CertifiedPenetrationTestingSpecialist(CPTS)withCEHBacktrack

CourseNumber:CPTSCEH Length: 5Day(s)

CertificationExam

Thiscoursewillhelpyouprepareforthefollowingexam:

Exam31250:CertifiedEthicalHacker

CourseOverview

Thiscourseenhancesthebusinessskillsneededtoidentifyprotection opportunities,justify testingactivitiesandoptimizesecuritycontrolsappropriatetothebusinessneedsinorderto reducebusinessrisk.Itsfocusisdevelopedbasedonprinciplesandmethodsusedbymalicious hackers,butitsfocusisprofessionalpenetrationtestingandsecuringinformationassets.

Prerequisites

Studentsattendingthiscourseshouldhave:

Aminimumof12monthsexperienceinnetworkingtechnologies SoundknowledgeofTCP/IP Computerhardwareknowledge KnowledgeofMicrosoftpackages Network+,Security+ KnowledgeofLinuxwouldbebeneficialbutnotessential

Audience

ThiscourseisgearedtowardsexperiencedITandSecurityprofessionals.
CourseOutline

Module1 BusinessandTechnicalLogisticsforPenTesting BusinessandTechnicalLogisticsforPenTesting DefinitionofaPenetrationTest BenefitsofaPenetrationTest IDTheftStatistics Demo IDtheftcenterwebsite VAlosesanother48,000records TKMaxxhitbytheftof46mcreditcards DemoSecurityFocusWebsite TheEvolvingThreat DemoANIZeroDay

SecurityVulnerabilityLifeCycle ExploitTimeline ZombieStatistics ZombieDefinition BotnetDefinition TypesofPenetrationTesting MethodologyforPenetrationTesting/EthicalHacking Hackervs.PenetrationTester NotJustTools DemoOSSTMMMethodology DemoNISTMethodology DemoFFIECISSAFMethodology PenetrationTestingMethodologies OSSTMMOpenSourceSecurityTestingMethodologies DemoWebSite WebsiteReview Tool:SecurityNOW!SX DemoCioviewSecuirtyNowSXTool Lab Overview Lab Exercise1 Lab Exercise2 Lab Exercise3 Module1Review Module2 InformationGatheringReconnaissance1:Passive InformationGatheringReconnaissance1:Passive WhatInformationisGatheredbytheHacker MethodsofObtainingInformation PhysicalAccess DemoBumpKey SocialAccess DigitalAccess Passivevs.ActiveReconnaissance FootprintingDefined FootprintingTool:KartooWebsite DemoKartooSearchEngine Footprintingtools GoogleandQueryOperators DemoGoogleHacking Johnny.Ihackstuff.com Aura:GoogleAPIUtilityTool Myspace.com Facebook.com IdentityTheftandMySpace Blogs,Forums&Newsgroups InternetArchive:TheWayBackMachine DemoWayBackMachine

DomainNameRegistration WHOIS WHOISOutput DemoSearchingForInformation DNSDatabases UsingNslookup DigforUnix/Linux TracerouteOperation VisualMapping Answers.com EDGARForUSACompanyInfo CompanyHouseForBritishCompanyInfo Demo Informationdiscovery Fboweb.com InteliusinfoandBackgroundCheckTool WebServerInfoTool:Netcraft Countermeasure:Domainsbyproxy.com FootprintingCountermeasures Lab Exercise1 Module2Review Module3 LinuxFundamentals LinuxFundamentals LinuxHistory Linus+Minix=Linux TheGNUOperatingSystem LinuxIntroduction LinuxGUIDesktops DemoLinuxGUIDesktops LinuxShell DemoLinuxShell LinuxBashShell RecommendedLinuxBook Password&ShadowFileFormats UserAccountManagement DemoUserAccountFiles Changingauseraccountpassword DemoCreatingUserAccounts ConfiguringNetworkInterfaceswithLinux Demoifconfigusage MountingDriveswithLinux DemoMountingDrives TarballsandZips CompilingProgramsinLinux DemoCompilingprogramsusinggcc TypicalLinuxOperatingSystems Gentoo=SimpleSoftwareInstallPortal Gentoo

DemoGentooOverview VLOS WhyUseLiveLinuxBootCDs SecurityLiveLinuxCDs FrozenTechsCompleteDistroList MostPopular:BackTrack forums.remoteexploit.org MySlaxCreator SlaxModules(SoftwarePackages) Lab InstallingBackTrackintoaVM Lab UpdatingBackTrackFiles Lab BackTrackServices Module3Review Module4 DetectingLiveSystemsReconnaissance2:Active DetectingLiveSystemsReconnaissance2:Active IntroductiontoPortScanning PortScanTips ExpectedResults Tools:OrganizingResults Leometatexteditor DemoMethodstologyourresults FreeMind:Mindmapping Method:Ping StealthOnlinePing DemoPortscanningknowyourtools NMAP:IstheHostOnline TheTCP/IPstack RecommendedVideo:ItsShowtime DemoRecommendedVideoandNMAPBasicOnlineTest Whichservicesusewhichports? TCP3WayHandshake TCPFlags Demo ToolEngagePacketBuilder Vanilla(TCPConnectPortScan) NMAPTCPConnectScan DemoNMAPTCPConnectScan DemoNMAPSYNScan HalfopenScan ToolPractice:TCPhalfopen&PingScan FirewalledPorts NMAPServiceVersionDetection DemoNMAPsVScanandexportresults SavingNMAPresults Outputresults UDPPortScan AdvancedTechnique

PopularPortScanningTools Tool:Superscan Tool:LookatLan DemoLookatLanTool Tool:Hping2 DemoHping2Tool Tool:AutoScan DemoAutoScanTool AdvancedPortScanning/PacketCrafting OSFingerprinting DemoOSFingerprintingwithNMAP OSFingerprinting:Xprobe2 DemoOSFingerprintingwithXprobeAMAPP0F Xprobe2Options WhatIsFuzzyLogic? Tool:P0f PassiveOSFingerPrintingUtility ToolPractice:Amap PacketCrafting ToolFragrouter:FragmentingProbePackets Countermeasures:Scanning ScanningToolsSummary Lab Exercise1 Lab Exercise2 Lab Exercise3 Module4Review Module5 EnumerationReconnaissance3:Active Enumeration Reconnaissance3:Active MethodologyRecap WebServerBanners DemoWebServerBannerGrabbingwithTelnet Practice:BannerGrabbingwithTelnet DemoWindows2003andSMTPBannerGrabbingwithTelnet SamSpadeTool:BannerGrabbing SuperScan4Tool:BannerGrabbing SMTPServerBanner DemoDNSZoneTransferusingnslookup DNSEnumeration ZoneTransfersfromWindows2000DNS Countermeasure:DNSZoneTransfers SNMPInsecurity SNMPEnumeration DemoSNMPenumerationusingWindowsandLinux SNMPEnumerationCountermeasures ActiveDirectoryEnumeration ADEnumerationcountermeasures Nullsessions

SyntaxforaNullSession ViewingShares Tool:DumpSec Tool:USE42 Tool:EnumerationwithCainandAbel DemoNullSessionsandtoolusage NATDictionaryAttackTool DemoNullSessionsandNAT InjectingAbelService Demo InjectingAbel NullSessionCountermeasures EnumerationToolsSummary Lab Exercise1 Module5Review Module6 CryptographyDecrypted CryptographyDecrypted Introduction Encryption EncryptionAlgorithm Implementation SymmetricEncryption SymmetricAlgorithms DemoCryptool CrackTimes AsymmetricEncryption KeyExchange Hashing HashCollisions CommonHashAlgorithms DemoHashingTools HybridEncryption DigitalSignatures DemoDigitalSignaturewithCryptool SSLHybridEncryption IPSec DemoIPSEC TransportLayerSecurity SSH PublicKeyInfrastructure PKIEnabledApplications QuantumCryptography HardwareEncryption:DESlock DemoHardwareEncryption AttackVectors Lab Exercise1 Module6Review Module7 VulnerabilityAssessments

VulnerabilityAssessments VulnerabilityAssessmentIntro TestingOverview StayingAbreast:SecurityAlerts DemoKeepinguptodatewithWebsites VulnerabilityScanners QualysGuard Tool:NessusOpenSource NessusClientInterface NessusReport Tool:Retina VideoRecommendation NessusforWindows Tool:LANguard DemoNessusonWindowsXP AnalyzingtheScanResults MicrosoftBaselineAnalyzer MBSAScanReport Dealingwiththeassessmentresults PatchManagement Lab Exercise1 Lab Exercise2 Module7Review Module8 Malware,Trojan's&BackDoors Malware,Trojan's&BackDoors DefiningMalware:TrojansandBackdoors DefiningMalware:Virus&Worms DefiningMalware:Spyware CompanySurveillanceSoftware DistributingMalware MalwareCapabilities AutostartingMalware Countermeasure:MonitoringAutostartMethods Tool:Netcat NetcatSwitches Demo Exploitingandspawningaremotecmdwithnetcat ExecutableWrappers DemoCreatinguploadpackageswithelitewrap BenignEXEsHistoricallyWrappedwithTrojans Tool:Restorator Tool:ExeIcon TheInfectiousCDRomTechnique Trojan:Backdoor.Zombam.B Trojan:JPEGGDI+AllinOneRemoteExploit AdvancedTrojans:AvoidingDetection TypicalWired/WirelessNetwork

MalwareCountermeasures DemoGargoyle SpySweeperEnterprise MalwareReference:Glocksoft.com CMTool:PortMonitoringSoftware CMTools:FileProtectionSoftware CMTool:WindowsFileProtection CMTool:WindowsSoftwareRestrictionPolicies CMTool:HardwarebasedMalwareDetectors Countermeasure:UserEducation Lab Exercise1 Module8Review Module9 WindowsHacking WindowsHacking TypesofPasswordAttacks DemoVideoSurveillanceSunglasses KeystrokeLoggers DemoKeystrokeloggers PasswordGuessing Demo Tsgrindertutorial PasswordCrackingLM/NTLMHashes LMHashEncryption NTHashGeneration SyskeyEncryption DemoRainbowTables,CainandAbel Salting CrackingTechniques PrecomputationDetail CainandAbelsCrackingMethods FreeRainbowTables NTPASSWD:HashInsertionAttack PasswordSniffing WindowsAuthenticationProtocols HackingTool:Kerbsniff&KerbCrack Countermeasure:MonitoringEventViewerLog HardDiskSecurity FreeHDEncryptionSoftware Tokens&SmartCards SmartCards CoveringTracksOverview DisablingAuditing ClearingandEventlog HidingFileswithNTFSAlternateDataStream DemoAlternateDataStreams NTFSStreamscountermeasures StreamExplorer

WhatisSteganography DemoSteganographytools SteganographyTools SheddingFilesLeftBehind LeavingNoLocalTrace MoreAnonymousSoftware DemoAnonymizertools DemoJanusVMAppliance StealthSurferIIPrivacyStick Tor:AnonymousInternetAccess HowTorWorks EncryptedTunnelNotes: HackingTool:RootKit WindowsRootKitCountermeasures Lab Exercise1 Lab Exercise2 Lab Exercise3 Lab Exercise4 Lab Exercise5 Lab Exercise6 Module9Review Module10 AdvancedExploitTechniques AdvancedExploitTechniques HowDoExploitsWork? MemoryOrganization BufferOverFlows DemoBufferOverflow StagesOfExploitDevelopment Prevention TheMetasploitProject CoreImpactOverview DemoFuzzersinaction Lab Exercise1 Lab Exercise2 Lab Exercise3 Lab Exercise4 Module10Review Module11 AttackingWirelessNetworks AttackingWirelessNetworks WiFiNetworkTypes WidelyDeployedStandards AvsBvsG 802.11n MIMO SSID(ServiceSetIdentity) MACFiltering WiredEquivalentPrivacy

WeakIVPackets XORBasics WEPWeaknesses TKIP HowWPAimprovesonWEP TheWPAMICVulnerability 802.11i WPA2 WPAandWPA2ModeTypes WPAPSKEncryption Tool:NetStumbler DemoUsingNetStumbler WarDrivingWithKNSGEM DemoWarDrivingMapping Tool:Kismet DemoKismetUsage AnalysisTool:OmniPeekPersonal DemoOmniPeekPersonalCapturing DOS:Deauth/disassociateattack WhatisAircrackng? DemoLinuxWirelessCommands Tool:Airodumpng Tool:Aireplayng Tool:Aircrackng ARPInjection(Failure) 802.1X:EAPTypes EAPAdvantages/Disadvantages TypicalWired/WirelessNetwork EAP/TLSDeployment Lab Exercise1 Module11Review Module12 Networks,SniffingandIDS Networks,SniffingandIDS PacketSniffers ExamplePacketSniffers Tool:Pcap&WinPcap Tool:Wireshark(Ethereal) TCPStreamReassembling Tool:Packetyzer tcpdump& windump Tool:OmniPeek DemoNetworkSniffers Demo TCPDumpPacketSniffer SnifferDetectionusingCain&Abel DemoDsniffandARPCachePoisoning PassiveSniffing ActiveSniffing

ActiveSniffingMethods SwitchTableFlooding ARPCachePoisoning ARPNormalOperation ARPCachePoisoning(Cont.) Technique:ARPCachePoisoning(Linux) Countermeasures Tool:CainandAbel DemoCain&AbelARPCachePoisoning Ettercap LinuxToolSet:DsniffSuite DsniffOperation MailSnarf,MsgSnarf,FileSnarf WhatisDNSspoofing? DemoCain&AbelDNSSpoofing Tools:DNSSpoofing BreakingSSLTraffic Tool:BreakingSSLTraffic Tool:CainandAbel(Cont..) DemoCain&AbelMITMSSLInterception VoiceoverIP(VoIP) InterceptingRDP CrackingRDPEncryption RoutingProtocolsAnalysis DemoCain&AbelVOIPInterception CountermeasuresforSniffing Firewalls,IDSandIPS Firewall Firstlineofdefense IDS Secondlineofdefense IPS Lastlineofdefense? EvadingTheFirewallandIDS EvasiveTechniques Firewall Normal Operation EvasiveTechniqueExample EvadingwithEncryptedTunnels Demo EngageCustomPacketBuilder NewAge'Protection DemoSSHTunnels SpySnareSpywarePreventionSystem(SPS) Intrusion SecureHostOverview IntrusionPreventionOverview SecureSurfingorHacking???? Module12Review Module13 InjectingtheDatabase InjectingtheDatabase OverviewofDatabaseServer

Typesofdatabases OverviewofDatabaseServerRelationalDatabases OverviewofDatabaseServer VulnerabilitiesandCommonAttacks SQLInjection WhySQLInjection?SQLConnectionProperties SQLInjection:EnumerationSQLExtendedStoredProceduresDemo:SQLInjection ShuttingDownSQLServerDirectAttacks AttackingDatabaseServers ObtainingSensitiveInformation HackingTool:SQLPing2 HackingTool:osql.exe HackingTool:QueryAnalyzers HackingTool:SQLExec HackingTool:Metasploit HardeningDatabases Module13Review Module14 AttackingWebTechnologies AttackingWebTechnologies CommonSecurityThreats TheNeedforMonitoring SevenManagementErrors ProgressionofTheProfessionalHacker TheAnatomyofaWebApplicationAttack Demo:BannerGrabbing Demo:TheAnatomyofaWebApplicationAttack WebAttackTechniques Componentsofagenericwebapplicationsystem URLmappingstothewebapplicationsystem WebApplicationPenetrationMethodologies AssessmentTool:StealthHTTPScanner HTTrackTool:Copyingthewebsiteoffline HttprintTool:WebServerSoftwareID WiktoWebAssessmentTool Tool:ParosProxy Tool:BurpProxy AttacksagainstIIS IISDirectoryTraversal Unicode IISLogs WhatisCrossSideScripting(XSS)? XSSCountermeasures Tool:Brutus DictionaryMaker QueryString Cookies

OWASPTopTenWebVulnerabilities PuttingAllThisToTheTest Lab Exercise1 Lab Exercise2 Lab Exercise3 Lab FinalExercise1 Lab FinalExercise2 Lab Summary Module14Review CourseClosure