Certified Penetration Testing Consultant

The Certified Penetration Testing Consultant, C)PTC , course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific penetration testing and techniques used against operating systems. This course will teach you the necessary skills to work with a penetration testing team, the exploitation process, and how to create a buffer overflow against programs running on Windows and Linux while subverting features such as DEP and ASLR.

Upon completion, the Certified Penetration Testing Consultant, C)PTC, candidate will have solid knowledge of testing and reporting procedures which will prepare them for upper management roles within a cybersecurity system. They will be able to competently take the C)PTC exam.

The Certified Penetration Testing Consultant exam consists of two parts. The first part is a completely hands-on penetration test in which the examinee will find specific flags and write a complete report. The second part are the exams through the online Mile2’s Assessment and Certification System (“MACS”). The examinee will take two exams. One is a few questions selecting the flags found during the hands-on exam and the second is an exam that will take 2 hours and consist of 100 multiple-choice questions. The hands-on exam requires 4 of 5 systems to be exploited and the 2nd exam requires a 70% passing score. The online exams are accessible in your mile2.com account.

Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.

Module 6 – Stack Based Windows Buffer Overflow

1. Debugger
2. Vulnerability Research
3. Control EIP, Control the Crash
4. JMP ESP Instruction
5. Finding the Offset
6. Code Execution and Shellcode
7. Does the Exploit Work?

Lab Exercise – MiniShare for the Win 

Module 7 – Web Application Security and Exploitation

1. Web Applications
2. OWASP Top 10 - 2017
3. Zap
4. Scapy

Module 8 – Linux Stack Smashing 

1. Exploiting the Stack on Linux

Lab Exercise – Stack Overflow. Did we get root? 

Module 9 – Linux Address Space Layout Randomization 

1. Stack Smashing to the Extreme

Lab Exercise – Defeat Me and Lookout ASLR 

Module 10 – Windows Exploit Protection

1. Introduction to Windows Exploit Protection
2. Structured Exception Handling
3. Data Execution Prevention (DEP)
4. SafeSEH/SEHOP

Module 11 – Getting Around SEH and ASLR (Windows)

1. Vulnerable Server Setup
2. Time to Test it Out
3. “Vulnserver” meets Immunity
4. VulnServer Demo

Lab Exercise – Time to overwrite SEH and ASLR 

Module 12 – Penetration Testing Report  Writing

• Mile2 C)PEH and C)PTE or equivalent knowledge

• 2 years of experience in Networking Technologies

• Sound Knowledge of TCP/IP

• Computer Hardware Knowledge

The Certified Penetration Testing Consultant course is the most advnaced training in mile2`s line of penetration testing courses and certifications. The course prepares students to consult organizations of any size on security by performing penetration test. We assume that people taking this course understand penetration testing and are looking to enhance their skills to the next level. We strongly encourage passing the C)PTE: Certified Penetration Testing Engineer Exam before taking this course or having the equivalent industry experience.

Who Should Attend:

• IS Security Officers

• Cybersecurity Managers/Administrators

• Penetration Testers

• Ethical Hackers

• Auditors