This class offers a technical perspective and exposure to various audit and assessment tools and products to match the best in the industry,
the primary objective being to equip participants with the skills necessary to independently conduct assessments and audits of systems/networks.
This course is designed and developed with following objectives for security professionals
- Briefing about security issues and concerns
- Understanding security requirements
- Gaining knowledge of assessment and audit methods
- Performing large scale network assessments
- Footprinting, enumerating and attacking systems
- Vulnerability and exploit understanding
- Web, routers, firewall assessments
- Database hacking
- Reporting and best practices
Target Audience
- Security consultants &
professionals
- Security administrators
- Auditors
- Whoever wants to get into network security! Great for beginners who want to understand security in action.
Prerequisites
- Basic familiarity with Windows &
Unix systems
- Primary understanding of networks
Course Outline
Schedule : Day 1
|
| Module 1 |
Security Fundamentals and Principles
Security industry landscape and trends
Security posture and evolution
Corporate security objectives
Threat framework and modeling
Attack vectors and their impact
Popular attack points and severities
Q &
A |
| Module 2 |
Assessment and Audit - approaches &
methods
Assessment methodologies and basics
Goals and objectives of assessment
Role of tools and credibility
Areas of assessment &
importance
Audit basics and objective
Compliance and standards
Q &
A |
| Module 3 |
Network Assessment - Footprinting &
Asset Identifications
Footprinting basics &
objectives
Methodologies and approaches
Public domain queries
WHOIS - Query all
ARIS lookups
DNS queries &
Zone transfers
Trace routing and mapping
Network reconnaissance
Windows footprinting
Reporting and building targets
Lab |
| Module 4 |
Discovery &
Posture Mapping
TCP fundamentals
Ping sweeps
Scanning networks (TCP &
UDP)
OS identification and Stack fingerprinting
Banner grabbing
Protocol identification
Network mapping
Reporting and mapping targets
Lab |
| |
Schedule : Day 2
|
| Module 5 |
Information gathering &
Enumeration - Windows
Windows security overview
Enumerating fundamentals
Security issues with enumeration
Windows enumeration - NetBios over TCP
DNS enumeration
SNMP querying
LDAP enumeration
Lab |
| Module 6 |
Information gathering &
Enumeration - Linux/Unix
Linux/Unix security overview
Linux/Unix systems enumeration basics
NFS enumeration
RPC querying
snmpwalk and enumeration
Users and groups enumeration
SAMBA information-gathering
finger, rwho, rusers
Lab |
| Module 7 |
Attacks &
Hacking
Password guessing
Password cracking
Password sniffing
Privilege escalation
Netcat shell introduction
Other attack vectors
Lab |
| Module 8 |
Vulnerability Assessment &
Exploitation
Vulnerability basics
Detecting vulnerabilities
Vulnerability scanning using nessus &
other tools
Crafting exploits
Exploit frameworks - Metasploit
Countermeasures &
Security
Lab |
| |
Schedule : Day 3
|
| Module 9 |
Web Hacking
HTTP protocol basics
Web application components
Web server assessment
Web application profiling
Web application hacking
Defending web applications
Tools and methods
Lab |
| Module 10 |
Hacking Network Devices
Network mapping and entry points
Router identification
Compromising routers
Firewall identification
Firewall banner grabbing
Firewall loop holes
Compromising ACLs
VPN and other devices
Lab |
| Module 11 |
SQL Hacking
SQL identification
SQL banner grabbing
MS-SQL cracking
MS-SQL hacking
ORACLE cracking
Security issues with ORACLE
Tools and methods
Lab |
For further information please contact us at
