Certified Penetration Testing Professional Certification Course - Venezuela

Certified Penetration Testing Professional Certification Course Outline

Module 1: Introduction to Penetration Testing

• Penetration Testing
• Penetration Testing Service Delivery Models
• ROI for Penetration Testing
• Types of Penetration Assessment
• Strategies of Penetration Testing
• Selection of Appropriate Testing Type
• Different Methods of Penetration Testing
• Common Areas of Penetration Testing
• Penetration Testing Process
• Penetration Testing Phases
• Penetration Testing Methodologies
• EC-Council's LPT Methodology
• Qualities of a Licensed Penetration Tester
• Characteristics of a Good Penetration Test
• Ethics of a Penetration Tester
• Qualification
• Experience
• Certifications
• Skills Required for a Pen Tester
• Risks Associated with Penetration Testing

Module 2: Penetration Testing Scoping and Engagement

• Penetration Testing: Pre-engagement Activities
• Initiation of a Pen Testing Engagement Process
• Proposal Submission
• Determining the Project Schedule
• Staffing Requirements
• Rules of Engagement
• Estimating the Timeline for the Engagement
• Penetration Testing Schedule
• Identifying the Reporting Time Scales
• Deciding the Time of Day for the Test
• ROE Document
• Penetration Testing Contract
• Penetration Testing "Rules of Behavior"
• Confidentiality and Nondisclosure Agreement Clauses
• Identifying the Security Tools Required for the Penetration Test
• Preparing the Test Plan
• Penetration Testing Hardware/Software Requirements
• Gathering Information on the Client Organisation’s History and Background
• Identifying the Local Equipment Required for the Pen Test
• Mission Briefing
• Scope Creeping

Module 3: Open Source Intelligence (OSINT)

• OSINT through the WWW
• OSINT through Website Analysis
• OSINT through DNS Interrogation
• Whois Lookups
• Reverse Lookups
• DNS Zone Transfer
• Traceroute Analysis
• Automating the OSINT Process using Tools/Frameworks/Scripts

Module 4: Social Engineering Penetration Testing

• Social Engineering Penetration Testing
• Social Engineering Penetration Testing Modes
• Social Engineering Penetration Testing Process
• Social Engineering Using Email
• Phishing
• Spear Phishing
• Whaling
• Phone (Vishing)
• SMiShing (SMS Phishing)
• Social Engineering Using Physical Attack Vector
• Piggybacking/Tailgating
• Eavesdropping
• Dumpster Diving
• Reverse Social Engineering
• Social Engineering Using Motivation Techniques
• Social Engineering Countermeasures and Recommendations

Module 5: Network Penetration Testing – External

• Network Penetration Testing
• External vs. Internal Penetration Testing
• External Network Penetration Testing
• Internal Network Penetration Testing
• Network Penetration Testing Process
• Port Scanning
• Fingerprinting the OS
• Examining the Patches Applied to the Target OS
• Fingerprinting the Services
• External Vulnerability Assessment
• Searching and Mapping the Target with the Associated Security Vulnerabilities
• Find Out the Security Vulnerability Exploits
• Running the Exploits against Identified Vulnerabilities
• Document the Result

Module 6: Network Penetration Testing – Internal

• Internal Network Penetration Testing
• Footprinting
• Network Scanning
• Scanning Analysis
• Scanning Methodology
• OS and Service Fingerprinting
• Identifying the OS
• SMB OS Discovery
• Manual Banner Grabbing
• Identifying the Services
• Displaying Services within Metasploit
• Map the Internal Network
• Enumeration
• Vulnerability Assessment
• Internal Vulnerability Assessment
• Network Vulnerability Scanning
• Host Vulnerability Scanner
• Vulnerability Assessment Reports
• Scan Analysis Process
• Windows Exploitation
• Unix/Linux Exploitation
• Attempt Replay Attacks
• Attempt ARP Poisoning
• Attempt Mac Flooding
• Conduct a Man-in-the-Middle Attack
• Attempt DNS Poisoning
• Automated Internal Network Penetration Testing
• Post Exploitation
• Pivoting
• Port Forwarding
• OS Discovery
• Proxychains
• Web Shells
• Document the Result

Module 7: Network Penetration Testing – Perimeter Devices

• Assessing Firewall Security Implementation
• Testing the Firewall from Both Sides
• Find Information about the Firewall
• Enumerate Firewall Access Control List using Nmap
• Scan the Firewall for Vulnerabilities
• Trying to Bypass the Firewall Using Various Techniques
• Assessing IDS Security Implementation
• Common Techniques Used to Evade IDS Systems
• Test for Resource Exhaustion
• Test the IDS by Using Various Techniques
• Assessing Security of Routers
• Need for Router Testing
• Identify the Router Operating System and its Version
• Identify Protocols Running
• Try to Gain Access to the Router
• Test for IP Spoofing
• Router

Module 8: Web Application Penetration Testing

• Web Application Penetration Testing
• Web Application Security Frame
• Security Frame vs. Vulnerabilities vs. Attacks
• Website Footprinting
• Web Enumeration
• Discover Web Application Default Content
• Discover Web Application Hidden Content
• Conduct Web Vulnerability Scanning
• Test for SQL Injection Vulnerabilities
• Test for XSS Vulnerabilities
• Test for Parameter Tampering
• Test for Weak Cryptography Vulnerabilities
• Tests for Security Misconfiguration Vulnerabilities
• Test for Client-Side Attack
• Tests for Broken Authentication and Authorisation Vulnerabilities
• Tests for Broken Session Management Vulnerabilities
• Test for Web Services Security
• Test for Business Logic Flaws
• Test for Web Server Vulnerabilities
• Test for Thick Clients Vulnerabilities

Module 9: Wireless Penetration Testing

• Wireless Penetration Testing
• Wireless Local Area Network (WLAN) Penetration Testing
• Discovering the Wireless Networks
• Detect Wireless Connections
• Use a Wireless Honeypot to Discover Vulnerable Wireless Clients
• Performing a Denial-of-Service Attack
• Attempt Rapid Traffic Generation
• Attempt Single-packet Decryption
• Perform an ARP Poisoning Attack
• Crack WPA-PSK Keys
• Crack WPA/WPA2 Enterprise Mode
• Check for MAC Filtering
• Spoof the MAC Address
• Create a Direct Connection to the Wireless Access Point
• Introduction to RFID Penetration Testing
• Perform Reverse Engineering
• Perform Power Analysis Attack
• Perform Eavesdropping
• Perform an MITM Attack
• Perform a DoS Attack
• Perform RFID Cloning/Spoofing
• Perform an RFID Replay Attack
• Perform a Virus Attack
• Oscilloscopes
• RFID Antennas
• RFID Readers
• Introduction to NFC Penetration Testing
• Perform a Data Modification Attack
• Perform Data Corruption Attack
• Perform a MITM Attack
• Document the Result

Module 10: IoT Penetration Testing

• IoT
• Popular IoT Hacks
• IoT Challenges
• IoT Penetration Testing
• Abstract IoT Testing Methodology
• Attack Surface Mapping
• IoT Architecture
• Typical IoT Vulnerabilities
• Steps to Analysing the IoT Hardware
• Firmware Architecture
• Sample Firmware Analysis Process
• Binwalk to Extract the File System
• Exploring the File System
• Firmware Emulation

Module 11: OT/SCADA Penetration Testing

• IT vs OT System Architecture
• ICS/SCADA Protocols
• Modbus
• ICS and SCADA Pen Testing
• Attack Monitoring
• Testing Environment
• Penetration Testing Actions
• Host Attack Types
• Network Attack Types
• Ports of SCADA
• Attack Modifications
• OT Testing Tools
• BACnet
• Commercial SCADA Fuzzing Tool
• Danger of Port Scanning
• Types of Vulnerability Scans
• Device Separation
• ICS Cyber Test Impact

Module 12: Cloud Penetration Testing

• Cloud Computing Security and Concerns
• Security Risks Involved in Cloud Computing
• Role of Penetration Testing in Cloud Computing
• Scope of Cloud Pen Testing
• Shared Responsibilities in Cloud
• Penetration Testing Process
• Identifying the Type of Cloud to be Tested
• Identifying Tools for Penetration Testing
• Perform Cloud Reconnaissance
• Perform a Detailed Vulnerability Assessment
• AWS Specific Penetration Testing
• Attempt to Identify S3 Buckets
• Azure Specific Penetration Testing
• Google Cloud Platform Specific Penetration Testing
• Google Cloud’s Provision for Penetration Testing

Module 13: Binary Analysis and Exploitation

• Binary Coding
• Machine Instructions
• Sample Stack Frame
• C program memory
• Analysing Binaries
• Registers
• Important IA-32 Instructions for Pen Testing
• Executable and Linkable Format
• Advanced Binary Analysis
• Obfuscation Challenges
• Binary Instrumentation
• IA-64
• Binary Analysis Methodology
• Sample Program
• Sample x86 C Program
• Shellcode
• ASLR
• Return-to-libc vulnerability
• Defeating the No-execute Stack
• 64-bit Fundamentals
• Attack using ROP

Module 14: Report Writing and Post Testing Actions

• Goal of the Penetration Testing Report
• Penetration Testing Deliverables
• Report Formats
• Types of Pen Test Reports
• Characteristics of a Good Pen Testing Report
• Phases of Report Development
• Sample Pen Testing Report Format
• Report Components
• Penetration Testing Report Analysis
• Sections of the Penetration Testing Report
• Pen Test Team Meeting
• Research Analysis
• Prioritise Recommendations
• Delivering Penetration Testing Report
• Letter of Attestation
• Cleanup and Restoration
• Report Retention
• Sign-off Document
• Post