Module 01: Need for Security Analysis
- Briefs on security concerns due to intrusions and discusses various challenges of security
- Describes various elements of information security measures
- Explains various steps of risk assessment and discusses risk assessment values
- Explains how to harden security and discusses various types of security policies
- Discusses different information security standards
- Discusses various information security acts and laws
Module 02: TCP/IP Packet Analysis
- Discusses various components of TCP/IP model
- Explains TCP/IP source and destination port connections
- Discusses Internet Protocol v6 (IPv6) in details which covers IPv6 header, IPv4/IPv6 transition mechanisms, IPv6 security issues, etc.
- Describes in detail about Internet Control Message Protocol (ICMP) and the process involved in ICMP message delivery
- Describes ICMP address mask
- Explains in detail about TCP/IP concepts in mobile technology
- Discusses various TCP options which improve performance of mobile technology
Module 03: Penetration Testing Methodologies
- Defines penetration testing and its constraints
- llustrates various types of penetration testing and its phases
- Explains about penetration testing strategies
- Discusses penetration testing methodologies
- Gives information about penetration testing consultants and responsibilities of a penetration tester
- Discusses ethics of a penetration tester
Module 04: Customers and Legal Agreements
- Describes why do organizations need a pen testing
- Explains how to create a checklist of the testing requirements
- Discusses penetration testing ‘rules of behavior’ and risks involved in penetration testing
- Discusses various legal issues in penetration testing
- Describes penetration testing contract and the limitations of the contract
- Explains how to calculate the pen testing charges
Module 05: Rules of Engagement
- Defines Statement of Work (SOW)
- Discusses Rules of Engagement (ROE) and its scope in penetration testing
- Explains various steps for framing ROE
- Discusses various clauses in ROE
Module 06: Penetration Testing Planning and Scheduling
- Illustrates test plan and its purpose
- Discusses phases involved in penetration testing
- Explains about the project scope of the penetration testing
- Describes skills and knowledge required for penetration testing
- Discusses penetration testing teams
- Provides an overview of the project plan
- Defines penetration testing schedule
- Discusses various penetration testing project scheduling tools
- Discusses penetration testing hardware/software requirements
Module 07: Pre-penetration Testing Steps
- Discusses listing of client organization’s penetration testing requirements and purpose of the test
- Explains the importance of obtaining penetration testing permission from the company’s stakeholders and local law enforcement agency
- Explains why it is necessary to list the tests that will not be carried out on the client’s network
- Demonstrates the approach in identifying the type of testing to be carried out
- Explains the benefits of hardening the security of an organization by listing the servers, workstations, desktops, and network devices that need to be tested
- Explains Rules of Engagement (ROE)
- Discusses the preparation of penetration testing legal documents and Non-disclosure
- Agreements (NDA)
- Illustrates how to identify core competencies/limitations
- Discusses the selection criteria of penetration testers required for the project
- Describes various methods to gather information about the client’s organization
- Demonstrates the usage of security tools in a penetration testing project
- Explains the importance of obtaining the contact details of the key person at the client’s company for emergency
- Discusses about preparing a list of contractual constraints in the penetration testing agreement
- Explains preparation of the final penetration testing report
Module 08: Information Gathering
- Discusses information gathering and its terminologies
- Demonstrates how to gather target company’s data such as company URL, private and public website, contact numbers, employee list and their email addresses, geographical location, etc.
- Discusses the usage of various online services and information gathering tools to collect information about the target company
- Explains how to identify the link popularity of the company’s website
- Illustrates the process of identifying, gathering, analyzing, verifying, and using information about competitors
- Describes the significance of listing the company’s partners and distributors
- Demonstrates the ways to visit the company as an inquirer and extract privileged information
- Discusses the usage of various web investigation tools to extract sensitive data
- Explains the techniques to discover the registered information using WhoIs database
- Illustrates how to locate a company’s network range
- Provides various methods to track email communications and gather relevant information
Module 09: Vulnerability Analysis
- Explains what is vulnerability assessment and its classification
- Discusses various types of vulnerability assessment and its phases
- Explains how to conduct a vulnerability assessment
- Discusses vulnerability analysis stages
- Illustrates vulnerability assessment reports
- Discusses various types of vulnerability assessment tools
- Describes criteria for choosing a vulnerability assessment tool
- Discusses about the vulnerability analysis chart
Module 10: External Penetration Testing
- Discusses external intrusion test and analysis
- Explains client benefits of external penetration testing
- Defines company’s external infrastructure
- Explains various techniques to identify the IP address of the targets
- Discusses how to locate the ISP servicing the client
- Describes preparation of list of open, closed, suspicious ports
- Discusses various types of scans on the target and checking the response for each scan
- Illustrates analysis of the TCP sequence number prediction, use of standard and non-standard protocols, IPID sequence, system uptime of the target and operating system
- Discusses several means to look for error and custom web pages
- Explains how to probe the service by SMTP mail bouncing
- Demonstrates grabbing the banner of POP3 and FTP servers
- Provides information to check responses for ICMP scan performed
- Illustrates port scans of DNS Servers, TFTP Servers, etc.
- Demonstrates test for various ports such as NTP ports, SNMP ports, etc.
- Offers recommendations to protect the system from external threats
Module 11: Internal Network Penetration Testing
- Discusses mapping of the internal network
- Explains user enumeration
- Discusses various ways to sniff the network and tools used for this purpose
- Discusses various types of attacks to be attempted to perform the test
- Describes attempts to plant hardware and software keyloggers, spyware, Trojan, backdoor account, bypass anti-virus software and rootkits on the target machine
- Explains the usage of various steganography techniques
- Illustrates capturing of numerous traffic such as POP3, SMTP, HTTP, HTTPS, RDP, VoIP, etc.
- Discusses various filters that can be used to run Wireshark
- Explains how spoofing of the MAC address helps in gaining access to VLANs
- Discusses attempts of session hijacking on Telnet, FTP and HTTP traffics
- Illustrates the usage of various types of vulnerability scanning tools to perform internal network penetration tests
Module 12: Firewall Penetration Testing
- Explains how does a firewall work
- Discusses firewall logging functionality, firewall policy and implementation
- Explains in detail about maintenance and management of firewall
- Illustrates various types of firewalls
- Discusses various types of firewall penetration testing tools
- Explains in detail about firewall ruleset mapping
- Discusses best practices for firewall configuration
- Explains various steps for conducting firewall penetration testing
Module 13: IDS Penetration Testing
- Illustrates different types of Intrusion Detection Systems (IDS)
- Discusses how to test the IDS for resource exhaustion
- Discusses various methods to test IDS, e.g. by sending ARP flood, MAC spoofing, IP spoofing,etc.
- Explains testing of IP packet fragmentation
- Discusses test for backscatter, reverse traversal, etc.
- Illustrates how to test the IDS using TCPReplay, TCPopera, Method Matching, and double slashes
- Explains bypassing invalid RST packets through IDS
- Describes various types of intrusion detection tools
Module 14: Password Cracking Penetration Testing
- Defines password terminology and importance of passwords
- Discusses various types of passwords
- Describes different types of password attacks
- Provides detailed information about LM, NTLM and Kerberos authentication
- Discusses how to identify the target person’s personal profile
- Describes various password cracking techniques
- Discusses the usage of several tools to perform wire sniffing, man-in-the-middle attack, replay attack to capture passwords
- Explains in detail about extracting the SAM file in Windows machines, cleartext passwords from an encrypted LM hash, etc/passwd and /etc/shadow files in Linux systems etc.
- Illustrates usage of automated password crackers to break password-protected files
- Explains how to use a Trojan/spyware/keyloggers to capture passwords
Module 15: Social Engineering Penetration Testing
- Explains what is social engineering and its requirements
- Lists the common targets of social engineering and impact of social engineering on the organization
- Discusses how to attempt social engineering using the phone, vishing, email, traditional mail, in-person, dumpster diving, etc.
- Explains social engineering attempts through insider accomplice , shoulder surfing, desktop information, extortion and backmail
- Illustrates the significance of obtaining satellite imagery and building blueprints in social engineering
- Discusses on finding out details of an employee from social networking sites
- Explains the usage of telephone monitoring device to capture conversations
- Describes the usage of various video recording tools to capture images and vehicle/asset tracking system to monitor motor vehicles
- Discusses on identifying the disgruntled employees and engaging them in conversation to extract sensitive information
Module 16: Web Application Penetration Testing
- Explains in detail about fingerprinting web application environment
- Discusses about testing for web server vulnerabilities
- Illustrates testing of configuration management
- Explains in detail about testing for client-side vulnerabilities
- Defines testing for authentication mechanism
- Describes about testing session management mechanism
- Illustrates in detail about the testing authorization controls
- Explains in detail about the testing data validation mechanism
- Discusses testing of web services
- Defines testing for logic flaws
Module 17: SQL Penetration Testing
- Explains how does SQL injection work
- Illustrates various types of SQL injection attacks
- Discusses listing of all input fields and hidden fields of post requests
- Explains in detail to attempt to inject codes into the input fields to generate an error
- Discusses to perform fuzz testing, function testing, static/dynamic testing, black box pen testing to detect SQL injection vulnerabilities
- Explains the extraction of database name, users, columns by blind SQL injection
- Provides detailed explanation on performing various attacks such as code injection attack, function call injection attack, buffer overflow injection attack, etc.
- Explains how to evade IDS using hex encoding, char coding, manipulating white spaces, in-line comments and obfuscated code
- Discusses various SQL penetration testing tools
- Discusses best practices to prevent SQL injection
Module 18: Penetration Testing Reports and Post Testing Actions
- Provides an overview of penetration testing deliverables
- Discusses the goal of the penetration testing report
- Illustrates various types of pen test reports and characteristics of a good pen testing report
- Discusses on identifying a skilled individual to write the final report
- Explains the process and criteria to be followed during report development
- Provides key guidelines to collect information
- Describes pen testing report format that an organization should include
- Discusses scope of the project and provides a summary of evaluation, findings, and recommendation
- Describes various sections such as methodologies, planning, exploitation and reporting
- Discusses the information to be included in the results analyzed
- Explains why should organizations develop an action plan
- Discusses the importance of report retention