Spectramind is Sponcering partner for the conference

PTC Certified Penetration Testing Consultant (Certification) [ 4 days ]

Course Description
This course is designed to take an individual with knowledge of the basic security auditing toolset to the next and higher level. Many courses teach "how to hack"; the CPTConsultant course teaches "the business of penetration testing". The course delivers advanced and cutting edge techniques for auditing a broad range of security controls (including Physical and User Security) with "hands-on" laboratories designed by real world security auditors.
The CPTConsultant course also delivers the "business side" of penetration testing, including RFPs, Authorization, Security Policy Review and Compliance. The CPTConsultant courseware is constantly updated (with updates available to past students) to reflect the most current security issues and known exploits; this is the way of the Certified Penetration Testing Expert.
Each day ends with a Capture the Flag Competition to ensure that participants retain the daily objectives.

The CPTConsultant course provides attendees with the unique opportunity to perform all stages of an actual penetration test within a controlled classroom environment. Hands-on laboratories have been researched and developed by leading security professionals from around the world and are continuously updated. The CPTConsultant will cover much more in-depth attacks, techniques, technologies and countermeasures than foundation Penetration Testing and Ethical Hacking courses such as CPTEngineer, CEH and OSPT.

Participants of the CPTConsultant course will have the ability to complete laboratories in all of the following areas:
Perform a penetration test and submit a deliverable report
Capture and replay VoIP traffic
Find and exploit databases with SQL Injection vulnerabilities
Manipulate prices on e-commerce websites
Obtain and transfer information via Bluetooth enabled telephones
Tools and resources for picking simple and complex locks
Techniques for Wireless Site Surveying and Cracking WEP/WPA key
Additionally, attendees will be qualified to confidently undertake the CPTConsultant practical examination

CPTEngineer, GIAC, or equivalent knowledge
24 months experience in Networking Technologies
Sound knowledge of TCP/IP
Computer hardware knowledge
Experience as a Support Professional or Consultant

Prepares For
Certification Exam:
CPTConsultant Practical Exam
Certification Track:
CPTEngineer - Certified Pen Testing Eng™
CPTConsultant - Certified Pen Testing Consultant™
CDFE - Certified Digital Forensics Examiner

Course Completion Skills:
A Certified Penetration Testing Expert is a security professional with the ability to plan, manage and perform a penetration test. The designation "Expert" is related to the depth and breadth of understanding required to manage a project involving multiple team members, manage the client's expectations and deliver an audit of security controls that is thorough, well documented and ethically sound.

Module 1 Intro and Pen Test Overview
Defining Boundaries
Objectives and Scope of the Pen Test
Plan of Attack
Gathering Information

Module 2 The Attack Stage
Information Gathering
Vulnerability Assessments
Exploiting Systems
Back Doors/Root Kits
Covering Tracks
Wireless Attacks
To ensure that students gain as much as possible from the CPTConsultant course, we start with a refresher on all tools and techniques covered in 'foundation' hacking courses such as CPTEngineer, CEH and OSPT. The subjects covered include information gathering, scanning, enumeration, vulnerability assessments, exploiting systems, packet interception / analysis and wireless detection techniques. Some of the tools the student will use include Sam Spade, SmartWhois, nmap, hping2, xprobe2, RPCclient, LophtCrack, Cain & Abel, Metasploit, Ethereal, Netstumbler, Wellenreiter etc.

Module 3 Core Impact Initial Pen Test
This lesson will instruct in the use of Core Technologies, market leading commercial penetration testing application. This tool will allow the penetration tester to quickly build up a security snapshot of the target network. From here, the tester will then move onto more advanced manual methods to complete the test.
The hands-on laboratory will allow the student to use Core Impact to perform a Rapid Pen Test.

Module 4 EsternalDMZ
The first point of contact with a target network will predominantly be through the De-Militarized Zone. This whole section is dedicated to the exploits that apply to this part of the Attack Surface. It is sub-sectioned into:Place text here
DNS/Mail/Web/VPN Servers
Database Mining-SQL Injection
Database Mining is the process of attacking a database server through the front end. In this section, we open up a network through a SQL server web interface running on a web server inside the DMZ.
Laboratory: Students will be thrust into an online banking environment and will successfully exploit the database front-end to bypass authorization, elevate account privileges, transfer money and manipulate cookies by employing an advanced 'SQL Injection' technique known as 'Blind SQL Injection'. Other attack methods will include VPN IPSEC PSK cracking, circumventing DNS, Mail and Web servers using the latest techniques.

Module 5 Wireless Site Surveying
During this module, the students will learn all about the current security mechanisms employed to secure wireless networks, WEP/WPA/WPA2 and 802.11x. After talking about the security of these networks, we cover the attacks to bypass all of the security.
Laboratory: Most corporate wireless networks are now protected with encryption such as Wired Equivalent Privacy (WEP) or Wi-Fi Protected Access (WPA). The auditing of these networks requires the tester to attempt to break that encryption. This is exactly what the student will do! We use advanced techniques to break WEP encryption by re-injecting encrypted packets back onto the network and cracking the key in as little as 10 minutes. The tool set the student will become expert with includes kismet, airodump, aireplay, aircrack and cowpatty.

Module 6 Attacking Blue Tooth Devices
As more and more Bluetooth devices appear on the corporate network, the professional penetration tester has to enhance his/her skills to encompass this technology. PDAs, cell phones and other BT devices are all vulnerable to attacks. The hands-on laboratory will teach the students the practical skills required to discover BT devices and retrieve personal information from cell phones and even make phone calls on somebody else's bill! The tool set includes BTscanner, ghettotooth, redfang and bluesnarfer.

Module 7 Programming 101
This module is not designed as a "learn programming in one easy step" as that is not possible. We focus our students' efforts on checking code obtained from underground websites so that it will compile correctly and perform the actions it is meant to. We cannot use a new tool on a client network without first ensuring it is safe.

Module 8 Internal Pen Testing
Once inside the external defences, the penetration tester has a whole different set of techniques and tools to use. This module is dedicated to internal testing. It is sub-sectioned into
Database Servers
Network Attacks
Password Retrieval and Cracking
Having a direct connection to a database server will allow many more attack vectors such as database discovery, enumeration and direct exploits like buffer overflows. We cover the market leading database servers (MS SQL, Oracle etc) and also talk about hardening these servers.
Laboratory: ARP Cache Poisoning, SSH/SSL Man-In-The-Middle Attacks, Voice Over IP interception and DNS Poisoning, Protocol Analysis, Password Cracking (Dictionary/Brute Force/Hybrid/Rainbow Tables), Buffer Overflow/Heap Overflow/Stack Overflow Exploits are just some of the attacks in this module, all of which will enable the penetration tester to expose the weaknesses of the network.

Module 9 Physical Security
Physical access to a client's building can offer the penetration tester a whole host of powerful attack vectors. This module will teach the student how to gain access by picking the door locks and padlocks securing the building. Yes, you read correctly! By the end of the hands on laboratory, student will be able to open most common types of pin tumbler door locks and 90% of padlocks available on the market, thus being able to play a greater part is their respective organizations physical security policies. Most 'Ethical Hacking' courses talk about the theory of physical access; the CPTConsultant covers the practical art of physical access.

Module 10 After the Pen Test
Laboratory: Presentation of the Penetration Test Report
Most lessons have hands-on laboratories
Laboratories will change continuously, adapting to changes in the security industry.
Mile2 consultants working in the security field will be dynamically implementing new scenarios that are over and above the base laboratories used in student workbooks.
Please note that this is not a class that will explain the very intricacies of each and every tool. The software is mostly open source and underground software which leaves us with no guarantee of compatibly
Mile2 consultants constantly test most of the tools used in this class; however, we may use a tool that is not tested in the environment we have at our partner's site.
We will be using a large array of Operating Systems that are set-up to be used in different ways, perhaps to attack or to use as a hacker box.
VMware is used very often in the class. It would be helpful if you download a trial version prior to the class.

*Every effort is made to ensure the accuracy of our outlines as course information from our suppliers changes with each new revision. As a result this outline is subject to change without prior notice

Registration Details

Course Fee:
Single Nomination:
USD 400/- OR INR 18000/-

Avail Special Discounts Avail Special Discounts Avail Special Discounts Avail Special Discounts
5% Discount for Early Bird Registrations (15 Days in advance to the program date) 5% Discount on Task force of 4 to 7 10% Discount on task Force of 8 and above 10% discount applicable to /SANS/ GIAC/CSWE/CDFE/CIHE/CISSP/CISA/ Qualified Professionals, Mile2/BA/PMI /SEG /CII/SPIN /CSI and NASSCOM Members

NOTE: Only one discount option is applicable at any time

Course Dates, Venue & Timings:

Sl.No. State City Batch1-Date Batch1-Date Batch2-Date Batch2-Date Batch3-Date Batch3-Date Batch4-Date Batch4-Date Venue Contact
01 AP Hyderabad - - 23-Apr'11 27-Apr'11 7-may'11 11-may'12 4-Jun’12 8-Jun’12 Ameerpet/Hightechcity Jason-91-40-64568797
02 Delhi Delhi/Gurgaon/Noida - - 28-Apr'12 29-Apr'12 26-May’12 27-May’12 23-Jun’12 24-Jun’12 Nehru place / Noida sector 6 Arun : 9810 328046
03 Karnataka Bangalore - - 5-May’12 6-May’12 26-MAY’12 27-May’12 2-June'12 3-June'12 DBS House 26, Cunningham Road ,Opp Indian Express Building, Bangalore - 560 052 Sundar Raj
04 Maharashtra Mumbai - - 21-Apr’12 22-Apr’12 19-May’12 20-May’12 16-Jun’12 17-Jun’12 DBS Heritage,Prescot Road,Opp. Cathedral Sr. School,Fort, Mumbai 400001. DBS Heritage (From Airport instruct the car / cab driver to drive to Fort, Fashion Street. It’s near Siddharth College, Budha Bhavan. Also there are schools like J. P. Pettit School & Cathedral Sr. School Mr.Vasudev
05 Maharashtra Pune 19-May'12 20-May'12 - - - - 30-Jun'12 1-Jul'12 Level-5, Tech Park-1, Airport Road, Yerwada, Pune - 411 006, India Mr.Manish
06 Tamilnadu Chennai - - 14-Apr'12 15-Apr'12 12-MAY'12 13-MAY'12 9-Jun’12 10-Jun’12 DBS House 31A, Cathedral Garden Rd ,Between Hotel Palmgrove and Valluvarkottam Nugambakkam,Chennai - 600034 Mr.Solomon
07 Westbengal Kolkata - - 30-Apr'12 1-May'12 30-May'12 31-May'12 30-Jun'12 1-Jul'12 DBS House 10/2, Hungerford Street,Opp. Exit Gate of Saturday Club,Kolkata - 700017 Mr.Sandeep
08 Kerala Trivandrum - - 30-Apr'12 1-May'12 30-May'12 31-May'12 30-Jun'12 1-Jul'12 DBS center Mr.Manoj
09 Kerala Cochin - - 30-Apr'12 1-May'12 30-May'12 31-May'12 30-Jun'12 1-Jul'12 ThomasMount ,ICTA Building,Changampuzha Nagar P.O.,Cochin- 682 033 Mr.Manoj: 9995881093
10 Tamilnadu Coimbatore - - - - 30-May'12 31-May'12 30-Jun'12 1-Jul'12 DBS Center Mr.Balaji
11 Maharashtra NAGPUR - - - - 30-May'12 31-May'12 30-Jun'12 1-Jul'12 DBS House Mr.Yogesh -9890952752
12 Gujarat Ahmedabad 16-Apr'12 17-Apr'12 - - - - 30-Jun'12 1-Jul'12 Aakruti Complex,Nr. Stadium Cross Road, Navrangpura,Ahmedabad-380009, Gujarat, INDIA Mr.Alok
13 Africa Johannesburg 29-MAY'12 31-MAY'12 - - - - - - Johannesburg,Africa Mr.Kamanbedu
14 Brazil São Paulo 26-JUN'12 28-JUN'12 - - - - - - Rua Rosa e Silva, No. 137, Apt - 4,Santa Cecilia,São Paulo, Brazil. CEP - 01230-020 Mr.Abhishek Ph - (55) - (11) - 87154930
15 Philippines Manila 24-JUL'12 26-JUL'12 - - - - - - Makati ,Philippines Mr.Sandeep : (+63)-917-872-3931
16 Nepal Khatmandu 28-AUG'12 30-AUG'12 - - - - - - Khatmandu Mr.ARun
17 Republic of Mauritius mauritius 25-SEPT'12 27-SEPT'12 - - - - - - mauritius Mr.ARun
18 Srilanka Colombo 1-MAY'12 3-MAY'12 - - - - - - Colombo,Srilanka Ms.Buddhini
19 Canada Toronto 23-OCT'12 25-OCT'12 - - - - - - 203 Royal Appian Cres, Concord ON 14K513 Mrs.Vala Ph.4169391252
20 USA Boston 16-Apr'12 17-Apr'12 - - - - - - Boston,USA Mr.Gaurav
21 UK London 21-DEC'12 23-DEC'12 - - - - - - London,UK Mr. BV Rao -0044-7891461544
22 USA California 16-Apr'12 17-Apr'12 - - - - - - 12128 Skylark Rd Clarksburg MD 20871 California ,USA Mr.Prashanth Ph : 001 - 240-257-2624
23 Bangladesh Dhaka 27-NOV'12 29-NOV'12 - - - - - - Dhaka Mr.Arun
24 ARMENIA GEORGIA 8-MAY'12 10-MAY'12 - - - - - - TIBLISI,Armenia Mr.Abata
25 Honkong Honkong 27-NOV'12 29-NOV'12 - - - - - - Honkong Mr.Peter
25 SAUDIARABIA RIYADH 28-MAY'12 30-MAY'12 - - - - - - RIYADH Mr.Rasheed 96626860652

Kindly register for the courses in your cities at least 2 days in advance.
Timings: 0900 - 2100 hrs

Contact Details:

Mr. Vijay

Mobile: 0 94400 89341

Phone: 040-6456 8797

Register Online: moc.snoitulosdnimartceps|ofni#moc.snoitulosdnimartceps|ofni
Email: ni.oc.oohay|pmpaqscyajiv#ni.oc.oohay|pmpaqscyajiv

Yahoo chat : vijaycsqapmp
Google chat/Skype chat/AOL chat/ICQ chat : tiptopten2000
Hotmail/Live chat / Rediff chat : tiptopten


Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License