Training

Network Security & Penetration Test

Customized. Innovative. Effective. Collaborative. Interactive.


Course Description

The goal of the ethical hacking and countermeasures program is to help the organization take pre-emptive measures against malicious attacks by attacking the system himself; all the while staying within legal limits. This philosophy stems from the proven practice of trying to catch a thief, by thinking like a thief. As technology advances and organization depend on technology increasingly, information assets have evolved into critical components of survival.

Summary

This course consists of the following modules - Ethics and Legal Issues, Foot printing, Scanning, Enumeration, System Hacking, Trojans and Backdoors, Sniffers, Denial of Service, Social Engineering, Session Hijacking, Hacking Web Servers, Web Application Vulnerabilities, Web Based Password Cracking Techniques, SQL Injection, Hacking Wireless Networks, Virus and Worms, Physical Security, Hacking Linux, IDS, Firewalls and Honeypots, Buffer Overflows, Cryptography, Penetration Testing Methodologies.

Audience

Security Officers, Auditors, Security Professionals, Site Administrators, Anyone who is concerned about the integrity of the network infrastructure

Duration

3 Days Classroom

Approach

This class is taught by lecture with Hands-on training

 



Course Modules


An Introduction to Penetration Testing

  • What is Penetration Testing ? (Blackbox vs Whitebox Testing)
  • What are the responsibilities for a Penetration Tester ?
  • An Overview of the Open-Source Security Testing Methodology Manual
  • Methodology for Penetration Testing
  • Penetration Testing Options
  • Vulnerability Result Report Writing
  • Understanding Hackers
  • What Hackers Do Hackers / Administrators View
  • Who are Hackers
  • Categorizing Hackers
  • Attack Categories
  • Intrusion Methods
  • The Security Process and The CIA Model
  • Threat Analysis


Active-Passive Reconnaissance Techniques

  • Planning and starting the test
  • Information Gathering & Footprinting
  • Passive Information Gathering
  • Advanced Search Techniques (Spam DBs, P2P networks)
  • Whois Search
  • Active Information Gathering
  • Using Information Gathering Tools (tracert, nslookup,zone transfer)
  • Gathering Tools (tracert, nslookup,zone transfer)
  • Hands- On Session (Scanning & Fingerprint)
  • Port Scanning Technique (using port scanning tools)
  • An introduction to hping
  • What is hping
  • How do you use hping
  • Advance hping usage
  • OS Fingerprinting- how does it work?
  • OS Fingerprint Tools Service Probing
  • Hands-on Session


Vulnerability Assessment

  • Understanding Vulnerabilities
  • Types of Vulnerability
  • Technique for Finding Vulnerability
  • Automated vulnerability Scanning Tools
  • Open Source vulnerability scanners
  • Commercial vulnerability Scanners
  • Nessus 4
  • Microsoft MBSA
  • Sysinternals Tools
  • Hands-on Session


Hacking

  • Windows Architecture Overview
  • Vulnerabilities & attacks
  • Remote password guessing
  • Tapping the wire
  • Password cracking
  • Password sniffers
  • Hiding Files
  • Buffer overflows
  • Hands-on session


Attacking Web Technologies

  • Web Server Assessment Overview
  • Introduction to Web Servers
  • Web Server Market
  • Popular Web Servers and common Vulnerabilities
  • Tools used in attacking web servers
  • Web server Countermeasures
  • Web application Penetration methodologies
  • Understanding Web application Security
  • Common Web application Security Vulnerabilities
  • Input Manipulation
  • Authentication and Session Management
  • Web Application Countermeasures
  • Password Cracking Techniques


Wireless Hacking

  • 802.11 Architecture
  • Wireless Authentication
  • 802.1x standard
  • Attack Vectors
  • Wireless Hacking using Backtrack 5
  • Wireless Attack Countermeasures
  • Hands-on Session







 

Find us on Social Media
©2014-2015. Ofisgate Sdn Bhd.