Ultimate Penetration Testing Bootcamp - C)PEH+C)PTE Course Outline

(6 Days)

Overview

The mile2 Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of Penetration Testing consultants.

The C)PTE presents information based on the 5 Key Elements of Pen Testing; InformationGathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques. The Certified Penetration Testing Consultant course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific Penetration tests and techniques against operating systems. This course will teach you the necessary skills to work as a penetration testing team, the exploitation process, how to create a buffer overflow against programs running on Window and Linux while subverting features such as DEP and ASLR. This course will guide you through OWASP Top 10, teach you how to create shellcode to gain remote code execution, and understand and build different proof of concept code based on exploits pulled from exploit-db and testing using a debugger. The course starts by explaining how to build the right penetration testing team, covers scanning with NMAP, leading into the exploitation process, a little fuzzing with spike to help guide our proof of concept code, writing buffer overflows, understanding OWASP, Linux stack smashing, Windows exploit protection and getting around those protection methods, a section on report writing, and capping off the course with a scenario that will you’re your skills as a penetration testing team

Students will spend at least 50% of class time performing hands-on labs.

Audience Profile

  • Pen Testers
  • Ethical Hackers
  • Network Auditors
  • Cyber Security Professionals
  • Vulnerability Assessors
  • Cyber Security Managers
  • IS Managers

Prerequisites

  • A minimum of 12 months’ experience in networking technologies
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Network+, Microsoft, Security+
  • Basic Knowledge of Linux is essential

At Course Completion

Upon completion, Ultimate Penetration Testing Bootcamp students will be able to establish an industry acceptable pen testing process as well as be prepared to competently take the C)PTE and C)PTC certification exams.

Course Outline

COURSE DETAILS
CPTE

Module 0: Course Overview
Module 1: Business & Technical Logistics of Pen Testing
Module 2: Linux Fundamentals
Module 3: Information Gathering
Module 4: Detecting Live Systems
Module 5: Enumeration
Module 6: Vulnerability Assessments
Module 7: Malware Goes Undercover
Module 8: Windows Hacking
Module 9: Hacking UNIX/Linux
Module 10: Advanced Exploitation Techniques
Module 11: Pen Testing Wireless Networks
Module 12: Networks, Sniffing and IDS
Module 13: Injecting the Database
Module 14: Attacking Web Technologies
Module 15: Project Documentation
Module 16: Securing Windows w/ Powershell
Module 17: Pen Testing with Powershell

CPTC

Module 0: CPTC Intro
Module 1: Penetration Testing Team Formation
Module 2: NMAP Automation
Module 3: Exploitation Process
Module 4: Fuzzing with Spike
Module 5: Simple Buffer Overflow
Module 6: Stack Based Windows Buffer Overflow
Module 7: Web Application Security and Exploitation
Module 8: Linux Stack Smashing
Module 9: Linux Address Space Layout Randomization
Module 10: Windows Exploit Protection
Module 11: Getting Around SEH and ASLR (Windows)
Module 12: Penetration Testing Report Writing

HANDS-ON LABORATORY OUTLINE

CPTE

Lab 1 – Introduction to Pen Testing Setup
Lab 2 – Linux Fundamentals
Lab 3 – Using tools for reporting
Lab 4 – Information Gathering
Lab 5 – Detecting Live Systems – Scanning Techniques
Lab 6 – Enumeration
Lab 7 – Vulnerability Assessments
Lab 8 – Software Goes Undercover
Lab 9 – System Hacking – Windows Hacking
Lab 10 – System Hacking – Linux/Unix Hacking
Lab 11 – Advanced Vulnerability and Exploitation Techniques
Lab 12 – Network Sniffing/IDS
Lab 13 – Attacking Databases
Lab 14 – Attacking Web Applications

CPTC

Lab 1: Skills Assessment
Lab 2: Automation Breakdown
Lab 3: Fuzzing with Spike
Lab 4: Let’s Crash and Callback
Lab 5: Minishare for the Win
Lab 6: WebGoat Exploitation
Lab 7: Stack Overflow, Did we get Root?
Lab 8: Defeat me and Lookout ASLR
Lab 9: Time to Overwrite SEH and ASLR