Ethical Hacking: Hands-On

E

R

E RT I F I E • C D

A

TION SE C

U

S

C

SE TIFIED

RT I F I E D

CE •

F

U

IN

G

IN

C

IC A

H AC K

RI

L PP

C AL

IALIST •

C

HI

EC

SE

ET

G

MP

SP

UCTURE

IN

INVESTIGATIO N

CFIP I S UTER FOREN C SHands-On Ethical Hacking: AC M O

FORENSI

•

TR

H AC K

ESSIONAL

•

S RA

C AL

OF

S O C I AT E

HI

U

PR

AS

ET

C

SIC EN

ERTIFIED FO • C

N

NC

TESTIN TY G RI

CER

TI

R OF SCIE

•

TES

TE

AC PR

UR

M

EC

ITY

AS

G

S

AYM ENT C • P AR D

RT I F I E D CE

C E RT I F I E D

G

H

To Book Call:

D

C E RT I F I E

ERTIFIED I SO • C

2

ME IMPLE NTATIO N

G

L H A C K reinforce theor y On this course, practicalC Aexercises

Prerequisites

with each delegate having access to a Windows 2008

E M E N TAT I O

N

TITIONER • AC PR

•

•

01 Duration: 4 days 70 Cost: €2100.00

PL

•

A LY S T

IN

PCI DSS

IM

AN

HI

0000 0000 0000 0000

+353 1 685 4942

Y

ET

N

IN H AC K

STA

ET

G

IN CSTA takes delegates on I CaA Ljourney H AC K through the various stages of a hacking S S S E CU ELE RI I R a penetration attack, or equally test, T W from initial information discover y and target scanning through to exploitation, privilege escalation and retaining access.CWSA C AL

TY

HI

RI

IN

•

•

C

TESTER

TESTER •

TY

ET

TY

RI

CMFS Providing a comprehensive groundingO Min the methodology, IC PUT NS E R E R Fethical O techniques and culture of hacking S TRY DATA S EC DU U •

S

GILL SANS REGULAR

CIIP

C

O Y A basic understanding of TCP/IP M I T networking, e.g.

domain (server and workstation) along with a Linux ser ver. Although the course demonstrates current

UR

PU

TER SEC • Can you describe at a high-level how a request



reaches a web server through Ethernet, IP and TCP?

hacking techniques, this is always done with defence in



• What function does ARP perform?

mind and countermeasures are discussed throughout.



• How does a system know whether or not a gateway is required?

The CSTA exam (theory based) is included at the



end of the course.

• What is a TCP por t?

Familiarity with the Windows or Linux command line, e.g. The course is ideally suited to anyone with responsibility



• What’s the difference between a command and its switches?

for, or with an interest in, the security of IT systems, such as: system administrators, auditors, IT security officers, information security professionals and budding



• Can you navigate the file system using commands?



• Can you extract and display basic network configuration information, etc?

penetration testers. SE R

OMPUT • C E

E

H AC K

IN

ET

G

HI

C AL

H AC K

IN

ET

G

HI

C AL

H AC K

IN

M

AC

FORENSIC

O

S

MP

CFIP

S

R

G

INVESTIGATIO N

SI

C

•

• C AL

•

HI

SIC EN

ERTIFIED FO • C

TIFIED

SE

MSc Credits: 15

CER

S

RT I F I E D CE

SE TIFIED

NC

G

•

CER

R OF SCIE

C

•

UTER FOREN

UTER FOREN

SIC

DU

S TRY DATA S EC U RI

IN

•

T

D

MP

S

CU

E RT I F I E • C D

A

C E RT I F I E D

AT I O N S E

C

TESTER

•

F

LIC

TESTER •

TY

RT I F I E D

PP

TY

IN

RU C T URE S EC

RI

CE

A

ST

RI

RA

U

TESTER •

C E RT I F I E D

CU

TY

•

AT I O N S E

IALIST •

LIC

EC

PP

SP

Unit 12 Grange Road Office Park, Rathfarnham, Dublin 16, Ireland. Tel: +353 1 685 4942 Fax: +353 1 685 4273 www.digicore.ie, email: [email protected] CMFS O •

S

TE

TESTIN

ESSIONAL

RT I F I E D

U

TY

OF

CE

C

RI

PR

•

N

•

ET

G

RI

3.0.1

AS

TI

S O C I AT E

IN

TES

AS

H AC K

ITY

G

C AL

EC

UR

•

HI

CPE Credits: 32 G

ESSIONAL

•

ET

R

OF

S O C I AT E

PANTONE 424

C

U

TIT AC PR

N

D

NSICS •

TI

M

U

TESTIN ITY

PR

EC

TES

AS

Black

RITY AN

RE

GILL SANS REGULAR

Y RIT

G

PANTONE 1807

CU

FO

Together with CSTP helps prepare you for the CREST Registered Tester qualification

Course Content

Attacking Linux

A full list of practical exercises is available on



• Exploitation

our website: www.7safe.com/csta



• Web shells



• Pivoting the attack



• Online password cracking



• ARP Poisoning Man in the Middle

Introduction

• Motivations behind hacking



• The hacking scene



• Methodology

Privilege Escalation – Linux



• Standard streams



• Commercial penetration testing tools



• Password storage



• Password cracking



• Permission errors



• Sudo

• Sniffing traffic

Information Discovery

• Useful information



• Sources

–

websites, metadata, search

engines, DNS, social engineering Target Scanning

• Host discovery



• Por t scanning techniques





GILL SANS REGULAR • Privilege escalation by exploit

Networking Refresher

C E

• Banner grabbing

R U

ITY



TES

• SUID

TI

• Flawed shell scripts

Retaining Access

N



• Causes of vulnerabilities



• Trojan Horses



• The classic buffer overflow



• Delivery mechanisms



• Vulnerability tracking



• Botnets

• Scanning



• Bypassing client-side security

• Client-side vulnerabilities

Covering Tracks

Conclusions



• Keyloggers

CSTA Exam



• Password storage



• Password extraction



• Password cracking techniques



• Cached Domain Credentials



• Windows network authentication



• Access tokens



• Pass the hash





• Hiding backdoors



• Windows enumeration



• Simple obfuscation

• Metasploit



• Rootkits

• Client-side exploits



• Anti-forensics

Privilege Escalation – Windows



• Log manipulation



• Local information gathering



• Connection laundering



ET

•

•

Attacking Windows

S O C I AT E

• Metasploit’s Meterpreter



AS



RT I F I E D E C

S

• Backdoors

G

Vulnerability Assessment



HI

C AL

H AC

G N KI

Unit 12 Grange Road Office Park, Rathfarnham, Dublin 16, Ireland. Tel: +353 1 685 4942 Fax: +353 1 685 4273 www.digicore.ie, email: [email protected]

RU C T URE