A rigorous pen testing program that, unlike contemporary pen testing courses, teaches you how to perform effective penetration tests across filtered networks. The EC-Council course requires you to pen test IoT systems and OT systems, build your own exploits and tools, conduct advanced binary exploitation, double pivot to access hidden networks, and work with various technologies.
Course Outline
Lesson 1: Penetration Testing Essential Concepts
- Computer Network Fundamentals
- TCP/IP Protocol Suite IP Addressing and Port Numbers
- Network Terminology
- Network Security Controls
- Network Security Devices
- Network File System (NFS)
- Windows Security
- Unix/Linux Security
- Virtualization
- Web Servers
- Web Applications
- Web Markup and Programming Languages
- Application Development Frameworks and Their Vulnerabilities
- Web APIs
- Web Subcomponents
- Web Application Security Mechanisms
- Common Information Security Attacks
- Information Security Standards, Laws, and Acts
Lesson 2: Introduction to Penetration Testing and Methodologies
- What Is Penetration Testing?
- Benefits of Conducting a Penetration Test
- ROI of Penetration Testing
- How Penetration Testing Differs from Ethical Hacking
- Comparing Security Audits, Vulnerability Assessments, and Penetration Testing
- Types of Penetration Testing
- Penetration Testing: Cost and Comprehensiveness
- Selecting an Appropriate Testing Type
- Different Methods of Penetration Testing
- Selecting the Appropriate Method of Penetration Testing
- Common Areas of Penetration Testing
- Penetration Testing Phases
- Penetration Testing Methodologies
- Need for a Methodology
- LPT Penetration Testing Methodology
- Penetration Testing Essentials
Lesson 3: Penetration Testing Scoping and Engagement Methodology
- Penetration Testing: Pre-engagement Activities
- Pre-engagement Activities
- Request for Proposal (RFP)
- Preparing Response Requirements for Proposal Submission
- Setting the Rules of Engagement (ROE)
- Establishing Communication Lines: Identifying Key Contacts
- Timeline
- Time/Location
- Frequency of Meetings
- Time of Day
- Identifying Who Can Help You
- ROE Document
- Handling Legal Issues in Penetration Testing Engagement
- Penetration Testing Contract
- Preparing for the Test
- Handling Scope Creep During Penetration Testing
Lesson 4: Open-Source Intelligence (OSINT) Methodology
- OSINT Gathering Steps
- OSINT Through the World Wide Web (WWW)
- OSINT Through Website Analysis
- OSINT Through DNS Interrogation
- Automating OSINT Efforts Using Tools, Frameworks, and Scripts
Lesson 5: Social Engineering Penetration Testing Methodology
- Social Engineering Penetration Testing
- Skills Required to Perform Social Engineering Pen Tests
- Common Targets of Social Engineering Pen Tests
- Do Remember: Before Conducting a Social Engineering Pen Test
- Black Box or White Box?
- Social Engineering Penetration Testing Steps
- Social Engineering Penetration Testing Using Email Attack Vectors
- Social Engineering Penetration Testing Using Telephone Attack Vectors
- Social Engineering Penetration Testing Using Physical Attack Vectors
Lesson 6: Network Penetration Testing Methodology – External
- Network Penetration Testing
- External vs. Internal Penetration Testing
- External Network Penetration Testing
- Internal Network Penetration Testing
- Network Penetration Testing Process
- White, Black or Grey-box Network Penetration Testing?
- External Network Penetration Testing Steps
- Port Scanning
- OS and Service Fingerprinting
- Vulnerability Research
- Exploit Verification
Lesson 7: Network Penetration Testing Methodology – Internal
- Internal Network Penetration Testing
- Why Conduct Internal Network Penetration Testing?
- Internal Network Penetration Testing Steps
- Footprinting
- Network Scanning
- OS and Service Fingerprinting
- Enumeration
- Vulnerability Assessment
- Windows Exploitation
- Unix/Linux Exploitation
- Other Internal Network Exploitation Techniques
- Automating Internal Network Penetration Test Efforts
- Post-Exploitation
Lesson 8: Network Penetration Testing Methodology – Perimeter Devices
- Steps for Firewall Penetration Testing
- Steps for IDS Penetration Testing
- Steps for Router Penetration Testing
- Steps for Switch Penetration Testing
- Assessing Firewall Security Implementation
- Assessing IDS Security Implementation
- Assessing Router Security
- Assessing Switch Security
Lesson 9: Web Application Penetration Methodology
- White Box or Black Box?
- Web Application Penetration Testing
- Web Application Security Framework
- Security Framework vs. Vulnerabilities vs. Attacks
- Web Application Penetration Testing Steps
- Discover Web Application Default Content
- Discover Web Application Hidden Content
- Conduct Web Vulnerability Scanning
- Identify the Attack Surface Area
- Tests for SQL Injection Vulnerabilities
- Tests for XSS Vulnerabilities
- Tests for Parameter Tampering
- Tests for Weak Cryptography
- Tests for Security Misconfiguration
- Tests for Client-Side Scripting Attacks
- Tests for Broken Authentication and Authorization Mechanisms
- Tests for Broken Session Management Vulnerabilities
- Tests for Web Services Security
- Tests for Business Logic Flaws
- Tests for Web Server Vulnerabilities
- Tests for Thick Client Vulnerabilities
Lesson 10: Database Penetration Testing Methodology
- Database Penetration Testing Steps
- Information Reconnaissance
- Database Enumeration: Oracle
- Database Enumeration: MS SQL Server
- Database Enumeration: MySQL
- Vulnerability and Exploit Research
- Database Exploitation: Oracle
- Database Exploitation: MS SQL Server
- Database Exploitation: MySQL
Lesson 11: Wireless Penetration Testing Methodology
- Wireless Penetration Testing
- WLAN Penetration Testing Steps
- RFID Penetration Testing Steps
- NFC Penetration Testing Steps
- Mobile Device Penetration Testing Steps
- IoT Penetration Testing Steps
- Wireless Local Area Network (WLAN) Penetration Testing
- RFID Penetration Testing
- NFC Penetration Testing
- Mobile Device Penetration Testing
- IoT Penetration Testing
Lesson 12: Cloud Penetration Testing Methodology
- Distribution of Public Cloud Services: AWS, Azure, Google Clouds Are on TOP among others
- Cloud Computing Security and Concerns
- Security Risks Involved in Cloud Computing
- Role of Penetration Testing in Cloud Computing
- Do Remember: Cloud Penetration Testing
- Scope of Cloud Pen Testing
- Cloud Penetration Limitations
- Cloud Specific Penetration Testing
- Cloud Reconnaissance
- Identify the Type of Cloud to be tested
- Identify What to be Tested in Cloud Environment
- Identify the Tools for Penetration Test
- Identify What Allowed to be Tested in Cloud Environment
- Identify Which Tests are Prohibited
- AWS’s Provision for Penetration Testing
- Azure’s Provision for Penetration Testing
- Google Cloud’s Provision for Penetration Testing
- Identify Date and Time for Penetration Test
- Cloud Specific Penetration Testing
- Recommendations for Cloud Testing
Lesson 13: Report Writing and Post Testing Actions
- Penetration Testing Deliverables
- Goal of the Penetration Testing Report
- Types of Pen Test Reports
- Characteristics of a Good Pen Testing Report
- Writing the Final Report
- Document Properties/Version History
- Table of Contents/Final Report
- Summary of Execution
- Scope of the Project
- Evaluation Purpose/System Description
- Assumptions/Timeline
- Summary of Evaluation, Findings and Recommendations
- Methodologies
- Planning
- Exploitation
- Reporting
- Comprehensive Technical Report
- Result Analysis
- Recommendations
- Appendices
- Sample Appendix
- Penetration Testing Report Analysis
- Report on Penetration Testing
- Pen Test Team Meeting
- Research Analysis
- Pen Test Team Meeting
- Research Analysis
- Pen Test Findings
- Rating Findings
- Analyze
- Prioritize Recommendations
- Delivery Penetration Testing Report
- Cleanup and Restoration
- Report Retention
- Sign-off Document Template
- Post-Testing Actions for Organizations