
Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
Certified Penetration Testing Consultant

Description
The Certified Penetration Testing Consultant, C)PTC , course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific penetration testing and techniques used against operating systems. This course will teach you the necessary skills to work with a penetration testing team, the exploitation process, and how to create a buffer overflow against programs running on Windows and Linux while subverting features such as DEP and ASLR.
Upon completion, the Certified Penetration Testing Consultant, C)PTC, candidate will have solid knowledge of testing and reporting procedures which will prepare them for upper management roles within a cybersecurity system. They will be able to competently take the C)PTC exam.
The Certified Penetration Testing Consultant exam consists of two parts. The first part is a completely hands-on penetration test in which the examinee will find specific flags and write a complete report. The second part are the exams through the online Mile2’s Assessment and Certification System (“MACS”). The examinee will take two exams. One is a few questions selecting the flags found during the hands-on exam and the second is an exam that will take 2 hours and consist of 100 multiple-choice questions. The hands-on exam requires 4 of 5 systems to be exploited and the 2nd exam requires a 70% passing score. The online exams are accessible in your mile2.com account.
Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.
Outline
Module 1 – Pentesting Team Foundation
- Project Management
- Pentesting Metrics
- Team Roles, Responsibilities and Benefits
Lab Exercise – Skills Assessment
Module 2 – NMAP Automation
- NMAP Basics
- NMAP Automation
- NMAP Report Documentation
Lab Exercise – Automation Breakdown
Module 3 – Exploitation Processes
- Purpose
- Countermeasures
- Evasion
- Precision Strike
- Customized Exploitation
- Tailored Exploits
- Zero Day Angle
- Example Avenues of Attack
- Overall Objective of Exploitation
Module 4 – Fuzzing with Spike
- Vulnserver
- Spike Fuzzing Setup
- Fuzzing a TCP Application
- Custom Fuzzing Script
Lab Exercise – Fuzzing with Spike
Module 5 – Privilege Escalation
- Exploit-DB
- Immunity Debugger
- Python
- Shellcode
Lab Exercise – Let’s Crash and Callback
Module 6 – Stack Based Windows Buffer Overflow
- Debugger
- Vulnerability Research
- Control EIP, Control the Crash
- JMP ESP Instruction
- Finding the Offset
- Code Execution and Shellcode
- Does the Exploit Work?
Lab Exercise – MiniShare for the Win
Module 7 – Web Application Security and Exploitation
- Web Applications
- OWASP Top 10 - 2017
- Zap
- Scapy
Module 8 – Linux Stack Smashing
- Exploiting the Stack on Linux
Lab Exercise – Stack Overflow. Did we get root?
Module 9 – Linux Address Space Layout Randomization
- Stack Smashing to the Extreme
Lab Exercise – Defeat Me and Lookout ASLR
Module 10 – Windows Exploit Protection
- Introduction to Windows Exploit Protection
- Structured Exception Handling
- Data Execution Prevention (DEP)
- SafeSEH/SEHOP
Module 11 – Getting Around SEH and ASLR (Windows)
- Vulnerable Server Setup
- Time to Test it Out
- “Vulnserver” meets Immunity
- VulnServer Demo
Lab Exercise – Time to overwrite SEH and ASLR
Module 12 – Penetration Testing Report Writing
PreRequisites
-
Mile2 C)PEH and C)PTE or equivalent knowledge
-
2 years of experience in Networking Technologies
-
Sound Knowledge of TCP/IP
-
Computer Hardware Knowledge
Audience
The Certified Penetration Testing Consultant course is the most advnaced training in mile2`s line of penetration testing courses and certifications. The course prepares students to consult organizations of any size on security by performing penetration test. We assume that people taking this course understand penetration testing and are looking to enhance their skills to the next level. We strongly encourage passing the C)PTE: Certified Penetration Testing Engineer Exam before taking this course or having the equivalent industry experience.
Who Should Attend:
-
IS Security Officers
-
Cybersecurity Managers/Administrators
-
Penetration Testers
-
Ethical Hackers
-
Auditors
$4000.00
|
4 Days Course |