Social Engineering Example: LinkedInProfile
  • Social Engineering on Facebook
  • Social Engineering on Twitter
  • Risks of Social Networking to CorporateNetworks
  • Social Engineering Countermeasures:Policies
  • Social Engineering Countermeasures
  • Social Engineering Pen Testing
  • Social Engineering Pen Testing: UsingEmails
  • Social Engineering Pen Testing: UsingPhone
  • Social Engineering Pen Testing: InPerson 

Module 10: Denial of Service

  • What is a Denial of Service Attack?
  • What is Distributed Denial of ServiceAttacks?
  • How Distributed Denial of Service AttacksWork?
  • Symptoms of a DoS Attack
  • DoS Attack Techniques
  • Botnet
  • Botnet Propagation Technique
  • DoS/DDoS Countermeasure Strategies
  • Post-attack Forensics
  • Techniques to Defend against Botnets
  • DoS/DDoS Countermeasures
  • DoS/DDoS Protection at ISP Level
  • Denial of Service (DoS) Attack penetrationTesting

Module 11: Session Hijacking

  • What is Session Hijacking?
  • Dangers Posed by Hijacking
  • Why Session Hijacking is Successful?
  • Key Session Hijacking Techniques
  • Types of Session Hijacking
  • Session Hijacking in OSI Model
  • Application Level Session Hijacking
  • Session Sniffing
  • Predictable Session Token
  • How to Predict a Session Token?
  • Man-in-the-Middle Attack
  • Man-in-the-Browser Attack
  • Steps to Perform Man-in-the-Browser Attack
  • Client-side Attacks
  • Cross-site Script Attack
  • The 3-Way Handshake
  • Man-in-the-Middle Attack using PacketSniffer
  • Session Hijacking Tools
  • Countermeasures
  • Protecting against Session Hijacking
  • Session Hijacking Pen Testing

Module 12: Hijacking Webservers

  • Website Defacement
  • Why Web Servers are Compromised?
  • Impact of Webserver Attacks
  • Webserver Misconfiguration
  • Example
  • Directory traversal Attacks
  • Man-in-the-Middle Attack
  • Webserver Password Cracking
  • Webserver Password Cracking Techniques
  • Web Application Attacks
  • Webserver Attack Methodology
  • Information Gathering
  • Webserver Footprinting
  • Webserver Footprinting Tools
  • Mirroring a Website
  • Vulnerability Scanning
  • Session Hijacking
  • Hacking Web Passwords
  • Webserver Attack Tools
  • Metasploit
  • Metasploit Architecture
  • Metasploit Exploit Module
  • Metasploit Payload Module
  • Metasploit Auxiliary Module
  • Metasploit NOPS Module
  • Web Password Cracking Tool
  • THC-Hydra
  • Countermeasures
  • Patches and Updates
  • Protocols
  • Accounts
  • Files and Directories
  • How to Defend Against Web Server Attacks?
  • How to Defend against HTTP ResponseSplitting and Web Cache Poisoning?
  • Patches and Hotfixes
  • What is Patch Management?
  • Identifying Appropriate Sources forUpdates and Patches
  • Installation of a Patch
  • Patch Management Tool: Microsoft BaselineSecurity Analyzer (MBSA)
  • Patch Management Tools
  • Web Server Security Scanner: Wikto
  • Webserver Security Tools
  • Web Server Penetration Testing 

Module 13: Hacking Web Applications

  • Introduction to Web Applications
  • Web Appli ation Components
  • How Web Applications Work?
  • Web Attack Vectors
  • Unvalidated Input
  • Parameter/Form Tampering
  • Directory traversal
  • Security Misconfiguration
  • Injection Flaws
  • SQL Injection Attacks
  • Command Injection Attacks
  • Command Injection Example
  • File Injection Attack
  • Cross-Site Scripting (XSS) Attacks
  • How XSS Attacks Work?
  • Cross-Site Scripting Attack Scenario:Attack via Email
  • XSS Example: Attack via Email
  • XSS Example: Stealing Users' Cookies
  • XSS Example: Sending an UnauthorizedRequest
  • XSS Attack in Blog Posting
  • XSS Attack in Comment Field
  • XSS Cheat Sheet
  • Web Application Denial-of-Service (DoS)Attack
  • Denial of Service (DoS) Examples
  • Buffer Overflow Attack
  • Cookie/Session Poisoning
  • How Cookie Poisoning Works?
  • Web Services Architecture
  • Web Services Attack
  • Web Services Footprinting Attack
  • Web Services XML Poisoning
  • Footprint Web Infrastructure
  • Footprint Web Infrastructure: ServerDiscovery
  • Footprint Web Infrastructure: ServerIdentification/Banner Grabbing
  • Footprint Web Infrastructure: HiddenContent Discovery
  • Web Spidering Using Burp Suite
  • Hacking Web Servers
  • Analyze Web Applications
  • Analyze Web Applications: Identify EntryPoints for User Input
  • Analyze Web Applications: Identify Server-SideTechnologies
  • Analyze Web Applications: IdentifyServer-Side Functionality
  • Analyze Web Applications: Map the AttackSurface
  • Attack Authentication Mechanism
  • Username Enumeration
  • Password Attacks: Password FunctionalityExploits
  • Password Attacks: Password Guessing
  • Password Attacks: Brute-forcing
  • Cookie Exploitation: Cookie Poisoning
  • Authorization Attack
  • HTTP Request Tampering
  • Authorization Attack: Cookie ParameterTampering
  • Session Management Attack
  • Attacking Session Token GenerationMechanism
  • Attacking Session Tokens HandlingMechanism: Session Token Sniffing
  • Injection Attacks
  • Attack Data Connectivity
  • Connection String Injection
  • Connection String Parameter Pollution(CSPP) Attacks nection Pool DoS
  • Connection Pool DoS
  • Attack Web App Client
  • Attack Web Services
  • Web Application Hacking Tool: Burp SuiteProfessional
  • Encoding Schemes
  • How to Defend Against SQL InjectionAttacks?
  • How to Defend Against Command InjectionFlaws?
  • How to Defend Against XSS Attacks?
  • How to Defend Against DoS Attack?
  • How to Defend Against Web Services Attack?
  • Web Application Countermeasures
  • Web Application Pen Testing
  • Information Gathering
  • Authentication Testing
  • Session Management Testing
  • Authorization Testing
  • Data Validation Testing
  • Denial of Service Testing
  • Web Services Testing
  • AJAX Testing

Module 14: SQL Injection

  • SQL Injection Threat
  • What is SQL Injection?
  • SQL Injection Attacks
  • How Web Applications Work?
  • Server Side Technologies
  • SQL Injection Detection
  • SQL Injection Error Messages
  • SQL Injection Attack Characters
  • Additional Methods to Detect SQL Injection
  • SQL Injection Black Box Pen Te ting
  • Testing for SQL Injection
  • Types of SQL Injection
  • Simple SQL Injection Attack
  • Union SQL Injection Example
  • SQL Injection Error Based
  • What is Blind SQL Injection?
  • No Error Messages Returned
  • Blind SQL Injection: WAITFOR DELAY YES orNO Response
  • Blind SQL Injection – Exploitation (MySQL)
  • Blind SQL Injection - Extract DatabaseUser
  • Blind SQL Injection - Extract DatabaseName
  • Blind SQL Injection - Extract Column Name
  • Blind SQL Injection - Extract Data fromROWS
  • SQL Injection Methodology
  • Information Gathering
  • Extracting Information through ErrorMessages
  • Understanding SQL Query
  • Bypass Website Logins Using SQL Injection
  • Database, Table, and Column Enumeration
  • Advanced Enumeration
  • Features of Different DBMSs
  • Creating Database Accounts
  • Password Grabbing
  • Grabbing SQL Server Hashes
  • Extracting SQL Hashes (In a SingleStatement)
  • Transfer Database to Attacker’s Machine
  • Interacting with the operating system
  • Interacting with the FileSystem
  • SQL Injection Tools
  • SQL Injection Tools: BSQLHacker
  • Evading IDS
  • Types of Signature Evasion Techniques
  • Evasion Technique: Char Encoding
  • Evasion Technique: Obfuscated Codes
  • How to Defend Against SQL InjectionAttacks?
  • How to Defend Against SQL InjectionAttacks: Use Type-Safe SQL Parameters

Module 15: Hacking Wireless Networks

  • Wireless Networks

Module 16: Evading IDS, Firewalls, and Honeypots

  • Intrusion detection Systems (IDS) and itsPlacement
  • How IDS Works?
  • Ways to Detect an Intrusion
  • Types of Intrusion Detection Systems
  • System Integrity Verifiers (SIV)
  • General Indications of Intrusions
  • General Indications of System Intrusions
  • Firewall
  • Firewall Architecture
  • DeMilitarized Zone (DMZ)
  • Types of Firewall
  • Packet Filtering Firewall
  • Circuit-Level Gateway Firewall
  • Application-Level Firewall
  • Stateful Multilayer Inspection Firewall
  • Firewall Identification
  • Port Scanning
  • Firewalking
  • Banner Grabbing
  • Honeypot
  • Types of Honeypots
  • Intrusion Detection Tool
  • Snort
  • Snort Rules
  • Firewall: Sunbelt Personal Firewall
  • Firewalls
  • Evasion
  • Denial-of-Service Attack (DoS)
  • Obfuscating
  • Fragmentation Attack
  • Polymorphic Shellcode
  • ASCII Shellcode
  • Application-Layer Attacks
  • Bypass a Firewall using Proxy Server
  • Bypassing Firewall through ICMP TunnelingMethod
  • Bypassing Firewall through ACK TunnelingMethod
  • Bypassing Firewall through HTTP TunnelingMethod
  • Bypassing Firewall through External Systems
  • Bypassing Firewall through MITM Attacks
  • Countermeasures
  • Firewall/IDS Penetration Testing
  • Firewall Penetration Testing
  • IDS Penetration Testing

Module 17: Buffer Overflow

  • Buffer Overflows
  • Why are Programs And ApplicationsVulnerable?
  • Understanding Stacks
  • Stack-Based Buffer Overflow
  • Understanding Heap
  • Heap-Based Buffer Overflow
  • Stack Operations
  • Shellcode
  • No Operations (NOPs)
  • Knowledge Required to Program BufferOverflow Exploits
  • Buffer Overflow Steps
  • Attacking a Real Program
  • Format String Problem
  • Overflow using Format String
  • Smashing the Stack
  • Once the Stack is Smashed...
  • Simple Uncontrolled Overflow
  • Simple Buffer Overflow in C
  • Code Analysis
  • Exploiting Semantic Comments in C(Annotations)
  • How to Mutate a Buffer Overflow Exploit?
  • Identifying Buffer Overflows
  • How to Detect Buffer Overflows in aProgram?
  • BOU (Buffer Overflow Utility)
  • Testing for Heap Overflow Conditions:heap.exe
  • Steps for Testing for Stack Overflow inOllyDbg Debugger
  • Testing for Stack Overflow in OllyDbgDebugger
  • BoF Detection Tools
  • Defense Against Buffer Overflos
  • Preventing BoF Attacks
  • Programming Countermeasures
  • Data Execution Prevention (DEP)
  • /GS http://microsoft.com
  • BoF Security Tools
  • BufferShield
  • Buffer Overflow Penetration Testing

Module 18: Cryptography

  • Cryptograhy
  • Types of Cryptography
  • Public Key Infrastructure (PKI)
  • Certification Authorities
  • Digital Signature
  • SSL (Secure Sockets Layer)
  • Transport Layer Security (TLS)
  • Online MD5 Decryption Tool

Module 19: Penetration Testing

  • Introduction to Penetration Testing
  • Security Assessment
  • Vulnerability Assessment
  • Limitations of Vulnerability Assessment
  • Penetration Testing
  • Why Penetration Testing?
  • What Should be Tested?
  • What Makes a Good penetration Test?
  • ROI on Penetration Testing
  • Testing Points
  • Testing Locations
  • Types of Penetration Testing
  • External Penetration Testing
  • Internal Security Assessment
  • Black-box Penetration Testing
  • Grey-box Penetration Testing
  • White-box Penetration Testing
  • Announced /unannounced Testing
  • Automated Testing
  • Manual Testing
  • Common Penetration Testing Techniques
  • Using DNS Domain Name and IP AddressInformation
  • Enumerating Information about Hosts onPublicly-Available Networks
  • Phases of Penetration Testing
  • Pre-Attack Phase
  • Attack Phase
  • Activity Perimeter Testing
  • Enumerating Devices
  • Activity: Acquiring Target
  • Activity: Escalating Privileges
  • Activity: Execute, Implant, and Retract
  • Post-Attack Phase and Activities
  • Penetration Testing Deliverable Templates
  • Application Security Assessment
  • Web Application Testing - I
  • Web Application Testing - II
  • Web Application Testing - III
  • Network Security Assessment
  • Wireless/Remote Access Assessment
  • Wireless Testing
  • Telephony Security Assessment
  • Social Engineering
  • Testing Network-Filtering Devices
  • Denial of Service Emulation
  • Outsourcing Penetration Testing Services
  • Terms of Engagement
  • Project Scope
  • Pentest Service Level Agreements
  • Penetration Testing Consultants
  • Evaluating Different types of Pentest Tool
  • Application Security assessment Tool
  • Webscarab
  • Network Security Assessment Tool
  • Angry IP scanner
  • GFI LANguard

Il corso è propedeutico per i seguenti esami:

  • 312-50 - Certified Ethical Hacker
Sede Data P
Bologna 12/11/2018
Roma 19/11/2018
Milano 19/11/2018
Milano 28/01/2019