Upload
drupen-drupen
View
217
Download
0
Embed Size (px)
Citation preview
8/18/2019 Cast 611 Brochure
1/14
CAST EC-Council
EC-Council
CASTCENTER FOR ADVANCED
SECURITY TRAINING
Make The Difference
CAST 611
Advanced Penetration Testing
8/18/2019 Cast 611 Brochure
2/14
CAST EC-Council
CAST EC-Council
The rapidly evolving information security
landscape now requires professionals to stay up
to date on the latest security technologies,
threats and remediation strategies. CAST was
created to address the need for quality
advanced technical training for information
security professionals who aspire to acquire the
skill sets required for their job functions. CAST
courses are advanced and highly technical
training programs co-developed by EC-Council
and well-respected industry practitioners or
subject matter experts. CAST aims to
provide specialized training programs that will
cover key information security domains, at an
advanced level.
About EC-Council
Center of Advanced
Security Training
(CAST)
8/18/2019 Cast 611 Brochure
3/14
CAST EC-Council
CAST EC-Council
The course is ALL Hands-On - 100%.
The format is practice the professional security testing
methodology for the first half of the class.
Once you have practiced this then you will go against a
"live" range. The process is as follows:
The sample methodology:
- Information gathering and OSINT
- Scanning Building a Target Database
- Enumeration
- Vulnerability Analysis
- Exploitation
- Post exploitation
- Advanced techniques
- Data Analysis
- Report
Access the range:
- You will be provided a scope of work
- Have 2-3 hours on the range and then be provided a
debrief
Advanced Penetration TestingCourse Description
8/18/2019 Cast 611 Brochure
4/14
CAST EC-CouncilCAST EC-Council
The ranges are progressive and increase in
difficulty at each level. There are 3-4 levels to
complete then you are ready for the challenge
range practical!
Motto:
- So you think you can pen test? PROVE IT!
The course will teach you how to do aprofessional security test and produce the
most important thing from a test ... the
findings and the report!.
The ranges progresses in difficulty and reflect
an enterprise level architecture. There will be
defenses to defeat and challenges to
overcome. This is not your typical FLAT
network! As the range levels increase you will
encounter the top defenses of today and learn
the latest evasion techniques.
The format you will use has been used to train1000s penetration testers globally, it is proven
and effective!
Practical:
- Three phases
- scope of work for each phase.
- 6 hours to complete the practical.
- save all of the data and build a target
database of your findings. At completion ofthe range section.
- Two hours for written exam base on ranges
– Pass exam
- Receive CAST Advanced Penetration Tester
Certification
8/18/2019 Cast 611 Brochure
5/14
CAST EC-Council
Students completing this course will gain in-depth knowledge in the following areas:
CAST EC-Council
01 Advanced Scanning methods
02 Attacking from the Web
03 Client Side Pen-testing
04 Attacking from the LAN
05 Breaking out of Restricted Environments
06 Bypassing Network-Based IDS/IPS
07 Privilege Escalation
08 Post-Exploitation
What Will You Learn?
8/18/2019 Cast 611 Brochure
6/14
CAST EC-CouncilCAST EC-Council
• Information security professionals
• Penetration Testers
• IT managers
• IT auditors
• Government & Intelligence Agencies
interested in real world attack and defense
in today’s complex and highly secure IT
environments
Who Should Attend
8/18/2019 Cast 611 Brochure
7/14
CAST EC-Council
1. Information gathering and OSINT
CAST EC-Council
Course Outline
• Nslookup
• Dig
• dnsenum
• dnsrecon
• dnsmap
• reverseraider
• Enumeration of DNS with erce
• Internet registrars and whois
• Enumeration with theHarvester
• ServerSni
• Google Hacking Database
• metagool
• Cloud Scanning with Shodan
8/18/2019 Cast 611 Brochure
8/14
CAST EC-CouncilCAST EC-Council
2. Scanning
• Scanning with the Nmap tool
• Scan for live systems
• Scan for open ports
• Identify services
• Enumerate
• Output the scanner results in an XML
format for displa
• Scanning with autoscan
• Scanning with Netifera
• Scanning with sslscan
• Scanning and Scripting with Hping3
• Building a Target Database
RANGE: Live Target Range Challenge Level One
8/18/2019 Cast 611 Brochure
9/14
CAST EC-CouncilCAST EC-Council
3. Enumeration 5. Exploitation
4. Vulnerability Analysis
• Enumerating Targets
• Enumerating SNMP
• Using the nmap scripting engine• Enumerating SMB
• OS Fingerprinting
• Exploit Sites
• Manual Exploitation
• Scanning the target• Identifying vulnerabilities
• Finding exploit for the
vulnerability
• Prepare the exploit
• Exploit the machine
• Exploitation with Metasploit
• Scan from within Metsaploit
• Locate an exploit, and attempt to
exploit a machine
• Exploiting with Armitage
• Scan from within Armitage
• Managing targets in Armitage
• Exploiting targets with Armitage
• Exploitation with SET
• Setup SET
• Access compromised web siteusing Java attack vector
• Gain user-level access to the latest
Windows machines
• Perform privilege escalation
• Gain system-level access to the
latest Windows machines
• Extract data with scraper
• Extract data with winenum
• Analyze the pilfered data
• Kill the antivirus protection
• Vulnerability Sites
• Vulnerability Analysis with
OpenVAS
• Vulnerability Analysis with Nessus
• Firewalls and Vulnerability Scanners
• Vulnerability Analysis of Web
Applications• XSS
• CSRF
• SQL Injection
• Others
• Vulnerability Scanning with W3AF
• Vulnerability Scanning with
Webshag
• Vulnerability Scanning with Skipsh
• Vulnerability Scanning with Vega
• Vulnerability Scanning with
Proxystrike
• Vulnerability Scanning with
Owasp-zap
RANGE: Live Target Range Challenge
Level Two
8/18/2019 Cast 611 Brochure
10/14
CAST EC-CouncilCAST EC-Council
6. Post Exploitation
• Conduct local assessment
• Conduct the scanning
methodology against the
machine
• Identify vulnerabilities
• Search for an exploit
• Compile the exploit
• Attempt to exploit the machine
• Migrate the exploit to another
process
• Harvest information from an
exploited machine
• Capture and crack passwords
• Copy les to and from an
exploited machine
RANGE: Live Target Range Challenge
Four
8/18/2019 Cast 611 Brochure
11/14
CAST EC-Council
7. Data Analysis and Reporting
CAST EC-Council
• Compiling Data in MagicTree
• Take tool output and store it in a usable
form
• Compiling Data in Dradis
• Storing OpenVAS results
• Developing a Professional Report
• Identify the components of a report.• Cover Page
• Table of Contents
• Executive Summary
• Host Table
• Summary of ndings
• Detailed Findings
• Conclusion
• Appendices
• Reviewing ndings and creating report
information
• Conducting systematic analysis
• Validation and verication
• Severity
• Description
• Analysis/Exposure
• Screenshot
• Recommendation
• Reviewing sample reports
• Creating a custom report
8/18/2019 Cast 611 Brochure
12/14
CAST EC-CouncilCAST EC-Council
8. Advanced Techniques
• Scanning against defenses
• Routers
• Firewalls
• IPS
• Exploitation through defenses
• Source port conguration
• Detecting Load Balancing
• DNS
• HTTP
• Detecting Web Application Firewalls
• wafW00f
• Evading Detection
• Identifying the threshold of a device
• Slow and controlled scanning
• Obfuscated exploitation payloads
• Exploit writing
• Writing custom exploits
• Exploit writing references
8/18/2019 Cast 611 Brochure
13/14
CAST EC-CouncilCAST EC-Council
Master Trainer:
Kevin Cardwell
Kevin Cardwell served as the leader of a 5 person Red Team that achieved a 100% success rate at
compromising systems and networks for six straight years. He has conducted over 500 security
assessments across the globe. His expertise is in finding weaknesses and determining ways clients can
mitigate or limit the impact of these weaknesses.
He currently works as a free-lance consultant and provides consulting services for companies throughout
the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia andthe UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He
is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense course.
He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer
Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences. He
has chaired the Cybercrime and Cyberdefense Summit in Oman. He is author of Bactrack: Testing Wireless
Network Security. He holds a BS in Computer Science from National University in California and a MS in
Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy
and Training Development Plan for the first Government CERT in the country of Oman that recently was
rated as the top CERT for the Middle East. he serves as a professional training consultant to the Oman
Information Technology Authority, and developed the team to man the first Commercial Security
Operations Center in the country of Oman. He has worked extensively with banks and financial
institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure
architecture and implementing requirements to meet compliance. He currently provides consultancy toCommercial companies, governments, major banks and financial institutions in the Gulf region to include
the Muscat Securities Market (MSM) and the Central Bank of Oman. Additionally, he provides training and
consultancy to the Oman CERT and the SOC team in the monitoring and incident identification of
intrusions and incidents within the Gulf region.
8/18/2019 Cast 611 Brochure
14/14
CAST EC-Council
EC-Council