Duration
20.0 hours
Regular fee
$250
Objectives of the training
Penetration testing has become a must in the field of cybersecurity. The objective of this course is to provide you with the methodological and technical knowledge required to conduct and manage a and thus become a good pentester. Notions of framing and follow-up of a penetration test will allow you to target a customer's needs.Targeted audience
Computer scientistsPrerequisite
Knowledge of systems and networks are essential to understand this to understand this course.Trainers
Upcoming information
Course architecture
The current context
- Definition of a Lead Pentester and recent statistics
- Terminology
- Principles of information security
- Definition of a penetration test
- The different phases of an attack
- Regulatory aspects of penetration testing
- Methods and framework for a penetration test
Framing and objectives
- Identification of the objectives
- Definition of the perimeter
- Demonstration - ESD Academy Pentest Framework
- Presentation of the test - Pre-engagement questionnaire
- Resource management and allocation
- Tracking of test objectives
- Rules of Engagement (RoE)
- PD Statement - Writing a Pre-Engagement Contract
Prepare your penetration test
- Preparing a machine for penetration testing
- Automation and scripting
- Known tools
- Demonstration - Rubber Ducky
- Templating documents
- Demo - Penetration test follow-up
Information gathering
- Scope enumeration - part 1
- Perimeter Enumeration - Part 2
- Firewall and IDS evasion techniques
- Protocol Enumeration - Part 1
- Protocol Enumeration - Part 2
- Demonstration - Enumeration Tools Overview
- Lecture - Enumeration of the infrastructure
Exploitation
- Exploit research
- Presentation of attack tools and frameworks
- Demonstration - Metasploit presentation
- Deployment and execution of loads
- Lecture - Exploiting vulnerabilities
- Passive and active infrastructure eavesdropping - part 1
- Passive and active infrastructure eavesdropping - part 2
- Tutorial Statement - Exploiting and Analyzing Intercepted Data
- Bruteforcing
Post exploitation
- Deactivation of traceability elements
- Elevation of privileges - part 1
- Privilege elevation - part 2
- Demonstration - Overview of privilege elevation methods
- Study of persistence
- Lateral movements
- Cleaning up traces
- Lecture - Post-exploitation
- Definition of a Lead Pentester and recent statistics
- Terminology
- Principles of information security
- Definition of a penetration test
- The different phases of an attack
- Regulatory aspects of penetration testing
- Methods and framework for a penetration test
Framing and objectives
- Identification of the objectives
- Definition of the perimeter
- Demonstration - ESD Academy Pentest Framework
- Presentation of the test - Pre-engagement questionnaire
- Resource management and allocation
- Tracking of test objectives
- Rules of Engagement (RoE)
- PD Statement - Writing a Pre-Engagement Contract
Prepare your penetration test
- Preparing a machine for penetration testing
- Automation and scripting
- Known tools
- Demonstration - Rubber Ducky
- Templating documents
- Demo - Penetration test follow-up
Information gathering
- Scope enumeration - part 1
- Perimeter Enumeration - Part 2
- Firewall and IDS evasion techniques
- Protocol Enumeration - Part 1
- Protocol Enumeration - Part 2
- Demonstration - Enumeration Tools Overview
- Lecture - Enumeration of the infrastructure
Exploitation
- Exploit research
- Presentation of attack tools and frameworks
- Demonstration - Metasploit presentation
- Deployment and execution of loads
- Lecture - Exploiting vulnerabilities
- Passive and active infrastructure eavesdropping - part 1
- Passive and active infrastructure eavesdropping - part 2
- Tutorial Statement - Exploiting and Analyzing Intercepted Data
- Bruteforcing
Post exploitation
- Deactivation of traceability elements
- Elevation of privileges - part 1
- Privilege elevation - part 2
- Demonstration - Overview of privilege elevation methods
- Study of persistence
- Lateral movements
- Cleaning up traces
- Lecture - Post-exploitation
Private or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quoteDuration
20.0 hours
Regular fee
$250
Private or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quote