Ladda ner som PDF
This 3-day instructor-led course provides an in-depth introduction to various tools and techniques that are used to perform penetration tests - it is not aligned to a specific examination or vendor accreditation and therefore the content can be updated by QA on a regular basis.
The course contains extensive hands-on exercises using the tools included in the popular BackTrack distribution and other open source tools.
Target Audience:
This course is designed for IT professionals who will perform penetration tests or those who need to understand the tools & techniques used in penetration testing.
Prior knowledge
- The course requires an understanding of Information Security fundamentals such as basic attack strategies, exploitation of vulnerabilities and an awareness of basic operating system and network functions.
- Many of the exercises involve using the command line and delegates should be comfortable with this environment. Familiarity with any common Linux distribution, particularly Ubuntu, would be an advantage.
Objectives:
At the end of this course you will be able to:
- Understand the purpose of a penetration test
- Understand the 'rules of engagement'
- Install the BackTrack distribution
- Use the tools installed on BackTrack and others to conduct a successful penetration test
- Document the results of the penetration test
Course Outline:
Introduction to Penetration Testing
- The purpose of a penetration test.
- The Open Source Security Testing Methodology Manual, NIST SP800-115 & other methodologies
The BackTrack Distribution
- Installation options
- Using BackTrack
Documentation
Reconnaissance & Network Mapping
- Online reconnaissance
- Social networking
- Social engineering
- Ping sweeps using fping
- Port scanning using Nmap.
- Scanning a target using Nessus
- Scanning a web server using Nikto
Exploitation
- Password cracking tools
- Using John the Ripper
Metasploit
- The Metasploit Framework
- Using Metasploit to access systems
Analysis & Reporting
- Writing the final penetration test report
Objectives:
At the end of this course you will be able to:
- Understand the purpose of a penetration test
- Understand the 'rules of engagement'
- Install the BackTrack distribution
- Use the tools installed on BackTrack and others to conduct a successful penetration test
- Document the results of the penetration test
Course Outline:
Introduction to Penetration Testing
- The purpose of a penetration test.
- The Open Source Security Testing Methodology Manual, NIST SP800-115 & other methodologies
The BackTrack Distribution
- Installation options
- Using BackTrack
Documentation
Reconnaissance & Network Mapping
- Online reconnaissance
- Social networking
- Social engineering
- Ping sweeps using fping
- Port scanning using Nmap.
- Scanning a target using Nessus
- Scanning a web server using Nikto
Exploitation
- Password cracking tools
- Using John the Ripper
Metasploit
- The Metasploit Framework
- Using Metasploit to access systems
Analysis & Reporting
- Writing the final penetration test report