Ethical Hacking Certified Security Testing Associate (CSTA)
LSA Training is an institution providing professional education to individuals pursuing career growth in an increasingly sophisticated and competitive world. We aim to promote excellence in education and training in both the academic and corporate world.
Duration: 8 days ( 48 Hours )
- Week day Batches: ( Mon to Fri 10am to 4pm ) 8 Days
- Weekends Batches: ( Sat & Sun 10am to 4pm ) 4 weekends
This course will provide you with the following: An understanding of the risks and how to mitigate them Learn a number of methodologies for undertaking an infrastructure penetration test Acquire effective techniques to identify exploits and vulnerabilities Improve your ability to respond effectively to cyber threats Valuable preparation and hands-on practice in preparation for the CREST Registered Penetration Tester (CRT) examination
Who Should Attend
The course is ideally suited to anyone looking to improve their career prospects or transitioning into a cyber security role, including: (PTO)
- Basic understanding of TCP/IP networking
- Are you familiar with the OSI model?
- Can you name a layer 2 and layer 3 protocol?
- What function does ARP perform?
- Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
- How does a system know whether or not a gateway is required?
- What is a TCP port?
Be comfortable with Windows and Linux command line
- As a guideline, you should be able to tick off the following (without heavy recourse to Google):
- Understand how switches change the way commands work How does adding > affect a command?
- Understand the difference between cd / folder/file and cd folder/file (i.e. what does / at the front of the path do?)
- Understand the difference between ../file and ./file Understand how to pull up built-in help for a command.
- Motivations behind hacking
- The hacking scene
2. Networking Refresher
- Sniffing Traffic – Wireshark, Ettercap
3. Information Discovery
- Information Gathering – wget, metadata, pdfinfo and extract
- DNS – dig, zone transfers, DNSenum and Fierce
4. Target Scanning a. Host Discovery – Nmap and Netdiscover
- Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
- Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)
5. Vulnerability Assessment
6. Attacking Windows
- Windows Enumeration – (SNMP, IPC$)
- RID Cycling – Enum4linux, Cain
- Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules
7. Privilege Escalation – Windows
- Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
- Privilege Escalation – Keylogging, Service Configuration
- Password Cracking – John The Ripper, Cain, Rainbow tables
- Brute-Force Password Attacks
- Attacks on Cached Domain Credentials
- Token Stealing – PsExec, Incognito, local admin to domain admin
- Pass the Hash
8. Attacking Linux
- Linux User Enumeration
- Linux Exploitation without Metasploit
- Online Password Cracking – Medusa
- User Defined Functions
- ARP Poisoning Man in the Middle – clear-text protocols, secured protocols
9. Privilege Escalation – Linux
- Exploiting sudo through File Permissions
- Exploiting SUID and Flawed Scripts – logic errors
- Further Shell Script Flaws – command injection, path exploits
- Privilege Escalation via NFS
- Cracking Linux Passwords
10. Pivoting the Connection
- Pivoting with Meterpreter
- Port Forwarding
11. Retaining Access
- Netcat as a Backdoor
- Dark Comet RAT – Metasploit Handlers, a full end-to-end attack
12. Covering Tracks
- Alternative Data Streams
- Dark Comet
- Instructor Led – Face2Face /class room training
- More interaction with student to faculty and student to student.
- Detailed presentations. Soft copy of Material to refer any time.
- Practical oriented / Job oriented Training. Practice on Software Tools & Real Time project scenarios.
- Mock interviews / group discussions / interview related questions.
- Test Lab is in Cloud Technology – to practice on software tools if needed.
- We discuss about the real time project domains.
- The teaching methods / tools / topics we chosen are based on the current competitive job market.
Expected Salary/ Pay Package
- Expected Salaries are as follows:
- For Contractors £400 to £500 per day
- Permanent Positions £50 to £120k per annum all depends on experience and skills set