Thank you for sending your enquiry! One of our team members will contact you shortly.
Thank you for sending your booking! One of our team members will contact you shortly.
Course Outline
How to Test the Security of Networks and Services
- Penetration testing – what is it?
- Penetration test versus audit – similarities, differences, and what is appropriate?
- Practical issues – what can go wrong?
- Scope of tests – i.e., what do we want to check?
- Sources of best practices and recommendations
Penetration Testing – Reconnaissance
- OSINT – i.e., acquiring information from public sources
- Passive and active methods of network traffic analysis
- Identification of services and network topology
- Security systems (firewalls, IPS/IDS systems, WAF, etc.) and their impact on testing
Penetration Testing – Vulnerability Searching
- System and version identification
- Vulnerability searching in systems, infrastructure, and applications
- Vulnerability assessment – i.e., "what will hurt"?
- Exploit sources and possibilities for customizing them
Penetration Testing – Attack and Gaining Control
- Types of attacks – how they are conducted and their consequences
- Attacks using remote and local exploits
- Attacks on network infrastructure
- Reverse shell – how to manage a compromised system
- Privilege escalation – i.e., how to become an administrator
- Ready-made "hacking tools"
- Analysis of a compromised system – interesting files, saved passwords, private data
- Special cases: web applications, WiFi networks
- Social engineering – i.e., how to "break" a human if systems cannot be breached?
Penetration Testing – Covering Tracks and Maintaining Access
- Logging and activity monitoring systems
- Cleaning logs and covering tracks
- Backdoor – i.e., how to leave yourself an open entry point
Penetration Testing – Summary
- Report preparation and its structure
- Report handover and consultation
- Verification of recommendation implementation
Requirements
- Knowledge of fundamental networking concepts (IP addressing, Ethernet, basic services – DNS, DHCP) and operating systems
- Knowledge of Windows and Linux (basic administration, system terminal)
Target Audience
- Personnel responsible for network and service security,
- Network and system administrators seeking to learn security testing methods,
- Anyone interested in the topic.
28 Hours
