Logo

Maxtrain.com - [email protected] - 513-322-8888 - 866-595-6863

M2-CPTC

Certified Penetration Testing Consultant

MILE2-Federal-Approval_Certified-Penetration-Testing-Consultant
Alert Me

Description

The Certified Penetration Testing Consultant course is our advanced course in our penetration testing track. The C)PTC is designed for cyber security professionals and IT network administrators who are interested in conducting Penetration tests against large network infrastructures, such as large corporate networks.

The training starts with capturing and analyzing basic packets and continues with Layer2 attack vectors; Layer3 based attacks, including both IPv4 and IPv6 stacks, routing protocol attacks (OSPF, BGP, etc); Service Provider level attacks related with very common used MPLS; how to use relays and pivots; VPN attacks including IPSEC protocol suite; SSL attacks; and finally covers NIDS/NIPS evasion and implementation techniques.

At the completion of each module, students are going to be able to practice their knowledge with the lab exercises that are specifically prepared for the covered materials during the theory.

Upon Completion Students will:

  • Have the ability to plan, manage, and execute a penetration test.
  • Have knowledge to properly report on a penetration test results.
  • Be ready to sit for the C)PTC exam.

Mile2 is Accredited by the NSA-CNSS, Approved on Homelands Security NICCS Framework, and is on the FBI’s Tier 1-3 Certification Training Chart.

Outline

Module 1: Packet Capturing
  • Packet Capturing
  • Packet capturing using libpcap
  • Capturing using ncap
  • Packet Capturing Software
  • Windump / TCPDump
  • Usage
  • Usage
  • Windump & PS
  • Wireshark
  • General Settings
  • Preferences
  • Capture Settings
  • Interface Options
  • Column Settings
  • Name Resolution Settings
  • Panes
  • Capture Options
  • Menu Shortcuts
  • Follow TCP Stream
  • Expert Infos
  • Packet Reassembly
  • Capturing VOIP Calls
  • VOIP Call Filtering
  • Call Setup
  • Playing the call
  • Saving the call into a file
  • SMB Export
  • HTTP Export
Module 2: Layer2 Attacks
  • Why Layer2?
  • FBI/CSI Risk Assessment
  • Ethernet Frame Formats
  • Different Types of attacks
  • Switch Learning Process
  • Excessive Flooding
  • Macof
  • Cisco Switches` Bridging Table Capacities
  • Mac Flooding Alternative: Mac Spoofing Attacks
  • Spanning Tree Basics
  • Frame Formats
  • Dissectoring
  • Main BPDU Formats
  • yersinia
  • STP Attacks supported in yersinia
  • Becoming Root Bridge
  • VLANs
  • Basic Trunk Port Defined
  • Dynamic Trunking Protocol (Cisco)
  • VLAN Hopping Attack
  • Double Tagging
  • How DHCP operates?
  • DHCP Request/Reply Types
  • DHCP Fields
  • DHCP Starvation Attack
  • Rogue DHCP Server Attack
  • ARP Function Review
  • Risk Analysis of ARP
  • ARP Spoofing Attack Tools
  • ARP Cache Poisoning
  • How PoE works?
  • Risk Analysis for PoE
Module 3: Layer3 Attacks on cisco Bases Infrastructures
  • Layer 3 protocols
  • Protocols: BGP
  • BGP MD5 crack
  • Protocols: BGP
  • BGP Route Injection
  • MP-BGP Route Injection
  • Protocols: OSPF
  • Protocols: ISIS
  • Protocols: HSRP/VRRP
  • DDoS detection
  • DDoS prevention
  • Ingress/egress filtering
  • Worm detection and protection
  • DDoS/worm research/future
  • MPLS
  • Bi-directional MPLS-VPN traffic redirection
  • Some More MPLS Attacks
  • MPLS
  • Router integrity checking
Module 4: Pivoting and Relays
  • Pivoting
  • Netcat
  • Backdoors with nc
  • Netcat – Basic Usage
  • Persistent Listeners
  • Shovel a shell
  • Shovel a file
  • netcat port scanner
  • Relays
  • Simple Netcat Relay
  • Two-Way Netcat Relay – The Newbie Approach
  • Named Pipes
Module 5: IPv6 Attacks
  • IPv4
  • IPv6
  • IPv4 & IPv6 Headers
  • IPv6 Header Format
  • End-to-End Principle
  • Differences with End-to-End
  • End point filters
  • Merging IPSEC and Firewall functions
  • Scanning
  • ICMPv6
  • ICMPv6 Neighbor Discovery
  • IPv6 Attack Tools
  • DAD DoS Attack
  • DAD DoS Attack
  • Auto-Configuration Mechanisms
  • Autoconfiguration – SLAAC, DHCPv6
  • Auto-Configuration IPv4 & IPv6
  • ICMPv6 Types
  • Neighbor Discovery
  • ND spoofing
  • http://www.thc.org/thc-ipv6
  • Dos-new-ipv6 (THC)
  • Parasite6 (THC)
  • Redir6 (THC)
  • Fake_router6
  • IPv6 in Today`s Network
  • Extension Headers
  • Routing Header
  • Different Types of Routing Header
  • RH0 (Deprecated by RFC 5095) Format
  • Routing Header 0 Attack
  • Layer 3-4 Spoofing
  • Transition Mechanism Threats
  • IPv6 Firewalls
  • Making existing tools work
  • Summary
  • I/O Streams and Redirection
  • Relay Scenario 1
  • Two-Way NC Relay with Named Pipe
  • Relay Scenario 2
  • Relay Scenario 3
Module 6: VPN Attacks
  • VPNs
  • VPN Comparison
  • IPSec
  • Detecting IPSec VPNs
  • AH versus ESP
  • Tunnel mode versus Transport mode
  • Main mode versus aggressive mode
  • IKE Main Mode
  • IKE Aggressive Mode
  • IPv4 Header
  • Authentication Header
  • AH Transport Mode
  • AH Tunnel Mode
  • Authentication Algorithms
  • AH and NAT
  • ESP with Authentication
  • ESP in Transport Mode
  • ESP in Tunnel Mode
  • IKE
  • IKE-Scan
  • IKE-SCAN
  • Aggressive Mode
  • Main Mode
  • Aggressive Mode ID
  • Aggressive Mode PSK Attacks
  • Aggressive PSK Cracking
  • Aggressive Mode ID Enumeration
  • Main Mode PSK Attacks
  • Main Mode PSK Cracking
  • Main Mode Policy Enumeration
  • IKECrack
  • IKEProbe
  • IKE-PROBE
  • Other VPN Flaws
  • Insecure Storage of Credentials on VPN Clients
  • Username Enumeration
Module 7: Defeating SSL
  • Outline
  • How SSL Works
  • Certificate Types
  • Certificate Chaining
  • Chain of trust
  • Verifying a Certificate Chain
  • Certificate Chain That Cannot be Verified
  • What if…
  • Basic Constraints
  • Then the story started
  • SSLSNIFF
  • Running SSLSNIFF
  • Setting up IPTABLES
  • Running Arpspoof
  • SSLSTRIP
  • How SSL connection is initiated:
  • SSLSTRIP
  • How does it look like?
  • With SSLSTRIP
  • Running SSLSTRIP
  • Combining this technique with homograph attack
  • Certificates
  • Certificate Enrollment Request PKCS#10
  • Certificate (Subjects)
  • CN Encoding
  • PKCS #10 SUBJECT
  • PKCS #10 Certificate Signing Request
  • Disadvantages
  • Universal Wildcard
  • More Weird Stuff
  • What do we have to worry about?
  • Certificate Revocation
  • Defeating OCSP
  • OCSP-Aware SSLSNIFF
  • Updates
  • Update-Aware SSLSNIFF
  • Snort
  • What is Snort?
  • Snort Architecture
  • Packet Sniffing
  • Preprocessors
  • Detection Engine
  • Alerting Components
  • Three major modes
  • Using Snort as Packet Sniffer
  • Packet Sniffing
  • Snort as Packet Logger
  • Snort as NIDS
  • Snort Rule Tree
  • Decoding Ethernet Packet
  • Preprocessor Layout
  • Parts of a Rule Outputs
Module 8: IDS/IPS Evasion
  • Evasion
  • Networking Standards
  • Evasion Principles
  • Evasion Layers
  • Layer 2
  • Layer 3-4
  • Fragmentation
  • Fragmentation Attacks – Ping O' Death
  • More Malicious Fragments
  • Fragmentation-Based Techniques
  • Sending Overlapping Fragments
  • Different Reassembly Timeout
  • Sending Fragment with Different TTLs
  • Insertion Attacks
  • Protocol Violation
  • Layer 5-7
  • Layer 5-7
  • SMB Evasions
  • SMB based vulnerabilities
  • How can IDS control SMB sessions?
  • DCERPC Evasions
  • How DCERPC works:
  • DCERPC Bind Evasions
  • DCERPC Call Evasions
  • DCERPC Transport Evasions
  • Obfuscation
  • Client Side Attack Evasions
  • Unicode
  • UTF-8 Overlong Strings
  • Javascript Evasions
  • Base64 your HTML
  • Encryption
  • DoS Attacks
  • Failure Points
  • Alert Management
  • Hardware Limitations
  • Session Tracking
  • Pattern Matching
  • Signature Matching
Lab 1: Working with Captured Files
  • Currently not disclosed
Lab 2: Layer 2 Attacks
  • Currently not disclosed

Lab 3: Attacking Routing Protocols

  • Currently not disclosed

Lab 4: Using Pivot Machines

  • Currently not disclosed

Lab 5: IPv6 Attacks

  • Currently not disclosed

Lab 6: VPN attack

  • Currently not disclosed

Lab 7: Defeating SSL, Decrypting Traffic and man-in-the-middle attacks

  • Currently not disclosed

Lab 8: NIDS/NIPS

  • Currently not disclosed

PreRequisites

  • C)PTE: Penetration Testing Engineer
  • OR Equivalent Experience

Audience

The Certified Penetration Testing Consultant course is the most advnaced training in mile2`s line of penetration testing courses and certifications. The course prepares students to consult organizations of any size on security by performing penetration test. We assume that people taking this course understand penetration testing and are looking to enhance their skills to the next level. We strongly encourage passing the C)PTE: Certified Penetration Testing Engineer Exam before taking this course or having the equivalent industry experience.

Who Should Attend:

  • Ethical Hackers
  • Penetration Testers
  • Security Consultants
  • IT Management
  • Chief Security Officers
Starting From

$950.00

$3500.00 List Price

4 Days Course

Class Dates

Request a Date or a Private Class below.

$950.00



Category:
Loading ...