Security Training

Introduction | Certification | Courses & Dates

Vulnerability Assessment & Penetration Testing (VAPT)

A 5 day intensive hands on course introducing the student to all the major components of a penetration test.  The course has been written by a penetration tester and courseware developer with real world experience in an industry leading information security organisation.  The course has been focused on how to do the job, but also prepares the student to work towards the following certifications:

• Certified Ethical Hacker.
• OSSTMM Professional Security Tester.
• Certified Penetration Testing Specialist.

Each module is followed by hands on labs to reinforce the knowledge the student has just been introduced to.  Practical experience is what will separate a theoretical student from someone who can actually do the job!

Who should attend?

• IT professionals that want to move into the IT security field
• IT security professionals that want to increase their knowledge of penetration testing
• IT managers that manage engagements for third party penetration testing
• Developers that design and build applications that require practical knowledge about the many types of attacks pitted against their applications

Course prerequisites:

• Thorough understanding of Windows operating systems
• Solid understanding of networking protocols – TCP, UDP, IP etc
• Some exposure to Linux/Unix operating systems (not essential)
• Knowledge of networked devices is recommended (routers, switches, hubs etc)
• Any exposure to IT security is advantageous

Course outline:
The course is broken down into modules that closely reflect the phases of a penetration test.

Module 1:       Introduction
Most courses focus on the tools and techniques alone, this is not enough to be able to perform professional penetration testing.  This module introduces the student to the legal aspects of testing, scoping a project and writing proposals.

Module 2:       Footprinting
This module is primarily a non-intrusive information gathering process where the tester will attempt to gather as much data about the target network as possible.  This can be obtained from online information sources such as Domain registration, DNS servers and using online search engines.

Module 3:       Discovery and Probing
This is the bread and butter of a professional penetration test.  Work carefully completed at this phase pays dividends later.  It is focused on scanning and service identification – port scanning, banner grabbing etc.

Module 4:       Enumeration
Enumeration is about obtaining information from a computer system without having to authenticate against it.  This can be performed directly to Windows based services or through Active Directory/Domain architectures.  It also includes other areas such as email servers, Unix enumeration etc.

Module 5:       Vulnerability Assessments
Automated vulnerability assessment tools are very useful as part of a penetration testers toolkit, but they are sometimes unreliable and produce too many false positives.  As an addition to this, the course  teaches the student some manual techniques to verify the existence of known weaknesses.

Module 6:       Cryptography
A good understanding of cryptographic systems is invaluable to a security professional, especially if they have to make risk assessments on the use of different protocols and algorithms.  In this module, the student will learn how to break low level encryption.

Module 7:       Penetration
This phase not only concentrates on the tools and code used to exploit systems, but on the background theory behind them.  This understanding will separate the script kiddie from the professional.

Module 8:       Backdoors
As a penetration tester, your primary concern is the security of your client’s network.  With this in mind you cannot use Trojans to maintain a connection; you have to use safe and clean backdoor programs.  This module teaches the student how to do this and how to keep it safe as well as covering the basics of Trojans.

Module 9:       Passwords
After gaining control and creating a backdoor for repeated access, what comes next?  In continuation of the steps of a penetration test, this module will educate the student on system account insecurities inherent with different operating systems and how to extract and crack passwords.

Module 10: Cisco Routers
The network devices of any target are mostly overlooked by testers, yet the exploitation and control of network routers and switches can offer the ‘keys to the kingdom’.  This module explains and demonstrates the weaknesses that common Cisco routers tend to have either through vulnerabilities in the IOS or through poor configuration.

Module 11:    Wireless Networks
Wireless networks are widespread and inherently insecure.  Even with the industry best practises of WEP or WPA encryption, access can be obtained within minutes.  The student will learn the tools and techniques involved with compromising wireless security mechanisms to further their attack.

Module 12:    Traffic Analysis
Computers use shared communication channels; this means that one computer can receive data that was not addressed to it.  This module will teach the student how to safely manipulate the flow of traffic on a network so that they can intercept and analyse it for security weaknesses, this includes intercepting SMB, FTP, Telnet, RDP, VoIP traffic.

Module 13:    Web Applications
Web applications are becoming the standard for client/server communications over the Internet and are the flagship for any organisation.  Unfortunately, because of the complexity of these systems they are generally the easiest point of entry into a network.  This module is an introduction to web application security where the student will use a bespoke web application to learn how to identify and exploit weaknesses.

Module 14:    Database Systems
Databases are built for speed and reliability, with security normally being ‘bolted on’ at the latter stages of development.  This module introduces the student to different database systems and the methods to exploit them including direct access and SQL injection.

Module 15:    Reporting
This is where most ‘Ethical Hacking’ courses stop, but this is the point where the penetration tester earns their salary.  The report is the deliverable for any engagement; it is what the client is paying for!  All data that has been collected during the course is now used to compile a report to industry standards.  This experience is invaluable to any prospective penetration tester.

General Notes:
All delegates must be in full-time employment and will be required to provide proof of identity and proof of sponsorship for attending the course. All delegates will be required to formally sign off a legal document to ensure that the techniques learnt within the programme will not be used for malicious activity.

External Links: DNS

Top