C)PTC: Certified Penetration Testing Consultant
Target group
- IS Security Officers
- Cybersecurity Managers/Administrators
- Penetration Testers
- Ethical Hackers
- Auditors
Description
The Certified Penetration Testing Consultant, C)PTC , course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific penetration testing and techniques used against operating systems. This course will teach you the necessary skills to work with a penetration testing team, the exploitation process, and how to create a buffer overflow against programs running on Windows and Linux while subverting features such as DEP and ASLR.
Program
- Duration : 5 days
Module 1 – Pentesting Team Foundation
- Project Management
- Pentesting Metrics
- Team Roles, Responsibilities and Benefits
Lab Exercise – Skills Assessment
Module 2 – NMAP Automation
- NMAP Basics
- NMAP Automation
- NMAP Report Documentation
Lab Exercise – Automation Breakdown
Module 3 – Exploitation Processes
- Purpose
- Countermeasures
- Evasion
- Precision Strike
- Customized Exploitation
- Tailored Exploits
- Zero Day Angle
- Example Avenues of Attack
- Overall Objective of Exploitation
Module 4 – Fuzzing with Spike
- Vulnserver
- Spike Fuzzing Setup
- Fuzzing a TCP Application
- Custom Fuzzing Script
Lab Exercise – Fuzzing with Spike
Module 5 – Privilege Escalation
- Exploit-DB
- Immunity Debugger
- Python
- Shellcode
Lab Exercise – Let’s Crash and Callback
Module 6 – Stack Based Windows Buffer Overflow
- Debugger
- Vulnerability Research
- Control EIP, Control the Crash
- JMP ESP Instruction
- Finding the Offset
- Code Execution and Shellcode
- Does the Exploit Work? Lab Exercise – MiniShare for the Win
Module 7 – Web Application Security and Exploitation
- Web Applications
- OWASP Top 10 – 2017
- Zap
- Scapy
Module 8 – Linux Stack Smashing
- Exploiting the Stack on Linux
Lab Exercise – Stack Overflow. Did we get root?
Module 9 – Linux Address Space Layout Randomization
- Stack Smashing to the Extreme
Lab Exercise – Defeat Me and Lookout ASLR
Module 10 – Windows Exploit Protection
- Introduction to Windows Exploit Protection
- Structured Exception Handling
- Data Execution Prevention (DEP)
- SafeSEH/SEHOP
Module 11 – Getting Around SEH and ASLR (Windows)
- Vulnerable Server Setup
- Time to Test it Out
- “Vulnserver” meets Immunity
VulnServer Demo Lab Exercise – Time to overwrite SEH and ASLR
Module 12 – Penetration Testing Report Writing
- Lab 1 – Skills Assessment
- Lab 2 – Automation Breakdown
- Lab 3 – Fuzzing with Spike
- Lab 4 – Let’s Crash and Callback
- Lab 5 – MiniShare for the Win
- Lab 6 – Stack Overflow: Did we get root?
- Lab 7 – Defeat Me and Lookout ASLR
- Lab 8 – Time to Overwrite SHE and ASLR
Goal
Upon completion, the Certified Penetration Testing Consultant, C)PTC, candidate will have solid knowledge of testing and reporting proceedures which will prepare them for upper management roles within a cybersecurity system. They will be able to competently take the C)PTC exam.
Prerequisites
- Mile2 C)PEH and C)PTE or equivalent knowledge
- 2 years of experience in Networking Technologies
- Sound Knowledge of TCP/IP
- Computer Hardware Knowledge
- Language : Anglais
- Level : Level 400
- Certification body : Mile2
- Certification: Yes
- Accessibility : Yes
- Duration: 5 days