Certified Penetration Testing Engineer Certification - C)PTE Course Outline

(5 Days)

Overview

COURSE OVERVIEW
The vendor neutral Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of Penetration Testing consultants.
The Certified Penetration Testing Engineer exam is taken online through Mile2’s Assessment and Certification System (

MACS

), which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions. The cost is $400 USD and must be purchased from Mile2.comElements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.

This course also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls to reduce risk associated to working with the internet. The student will be using the latest tools, such as Saint, Metasploit through Kali Linux and Microsoft PowerShell.
Mile2 goes far beyond simply teaching you to

Hack

. The C)PTE was developed around principles and behaviors used to combat malicious hackers and focuses on professional penetration testing rather than

ethical hacking

.
Besides utilizing ethical hacking methodologies, the student should be prepared to learn penetration testing methodologies using advanced persistent threat techniques. In this course, you will go through a complete penetration test from A-Z! You’ll learn to create your own assessment report and apply your knowledge immediately in the work force.

With this in mind, the CPTE certification course is a complete up-grade to the EC-Council CEH! The C)PTE exam is taken any time/anywhere on-line through mile2’s MACS system, making the exam experience easy and mobile. Student does not need to take the C)PTE course to attempt the C)PTE exam.

Prerequisites

PREREQUISITES

A minimum of 12 months’ experience in networking technologies

Sound knowledge of TCP/IP

Knowledge of Microsoft packages

Network+, Microsoft, Security+

Basic Knowledge of Linux is essential

At Course Completion

UPON COMPLETION
Upon completion, Certified Penetration Testing Engineer students will be able to establish industry acceptable auditing standards with current best practices and policies. Students will also be prepared to competently take the C)PTE exam.

Course Outline

MODULES

Module 0: Course Overview
Module 1: Business & Technical Logistics of Pen Testing
Module 2: Linux Fundamentals
Module 3: Information Gathering
Module 4: Detecting Live Systems
Module 5: Enumeration
Module 6: Vulnerability Assessments
Module 7: Malware Goes Undercover
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
Module 10: Advanced Exploitation Techniques
Module 11: Pen Testing Wireless Networks
Module 12: Networks, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies
Module 15: Project Documentation
Module 16: Securing Windows w/ Powershell
Module 17: Pen Testing with Powershell
(Module 16 & 17)l will be introduced in August courses)

DETAILED HANDS-ON LABORATORY OUTLINE

Module 1 Lab – Getting Set Up
Exercise 1 – Naming and subnet assignments
Exercise 2 – Discovering your class share
Exercise 3 – VM Image Preparation
Exercise 4 – Discovering the Student Materials
Exercise 5 – PDF Penetration Testing Methodology’s review

Module 2 Lab – Linux Fundamentals
Exercise 1 – ifconfig
Exercise 2 – Mounting a USB Thumb Drive
Exercise 3 – Mount a Windows partition
Exercise 4 – VNC Server
Exercise 5 – Preinstalled tools in Kali Linux

Module 3 Lab – Information Gathering
Exercise 1 – Google Queries
Exercise 2 – Footprinting Tools
Exercise 3 – Getting everything you need with Maltego
Exercise 4 – Using Firefox for Pen Testing
Exercise 5 – Documentation of the assigned tasks

Module 4 Lab – Detecting Live Systems
Exercise 1 – Look@LAN
Exercise 2 – Zenmap
Exercise 3 – Zenmap in Kali Linux
Exercise 4 – NMAP Command Line
Exercise 5 – Hping2/3
Exercise 6 – Unicornscan
Exercise 7 – Documentation of the assigned tasks

Module 5 Lab – Reconnaissance
Exercise 1 – Banner Grabbing
Exercise 2 – Zone Transfers
Exercise 3 – SNMP Enumeration
Exercise 4 – LDAP Enumeration
Exercise 5 – Null Sessions
Exercise 6 – SMB Enumeration
Exercise 7 – SMTP Enumeration
Exercise 8 – Documentation of the assigned tasks

Module 6 Lab – Vulnerability Assessment
Exercise 1 – Run Nessus for Windows
Exercise 2 -Run Saint
Exercise 3 – Documentation of the assigned tasks

Module 7 Lab – Malware
Exercise 1 – Netcat (Basics of Backdoor Tools)
Exercise 2 – Exploiting and Pivoting our Attack
Exercise 3 – Creating a Trojan
Exercise 4 – Documentation of the assigned tasks

Module 8 Lab – Windows Hacking
Exercise 1 – Cracking a Windows Password with Linux
Exercise 2 – Cracking a Windows Password with Cain
Exercise 3 – Covering your tracks via Audit Logs
Exercise 4 – Alternate Data Streams
Exercise 5 – Stegonagraphy
Exercise 6 – Understanding Rootkits
Exercise 7- Windows 7 Client Side Exploit (Browser)
Exercise 8- Windows 2008 SMBv2 Exploit
Exercise 9 – Documentation of the assigned tasks

Module 9 Lab – Hacking UNIX/Linux
Exercise 1 – Setup and Recon – Do you remember how?
Exercise 2 – Making use of a poorly configured service
Exercise 3 – Cracking a Linux password
Exercise 4 – Creating a backdoor and covering our tracks
Exercise 5 – Documentation of the assigned tasks

Module 10 Lab – Advanced Vulnerability and Exploitation Techniques
Exercise 1 – Metasploit Command Line
Exercise 2 – Metasploit Web Interface
Exercise 3 – Exploit-DB.com
Exercise 4 – Saint
Exercise 5 – Documentation

Module 11 Lab – Attacking Wireless Networks
Exercise 1 – War Driving Lab
Exercise 2 – WEP Cracking Lab (classroom only)
Exercise 3 – Documentation

Module 12 Lab – Networks, Sniffing and IDS
Exercise 1 – Capture FTP Traffic
Exercise 2 – ARP Cache Poisoning Basics
Exercise 3 – ARP Cache Poisoning – RDP
Exercise 4 – Documentation

Module 13 Lab – Database Hacking
Exercise 1 – Hacme Bank – Login Bypass
Exercise 2 – Hacme Bank – Verbose Table Modification
Exercise 3 – Hacme Books – Denial of Service
Exercise 4 – Hacme Books – Data Tampering
Exercise 5 – Documentation of the assigned tasks

Module 14 Lab – Hacking Web Applications
Exercise 1 – Input Manipulation
Exercise 2 – Shoveling a Shell
Exercise 3 – Hacme Bank – Horizontal Privilege Escalation
Exercise 4 – Hacme Bank – Vertical Privilege Escalation
Exercise 5 – Hacme Bank – Cross Site Scripting
Exercise 6 – Documentation of the assigned tasks

Module 15 Lab – Cryptography
Exercise 1 – Caesar Encryption
Exercise 2 – RC4 Encryption
Exercise 3 – IPSec Deployment
Post-Class Lab – CORE IMPACT
Exercise 1 – CORE IMPACT

Module 16 & 17 Lab – Powershell
Lab 1 – Setting up Powershell
Lab 2 – Securing Windows w/ Powershell
Lab 3 – Pen testing w/ Powershell

FINAL LAB: FULL PENETRATION TESTING LAB – 4 Hour Session

DETAILED COURSE OUTLINE
Module 0: Course Introduction

Courseware Materials
Course Overview
Course Objectives
CPTE Exam Information
Learning Aids
Labs
Class Prerequisites
Student Facilities

Module 1: Business and Technical Logistics of Penetration Testing

Overview
What is a Penetration Test?
Benefits of a Penetration Test

Data Breach Insurance
CSI Computer Crime Survey
Recent Attacks & Security Breaches
What does a Hack cost you?
Internet Crime Complaint Center
The Evolving Threat
Security Vulnerability Life Cycle
Exploit Timeline
Zombie Definition
What is a Botnet?
How is a Botnet Formed?
Botnet Statistics
How are Botnet’s Growing?
Types of Penetration Testing
Hacking Methodology
Methodology for Penetration Testing
Penetration Testing Methodologies
Hacker vs. Penetration Tester
Not Just Tools
Website Review
Tool: SecurityNOW! SX
Seven Management Errors
Review

Module 2: Linux Fundamentals
Overview
Linux History: Linus + Minix = Linux
The GNU Operating System
Linux Introduction
Linux GUI Desktops
Linux Shell
Linux Bash Shell
Recommended Linux Book
Password & Shadow File Formats
User Account Management
Instructor Demonstration
Changing a user account password
Network Interfaces with Linux
Mounting Drives with Linux
Tarballs and Zips
Compiling Programs with Linux
Why Use Live Linux Boot CDs
Typical Linux Operating Systems

Module 3: Information Gathering
Overview
What information is gathered by the Hacker?
Organizing Collected Information
Leo meta-text editor
Free Mind: Mind mapping
IHMC Cmap Tools
Methods of Obtaining Information
Physical Access
Social Access
Social Engineering Techniques
Social Networks
Instant Messengers and Chats
Digital Access
Passive vs. Active Reconnaissance
Footprinting defined
Maltego
Maltego GUI
FireCAT
Footprinting tools
Google Hacking
Google and Query Operators
SiteDigger
Job Postings Blogs & Forums
Google Groups / USENET
Internet Archive: The WayBack Machine
Domain Name Registration
WHOIS
WHOIS Output
DNS Databases
Using Nslookup
Dig for Unix / Linux
Traceroute Operation
Traceroute (cont.)
3D Traceroute