Course Overview:

This is an advanced course that assumes the attendee is a qualified security professional with experience using security tools and understands the concepts behind penetration testing. Courses that build up the expertise that enables a student to succeed in this course is Security+, CEH, CISSP, and any of the GIAC certifications. This course is completely hands-on and utilizes the BackTrack tool suite from backtrack-linux.org. The course covers, in detail, various attacks and tools that are contained in the BackTrack tool suite.

Attendees to TN-335: Advanced Penetration Testing Using Open Source Tools will receive TechNow approved course materials and expert instruction.

Dates/Locations:

Duration: 5 days

Course Objectives:

• Information Security and Open Source Software
• Operating System Tools
• Firewalls
• Scanners
• Vulnerability Scanners
• Network Sniffers
• Intrusion Detection Systems
• Analysis and Management Tools
• Encryption Tools
• Wireless Tools
• Forensic Tools
• More on Open Source Software

Prerequisites:

• Experience in IT Security
• Solid basic knowledge of networks and TCP/IP
• Experience in command line under Linux and Windows is required

Comments

Latest comments from students

Liked the class?  Then let everyone know!

Course Overview:

Learn to protect yourself and your company against hackers, by learning their tools and techniques, and then testing your network.  This course is heavily based on Kali and primarily on Metasploit.  In TN-315: Complete Hack and Defend class you will learn the step by step process that hackers use to assess your enterprise network, probe it & hack into it in mixed-platform environment including Windows, Linux, Solaris, and Cisco.  This course is 90% hacking, but  defenses for demonstrated hacks will be discussed.  If you want to know the ins and outs of the hacks presented in this course, then this is the course for you.

Attendees to TN-315: Complete Hack & Defend Class Attendees will receive TechNow approved course materials and expert instruction.

Dates/Locations:

Duration: 5 Days

Course Objectives:

• Introduction to Pen Testing using the PTES model
• Metasploit Basics
  • MSFconsole, MSFcli, Armitage, MSFpayload, MSFencode, NasmShell
• Intelligence Gathering
  • Nmap, Databases in Metasploit, Port Scanning with Metasploit
• Quick Intro to Ruby
  • Writing a simple Ruby script to create a custom scanner
• Vulnerability Scanning
  • Importing Nessus Results
  • Scanning with Nessus from Within Metasploit
• Exploitation
  • Using the Metasploit Framework and console to exploit
• Meterpreter
  • Compromising a Windows System
  • Attacking MS SQL, xp_cmdshell
  • Dumping Usernames and Passwords, extracting and dumping hashes
  • Pass the Hash and Token Impersonation
  • Pivoting
  • Railgun
  • Using Meterpreter Scripts: Migrating a process, Killing AV, Persistence
• Avoiding Detection
  • Creating Stand-Alone Binaries with MSFpayload
  • Encoding with MSFencode and Packers (go Green Bay:)
• Exploitation Using Client Side Attacks
  • Introduction to Immunity Debugger
  • Using Immunity Debugger to Decipher NOP Shellcode
• Metasploit Auxiliary Modules
• Social Engineer Toolkit (SET)
  • Spear-Phishing, Web Attack
  • Creating a Multipronged Attack
• Creating Your Own Module
  • Adapt an existing Module
  • Add some PowerShell and Run the Exploit
• Meterpreter Scripting
• Capture The Flag Exercise

Prerequisites:

• This is an advanced Information Security Course which requires basic Windows & UNIX competency
• Certification or 2 years of experience in these operating systems is highly recommended
• An understanding of TCP/IP

Comments

Latest comments from students

User: dhonore

Instructor comments: Dave's presentation style is engaging and lively.

Facilities comments: The room was adequate for the needs of the class.

User: phouck

Instructor comments: David was very good. Although he went very fast at times.

Facilities comments: The room was ok. it was bit dark.

Liked the class?  Then let everyone know!