Certified Penetration Testing Engineer
rootcon.JPG

Spectramind is Sponcering partner for the conference

About course :

Adequately protecting an organization’s information assets is a business imperative – one that requires a comprehensive, structured approach to provide protection commensurate with the risks an organization might face. The purpose of this white paper is to explore an ethical hacking technique – referred to in the IT community as Penetration Testing – which organizations are increasingly using to evaluate the effectiveness of information security measures. This paper aims to provide them with information about penetration testing and help them evaluate penetration testing as a tool for their information security strategy.

Spectramind Solution provides exhaustive network security testing on your internet network security infrastructure either from within your network or outside over the Internet. While black-box testing is best conducted from outside your network, a comprehensive "Multi-Stage Attack Path" testing as well as protocol link analysis is most effective when done from within your network. Spectramind Network Testing simulates the same methods that an attacker would follow to exploit multiple network security weaknesses in different combinations. Individually, some network vulnerability may not be critical, but when combined in certain ways, they can compromise your business-critical data or computer network.

THE THREAT

As more and more high profile information security events have garnered media attention in the last five years, those responsible for protecting their organization's critical assets have increasingly realized the need for greater attention to the security imperatives faced in doing business in an information-based economy. However, for too many people in such positions of responsibility, cognizance of prevailing threats and the will or means to act on them remains inconsistent with the increased risks involved in internet, intranet and extranet endeavors. And what money and energy is being allocated tends to be disproportionately focused on the external threat — based to a tremendous degree on the media focus on hacking incidents — rather than looking at an inside-out approach as the most effective route to a secure information infrastructure. Not surprisingly, the Internet's "underground" community sometimes refers to large organizations with complex, expensive firewalls as being "hard and crunchy on the outside; soft and chewy on the inside" as they're often inclined to put up a fortress-like front door while leaving all the windows wide open by ignoring their internal security posture.

There is concrete data that strongly suggests that this outsider's view is true and that the costs associated with internal security breaches can easily justify expenditures that might prevent such occurrences. For example, the 1999 Computer Security Institute (CSI)/FBI Computer Crime and Security Survey found that per-incident losses from theft of proprietary information averaged an astounding $2 Million. In addition, the survey found that unauthorized insider access of data costs organizations over $140,000 per occurrence

WHAT IS PENETRATION TESTING?

As its name implies, penetration testing is a series of activities undertaken to identify and exploit security vulnerabilities. The idea is to find out how easy or difficult it might be for someone to “penetrate” an organization’s security controls or to gain unauthorized access to its information and information systems.

A penetration test typically involves a small team of people sponsored by the organization asking for the test. This team attempts to exploit vulnerabilities in the organization’s
information security by simulating an unauthorized user (or “hacker”) attacking the system using similar tools and techniques. Penetration testing teams typically comprise people from an organization’s Internal Audit department or IT department, or from consulting firms specializing in these types of services. Their goal is to attempt to identify security vulnerabilities under controlled circumstances, so that they can be eliminated before unauthorized users can exploit them. Because penetration testing is an authorized attempt to simulate hacker activities, it is often referred to as “ethical hacking.”

It is important to point out that a penetration test cannot be expected to identify all possible security vulnerabilities, nor does it offer any guarantee that an organization’s information is secure. Penetration testing is typically conducted at a point in time. New technology, new hacker tools and changes to an organization’s information system can create exposures not anticipated during the penetration testing. In addition, penetration testing is normally completed with finite resources, focused on a particular area, over a finite period of time.

Hackers determined to break into an organization’s information systems are often not bound by similar constraints. Penetration testing is also typically focused on a system’s security vulnerabilities that would enable unauthorized access. It is not necessarily focused on security vulnerabilities that could result in the accidental loss or disclosure of the organization’s information and information systems.

WHY SHOULD ORGANIZATIONS CONSIDER PENETRATION TESTING?

By simulating the actions that a hacker might perform, an organization can gain valuable insights into the effectiveness of the security controls in place over its information systems. Penetration testing can identify vulnerabilities that unauthorized users could exploit. It can also identify more pervasive gaps and deficiencies in the organization’s overall security processes including, for example, its ability to identify, escalate and respond to potential security breaches and incidents.

In deciding whether penetration testing is appropriate as a part of its overall information protection and security strategy, an organization should consider both the significance and the likelihood of individuals exploiting security vulnerabilities to gain unauthorized access to its information systems and, thereby, undermining the confidentiality or the integrity of both the information and the systems.

Assessing Significance

Security controls are the foundation for trust – the trust an organization’s customers, employees, trading partners and stakeholders place in the organization that its data and intellectual property are adequately protected against unauthorized access, disclosure, use or loss. Therefore, in assessing the significance of the loss of the confidentiality or integrity of its information and systems, an organization must consider the importance that a breach in trust may have on its business operations, its customers, its employees or any of its key stakeholders.

A successful e-business environment enables business partners, customers, suppliers and visitors to quickly and directly access an organization’s information systems. It, therefore, provides business with tremendous opportunities for improving operational efficiencies, strengthening customer relationships and driving revenue growth. At the same time, these technological advancements and innovations introduce exposures and vulnerabilities that, if exploited for malicious purposes, can have significant and, perhaps, even devastating consequences to an organization’s reputation and, in extreme situations, ongoing viability. The challenge lies in balancing access requirements with robust protection against unauthorized usage.

Protecting an organization’s information and systems is a business imperative ― the price of entry for successful business in a networked economy. Increasingly, management, audit committees, boards of directors, customers, consumers and other stakeholders are requiring assurance that the organization is taking appropriate measures to protect its information and the information entrusted to it. Audit opinions on the adequacy of controls over information systems, such as Sys Trust, Web Trust and Section 5900 opinions, are increasingly used to provide this assurance.

Assessing Likelihood

The likelihood of an organization suffering an unauthorized intrusion is increasing for two main reasons. First, all information technology components in use today have potential security vulnerabilities. Some vulnerabilities are a consequence of the inherent limitations in the performance or design of the particular technology. Other vulnerabilities arise from the way the technology is configured or programmed for use. Regardless, these inherent vulnerabilities are widely publicized by technology vendors, security organizations and the hacker community on the Internet, and are available to anyone with professional or malicious interest. Second, a proliferation of powerful computers and software tools, coupled with the growing number of people who are inclined to use such tools for fun, mischief or profit, leads many to believe that the number of potential attackers and the types of potential attacks is increasing faster than the improvement in security techniques.

Exposure to security vulnerabilities is not, however, limited to those external to the organization. Internal, “authorized” users of a system also present a significant security exposure. According to a recent survey, 75% of respondents cited that disgruntled employees are the most likely source of attacks. When assessing the likelihood of someone attempting to exploit security vulnerabilities, organizations should consider the potential for both internal and external attack.

Hackers, both internal and external, identify targets through choice and opportunity. A “target of choice” is one that is specifically identified and selected. Hackers penetrate targets to achieve notoriety within their community or to reap more tangible benefits from, say, information theft and industrial espionage. Large, high-profile organizations, such as governments and financial institutions, are regular targets of choice. Employers and former employers often represent targets of choice for disgruntled employees, suppliers or contractors.

ARE FIREWALLS AND INTRUSION DETECTION SYSTEMS (IDS) ENOUGH?

Many organizations have deployed sophisticated security mechanisms, such as firewalls or intrusion detection systems (IDS), to help protect their information assets and to quickly identify potential attacks. While these mechanisms are important, they are not foolproof. A firewall cannot protect against what is allowed through – such as online applications and allowed services. While an IDS can detect potential intrusions, it can detect only what it has been programmed to identify, and it will not be effective at all if the company does not monitor or respond to the alerts. As well, firewalls and intrusion detection systems must be continuously updated or they risk losing their effectiveness at preventing or detecting attacks. Penetration testing can help validate and confirm the effective configuration of an organization’s firewalls and its intrusion detection systems.

WHAT’S INVOLVED IN PENETRATION TESTING?

The scope of a penetration testing project is subject to negotiation between the sponsor of the project and the testing team, and will vary depending on the particular objectives to be achieved. The principal objective of penetration testing is to determine whether an organization’s security vulnerabilities can be exploited and its systems compromised. Conducting such a test involves gathering information about an organization’s information systems and information security and then using this information to attempt to identify and exploit known or potential security vulnerabilities. Evidence to support the penetration testing team’s ability to exploit security vulnerabilities can vary from gathering “computer screen shots” or copying sensitive information or files to being able to create new user accounts on the system or being able to create and/or delete particular files on the organization’s servers.

Penetration testing can have a number of secondary objectives, including testing the organization’s security incidents identification and response capability, testing employee security awareness or testing users’ compliance with security policies. There are two areas that should be considered when determining the scope and objectives of a penetration testing exercise: testing strategies and testing activities to be executed.

Testing Strategies

Various strategies for penetration testing, based on specific objectives to be achieved, include:

External vs. internal testing

External testing refers to attacks on the organization’s network perimeter using procedures performed from outside the organization’s systems, that is, from the Internet or Extranet. To conduct the test, the testing team begins by targeting the company’s externally visible servers or devices, such as the Domain Name Server (DNS), email server, web server or firewall. Internal testing is performed from within the organization’s technology environment. The focus is to understand what could happen if the network perimeter were successfully penetrated or what an authorized user could do to penetrate specific information resources within the organization’s network.

Blind and double blind vs. targeted testing strategy

In a blind testing strategy, the testing team is provided with only limited information concerning the organization’s information systems configuration. The penetration testing team must use publicly available information (such as company web-site and domain name registry, Internet discussion board) to gather information about the target and conduct its penetration tests. Blind testing can provide information about the organization that may have been otherwise unknown, but it can also be more time consuming and expensive than other types of penetration testing (such as targeted testing) because of the effort required by the penetration testing team to research the target.

Double-blind testing extends the blind testing strategy in that the organization’s IT and security staffs are not notified or informed beforehand and are “blind” to the planned testing activities. Double-blind testing can test the organization’s security monitoring and incident identification, escalation and response procedures. Normally, in double-blind testing engagements, very few people within the organization are made aware of the testing, perhaps only the project sponsor. Double-blind penetration testing requires careful monitoring by the project sponsor to ensure that the testing procedures and the organization’s incident response procedures can be terminated when the objectives of the test have been achieved.

Targeted testing (often referred to as the “lights-turned-on” approach) involves both the organization’s IT team and the penetration testing team being aware of the testing activities and being provided information concerning the target and the network design. A targeted testing approach may be more efficient and cost-effective when the objective of the test is focused more on the technical setting, or on the design of the network, than on the organization’s incident response and other operational procedures. A targeted test typically takes less time and effort to complete than blind testing, but may not provide as complete a picture of an organization’s security vulnerabilities and response capabilities.

Types of Testing

In addition to the penetration testing strategies to be used, consideration should be given to the types of testing the testing team is to carry out. These could include:

Application security testing

Many organizations offer access to core business functionality through web-based applications. This type of access introduces new security vulnerabilities because, even with a firewall and other monitoring systems, security can be compromised, since traffic must be allowed to pass through the firewall. The objective of application security testing is to evaluate the controls over the application and its process flow. Topics to be evaluated may include the application’s usage of encryption to protect the confidentiality and integrity of information, how users are authenticated, integrity of the Internet user’s session with the host application, and use of cookies – a block of data stored on a customer’s computer that is used by the web server application.

Denial of Service (DoS) testing

The goal of DoS testing is to evaluate the system’s susceptibility to attacks that will render it inoperable so that it will “deny service,” that is, drop or deny legitimate access attempts.
Decisions regarding the extent of Denial of Service testing to be incorporated into a penetration testing exercise will depend on the relative importance of ongoing, continued availability of the information systems and related processing activities.

War Dialing

War dialing is a technique for systematically calling a range of telephone numbers in an attempt to identify modems, remote access devices and maintenance connections of computers that may exist on an organization’s network. Well-meaning users can inadvertently expose the organization to significant vulnerability by connecting a modem to the organization’s information systems. Once a modem or other access device has been identified, analysis and exploitation techniques are performed to assess whether this connection can be used to penetrate the organization’s information systems network.

Wireless network penetration testing

The introduction of wireless networks, whether through formal, approved network configuration management or the inadvertent actions of well-meaning users, introduce additional security exposures. Sometimes referred to as “war-driving,” hackers have become proficient in identifying wireless networks simply by “driving” or walking around office buildings with their wireless network equipment. The goal of wireless network testing is to identify security gaps or flaws in the design, implementation or operation of the organization’s wireless network.

HOW DOES PENETRATION TESTING COMPARE WITH OTHER KINDS OF SECURITY RELATED PROJECTS?

As noted earlier, penetration testing determines how easy or difficult it is for someone to penetrate or gain unauthorized access to an organization’s information and information systems by exploiting security vulnerabilities. By contrast, other forms of security assessment include:

Vulnerability Identification/Assessments (sometimes referred to as a Security Assessments)

Typically diagnostic in nature, these types of projects focus on identifying and assessing weak spots within an organization’s security architecture. These projects often employ automated tools specifically designed to identify if the organization has addressed, or remains exposed to, known security flaws and vulnerabilities in its particular computing environment. These engagements typically do not include activities to determine if the identified vulnerabilities could be exploited. These projects provide a broader coverage of known security vulnerabilities, whereas penetration testing tends to be more narrowly focused on specific vulnerabilities, but more deeply in terms of ability to exploit those vulnerability.

Threat and Risk Assessments

These types of projects tend to be the most comprehensive assessments, covering the broad range of threat and risks confronting an organization’s IT operation. A threat and risk assessment will typically include risk and control areas such as backup, disaster recovery and contingency planning, incident response procedures, computer operations, IT policies and procedures, human resources, data classification and systems classification and prioritization. Threat and risk assessments tend not to delve deeply into the ability to exploit potential vulnerabilities in any particular area.

Security Breach Investigations

Investigations are often conducted following a security breach or other incident. The focus of this type of project can be both diagnostic in nature – to identify the root cause of the incident and prescribe corrective actions to prevent recurrence – and investigative in nature – to identify the perpetrator and to preserve electronic evidence for potential prosecution. These types of projects are reactive and are initiated as a response to the occurrence of a particular event. Penetration testing, on the other hand, is an attempt to proactively simulate security incidents so that remedial action can be implemented before a real incident occurs.

FACTS & FIGURES:
- Cyber Crime costs the US economy more than $1 trillion every year and increasingly rising.
- More than 70% of all cybercrimes are from within the organization!
- Sean Henry, an assistant director at the FBI, says that so far this year, cyber criminals have stolen over $100 million from US banks alone. In 2006, 8.3 million Americans were the victims of identity theft.
- NASSCOM predicts India requires more than 77,000 Ethical Hackers every year but is producing less than 50% of that.

Benefits of Penetration Testing:

  • Reduce Cost, Time & Effort Using On-Demand Platform
  • Identify “Real” Threats Through Multiple Stage Attack Analysis
  • Find Network Link & Protocol Level Vulnerabilities
  • Exploit Systems and Application Vulnerabilities
  • Compliance Wizard & Flexible Reporting For Effective Remediation
  • Monitor Trends With Test Audit History
  • Create awareness and prepare attendees to protect themselves against cyber criminals.
  • Don't lose the war against cyber criminals and cyber security threats.
  • Educate attendees about the latest developments in the Cyber Security World so they can protect themselves better.
  • Create a more secure and friendly Internet environment in your organization.

Think like a hacker – training in real world systems security

  • Are you a current security tester seeking more structure to your process, or an IT professional wishing to add security testing to your skills or responsibilities?
  • Are you a developer who wants to ensure that you securely code new functionality at every stage of a program’s development?
  • Are you security aware but out of date in the recent vulnerabilities of a particular code language?
  • Are you accountable for the security, integrity and privacy of valuable customer data in your organization and need help in meeting your compliance targets?

SPectramind can help you and your staff learn the ethical hacking techniques commonly used to violate and exploit corporate networks and be able to identify how and when they are used. Our courses enable participants to uncover vulnerabilities in operating systems, applications and IT networks and provide advice in applying appropriate countermeasures.

SPectramind ’s dedicated team of experts provides training on a wide range of ethical hacking and vulnerability identification techniques. Available face to face or online, we specialise in the knowledge transfer of secure coding using OWASP Top 10, impervious design of application architecture and all kinds of ethical hacking and penetration testing techniques.

Our courses are designed to combine theoretical teaching with practical application of the tools and methods learnt and it is expected that participants will be able to return to their workplace and immediately apply the lessons learnt.

Delivery Features of External On-Demand Testing:

  • Self-Service registration and maintenance of your hosts & applications using Mile2 Security on-demand portal.
  • Test scheduling at your convenience.
  • Automatic test launch based on your schedule directly and remotely from Mile2 Security SOC (Security Operation Center).
  • Email alerts to keep you updated on test progress.
  • Generation of comprehensive report based on automated testing coupled with expert validation on the tests to provide in-depth and comprehensive coverage.
  • Anytime access to vulnerability testing results & remediation reports on Mile2 Security on-demand portal.

Who should conduct Penetration Testing ?
If your organization relies on computer networks and applications for your business, it is recommended to conduct penetration testing that includes :

  • Off-the-shelf products (operating systems, applications, databases, networking equipment etc.)
  • Bespoke development (dynamic web sites, in-house applications etc.)
  • Wireless (WIFI, Bluetooth, IR, GSM, RFID etc.)

If your organization relies on computer networks and applications for your business, it is recommended to conduct penetration testing that includes :

  • Banking, finance and insurance
  • Information technology and consulting
  • Online Retail/ Ecommerce
  • Manufacturing
  • Telecommunications
  • Research and development
  • Government
  • Television/Media

C)PTE - Certified Penetration Testing Engineer (AKA Ethical Hacking) (Certification) [ 5 days ]

Course Description
The CPTEngineer presents information based on the 5 Key Elements of Pen Testing: Information Gathering, Scanning, Enumeration, Exploitation and Reporting. System vulnerabilities will be discovered using these tried and true steps alongside the use of the latest hacking techniques.
The course was developed around principles and behaviors used by malicious hackers. The course is taught with this in mind while keeping the focus on professional penetration testing and ensuring the security of information assets.

Prerequisites
Prerequisites: A minimum of 12 months experience in networking technologies. Sound knowledge of TCP/IP. Knowledge of Microsoft Packages, Network+, Microsoft, Security+, Basic knowledge of Linux is essential.
Prepares For
CPTE - Certified Pen Testing Engineer™ (Thompson Prometric - Globally)
OSCP - Offensive Security Certified Professional Certification Track:
CPTE - Certified Pen Testing Engineer™
CPTC - Certified Pen Testing Consultant™
CDFE - Certified Digital Forensics Examiner™
Course Completion Skills:
Certified Penetration Testing Engineer graduates will obtain real world security knowledge enabling them to recognize vulnerabilities, exploit system weaknesses, and safeguard organizations against threats. Graduates will learn the art of Ethical Hacking with a professional edge (Penetration Testing).
Upon proper completion of the course, CPTEngineer students will be able to confidently sit for the CPTEngineer certification exam (recommended).
Module 1 Business and Technical Logistics of Pen Testing
What is a Penetration Test?
Benefits of a Penetration Test
Data Breach Insurance
CSI Computer Crime Survey
Hacking Examples and Associated Costs
Statistics on Internal Breaches
Stat
Trend at the End of 2008
The Evolving Threat
Security Vulnerability Life Cycle
Exploit Timeline
Zombies and Botnets
How are Botnet's Growing?
Types of Penetration Testing
"Hacking-Life-Cycle Penetration Testing Methodology
Other Penetration Testing Methodologies
Hacker vs. Penetration Tester
It is not always about the Tools!
Website Reviews
CIOview and SecurityNOW! SX
Seven Management Errors
What does the future hold?
Review
Labs
Lab 1 - Getting Set Up
Exercises: Discovering your class share, Discovering your student DVD's, VM Image Preparation, Naming and Subnet Assignments, PDF Penetration Testing Methodology
Module 2 Financial Sector Regulations
IT Governance Best Practices
IT Risk Management
Types of Risks
Approaches to Risk Management
Information Security Risk Evaluation
Improving Security Posture
Risk Evaluation Activities
Risk Assessment
Information Gathering
Data Classification
Threats and Vulnerabilities
Analytical Methods
Evaluate Controls
Risk Ratings
Important Risk Assessment Practices
Compliance
Many Regulations
Basel II
Gramm-Leach-Bliley Act 1999
Federal Financial Examination Institution Council
Sarbanes-Oxley Act (SOX 404) 2002
ISO 27002
PCI-DSS
Total Cost of Compliance
What does this mean to the tech?
Review
Labs
Lab 2 - Linux Fundamentals
Exercises: ifconfig, Mounting a USB Thumb Drive, Mount a Windows Partition
VNC Server, Preinstalled Tools in BackTrack3
Module 3 Information Gathering
What information does the Hacker want?
Methods of Obtaining Information
Physical Access
Social Engineering
Social Engineering via MySpa
Social Engineering via Facebook
Other Social Networks from around the world!
Identity Theft and MySpace
Instant Messengers and Chats
Digital Access
Passive vs Active Reconnaissance
Footprinting Defined
KartOO
Maltego
Firecat - Firefox Catalog of Auditing Extensions
Footprinting Tools
Johnny.ihackstuff.com
Google Hacking
SPUD
Wikto for Google Hacking
Blogs, Forums and Newsgroups
The Wayback Machine
Domain Name Registration
WHOIS
Dirk-loss - Online Tools
Dnsstuff
Central Ops
DNS Database Record Types
Nslookup
Dig
Traceroute
VisualRoute
Opus One Traceroute Tools
People Search Engines
EDGAR
Company House
Reputation Authority
Intelius - Background Check
Netcraft
Countermeasures
Review
Labs
Lab 3 - Information Gathering
Exercises: Google Queries, Footprinting Tools, Getting Everything You Need with Maltego Preparing Fi.
Module 4 Detecting Live Systems
Introduction to Port Scanning
Port Scan Tips
Expected Results
Organizing the Results
Leo Meta-Text Editor
Free Mind
IHMC CmapTools
Popular Port Scanning Tools
Online Ping
NMAP - Ping
ICMP Disabled?
NMAP TCP Connect Scan
TCP Connect Port Scan
NMAP Half-Open Scan
Half-Open Scan
Firewalled Ports
Iron Geek - Hacking Illustrated
NMAP Service Version Detection
Addition NMAP Scans
Saving NMAP Results
NMAP UDP Scans
UDP Port Scan
NMAP Idle Scan
Superscan
Look@LAN
Unicornscan
Hping2
AutoScan
Xprobe2
What is Fuzzy Logic?
P0f 4.33 AMAP
Fragrouter
Countermeasures
Review
Labs
Lab 4 - Scanning
Exercises: Leo, Look@LAN, Zenmap, Zenmap in BT3, NMAP Command Line, Hping2, Unicornscan
Module 5 - Enumeration
Banner Grabbing with Telnet
Banner Grabbing with Sup
HTTPrint
SMTP Server Banner Grabbing
DNS Enumeration
Zone Transfers
Backtrack DNS Enumeration
Countermeasure: DNS Zone Transfer
SNMP Insecurity
SNMP Enumeration Tools
SNMP Countermeasures
Active Directory Enumeration
LDAPMiner
Active Directory Countermeasures
Null Sessions
Syntax for Null Sessions
Viewing Shares
Null Session Tools
Cain and Abel
NAT Dictionary Attack Tool
THC-Hydra
Injecting the Abel Service
Null Session Countermeasures
Tools Summary
Review
Labs
Lab 5 - Enumeration
Exercises: Banner Grabbi, Zone Transfers, SNMP Enumeration, LDAP Enumeration, Null Sessions, SMB Enumeration, SMTP Enumeration, Maltego.
Module 6 Vulnerability Assessments
Vulnerabilities in Net
Vulnerabilities in Networks
Vulnerability Assessment Introduction
Testing Overview
Staying Abreast: Security Alerts
Vulnerability Scanners
Nessus
Saint
Retina
Qualys Guard
GFI LANguard
Scanner Comparison
Microsoft Baseline Analyzer
Dealing with the Results
Patch Management
Shavlik HFNetChkPro
Patching with GFI LANguard
Review
Labs
Lab 6 - Vulnerability Assessment
Running Nessus in Windows, Running Saint in Linux.
Module 7 Malware, Trojans and BackDoors Distributing Malware
Malware Capabilities
Auto-Starting Malware
Countermeasure to Auto
Netcat
Netcat Commands
Executable Wrappers
Historically Wrapped Trojans
Restorator
EXE Icon
Infectious CD-ROM Technique
Trojan Examples
Avoiding Detection
BPMTK
Malware Countermeasures
Gargoyle Investigator
Spy Sweeper Enterprise
Port Monitoring Software
File Protection Software
Windows File Protection
Windows Software Restriction Policies
Company Surveillance Software
Hardware-Based Malware Detectors
Countermeasure
Review
Labs
Lab 7 - Malware
Exercises: Netcat and its uses, Exploiting and Pivoting our Attack, Creating a Trojan.
Module 8 Windows Hacking
Types of Password Attacks
Keystroke Loggers
Password Guessing
Password Cracking
LM Hash Encryption
NT Hash Encryption
Syskey
Cracking Techniques
Rainbow Tables
Creating Rainbow Tables
Free Rainbow Tables
Hash Insertion Attack
Password Sniffing
Windows Authentication Protocols
Breaking Kerberos
Monitoring Logs
Hard Disk Security
Breaking Hard Disk Encryption
Tokens and Smart Cards
Covering your Tracks
Disabling Auditing
Clearing the Event Log
Alternate Data Streams
ADS Countermeasures
Stream Explorer
Steganography
Steganography Tools
Shredding Files Left Behind
Leaving No Local Trace
Anonymizers
StealthSurfer II Privacy Stick
TOR
Janus VM
Encrypted Tunnel Notes
Rootkits
Windows Rootkit Countermeasures
Review
Labs
Lab 8 - Hacking Windows
Exercises: Cracking a Windows Password with Linux, Cracking a Windows Password with Cain and Abel, Covering your tracks, Alternate Data Streams, Steganography, Understanding Rootkits
Module 9 Hacking UNIXLinux
Linux Introduction
File System Structure
Kernel
Processes
Starting and Stopping Processes
Interacting with Processes
Accounts and Groups
Password and Shadow File Formats
More on Accounts and Groups
Linux and UNIX Permissions
Set UID Programs
Trust Relationships
Logs and Auditing
Common Network Services
Remote Access Attacks
Brute-Force Attacks
Brute-Force Countermeasures
X Window System
X Insecurities Countermeasures
Network File System
NFS in Action
NFS Countermeasure
Passwords and Encryption
Password Cracking Tools
Salting
Symbolic Link
Symlink Countermeasure
Core File Manipulation
Shared Libraries
Kernel Flaws
File and Directory Permissions
SUID Files Countermeasure
File and Directory Permissions
World-Writable Files Countermeasure
Clearing the Log Files
Rootkits - User and Kernel
Rootkit Countermeasure
Review
Labs
Lab 9 - Hacking UNIX/Linux
Exercises: Setup and Recon, Making use of a poorly configured service,
Cracking a Linux Password, Creating a simple backdoor and covering your tracks.
Module 10 Advanced Exploitation TechniquesHow Do Exploits Work
Format String
Race Conditions
Memory Organization
Buffer Overflows
Buffer Overflow Illustration
How Stacks Work
Stack Function Illustrated
Buffer Overflow Illustration #2 1
Heap Overflows
Heap Spraying
Prevention
Secure Code Reviews
Review Process 1
Know the Vulnerabilities
Know the Business Risks
When to Conduct the Review
Who should be Involved
What to Look For
Fixing the Issues
Automated Tools
Stages of Exploit Development
Shellcode Development
Metasploit
Metasploit - Mete
Fuzzers
SaintExploit
Core Impact
Tools Comparison
Review
Labs
Lab 10 - Advanced Exploitation Techniques
Exercises: Metasploit Command Line, Metasploit Web Interface, Milw0rm, SaintExploit, Core Impact
Module 11 Pen Testing Wireless Networks
Standards Comparison
SSID
MAC Filtering
WEP
Weak IV Packets
XOR Basics
WEP Weaknesses
How WPA Improves on WEP
TKIP
The WPA MIC Vulnerability
WPA2
WPA and WPA2 Modes
WPA-PSK Encryption
LEAP
LEAP Weaknesses
NetStumbler
KNSGEM
Vistumbler
Kismet
OmniPeek Personal
Aircrack-ng Suite
Airodump-ng
Aireplay-ng
DoS Attack
Aircrack-ng
Aircrack for Windows
Attacking WEP
Attacking WPA
coWPAtty
Exploiting Cisco LEAP
asleap 11.33 WiFiZoo
Wesside-ng
Typical Network Blueprint
EAP Types
EAP Advantages/Disadvantages
EAP/TLS Deployment
Aruba Products
Airwave - RAPIDS Rogue Detection Module
Review
Labs
Lab 11 - Pen Testing Wireless Networks
Exercises: War Driving, WEP Cracking.
Module 12 Networks, Sniffing and IDS
Packet Sniffers
Pcap and WinPcap
Wireshark
TCP Stream Re-assembling
Packetyzer
tcpdump and windump
Omnipeek
Cain and Abel
Active Sniffing Methods
Switch Table Flooding
ARP Cache Poisoning
ARP Normal Operation
ARP Cache Poisoning in Action
ARP Cache Poisoning with Linux
Countermeasures
Using Cain and Abel for ARP Cache Poisoning
Ettercap
Dsniff Suite
Dsniff in Action
MailSnarf, MsgSnarf and FileSnarf
What is DNS Spoofing?
DNS Spoofing
Session Hijacking
Breaking SSL
Capturing VoIP
Intercepting VoIP
Intercepting RDP
Routing Protocols Analysis
Countermeasures for Sniffing
Evading the Firewall and IDS
Fragmentation
Evading with Encryption
Newer Firewall Capabilities
New Age Protection
Bastion Host
Spyware Prevention System
Intrusion ‘SecureHost' Overview
IPS Overview
Review
Labs
Lab 12 - Networks, Sniffing and IDS
Exercises: Capture FTP Traffic, ARP Cache Poisoning Basics, ARP Cache Poisoning.
Module 13 Injecting the Database
Vulnerabilities and Common Attacks
SQL Injection
Business Impacts of SQL Injection
Why SQL Injection?
Database Enumeration
Extended Stored Proc
Direct Attacks
SQL Connection Properties
Default Ports
Obtaining Sensitive Info
SQL Ping2
osql.exe
Query Analyzers
SQLExec
Metasploit
Finding and Fixing SQL Injection
Hardening Databases
Review
Labs
Lab 13 - Attacking the Database
Exercises: Login Bypass, Verbose Table Modific, Denial of Service, Data Tampering.
Module 14 Attacking Web Technologies
Web Server Market Share
OWASP Top
Progression of the Professional Hacker
The Anatomy of a Web Application Attack
Components of a Web Application System
Query String
URL Mappings
Information Gathering
Changing URL Login Parameters
URL Login - Horizontal Attack
URL Login - Vertical Escalation
Cross-Site Scripting
Stored XSS Illustrated
Reflected XSS Illustrated
Business Impacts of XSS
Finding and Fixing XSS
Injection Flaws
Invalidated Input
Unvalidated Input Illustrated
Business Impacts of Unvalidated Input
Finding and Fixing Unvalidated Input
Attacks against IIS
IIS Directory Traversal
Unicode
IIS Logs
N-Stalker
NTO Spider
HTTrack Website Copier
Wikto
Burp Proxy
Brutus
Dictionary Maker
Cookies
Acunetix Web Scanner
Eclipse for Code Review
WebScarab
Samurai
OWASP Web Application Penetration Checklist
Review
Labs
Lab 14: Attacking Web Technologies
Exercises: Input Manipulation, Shovelling a Shell, Horizontal Privilege Escalation, Vertical Privilege Escalation, Cross Site Scripting.
Module 15 Report Writing
Additional Items to Consider
The Report
Support Documentation
Analyzing Risk
Report Results Matrix
Findings Matrix Examples
Delivering the Report
Stating the Fact
Recommendations
Executive Summary
Technical Report
Table of Contents
Summary of Weaknesses Identified
Scope of Testing
Summary of Recommendations
Summary Observations
Detailed Findings
Strategic and Tactical Directives
Statement of Responsibility
Review
Appendix 1 - The Basics
Appendix 2 - Linux Fundamentals
Appendix 3 - Access Controls
Appendix 4 - Protocols
Appendix 5 - Cryptography 10
Appendix 6 - Economics and Law

*Every effort is made to ensure the accuracy of our outlines as course information from our suppliers changes with each new revision. As a result this outline is subject to change without prior notice.

Registration Details

Course Fee:
Single Nomination:
USD 400/- OR INR 18000/-

Avail Special Discounts Avail Special Discounts Avail Special Discounts Avail Special Discounts
5% Discount for Early Bird Registrations (15 Days in advance to the program date) 5% Discount on Task force of 4 to 7 10% Discount on task Force of 8 and above 10% discount applicable to /SANS/ GIAC/CSWE/CDFE/CIHE/CISSP/CISA/ Qualified Professionals, Mile2/BA/PMI /SEG /CII/SPIN /CSI and NASSCOM Members

NOTE: Only one discount option is applicable at any time

India Course Dates, Venue & Timings:

Sl.No. State City Batch1-Date Batch1-Date Batch2-Date Batch2-Date Batch3-Date Batch3-Date Batch4-Date Batch4-Date Venue Contact
1 Andhra Pradesh Vijayawada 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Vijayawada- Spectramind , DBS center Vijay
2 Andhra Pradesh Vizac/ Vishakhapatnam 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Vizac- SpectraMind , Naga Chambers, Level 3 & 4, D/No. 12-1-16 Plot No. 49, Survey No 1051, Opposite HDFC bank, Waltair Main Road, Visakhapatanam, 530002 Vijay
3 Assam Guwahati 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
4 Assam Dibrugarh 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
5 Bihar Patna 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 DBS Center, Patna Jason
6 Calicut Kozhikode 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
7 Chhattisgarh Raipur 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 DBS center ,Raipur Jason
8 Delhi Delhi 23-Jan’16 24-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND,Paharpur Business Centre, 21, Nehru Place Greens, New Delhi - 110019 Rama Gopal :
9 Goa Goa 7-Dec’15 14-Dec’15 21-Dec’15 28-Dec’15 1-Jan’16 5-Jan’16 1-Feb’16 5-Feb’16 SPECTRAMIND Kaushik
10 Gujarat Ahmedabad 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Ahmedabad - SpectraMind, 101 – 104, GCP Business Centre, Opp. Memnagar Fire Station, Vijay Cross Road, Memnagar, Ahmedabad, 380014 Mr.Alok
11 Gujarat Vadodara 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Ahmedabad - SpectraMind, 101 – 104, GCP Business Centre, Opp. Memnagar Fire Station, Vijay Cross Road, Memnagar, Ahmedabad, 380014 Mr.Alok
12 Haryana Gurgaon 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Gurgaon - SpectraMind, Level 9, Spaze i-Tech Park, A1 Tower, Sector - 49, Sohna Road, Gurgaon, 122018 Rama Gopal :
13 Haryana Chandigarh 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Chandigarh - SpectraMind, Level 4, Tower-A, Godrej Eternia, plot number 70, Industrial Area 1, Haryana, Chandigarh Kavita
14 Jammu and Kashmir Jammu 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
15 Jammu and Kashmir Srinagar 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
16 Jharkhand Ranchi 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
17 Karnataka Bangalore 16-Jan’16 17-Jan’16 ** 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND,DBS center , Cunningham road , Bangalore Namratha
18 Karnataka Mysore 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 DBS center , Mysore Namratha
19 Karnataka Hubli 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 DBS center , Hubli Namratha
20 Kerala kochi - - - - 2-Jan’16 3-Jan’16 6-Feb’16 7-Feb’16 SPECTRAMIND,ThomasMount ,ICTA Building,Changampuzha Nagar P.O.,Cochin- 682033 Mr.Manoj:
21 Kerala Trivandrum 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Hotel Classic Avenue, Thampanoor, Trivandrum, Kerala. Mr.Manoj
22 Madhya Pradesh Indore 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Indore – SpectraMind , DNR 90, Unit Nos. 301, 3rd floor, 569/3, MG Road, Indore, 452003 Arun
23 Maharshtra Nagpur 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
24 Maharashtra Mumbai **23-Jan’16 24-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND,DBS Heritage,Prescot Road,Opp. Cathedral Sr. School,Fort, Mumbai 400001. DBS Heritage (From Airport instruct the car / cab driver to drive to Fort, FashionStreet. It’s near Siddharth College, Budha Bhavan. Also there are schools like J. P. Pettit School & Cathedral Sr. School Mr.Vasudev
25 Maharashtra Pune 30-Jan’16 31-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND,Panchasheel tech park,Yerwada, Pune Mr.Manish
26 Manipur Imphal 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
27 Nagaland Dimapur 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
28 Orissa Bhubaneshwar 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Vani Vihar, Bhubaneshwar Mr. Satya Deep
29 Rajasthan Jaipur 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 DBS center,Jaipur Mr.Manish
30 Rajasthan Udaipur 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
31 Tamilnadu Chennai 9-Jan’16 10-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND,CHENNAI, CitiCentre , Level 6, 10/11 Dr.Radhakrishna Salai,Chennai,Tamil Nadu,600 004,India Mr.Balaji
32 Tamilnadu Coimbatore 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Coimbatore , SpectraMind ‘Srivari Srimath”, 3rd floor, Door No.1045,Avinashi Road, Coimbatore, 641 018 Mr.Balaji
33 Telangana Hyderabad 4-Jan’16 10-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND , Flat 617, 6th Floor ,Annapurna block, Aditya enclave, Ameerpet, Hyderabad-500016 Jason
34 Uttar Pradesh Varanasi 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik
35 Uttar Pradesh Noida 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Noida - SpectraMind, Tapasya Corp Heights, Ground Floor, Sector 126, Uttar Pradesh, Noida Rama Gopal :
36 Uttar Pradesh Lucknow 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 Lucknow – SpectraMind , 4th Floor, Halwasiya Court, Hazratganj, Uttar Pradesh, Lucknow, 226001 Mr.Sandeep
37 Westbengal Kolkata 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SpectraMind , The Legacy, 1st Floor, 25-A, Shakespeare Sarani, Kolkata, 700017 Mr.Hamid :
38 West Bengal Bagdogra 16-Jan’16 17-Jan’16 6-Feb’16 7-Feb’16 5-Mar’16 6-Mar’16 2-Apr’16 3-Apr’16 SPECTRAMIND Kaushik

Call : 0-9440089341

Email : moc.snoitulosdnimartceps|yajiv#moc.snoitulosdnimartceps|yajiv

Kindly register for the courses in your cities at least 2 days in advance.
Timings: 0900 - 2100 hrs

Contact Details:

Mr. Vijay

Mobile: 0 94400 89341

Phone: 040-6456 8797

Register Online: moc.snoitulosdnimartceps|ofni#moc.snoitulosdnimartceps|ofni
Email: ni.oc.oohay|pmpaqscyajiv#ni.oc.oohay|pmpaqscyajiv

Yahoo chat : vijaycsqapmp
Google chat/Skype chat/AOL chat/ICQ chat : tiptopten2000
Hotmail/Live chat / Rediff chat : tiptopten

http://spectramindsolutions.com


Pls send us your query , will answer back within 24Hrs: Thanks in advance for contacting us

First name, last name
Organization/Company
Leave blank if none
City
Country
Email
Your message

TESTIMONIALS:

  • Any right-minded and serious organisation should have a high-class security system and managed by a world-class security administrator who has sat under a trainer from Spectramind for CPTE training. These guys are just smart and know what security is.
  • Spectramind is composed of a team of very talented and qualified individuals for CPTE training. As the name states, it means silent security, and I have witnessed the stealth techniques applied. Keep it up.
  • Spectramind did the job with CPTE training. The instructor was extremely knowledgable, helpful and patient while teaching a vast amount of information.
  • I did my 4 weeks CPTE training program me at Spectramind. I am excited with my new position and would like to thank Spectramind for the training. If it weren't for SpectramindI may still be out of job. The training offered by is ideal for anyone entering the current job market. The best part of the training is not that you are taught how to use the program, but how to be an effective engineering geek.
  • Spectramind has provided me with more than a solid foundation for CPTE training, due to its innovative methodology of transferring knowledge, and the environment where the classes are imparted is unique. They have a great team that is highly reliable and possesses strong engineering, development, and project management skills. They went beyond their initial charter and helped us resolve multiple engineering challenges. The courses are intended to take real world approaches to solve real world problems instructed by real class designers not by instructors following manuals or tutorials to the letter like most of other places I’ve taken classes from, and it was a very new leaning experience.
  • I would like to place on record the excellent experience we had while attending the CPTE training. The training was very insightful, precise, up to date and real-world oriented. We really enjoyed all the sessions and the way the trainers incorporated case studies, practicals and theory to make the training very interesting and memorable. All the trainers’ presentation skills, knowledge on the topics, subject matter expertise and ability to respond to queries was excellent. The training infrastructure was also very good.
  • The CPTE Training Camp will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems

Faculty : Vijay Bhaskar Reddy,CPTE,CDFE

Vijay Bhaskar Reddy has over 17 years experience in Security Testing and Project Management & Process Improvements across various firms.

Vijay Bhaskar Reddy trains and facilitates various Training Course like GIAC, SANS , CISA, CISM , CISSP, CISSO, CIHE, CSWAE, CDFE,CBCP ,Digital forensics , Ethical hacking , Penetration testing, Business continuity and disaster recovery , ISO 27001 and has trained over 2500 aspirants for the Spectra mind Contact program. He has successfully taught this course since the year 2003.

He has conducted this course repeatedly at London, Singapore, Boston, and all over India to an excellent feedback.In addition, he has provided process improvement consulting & trainings in Singapore, UK, USA, India, etc.

He has conducted numerous public and in-house trainings on Business analyst, Project Management, Work Breakdown Structure, Making Project Managers, Risk Management, Subcontractor Management, Process Writing, Software Internal Auditor Training, Peer Reviews and Software Quality etc. His training feedbacks have consistently been rated high and have been positively received.

He was formerly working at TCS Global services he was part of the Security team for Incident handling of various products and projects and IT Security Manager for driving the organizational processes and their compliance to ISO 27001 and CMMI Level 5.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License