Ethical Hacking Certified Security Testing Associate (CSTA)
This course will provide you with the following: An understanding of the risks and how to mitigate them Learn a number of methodologies for undertaking an infrastructure penetration test Acquire effective techniques to identify exploits and vulnerabilities
Duration: 5 days ( 40 Hours )
- Week day Batches:( Mon & Fri 9am to 5pm ) 1 week
- Weekends Batches: ( Sat & Sun 10am to 4pm ) 4 weekends
This course will provide you with the following: An understanding of the risks and how to mitigate them Learn a number of methodologies for undertaking an infrastructure penetration test Acquire effective techniques to identify exploits and vulnerabilities Improve your ability to respond effectively to cyber threats Valuable preparation and hands-on practice in preparation for the CREST Registered Penetration Tester (CRT) examination
Who Should Attend
The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cyber security role, including: (PTO)
- Basic understanding of TCP/IP networking
- Are you familiar with the OSI model?
- Can you name a layer 2 and layer 3 protocol?
- What function does ARP perform?
- Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
- How does a system know whether or not a gateway is required?
- What is a TCP port?
Be comfortable with Windows and Linux command line
- As a guideline, you should be able to tick off the following (without heavy recourse to Google):
- Understand how switches change the way commands work How does adding > affect a command?
- Understand the difference between cd / folder/file and cd folder/file (i.e. what does / at the front of the path do?)
- Understand the difference between ../file and ./file Understand how to pull up built-in help for a command.
- Motivations behind hacking
- The hacking scene
- Sniffing Traffic – Wireshark, Ettercap
- Information Gathering – wget, metadata, pdfinfo and extract
- DNS – dig, zone transfers, DNSenum and Fierce
- Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
- Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)
- Windows Enumeration – (SNMP, IPC$)
- RID Cycling – Enum4linux, Cain
- Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules
- Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
- Privilege Escalation – Keylogging, Service Configuration
- Password Cracking – John The Ripper, Cain, Rainbow tables
- Brute-Force Password Attacks
- Attacks on Cached Domain Credentials
- Token Stealing – PsExec, Incognito, local admin to domain admin
- Pass the Hash
- Linux User Enumeration
- Linux Exploitation without Metasploit
- Online Password Cracking – Medusa
- User Defined Functions
- ARP Poisoning Man in the Middle – clear-text protocols, secured protocols
- Exploiting sudo through File Permissions
- Exploiting SUID and Flawed Scripts – logic errors
- Further Shell Script Flaws – command injection, path exploits
- Privilege Escalation via NFS
- Cracking Linux Passwords
- Pivoting with Meterpreter
- Port Forwarding
- Netcat as a Backdoor
- Dark Comet RAT – Metasploit Handlers, a full end-to-end attack
- Alternative Data Streams
- Dark Comet
- Instructor Led – Face2Face /class room training
- More interaction with student to faculty and student to student.
- Detailed presentations. Soft copy of Material to refer any time.
- Practical oriented / Job oriented Training. Practice on Software Tools & Real Time project scenarios.
- Mock interviews / group discussions / interview related questions.
- Test Lab is in Cloud Technology – to practice on software tools if needed.
- We discuss about the real time project domains.
- The teaching methods / tools / topics we chosen are based on the current competitive job market.
Expected Salary/ Pay Package
- Expected Salaries are as follows:
- For Contractors £400 to £500 per day
- Permanent Positions £50 to £120k per annum all depends on experience and skills set