|
This course provides IT security training. The CPTS security training videos presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. The CPTS security training videos go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now. The course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets. Price: The cost of this course is $695. You receive14 CD-ROMs featuring live instructor-led classroom sessions with full audio, video and demonstration components.
|
| Meet
The Instructors:
|
Jason Radar Jason Radar has a vast amount of experience that spans many various areas of security. He first became interested in security in his adolescence through an inspired interest in hacking and computer networks. He ultimately turned this into a career as he is now hired by very large companies to consult in the area of security. He provides them with policies and helps them implement the best security solution to protect them from hackers. |
|
Wayne Burke Wayne Burke initially started his career as a hardware engineer, where he diagnosed many complex problems. He later proceeded to expand his knowledge and acquired a computer science degree. After a few years in the field he began to focus his energies on the software side of IT. He has worked with virtually all the OS/Networking combinations which put him in a good position to become the security expert he is today. Ultimately all these experiences have help build his vast knowledge base. |
|
Module 1 - Business and Technical Logistics for Pen Testing
Definition of a Penetration Test
The Evolving Threat Security Vulnerability Life Cycle Exploit Timeline What You May Not Have Known… Zombie Statistics Demo: Zombie Statistics Zombie Definition Botnet Definition Defense in Depth Types of Penetration Testing Pen Test Methodology Hacker vs. Penetration Tester Methodology for Penetration Testing / Ethical Hacking Tools vs. Technique Penetration Testing Methodologies Demo: Resouces on Penetration Methodologies Demo: FFIEC OSSTMM - Open Source Security Testing Methodologies Website Review Demo: Cybercrime and Computer World Websites Website Review Demo: SC Magazine Module 1 - Lab Case Study and Lab Module 1 Review
Module 2 - Reconnaissance: Information Gathering
What Information is Gathered by the Hacker
Methods of Obtaining Information Physical Access Demo: Bump Key Technique Social Access Demo: Social Engineering with Kevin Rose Digital Access Passive vs. Active Reconnaissance Footprinting Defined Footprinting Tool: Kartoo Website Footprinting tools Google and Query Operators Google (cont.) Johnny.Ihackstuff.com Site Digger 2.0 Internet Archive: The WayBack Machine Domain Name Registration WHOIS WHOIS Output DNS Databases Using Nslookup Dig for Unix / Linux Traceroute Operation Traceroute (cont.) EDGAR For USA Company Info Company House For British Company Info People Search Tool Google Earth Intelius info and Background Check Tool Web Server Info Tool: Netcraft Countermeasure: Domainsbyproxy.com Footprinting Countermeasures Case Study and Lab Module 2 Review
Module 3 - Linux Fundamentals
Linux History – Linus + Minix = Linux
The GNU Operating System Linux Introduction Linux GUI Desktops Linux Shell Linux Bash Shell Recommended Linux Book Password & Shadow File FormatsUser Account Management Instructor Demonstration Changing a user account password Demo: BackTrack Configuring Network Interfaces with Linux Demo: Setting up a Network Interface Mounting Drives with Linux Demo: Mounting a Drive Tarballs and Zips Compiling Programs in Linux Demo: Compile and Run an Application Typical Linux Operating System’s Gentoo = Simple Software Install Portal Demo: Operating System's Demo: VLOS Why Use Live Linux Boot CD’s Security Live Linux CD’s FrozenTech’s Complete Distro List Most Popular: BackTrack Demo: Troubleshooting BackTrack My Slax Creator Slax Modules (Software Packages) Module 3 - Lab Case Study and Lab Module 3 Review
Module 4 - Reconnaissance: Detecting Live Systems
Introduction to Port Scanning
Port Scan Tips Ping Demo: Packetyzer The TCP/IP stack Which services use which ports? TCP 3-Way Handshake Demo: Creating Custom Packets TCP Flags Vanilla (TCP Connect Port Scan) NMAP TCP Connect Scan Demo: NMAP NMAP Half-open Scan Tool Practice : TCP half-open & Ping Scan Firewalled Ports NMAP Service Version Detection UDP Port Scan Popular Port Scanning Tools Tool: Superscan Tool: LookatLan Tool: Hping2 – BackTrack Distro Tool Practice: Hping2 Demo: Look@Lan Demo: Hping2 Tool: Auto Scan Demo: Auto Scan Advanced Port Scanning / Packet Crafting OS Fingerprinting OS Fingerprinting: Xprobe2 – Auditor Distro What Is Fuzzy Logic? Tool: P0f – Passive OS Finger Printing Utility Tool Practice: Amap Packet Crafting Demo: OS Finger Printing Tool Fragrouter: Fragmenting Probe Packets Countermeasures: Scanning Scanning Tools Summary Module 4 - Lab Case Study and Lab Module 4 Review
Module 5 - Reconnaissance: Enumeration
Web Server Banners
Practice: Banner Grabbing with Telnet Web Server Banners (cont.) SMTP Server Banner Demo: Server Banners Demo: Sam Spade Demo: Netcat DNS Enumeration Zone Transfers from Windows 2000 DNS Demo: DNS Enumeration Countermeasure: DNS Zone Transfers SNMP Insecurity SNMP Enumeration SNMP Enumeration Countermeasures Demo: SNMP Techniques Active Directory Enumeration AD Enumeration countermeasures Null sessions Syntax for a Null Session Viewing Shares Demo: Null Session Tool: DumpSec Tool: USE42 Tool: Enumeration with Cain and Abel Null Session Countermeasures Enumeration Tools Summary Module 5 - Lab Case Study and Lab Module 5 Review
Module 6 - Cryptography: Decrypting the Cipher
Introduction
Demo: CrypTool Encryption Implementation Symmetric Encryption Symmetric Algorithms Crack Times Asymmetric Encryption Key Exchange Key Exchange Demo Hashing Demo: Hashing Hash Collisions Common Hash Algorithms Hybrid Encryption Digital Signatures SSL Hybrid Encryption IPSec Demo: IPSec IPSec Public Key Infrastructure PKI-Enabled Applications Attack Vectors Module 6 - Lab Case Study and Lab Module 6 Review
Module 7 - Vulnerability Assessments
Assessment Intro
Technical Cyber Security Alerts Demo: Cert.org Open Source Assessments Tools Tool: Nessus Open Source Nessus Plugins Scanning the Network Demo: Whax Demo: Core Security Tool: X-Scan Commercial vulnerability Scanners Tool: Retina Tool: NewT Tool: LANguard Analyzing the Scan Results Demo: LANguard Tool: Core Impact Microsoft Baseline Analyzer Demo: Nessus 3 MBSA Scan Report Demo: Baseline Security Analyzer Patch Management Patching with LANguard Network Security Scanner Case Study and Lab Module 7 Review |
Module 8 - Windows Hacking: Staying Ahead of the Hacker
Keystroke Loggers
Password Cracking Demo: Password Cracking Rainbow Table Authentication Procedure Password Sniffing Privilege Escalation Password Hash Insertion Demo: PWRESET2 Demo: Booting from BackTrack Countermeasures More Countermeasures Multi-Factor Authentication Smart Cards Evading The Event Logs Disable Auditing Clearing the Event Log Alternate Data Streams Demo: Alternate Data Streams Steganography – In Clear Sight Demo: Methods to hide Data RootKits Demo: Rootkits RootKit Detection Case Study and Lab Module 8 Review
Module 9 - Advanced Exploit Techniques
How Do Exploits Work?
Memory Organization Buffer OverFlows Heap Overflows Stages Of Exploit Development Prevention Demo: Stack Function TCP/IP OSI Exploits The Metasploit Project The Alien Shore The Metasploit Project Demo: The Metasploit Project Core Impact Overview Core Impact Demo: Core Impact Case Study and Lab Module 9 Review
Module 10 - Malware: Software Goes Undercover
Defining Malware: Trojans and backdoors
Defining Malware: Virus & Worms Defining Malware: Spyware Malware Distribution Methods Hacker Uses of Malware Malware Privilege Level Autostart Methods Countermeasure: Monitoring Autostart Methods Tool: Netcat Netcat Switches Demo: Netcat Remote Access Trojan Components Executable Wrappers Benign EXEs Historically Wrapped With Trojans Demo: Executable Wrappers Tool: Restorator Tool: Exe Icon The Infectious CD-ROM Technique Advanced Trojans: Beast Advanced Trojans: Avoiding Detection Overview of Malware Countermeasures CM Tool: Anti-Spyware Software CM Tool: Anti-Trojan Scanners Malware Reference: www.Glocksoft.com CM Tool: Port Monitoring Software CM Tool: File Protection Software CM Tool: Windows File Protection CM Tool: Windows Software Restriction Policies CM Tool: Hardware-based Malware Detectors Countermeasure: User Education Module 10 Review
Module 11 - Attacking Wireless Networks: Securing the Air
Wi-Fi Network Types Widely Deployed Standard’s
A vs B vs G 802.11n - MIMO SSID (Service Set Identity) MAC Filtering Wired Equivalent Privacy Weak IV Packets XOR - Basics WEP Weaknesses TKIP How WPA improves on WEP The WPA MIC Vulnerability 802.11i - WPA2 WPA and WPA2 Mode Types WPA-PSK Encryption Tool: NetStumbler Demo:NetStumbler Tool: Kismet Analysis Tool: AiroPeek Tool: Aircrack DOS: Deauth/disassociate attack DoS: VOID 11 Tool: Aireplay ARP Injection (Failure) ARP Injection (Success) 802.1X: EAP Types EAP Advantages/Disadvantages Typical Wired/Wireless Network Module 11 Review
Module 12 - Networks, Sniffing and IDS: Intercept and Redirect!
Packet Sniffers
Example Packet Sniffers Tool: Pcap & WinPcap Tool: Wireshark (Ethereal) TCP Stream Re-assembling Tool: Packetyzer tcpdump & windump Tool: OmniPeek Demo: Wireshark Analyzer Sniffer Detection Passive Sniffing Demo: Passive Sniffing Active Sniffing Active Sniffing Methods Switch Table Flooding ARP Cache Poisoning ARP Normal Operation ARP Cache Poisoning Technique: ARP Cache Poisoning (Linux) Countermeasures Tool: Cain and Abel Demo: Cain and Abel Ettercap Linux Tool Set:Dsniff Suite Dsniff Operation MailSnarf, MsgSnarf, FileSnarf What is DNS spoofing? Demo: DNS spoofing Tools: DNS Spoofing Breaking SSL Traffic Tool: Breaking SSL Traffic Tool: Cain and Abel Demo:Cain and Abel Voice over IP (VoIP) Intercepting VoIP Intercepting RDP Cracking RDP Encryption Demo: Wireless Phone Routing Manipulation Methods Countermeasures for Sniffing Firewalls, IDS and IPS Firewall – First line of defense IDS – Second line of defense Evading The Firewall and IDS Evasive Techniques Firewall – Normal Operation Evasive Technique -Example Demo: Engage Packet Builder Evading With Encrypted Tunnels Demo: Tunnel Configuration ‘New Age’ Protection SpySnare - Spyware Prevention System (SPS) Intrusion ‘SecureHost’ Overview Intrusion Prevention Overview Secure Surfing or Hacking ???? Case Study and Lab Module 12 Review
Module 13 - Injecting the Database
Injecting the Database
Overview of Database Server Types of databases Overview of Database Server Relational Databases Overview of Database Server Vulnerabilities and Common Attacks SQL Injection Why SQL “Injection”? SQL Connection Properties SQL Injection: Enumeration SQL Extended Stored Procedures Demo: SQL Injection Shutting Down SQL Server Direct Attacks Attacking Database Servers Obtaining Sensitive Information Hacking Tool: SQL Ping2 Hacking Tool: osql.exe Hacking Tool: Query Analyzers Hacking Tool: SQLExec Hacking Tool: Metasploit Hardening Databases >Module 13 - Case Study and Lab Module 13 Review
Module 14 - Attacking Web Technologies
Common Security Threats
The Need for Monitoring Seven Management Errors Progression of The Professional Hacker The Anatomy of a Web Application Attack Demo: The Anatomy of a Web Application Attack Attacks against IIS ISAPI DLL Source disclosures ISAPI.DLL Exploit IIS Directory Traversal Unicode IIS Logs Protection against Buffer Overflows Assessment Tool: Stealth HTTP Scanner Common Web Application Vulnerabilities Components of a generic web application system URL mappings to the web application system Web Application Penetration Methodologies Tool: Paros Proxy Tool: Burp Proxy Tool: Lynx Tools: Black Widow And WGET What is Cross Side Scripting (XSS)? XSS Countermeasures Authentication Tool: Brutus Dictionary Maker Query String Cookies OWASP Top Ten Web Vulnerabilities Module 14 - Lab Case Study and Lab Module 14 Review |
