Certified Penetration Testing Engineer graduates will obtain real world security knowledge enabling them to recognize vulnerabilities, exploit system weaknesses, and safeguard organizations against threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing).

• Overview
• What is a Penetration Test?
• Benefits of a Penetration Test
• Data Breach Insurance
• CSI Computer Crime Survey
• Hacking Examples and Associated Costs
• Statistics on Internal Breaches
• Stat
• Trend at the End of
• The Evolving Threat
• Security Vulnerability Life Cycle
• Exploit Timeline
• Zombies and Botnets
• How are Botnet’s Growing?
• Types of Penetration Testing
• “Hacking-Life-Cycle”
• Penetration Testing Methodology
• Other Penetration Testing Methodologies
• Hacker vs Penetration Tester
• It is not always about the Tools!
• Website Reviews
• CIOview and SecurityNOW! SX
• Seven Management Errors
• What does the future hold?

• Overview
• IT Governance Best Practices
• IT Risk Management
• Types of Risks
• Approaches to Risk Management
• Information Security Risk Evaluation
• Improving Security Posture
• Risk Evaluation Activities
• Risk Assessment
• Information Gathering
• Data Classification
• Threats and Vulnerabilities
• Analytical Methods
• Evaluate Controls
• Risk Ratings
• Important Risk Assessment Practices
• Compliance
• Many Regulations
• Basel II
• Gramm-Leach-Bliley Act
• Federal Financial Examination Institution Council
• Sarbanes-Oxley Act (SOX )
• ISO
• PCI-DSS
• Total Cost of Compliance
• What does this mean to the tech?

• Overview
• What information does the Hacker want?
• Methods of Obtaining Information
• Physical Access
• Social Engineering
• Social Engineering via MySpa
• Social Engineering via Facebook
• Other Social Networks from around the world!
• Identity Theft and MySpace
• Instant Messengers and Chats
• Digital Access
• Passive vs Active Reconnaissance
• Footprinting Defined
• KartOO
• Maltego
• Firecat – Firefox Catalog of Auditing Extensions
• Footprinting Tools
• Johnnyihackstuffcom
• Google Hacking
• SPUD
• Wikto for Google Hacking
• Blogs, Forums and Newsgroups
• The Wayback Machine
• Domain Name Registration
• WHOIS
• Dirk-loss – Online Tools
• Dnsstuff
• Central Ops
• DNS Database Record Types
• Nslookup
• Dig
• Traceroute
• VisualRoute
• Opus One Traceroute Tools
• People Search Engines
• EDGAR
• Company House
• Reputation Authority
• Intelius – Background Check
• Netcraft
• Countermeasures
  

• Overview
• Introduction to Port Scanning
• Port Scan Tips
• Expected Results
• Organizing the Results
• Leo Meta-Text Editor
• Free Mind
• IHMC CmapTools
• Popular Port Scanning Tools
• Online Ping
• NMAP - Ping
• ICMP Disabled?
• NMAP TCP Connect Scan
• TCP Connect Port Scan
• NMAP Half-Open Scan
• Half-Open Scan
• Firewalled Ports
• Iron Geek – Hacking Illustrated
• NMAP Service Version Detection
• Addition NMAP Scans
• Saving NMAP Results
• NMAP UDP Scans
• UDP Port Scan
• NMAP Idle Scan
• Superscan
• Look@LAN
• Unicornscan
• Hping
• AutoScan
• Xprobe
• What is Fuzzy Logic?
• Pf
• AMAP
• Fragrouter
• Countermeasures
  

• Overview
• Banner Grabbing with Telnet
• Banner Grabbing with Sup
• HTTPrint
• SMTP Server Banner Grabbing
• DNS Enumeration
• Zone Transfers
• Backtrack DNS Enumeration
• Countermeasure: DNS Zone Transfer
• SNMP Insecurity
• SNMP Enumeration Tools
• SNMP Countermeasures
• Active Directory Enumeration
• LDAPMiner
• Active Directory Countermeasures
• Null Sessions
• Syntax for Null Sessions
• Viewing Shares
• Null Session Tools
• Cain and Abel
• NAT Dictionary Attack Tool
• THC-Hydra
• Injecting the Abel Service
• Null Session Countermeasures
• Tools Summary

• Overview
• Vulnerabilities in Net
• Vulnerabilities in Networks
• Vulnerability Assessment Introduction
• Testing Overview
• Staying Abreast: Security Alerts
• Vulnerability Scanners
• Nessus
• Saint
• Retina
• Qualys Guard
• GFI LANguard
• Scanner Comparison
• Microsoft Baseline Analyzer
• Dealing with the Results
• Patch Management
• Shavlik HFNetChkPro
• Patching with GFI LANguard

• Overview
• Distributing Malware
• Malware Capabilities
• Auto-Starting Malware
• Countermeasure to Auto
• Netcat
• Netcat Commands
• Executable Wrappers
• Historically Wrapped Trojans
• Restorator
• EXE Icon
• Infectious CD-ROM Technique
• Trojan Examples
• Avoiding Detection
• BPMTK
• Malware Countermeasures
• Gargoyle Investigator
• Spy Sweeper Enterprise
• Port Monitoring Software
• File Protection Software
• Windows File Protection
• Windows Software Restriction Policies
• Company Surveillance Software
• Hardware-Based Malware Detectors

• Overview
• Types of Password Attacks
• Keystroke Loggers
• Password Guessing
• Password Cracking
• LM Hash Encryption
• NT Hash Encryption
• Syskey
• Cracking Techniques
• Rainbow Tables
• Creating Rainbow Tables
• Free Rainbow Tables
• Hash Insertion Attack
• Password Sniffing
• Windows Authentication Protocols
• Breaking Kerberos
• Monitoring Logs
• Hard Disk Security
• Breaking Hard Disk Encryption
• Tokens and Smart Cards
• Covering your Tracks
• Disabling Auditing
• Clearing the Event Log
• Alternate Data Streams
• ADS Countermeasures
• Stream Explorer
• Steganography
• Steganography Tools
• Shredding Files Left Behind
• Leaving No Local Trace
• Anonymizers
• StealthSurfer II Privacy Stick
• TOR
• Janus VM
• Encrypted Tunnel Notes
• Rootkits
• Windows Rootkit Countermeasures

• Overview
• Introduction
• Linux Introduction
• File System Structure
• Kernel
• Processes
• Starting and Stopping Processes
• Interacting with Processes
• Accounts and Groups
• Password and Shadow File Formats
• More on Accounts and Groups
• Linux and UNIX Permissions
• Set UID Programs
• Trust Relationships
• Logs and Auditing
• Common Network Services
• Remote Access Attacks
• Brute-Force Attacks
• Brute-Force Countermeasures
• X Window System
• X Insecurities Countermeasures
• Network File System
• NFS in Action
• NFS Countermeasure
• Passwords and Encryption
• Password Cracking Tools
• Salting
• Symbolic Link
• Symlink Countermeasure
• Core File Manipulation
• Shared Libraries
• Kernel Flaws
• File and Directory Permissions
• SUID Files Countermeasure
• File and Directory Permissions
• World-Writable Files Countermeasure
• Clearing the Log Files
• Rootkits – User and Kernel
• Rootkit Countermeasure

• Overview
• How Do Exploits Work?
• Format String
• Race Conditions
• Memory Organization
• Buffer Overflows
• Buffer Overflow Illustration
• How Stacks Work
• Stack Function Illustrated
• Buffer Overflow Illustration #
• Heap Overflows
• Heap Spraying
• Prevention
• Secure Code Reviews
• Review Process
• Know the Vulnerabilities
• Know the Business Risks
• When to Conduct the Review
• Who should be Involved
• What to Look For
• Fixing the Issues
• Automated Tools
• Stages of Exploit Development
• Shellcode Development
• Metasploit
• Metasploit - Mete
• Fuzzers
• SaintExploit
• Core Impact
• Tools Comparison

• Overview
• Standards Comparison
• SSID
• MAC Filtering
• WEP
• Weak IV Packets
• XOR Basics
• WEP Weaknesses
• How WPA Improves on WEP
• TKIP
• The WPA MIC Vulnerability
• WPA
• WPA and WPA Modes
• WPA-PSK Encryption
• LEAP
• LEAP Weaknesses
• NetStumbler
• KNSGEM
• Vistumbler
• Kismet
• OmniPeek Personal
• Aircrack-ng Suite
• Airodump-ng
• Aireplay-ng
• DoS Attack
• Aircrack-ng
• Aircrack for Windows
• Attacking WEP
• Attacking WPA
• coWPAtty
• Exploiting Cisco LEAP
• asleap
• WiFiZoo
• Wesside-ng
• wwwwirelessdefenceorg
• Typical Network Blueprint
• EAP Types
• EAP Advantages/Disadvantages
• EAP/TLS Deployment
• Aruba Products
• Airwave – RAPIDS Rogue Detection Module
• Review

• Overview
• Packet Sniffers
• Pcap and WinPcap
• Wireshark
• TCP Stream Re-assembling
• Packetyzer
• tcpdump and windump
• Omnipeek
• Cain and Abel
• Active Sniffing Methods
• Switch Table Flooding
• ARP Cache Poisoning
• ARP Normal Operation
• ARP Cache Poisoning in Action
• ARP Cache Poisoning with Linux
• Countermeasures
• Using Cain and Abel for ARP Cache Poisoning
• Ettercap
• Dsniff Suite
• Dsniff in Action
• MailSnarf, MsgSnarf and FileSnarf
• What is DNS Spoofing?
• DNS Spoofing
• Session Hijacking
• Breaking SSL
• Capturing VoIP
• Intercepting VoIP
• Intercepting RDP
• Routing Protocols Analysis
• Countermeasures for Sniffing
• Evading the Firewall and IDS
• Fragmentation
• Evading with Encryption
• Newer Firewall Capabilities
• New Age Protection
• Bastion Host
• Spyware Prevention System
• Intrusion ‘SecureHost’ Overview
• IPS Overview
• Review

• Overview
• Vulnerabilities and Common Attacks
• SQL Injection
• Business Impacts of SQL Injection
• Why SQL Injection?
• Database Enumeration
• Extended Stored Proc
• Direct Attacks
• SQL Connection Properties
• Default Ports
• Obtaining Sensitive Info
• SQL Ping2
• osql.exe
• Query Analyzers
• SQLExec
• Metasploit
• Finding and Fixing SQL Injection
• Hardening Databases
• Review

• Overview
• Web Server Market Share
• OWASP Top 10
• Progression of the Professional Hacker
• The Anatomy of a Web Application Attack
• Components of a Web Application System
• Query String
• URL Mappings
• Information Gathering
• Changing URL Login Parameters
• URL Login - Horizontal Attack
• URL Login – Vertical Escalation
• Cross-Site Scripting
• Stored XSS Illustrated
• Reflected XSS Illustrated
• Business Impacts of XSS
• Finding and Fixing XSS
• Injection Flaws
• Unvalidated Input
• Unvalidated Input Illustrated
• Business Impacts of Unvalidated Input
• Finding and Fixing Unvalidated Input
• Attacks against IIS
• IIS Directory Traversal
• Unicode
• IIS Logs
• N-Stalker
• NTO Spider
• HTTrack Website Copier
• Wikto
• Burp Proxy
• Brutus
• Dictionary Maker
• Cookies
• Acunetix Web Scanner
• Eclipse for Code Review
• WebScarab
• Samurai
• OWASP Web Application Penetration Checklist
• Review

• Overview
• Additional Items to Consider
• The Report
• Support Documentation
• Analyzing Risk
• Report Results Matrix
• Findings Matrix Examples
• Delivering the Report
• Stating the Fact
• Recommendations
• Executive Summary
• Technical Report
• Table of Contents
• Summary of Weaknesses Identified
• Scope of Testing
• Summary of Recommendations
• Summary Observations
• Detailed Findings
• Strategic and Tactical Directives
• Statement of Responsibility