This 3-day instructor-led course provides an in-depth introduction to various tools and techniques that are used to perform penetration tests - it is not aligned to a specific examination or vendor accreditation and therefore the content can be updated by QA on a regular basis.
The course contains extensive hands-on exercises using the tools included in the popular BackTrack distribution and other open source tools.
This course is designed for IT professionals who will perform penetration tests or those who need to understand the tools & techniques used in penetration testing.
- The course requires an understanding of Information Security fundamentals such as basic attack strategies, exploitation of vulnerabilities and an awareness of basic operating system and network functions.
- Many of the exercises involve using the command line and delegates should be comfortable with this environment. Familiarity with any common Linux distribution, particularly Ubuntu, would be an advantage.
At the end of this course you will be able to:
- Understand the purpose of a penetration test
- Understand the 'rules of engagement'
- Install the BackTrack distribution
- Use the tools installed on BackTrack and others to conduct a successful penetration test
- Document the results of the penetration test
Introduction to Penetration Testing
- The purpose of a penetration test.
- The Open Source Security Testing Methodology Manual, NIST SP800-115 & other methodologies
The BackTrack Distribution
- Installation options
- Using BackTrack
Reconnaissance & Network Mapping
- Online reconnaissance
- Social networking
- Social engineering
- Ping sweeps using fping
- Port scanning using Nmap.
- Scanning a target using Nessus
- Scanning a web server using Nikto
- Password cracking tools
- Using John the Ripper
- The Metasploit Framework
- Using Metasploit to access systems
Analysis & Reporting
- Writing the final penetration test report