Day 1

The first half of day one focuses on learning the job duties required of a penetration tester. You will learn the ins and outs of the various penetration testing methodologies required in order for an ethical hack to be used in a business or government setting. You will also delve deep into technical material, learning how to perform network reconnaissance against modern infrastructure.

Lectures include:

Security testing methodologies

The ethical hacking profession

Planning and scoping an engagement

Legal and compliance considerations

Ethical hacking methodologies

Tools of the trade

Linux overview

Passive intelligence gathering

Abusing DNS

Abusing SNMP

Security testing methodologies

Some of the instructor-led hands-on lab exercises:

Linux fundamentals

Passive intelligence gathering

Understanding the Domain Naming System

Enumerating DNS entries to develop a focused attack strategy

Attacking the Domain Naming System

Discovering SNMP vulnerabilities and flaws

Enumerating SNMP information

Brute forcing SNMP community strings

Capture the Flag exercises

Day 2

Having learned how to gather information about several targets, we begin day two with narrowing our attack by finding potentially vulnerable systems/services. You will master the art of network scanning and service identification, and gain a deeper understanding of how systems

communicate using the TCP and UDP protocols

Lectures include:

Understanding TCP packets and structuresPassive network discovery and scanning

TCP scanning

Using differences in RFC implementations to your advantage

Scanning through firewalls

How to prevent the discovery of your reconnaissance activities

Using zombies to mask network scanning

Avoiding IDS/IPS detection

Proper identification of services

Vulnerability identification

Some of the hands-on lab exercises include:

Packet analysis

Obtaining authentication credentials via packet capture

Network scanning

Target scanning of potentially vulnerable targets

Remaining undetected while performing a network scan

Enumerating services and identifying vulnerabilities

Capture the Flag exercises

Day 3

After gathering information about your target system, you will put all that hard work to use when you learn how to exploit those vulnerabilities. You will learn the skills to demonstrate a successful exploit of a vulnerability as well as how to gather additional credentials to exploit vulnerabilities in other systems. You will also learn useful social engineering techniques, including phishing, and methods of attacking physical security.

Lectures include:

Vulnerability life cycles

Types of vulnerabilities

Flaws in encryption

Configuration errors

Buffer overflows

Stack overflows

Vulnerability mapping

Exploit utilization and delivery methods

Client side exploits

Server side exploits

Password security

Social engineering techniques

Attacking physical controls

Hashing

Rainbow tables

Attacking Windows password security

Weaknesses in Windows authentication protocols

Rainbow tables

Some of the hands-on lab exercises include:

Gaining unauthorized access to systems

Use of various payloads to increase privileges

Keystroke logging

DLL injection attack

Exploit server side applications

Gather password hashes

Exploit weaknesses in authentication protocols

Capture the Flag exercises

Day 4

After compromising a target, you will extend your access to all vulnerable systems at your target organization and learn how to covertly exfiltrate data. The second half of day four covers attacking web-based applications and understanding SQL injection.

Lectures include:

Use of Trojans

Redirecting ports to thwart firewall rules

Avoiding anti-virus detection

Lateral movement and persistence

Use of keyloggers

IDS operations and avoidance

Encrypting your communications

Protocol abuse for covert communications

Creating custom encryption tunneling applications

E-shoplifting

XSS attacks

Cross site forgery

Circumventing authentication

SQL injection discovery and exploitation

SQL data extraction

Some of the hands-on lab exercises include:

Use of Trojans

IDS usage and avoidance

Data transmission encryption techniques

Creating a custom covert channel

Web application parameter tampering

Cross site scripting attacks

SQL injection

Chaining exploits

Exploiting extended stored procedures

Capture the Flag exercises

Day 5

Day five is dedicated toward wireless security, using basic scripts for ethical hacking, covering your tracks and post-engagement activities. You will master the ability to sniff data, clean up all traces of your activities and learn best practices for writing reports and recommending mitigation strategies.

Lectures include:

Sniffing in different environments

Attack sniffers

Man-in-the-middle attacks

Wireless networking

Shared key authentication weaknesses

WEP/WPA/WPA2 cracking

Anti-forensics

Log modification/deletion

Rootkits

Introduction to scripting

Common script components

Writing effective reports

Providing mitigation recommendations

CEH exam review

PenTest+ exam review

Some of the hands-on lab exercises include:

ARP spoofing and man in the middle

Specialized sniffing

DNS spoofing

Phishing attacks

The day finishes with the CEH examination given on-site at the training location or online from home. You will receive an exam voucher to take the PenTest+ exam.