SIGN IN YOUR ACCOUNT TO HAVE ACCESS TO DIFFERENT FEATURES

FORGOT YOUR PASSWORD?

FORGOT YOUR DETAILS?

AAH, WAIT, I REMEMBER NOW!
Need Help? Email [email protected]
  • LOGIN

E-SPIN Group

CONTACT US / GET A QUOTE
  • No products in cart.
  • HOME
  • PROFILE
    • Corporate Profile
    • About us
    • Customer Overview
    • Investor Relations
    • Procurement
  • GLOBAL THEMES
    • Artificial Intelligence (AI)
    • Big Data
    • Blockchain
    • Cloud Computing
    • Cognitive Computing
    • Cyber Security
    • DevSecOps
    • Digital Transformation
    • Modern Workplace
    • Internet of Things (IoT)
    • Quantum Computing
  • SOLUTIONS
    • Application Security
    • DevSecOps
    • Digital Forensics
    • IT Operations Management (ITOM)
    • Malware Analysis and Reverse Engineering
    • Network Management System (NMS)
    • Network Operation (NetOps)
    • Network Performance Monitoring and Diagnostics (NPMD)
    • Penetration Testing
    • Secure Development
    • Security Information & Event Management (SIEM)
  • INDUSTRIES
    • Aerospace & Defense
    • Automotive
    • Banking & Financial Markets
    • Chemical & Petroleum
    • Commercial and Professional Services
    • Construction & Real Estate
    • Consumer Products
    • Education
    • Electronics
    • Energy & Utilities
    • Food & Beverage
    • Information Technology
    • Insurance
    • Healthcare
    • Goverment
    • Telecommunications
    • Transportation
    • Travel
    • Manufacturing
    • Media & Entertainment
    • Mining & Natural Resources
    • Life Sciences
    • Retail
  • PRODUCTS
    • Brand Overview
      • Acunetix
      • E-Lock
      • Hex-Rays
      • Immunity
      • Progress | Ipswitch
      • Metageek
      • Qualys
      • Parasoft
      • Tenable
      • Titania
      • Veracode
    • Rest of Brands
      • BeyondTrust
      • Core Security
      • DefenseCode
      • HCL
      • LiveAction
      • McAfee
      • Micro Focus
      • Netsparker
      • Nutanix
      • Paessler
      • Portswigger
      • Red Hat
      • Riverbed
      • RSA
      • Solarwinds
      • TamoSoft
      • Trend Micro
      • TSFactory
      • Trustwave
      • VMware
      • VanDyke
      • Visiwave
    • Services Overview
  • e-STORE
    • e-STORE
    • eSTORE Guide
    • SUPPORT
  • CAREERS
    • Careers
    • Culture, Values and CSR
    • How We Hire
    • Interviewing We want you to succeed
    • Job Openings
  • BLOG / NEWS
    • Blogs and News
    • Resources Library
  • CONTACT
  • Home
  • Solution
  • Network Penetration Testing and Ethical Hacking, Security 560
0
E-SPIN
Thursday, 19 July 2012 / Published in Solution

Network Penetration Testing and Ethical Hacking, Security 560

Find Security Flaws Before the Bad Guys Do
Security vulnerabilities, such as weak configurations, unpatched systems, and botched architectures, continue to plague organizations. Enterprises need people who can find these flaws in a professional manner to help eradicate them from our infrastructures. Lots of people claim to have penetration testing, ethical hacking, and security assessment skills, but precious few can apply these skills in a methodical regimen of professional testing to help make an organization more secure. This class covers the ingredients for successful network penetration testing to help attendees improve their enterprise’s security stance.

We address detailed pre-test planning, including setting up an effective penetration testing infrastructure and establishing ground rules with the target organization to avoid surprises and misunderstanding. Then, we discuss a time-tested methodology for penetration and ethical hacking across the network, evaluating the security of network services and the operating systems behind them.

Attendees will learn how to perform detailed reconnaissance, learning about a target’s infrastructure by mining blogs, search engines, and social networking sites. We’ll then turn our attention to scanning, experimenting with numerous tools in hands-on exercises. Our exploitation phase will include the use of exploitation frameworks, stand-alone exploits, and other valuable tactics, all with hands-on exercises in our lab environment. The class also discusses how to prepare a final report, tailored to maximize the value of the test from both a management and technical perspective. The final portion of the class includes a comprehensive hands-on exercise, conducting a penetration test against a hypothetical target organization, following all of the steps.

The course also describes the limitations of penetration testing techniques and other practices that can be used to augment penetration testing to find vulnerabilities in architecture, policies, and processes. We also address how penetration testing should be integrated as a piece of a comprehensive enterprise information security program.

Differentiators
This SANS course differs from other penetration testing and ethical hacking courses in several important ways:

We get deep into the tools arsenal with numerous hands-on exercises that show subtle, less-well-known, and undocumented features that are incredibly useful for professional penetration testers and ethical hackers.

The course discusses how the tools interrelate with each other in an overall testing process. Rather than just throwing up a bunch of tools and playing with them, we analyze how to leverage information from one tool to get the most bang out of the next tool.

We focus on the workflow of professional penetration testers and ethical hackers, proceeding step-by-step discussing the most effective means for conducting projects.

The sessions address common pitfalls that arise in penetration tests and ethical hacking projects, providing real-world strategies and tactics for avoiding these problems to maximize the quality of test results.

We cover several timesaving tactics based on years of in-the-trenches experience from real penetration testers and ethical hackers, actions that might take hours or days unless you know the little secrets we’ll cover that will let you surmount a problem in minutes.

The course stresses the mind-set of successful penetration testers and ethical hackers, which involves balancing the often contravening forces of creative “outside-the-box” thinking, methodical trouble-shooting, carefully weighing risks, following a time-tested process, painstakingly documenting results, and creating a high quality final report that achieves management and technical buy-in.

We also analyze how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

If you sign up for SEC560 now or have already taken it in the past, check out this new perfect follow-on course to build your skills even further, taking your pen test regimen to a whole new level!

Who Should Attend?

  • Penetration testers
  • Ethical hackers
  • Auditors who need to build deeper technical skills
  • Security personnel whose job involves assessing target networks and systems to find security vulnerabilities

Network Penetration Testing: Planning, Scoping, and Recon, Security 560- Day 1
Successful professional penetration testers and ethical hackers must carefully prepare before their projects, and this detailed session covers that strategies and tactics for doing so effectively. We cover building a penetration testing and ethical hacking infrastructure that includes the appropriate hardware, software, network infrastructure, and test tools arsenal, with specific low-cost recommendations for maximizing your effectiveness on a limited budget. This portion of the course also describes how to plan the specifics of a test, carefully scoping the project and defining the rules of engagement with target environment personnel. We survey the various legal issues associated with the penetration testing and ethical hacking craft in various countries around the world.

After this detailed analysis of preparation, the session changes topics to deal with reconnaissance, the initial phase of most penetration tests and ethical hacking projects. We’ll look at maximizing the usefulness of information from public sources, including detailed and advanced DNS interrogations, whois look-ups, and late-breaking search engine vulnerability finding tools. We’ll also look at emerging recon suites and how we can best position them in our testing regimens.

  • The mindset of a professional penetration tester and ethical hacker
  • Types of penetration tests and ethical hacking projects, with an overview of various testing methodologies
  • Limitations of penetration testing, and how testing fits into an overall security program
  • Building a testing infrastructure, including practical recommendations for selecting hardware, tools, and network infrastructures
  • Defining rules of engagement and scoping a project
  • Exercise: Dealing with an ambiguous pen test RFP
  • Legal issues with penetration testing around the world
  • Reporting – how to achieve business focus and technical depth
  • A pen tester’s tool chest of reconnaissance resources
  • Whois lookups – maximizing the usefulness of registrars, Autonomous System Numbers, etc.
    DNS lookups with nslookup, dig, Sensepost’s BiLE, etc.
  • Search engine vulnerability-finding tools: Aura, Wikto, EvilAPI, and more

Network Penetration Testing: Scanning, Security 560- Day 2
This component of the course focuses on the vital task of scanning a target environment, creating a comprehensive inventory of machines and then evaluating those systems to find potential vulnerabilities. We’ll look at some of the most useful scanning tools freely available today, experimenting with them in our hands-on lab. Because vulnerability-scanning tools inevitably give us false positives, we’ll conduct an exercise on false-positive reduction, analyzing several methods for getting inside of what our tools are telling us to ensure the veracity of our findings. Our hands-on exercises include the creative use of packet crafting to measure the fine-grained behavior of target machines, all while watching the action from a custom-configured sniffer. We also look at some of the late-breaking features of popular tools, including the latest Nmap Scripting Engine capabilities.

  • Types of scans – Network sweeps, network tracing, port scans, OS fingerprinting, version scans, and vulnerability scans
  • Overall scanning tips – tcpdump for the pen tester, protocol anomalies, and troubleshooting
  • Exercise: Packet crafting for the pen tester with Hping3 and monitoring with tcpdump
  • Network tracing in-depth with traditional traceroute and exotic network mapping techniques
  • Port scanning in-depth with the latest Nmap features
  • Exercise: Finding vulnerabilities with the Nmap Scripting Engine (NSE)
  • OS Fingerprinting
  • Version Scanning with Nmap and Amap
  • Exercise: False positive reduction
  • Vulnerability Scanning
  • Exercise: Comprehensive vulnerability scanner configuration

Network Penetration Testing: Exploitation, Security 560- Day 3
In this section, we look at the many kinds of exploits that a penetration tester or ethical hacker can use to compromise a target machine. We’ll analyze in detail the differences between server-side, client-side, and local privilege escalation exploits, exploring some of the most useful recent exploits in each category. We’ll see how these exploits are packaged in frameworks like Metasploit. We’ll go over some of the more advanced Metasploit options, including its mighty Meterpreter, discussing some of the best features in this really powerful payload that are hugely helpful for penetration testers and ethical hackers.

We’ll also look at some of the common pitfalls that we face when running exploits, as well as methods for mitigating, dodging, or even eliminating those issues. Finally, we’ll zoom in on Windows. With its 80+% market share and regular discovery of vulnerabilities and release of exploits, the culmination of exploitation is often a command shell on a Windows box. We’ll see how to maximize the effectiveness of that access, activating RDP, VNC, and installing SSH, all from a command prompt. Almost every topic covered in this session includes hands-on exercises to give attendees practical experience in using these techniques.

Topics include:

  • Exploit categories – server-side, client-side, and local privilege escalation
  • Comprehensive Metasploit Framework coverage – exploits, stagers, stages and how penetration testers can get the most value out of subtle but powerful features
  • Exercise: Using Metasploit to get remote shell via server-side flaw
  • The Metepreter in depth, including file, process, and network interactions and the priv module
  • Exercise: Advanced usage of the Meterpreter payload
  • Exercise: Non-Metasploit exploits – using a raw exploit to gain access
    The dilemma of command shell vs. terminal access
  • Exercise: Bypassing the dilemma on Linux/Unix and Windows
  • Installing and activating VNC, RDP, sshd, and telnet services from a command shell
  • Moving files with exploits cross platform
  • Windows command line kung fu specifically targeted at pen testers: making ping sweepers, port scanners, reverse DNS lookup tools, and password guessers at the command-line
  • Exercise: Challenging your kung fu
  • Exercise: Making Windows run commands remotely with psexec, sc, and wmic

Network Penetration Testing: Password Attacks, Security 560- Day 4
This component of the course turns our attention to password attacks, analyzing password guessing, password cracking, and pass-the-hash techniques in depth. Because passwords remain the dominant authentication scheme of most enterprises, professional penetration testers and ethical hackers need to understand how to find password weaknesses in a target environment. We’ll go over numerous tips based on real-world experience to help penetration testers and ethical hackers maximize the effectiveness of their password attacks. We’ll cover one of the best automated password-guessing tools available today, THC Hydra, and run it against target machines to guess Windows SMB and Linux SSH passwords. We’ll then zoom in on the password representation formats for most major operating systems, discussing various cracking tools in-depth.

We’ll do exercises in which we.ll patch the John the Ripper password cracker so that it can support NT hashes, and then compare its performance when compiled for different kinds of processor types. We’ll look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. We’ll see how Rainbow tables work to make password cracking much more efficient, and run a hands-on exercise using the technique. And, we’ll finish the day with a lively discussion of a really powerful attack vector that doesn’t require password cracking, but instead uses captured encrypted credentials to access Windows machines directly, in a so-called “pass-the-hash” attack, using customized Samba code for a hands-on exercise illustrating the technique.

Specific topics include:

  • The primacy of passwords
  • Password attack tips: Making the most of password attacks in a safe and efficient manner
  • Account lockout and strategies for avoiding it
  • Password Guessing with THC-Hydra
  • Exercise: Using THC-Hydra and throttling guesses to avoid problems
  • Password representation formats in depth: Windows LANMAN, NT, NTLMv1, NTLMv2, Unix DES, and Linux MD5
  • Exercise: Dumping Windows hashes with fgdump, via an instrumented Netcat relay John the Ripper features for penetration testers
  • Exercise: Patching John for NT hashes, comparing MMX vs. non-MMX performance, and cracking LANMAN, NT, and Linux MD5 representations Cain: The pen tester’s dream tool
  • Exercise: Cain sniffing and cracking NTLMv1 challenge/response exchanges
    rainbow table attacks in depth: How the tables work and how you can use them for more efficiency
  • Exercise: Using Ophcrack, booting ISOs via a VMX file, and applying Rainbow Tables
    Pass-the-hash attacks against Windows: Using hashes without even cracking a password
  • Exercise: Pass-the-hash hands-on against Windows via Foofus patches for Samba

Network Penetration Testing: Wireless and Web Apps, Security 560- Day 5
With the increasing use of wireless networking technologies, professional penetration testers and ethical hackers are often called upon to evaluate these infrastructures for flaws. This section of the course describes methodologies for finding common wireless weaknesses, including misconfigured access points, application of weak security protocols, and the improper configuration of stronger security technologies.

The second half of this session focuses on web application penetration testing, looking for the numerous flaws that impact commercial and homegrown web apps. Attendees will work hands-on with tools that can find Cross-Site Scripting (XSS) and Cross-Site Request Forgery (XSRF) flaws, experimenting with each in a hands-on exercise. We’ll look at command injection and directory traversal flaws, experimenting with them in hands-on exercises. Finally, the session deals with the sometimes devastating SQL injection flaws and session cloning issues that have resulted in significant website compromises.

Web application scanning and exploitation tools

  • Exercise: Scanning a web app for flaws
  • Web application manipulation tools
  • Exercise: Using Paros Proxy to target a web app
    The myriad of web application injection attacks
  • Exercise: XSRF, XSS, session cloning, and command injection hands-on
  • Building a wireless testing rig
  • Finding unsecured access points and peer-to-peer systems
  • Identifying common wireless misconfigurations
  • Wireless protocol problems and how a penetration tester can exploit them

Penetration Testing Workshop & Capture the Flag Event, Security 560- Day 6
This lively session represents the culmination of the network penetration testing and ethical hacking course, where attendees will apply the skills that they’ve mastered throughout all the other sessions in a hands-on workshop. The rest of the course covers the overall process for successful testing, with a series of hands-on exercises individually illustrating each point. But here, in this final workshop, all of the exercises converge into an overall network penetration-testing workout.

Operating as part of a team, attendees will conduct a penetration test of a target environment in the classroom, following all of the steps of a professional penetration tester and ethical hacker. You’ll have to scan for flaws, use exploits, unravel technical challenges, and dodge firewalls, all the while analyzing and documenting your results in a comprehensive manner. Teams will compete with each other to be the first to win the Capture the Flag game that is the centerpiece of this workshop.

If you have any inquiry or question, please feel free to contact us.

Tagged under: Class, E-SPIN, espin, espincorp, Ethical Hacking, Network Penetration Testing, Security 560, Solution, Training

What you can read next

eToken PASS
WhatsUp Gold Self-Monitoring
Effective Server Room Design
Build a Continuously Available Network Room

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • E-SPIN Thank You 15 Years Growing and Sharing Celebration

    E-SPIN would like the take the opportunity for ...
  • Toward Customer Centricity Growth Together

    We believe in open conversation with customers ...
  • Distributed Cloud: Evolution Toward Global Multi-Operator

    The digital transformation (DX) approaching the...
  • Distributed Cloud In Automotive Industry

    Mobile networks like 4G and 5G are constructed ...
  • 4 Components of a Good CIAM Platform

    If your company still not taking advantage of C...

Recent Comments

    Archives

    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • March 2017
    • January 2017
    • December 2016
    • November 2016
    • October 2016
    • September 2016
    • August 2016
    • July 2016
    • June 2016
    • May 2016
    • April 2016
    • March 2016
    • February 2016
    • January 2016
    • December 2015
    • November 2015
    • October 2015
    • September 2015
    • August 2015
    • July 2015
    • June 2015
    • January 2015
    • December 2014
    • October 2014
    • September 2014
    • July 2014
    • June 2014
    • May 2014
    • April 2014
    • March 2014
    • February 2014
    • January 2014
    • December 2013
    • November 2013
    • October 2013
    • September 2013
    • July 2013
    • June 2013
    • May 2013
    • April 2013
    • March 2013
    • February 2013
    • January 2013
    • December 2012
    • November 2012
    • October 2012
    • September 2012
    • August 2012
    • July 2012
    • June 2012
    • May 2012
    • February 2012
    • July 2011
    • June 2011
    • February 2009
    • July 2008

    Categories

    • Acunetix
    • Adobe
    • Aerospace and Defence
    • AppSec Labs
    • Automotive
    • Banking and Financial Markets
    • BeyondTrust
    • Brand
    • Chemical and petroleum
    • Codified Security
    • Commercial and Professional Services
    • Construction and Real Estate
    • Consumer products
    • Contact Us
    • Core Impact
    • Core Security
    • DefenseCode
    • E-Lock
    • Education
    • Electronics
    • Energy and utilities
    • FAQ
    • Food and Beverage (F&B)
    • GFI
    • Global Themes and Feature Topics
    • Government
    • HCL
    • Healthcare
    • Hex-Rays
    • IBM
    • Immunity
    • Industries
    • Information Technology
    • Insurance
    • Ipswitch
    • Job
    • Life Science
    • LiveAction
    • Logpoint
    • Manufacturing
    • McAfee
    • Media and Entertainment
    • Metageek
    • Micro Focus
    • Microsoft
    • Mining and Natural Resources
    • Nessus
    • Netsparker
    • News
    • Nutanix
    • Paessler
    • Parasoft
    • PECB
    • PortSwigger
    • Pradeo
    • Product
    • Qualys
    • Rapid7
    • RedHat
    • Retail
    • Retina
    • Riverbed
    • RSA
    • Security Innovation
    • Services
    • SILICA
    • Smart City
    • Soft Activity
    • SolarWinds
    • Solution
    • Symantec
    • TamoSoft
    • Telecommunications
    • Tenable
    • Titania
    • Transportation
    • Travel
    • Trend Micro
    • Trustwave
    • TSFactory
    • Vandyke
    • Veracode
    • Videos
    • VisiWave
    • VMware

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    CORPORATE

    • Profile
    • About us
    • Careers
    • Investor Relations
    • Procurement

    SOLUTIONS & PRODUCTS

    • Industries
    • Solutions
    • Products
    • Brand Overview
    • Services

    STORE & SUPPORT

    • Shop
    • Cart
    • Checkout
    • My Account
    • Support

    PRODUCTS & SERVICES

    • Industries
    • Solutions
    • Products
    • Brand Overview
    • Services

    FOLLOW US

    • Facebook
    • Twitter
    • Pinterest
    • LinkedIn
    • Google+
    • YouTube
    • WordPress Blog
    © 2005 - 2019 E-SPIN Group of Companies | All rights reserved.
    • Contact
    • Privacy
    • Terms of use
    TOP