Network Penetration Testing & Ethical Hacking (1 Day)

£999.00

Category:

Description

A whirlwind tour of the most important tools and concepts for probing and protecting IT systems from hackers in a day

It can be difficult for IT professionals to keep abreast of the latest in network security. Why not therefore make it easier for yourself and let the experts lead you to the latest tools used in attacking and protecting networks from the hackers.  This unique ethical hacking/penetration testing course will arm IT professionals with the necessary tools to penetrate and/or protect systems from harm. This course begins with the fundamental of proper planning, scoping and network reconnaissance. It then goes deeper into scanning, target exploitation, password attacks and wireless and web apps, with detailed hands-on labs throughout. It is a subset of the material used in the more comprehensive 3 day course. None the less, let us quickly get you up to speed on the latest in practical network security penetration testing.

The course is given by experts in network penetration. We start of with detailed reconnaissance by examining a target’s infrastructure and mining blogs, search engines, social networking sites and other Internet and intranet infrastructure. You will be equipped to scan target networks using best-of-breed tools. After scanning, you will learn dozens of methods for exploiting target systems to gain access and measure real business risk, then examine post-exploitation, password attacks and web apps, pivoting through the target environment to model the attacks of real-world bad guys. The aim is to provide an understanding of the theory of secure software and network systems through a series of lab based practical work and experiments. This treatment will reinforce software engineering best practice.  This module also aims to introduce the key concepts of secure computer systems & provide expertise in applying the principal techniques in planning & deploying secure systems.

In a nutshell

This course provides an in-depth hands-on approach to attacking a modern computer system. This course will introduce the concepts and principles of secure systems in a day. In addition, students will be given the opportunity to learn how to configure and test application and network security, deploy secure network based software applications and resolve security problems. Students will have an in-depth knowledge of basic skills in hacking and protecting IT systems along with an appreciation for emerging themes that could impact secure systems in the future. All attendees will also receive a discount for the more comprehensive 3 day course if they want to deepen their skills after taking this 1 day course.

Syllabus

1. Linux & Pen Testing Environment Basics

This module covers finding your way around Kali, Linux Services, SSHD, Apache, Linux basic commands, Text viewers and editors for Linux Newbies, Parsing with Grep, Netcat, Connecting to a TCP/UDP port with Netcat, Listening on a TCP/UDP port with Netcat, Transferring files with Netcat, Remote Administration with Netcat – Bind Shell,  Cross-site scripting, Persistent XSS payload, Reflected XSS, Preventing XSS Attacks and Creating a Keylogger to Snoop.

2. Information Gathering Techniques

We cover Open Web Information Gathering, Google Hacking, Google Hacking Database (GHDB), Netcraft, Web history sources, Whois Reconnaissance, HTTrack – Clone a Website, Extracting Host/Subdomains/Emails with Goohost, Searching for Files with Goofile, OWASP (Open Web Application Security Project) Joomla! Vulnerability Scanner, Joomla! Command Line Scan, Joomla Security Scanner CMS Vulnerabilities, WPScan-Wordpress Security Scanner, Plecost, WhatWeb, BlindElephant-Web Application Fingerprinter, Intrusion Detection Systems Detection, DNS Reconnaissance, Interacting with a DNS server, Automating lookups, Forward lookup brute force, Reverse lookup brute force, Gathering Host Information with Dmitry, Documentation of Penetration Tests.

3. Port Scanning

 We cover Port Scanning Basics, Nmap, Network Sweeping, Fingerprinting, Banner Grabbing / Service Enumeration, Nmap Scripting Engine, PBNJ, Unicornscan, Root Kit Hunter , Root Kit Hunter, Check Rootkit and Load Balancing Detection.

4. Sniffing Traffic and Man in the Middle Attacks

We cover Ettercap Snooping on other traffic in Lab through ARP Poison Attack and Denial of Service Attacks in depth. 

5. Web Application Attack vectors

We cover Abusing File Upload on a Vulnerable Web Server, Cross-site Request Forgery, SQL & Cross-Site Scripting Vulnerabilities, SQL Injection Vulnerabilities,  Testing Web Applications to Find SQL Injection Vulnerabilities and Cross Site Scripting (XSS) Reflected Attack.

6. Web Application Testing

We cover Web Application Testing with Burpsuite namely Proxy, Spider, Intruder, Repeater and Comparer Burp tools. We also looking to doing Dictionary Attacks with Burp Suite and Generating a PHP Shell with Weevely.

7. Password Attacks

We cover Online Password Attacks, Hydra, FTP Brute force, Password profiling, CeWL, CPU & GPU Password Cracking, CPU Password Cracking with Cain & Abel, CPU password cracking with Hashcat, NTLM Hash Password Cracking, Hashing, MD5 Hash Calculation, SHA1 Hash Calculation, GPG Public Key Generation and Encrypting and Decrypting a message.

8. Steganography

We cover Hiding an image inside an image, Hiding information inside files, Encoding information inside a PDF file, Decoding the stego file, Breaking Steganography – Detecting hidden information and Network Steganography.

 

 

 

Additional information

Equipment to bring

Students should bring their own laptop but we can also provide a laptop in many cases. Some of the course exercises are based on Windows, while others focus on Linux. VMware Player or VMware Workstation is used for the class. We can provide it on the day. If you plan to use a Macintosh, please make sure you bring VMware Fusion, along with a Windows guest virtual machine.

You will also be required to disable your anti-virus tools temporarily for some exercises, so make sure you have the anti-virus administrator permissions to do so. Do not plan on just killing your anti-virus service or processes, because most anti-virus tools still function, even when their associated services and processes have been terminated. For many enterprise-managed clients, disabling your anti-virus tool may require a different password than the Administrator account password. Please bring that administrator password for your anti-virus tool. We will provide you with a copy of the attack tools to experiment with during the class and to take home for later analysis.

Who should attend?

We welcome anyone with some background in an aspect of IT/computing. Ideally the person is an IT professional but we can tailor aspects of the material to suit the strength of the attendee. We particularly welcome ethical hackers, professionals/auditors who need to build deeper technical skills and those looking to move into a network security related area.

Why choose this course?

This course offers in-depth technical excellence along with industry-leading methodologies to conduct high-value penetration tests.

We provide theoretical in-depth notes on hacking and pen testing alongside cutting edge lab classes to demonstrate the tools.

We go deep into the tools arsenal with numerous hands-on exercises that show subtle, less well-known and undocumented features that are useful for professional penetration testers and ethical hackers.

We show how the tools interrelate with each other in an overall testing process by focusing on the workflow of professional penetration testers and ethical hackers, proceeding step by step and discussing the most effective means for conducting projects.

We show how penetration testing and ethical hacking should fit into a comprehensive enterprise information security program.

Location & Date:

We generally run our courses in local hotels or training centres but we can also visit your company and conduct the training there. We are flexible. We also can do weekends.

Email us at info@wirelessnetworksecuritycourses.com with your preferred date(s) for training.