OVERVIEW

Penetration Testing Methodology provides students with a comprehensive and hands-on exposure to the processes, tools and procedures used by penetration testers. Students experience concepts and methods involved in targeting, infiltrating and expanding access within networks. The course develops student insight into the attacker mindset and simulates a real-world attacker’s thoughts and actions. Such insights are for the purpose improving the security posture of the organizations supported by the student.

Penetration Testing Methodology includes significant amounts of hands-on practical application of skills learned. Students are introduced to topics and concepts through lectures then given a series of lab exercises to reinforce that learning and build skill. Students must exercise the penetration testing methodology, process and analyze collected data, and develop the necessary trade-craft and stealth to successfully complete the goals of the course.

OBJECTIVE

Upon successful completion of this course, students will be able to:

  • examine a cyber threat from the attacker mindset
  • simulate a real-world attacker’s thoughts and actions
  • process appropriate data from a penetration test
  • analyze appropriate data from a penetration test
  • collect appropriate data from a penetration test
  • apply appropriate trade-craft and stealth to perform a penetration test
AUDIENCE

Security professionals wanting to expand into assessing their own network and systems to find security vulnerabilities.

PREREQUISITES

Students attending the course should have a strong understanding of how data traverses a network, basic UNIX and Windows competency, and comfort working from the command line.

CERTIFICATION EXAMS

N/A

Ready to enroll?

Apply Today
COURSE OUTLINE
  • Open source information gathering
  • Legal issues of penetration testing
  • Tradecraft
  • Sources of interesting information
  • Footprinting, scanning and enumeration
  • Fingerprinting
  • Vulnerability information
  • Exploiting hosts/devices
  • Situational Awareness
  • Log manipulation
  • Implants
  • Pivoting and redirection
  • Data exfiltration
  • Trusted networks
  • Passwords, reuse and cracking
  • Public-facing networks vs. intranets
  • Armitage
  • Keyloggers and sniffers
  • Anonymity