Qualification | Categories | Contact US | Email Us |
---|---|---|---|
IT CERTIFICATION | (+965)22204171/65701004 | INFO@BIA.EDU.KW |
Penetration Testing Expert
- Home / IT Training & Certification /
- Penetration Testing Expert
Unlike other courses that claim to teach penetration testing, PTE is uniquely designed and written to provide the understanding and skills necessary to be counted among the best penetration testers in the business.
- Penetration Testing and Vulnerability Assessment with Kali Linux
- Real World Scenarios
- Live Demonstrations
- 100% Hands-on Training
- It covers 5 Key Elements of Pen Testing Information Gathering, Scanning, Enumeration, Exploitation, and Reporting
- Security auditing techniques and standard practices
- New exploitation methodologies
- Real world scenarios and targets
- Completely hands-on training program
- Industry accepted complete pen testing standards
- Dedicated access for each user
- Both automated and manual techniques covered
Contact Us
If you require any further information feel Explore Course to Contact Us.
(+965) 22204171 / Whatsapp 65701004
info@bia.edu.kw
Block No.10, Building No. 34, Essa Al Qatami St. Opposite U.A.E., Exchange, Salmiya, Kuwait
Class Schedule
- Duration: 30 hours
- Class Duration : 2 hours
- Classes/Week: 2
- Class Starting: 19 January 2019
PREREQUISITES
- Certification or prior ethical hacking knowledge is a must.
The course content of PTE meets the rigorous requirements of several government and industry standards for IT Security education and training.
Introduction to Kali
- Overview of Linux OS
- Brief history and overview of Kali Linux
- Overview of Kali tools and utilities
- Hands-on exercise – Basic Linux usage: working with terminal (command line), using utilities for file and process viewing/manipulation
- Hands-on exercise – Manipulating text files on Linux command line
- Hands-on exercise – Tips on tricks for efficient use of command line
Information Gathering
- Overview of Kali Information Gathering tools
- DNS analysis
- OS fingerprinting
- SNMP analysis
- Network discovery
- Hands-on exercise – Abusing DNS: using whois, dig, and dnsrecon to query DNS servers and performing reverse lookups
- Hands-on exercise – Abusing SNMP: cracking SNMP community strings and enumerating information via SNMP
- Hands-on exercise – TCP/IP for Hackers: using Wireshark to capture and examine TCP, UDP, and ICMP packets
- Hands-on exercise – Network and Host Discovery: using net discover, traceroute, hping3, and nmap to identify network hosts
Port Scanning
- Nmap overview
- Port scanning techniques
- Service identification
- Hands-on exercise – Port Scanning with Nmap: performing basic TCP, UDP, ping, and OS fingerprinting scans with Nmap
- Hands-on exercise – Stealthy Scanning: using Nmap timing options, SYN, and idle scanning techniques
- Hands-on exercise – Service Identification: using telnet, netcat, and Nmap –sV scans to identify running services
- Hands-on exercise – Nmap Scripting Engine (NSE): using NSE to gather detailed information about network hosts
Sniffing/Spoofing/Main-in-the-Middle
- Overview of Kali Sniffing/Spoofing tools
- ARP Spoofing
- Wireshark and Dsniff
- Hands-on exercise – Sniffing credentials: using arpspoof and Wireshark to perform a Man-in-the-Middle attack and capture FTP credentials
- Hands-on exercise – Capturing images: using Dsniff tools to capture images from intercepted network traffic
Buffer Overflow o Concept of Buffer Overflow
- Stack and Heap overflows
Working with Exploits
- Exploit definition
- Client-side exploits
- Server-side exploits
- Finding Exploits
- Hands-on exercise – Server-side Exploit: running a Perl exploit script to exploit a vulnerable server application
Exploit Framework/Metasploit
- Metasploit Overview
- Metasploit Modules and Payloads
- The Meterpreter Payload
- Adding Custom Exploits to Metasploit
- Hands-on exercise – Exploiting Vulnerable Services: using a Metasploit exploit module to gain access to a remote system
- Hands-on exercise – Additional Payloads: using Metasploit VNC and Meterpreter payloads on a compromised system
- Hands-on exercise – Client-side Exploit DLL Hijack: compromising a system with Metasploit’sWebdav DLL Hijacker module
Password Attacks o Types of Password Attacks
- Overview of Kali Password Attacks Tools
- Hands-on exercise – Post-exploit Password Cracking: dumping password hashes from a compromised system and cracking hashed passwords with John the Ripper
DoS Attack
- DoS/DDoS Attack Definition
- Performing DoS attacks with Kali (hping3, Metasploit auxiliary modules)
Web Application Attacks
- Common Web Application Vulnerabilities and Attacks
- Overview of Kali Web Applications Tools
- Working with Burp Suite
- Hands-on exercise – Invalidated Parameters: using Burp Suite to intercept and modify HTTP POST requests
- Hands-on exercise – Cross-Site Scripting (XSS): performing a stored XSS attack
- Hands-on exercise – Basic SQL Injection: performing a SQL injection attack using common techniques
- Hands-on exercise – SQL Injection Chained Exploit: combining SQL injection techniques for a sophisticated attack
Trojan Horses
- Trojan Horse Definition and Usage
- Overview of Kali Maintaining Access Tools
- Covert Channels
- Hands-on exercise – Using Ncat as a Trojan: uploading ncat to a compromised system for maintaining access
- Hands-on exercise – IDS Evasion: using SSL with ncat to evade Snort IDS
- Hands-on exercise – Covert Channels: using Metasploit to create an HTTPS covert channel tool
Rootkits
- Rootkits Definition and Usage
- Detecting Rootkits
Penetration Testing Techniques
- Review of Previously Discussed Techniques
- Review of Kali Wireless Attacks, Reverse Engineering, Forensics, and Reporting Tools
- Social Engineering
- Hands-on exercise – Credential Harvesting: using Social Engineering Toolkit (SET) and arpspoof to spoof a website and capture loging credentials in a Mand-in-the-Middle attack
- Hands-on exercise – Spear Phishing: using SET to create a malicious exploit script and deliver it via phishing email
Penetration Testing Expert
Penetration Testing Expert Training is the Information Security industry’s most comprehensive penetration testing training. PTE training is the advanced level of Ethical Hacking in which the personnel evaluates security of IT network or corporate websites by simulating an attack from external threats and internal threats and recommend corrective measures authoritatively. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities. PTE course helps students and professionals to become world-class best penetration tester with technical skills, tools and techniques that they can use to improve the security of any organization.
WHO SHOULD ATTEND THIS COURSE?
The PTE training is the most advanced training in Information Security domain suitable for experienced information security professionals, network server administrators, information security analysts, system administrators, IT officers, IT Managers, IT Auditors, risk assessment professionals and anyone having prior ethical hacking knowledge.