Training Mile2

Training goals

Course version 2.

The vendor-neutral Certified Penetration Testing Consultant course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific Penetration tests and techniques against operating systems. This course will teach you the necessary skills to work as a penetration testing team, the exploitation process, how to create a buffer overflow against programs running on Windows and Linux while subverting features such as DEP and ASLR. This course will guide you through the OWASP Top 10, teach you how to create shellcode to gain remote code execution, as well as, teach you to build and understand different proof of concept code based on exploits pulled from exploit-db and testing using a debugger. The course starts by explaining how to build the right penetration testing team, covers scanning with NMAP, leading into the exploitation process, a little fuzzing with spike to help guide our proof of concept code, writing buffer overflows, understanding OWASP, Linux stack smashing, Windows exploit protection and getting around those protection methods, a section on report writing, and capping off the course with a scenario that will test your skills as a penetration testing team.

This course uses in-depth lab exercises after most modules. Students may spend 16 hours+ performing labs that emulate a real-world Pen Testing and exploit development.

Upon completion:

  • Certified Penetration Testing Consultant students will be able to both establish an industry acceptable pen testing process as well as be prepared to competently take the C)PTC exam. 

Who Should Attend:

  • IS Security Officers
  • Cyber Security Managers / Admins
  • Penetration Testers
  • Ethical Hackers
  • Auditors

Accreditations & Acknowledgements

Mile2® is:

  • ACCREDITED by the NSA CNSS 4011-4016
  • MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
  • APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

Conspect Show list

  1. Pen Testing Team Formation
    • Project Management
    • Pen testing Metrics
    • Team Roles, Responsibilities and Benefits
    • Lab Exercise – Skills Assessment
  2. NMAP Automation
    • NMAP Basics
    • NMAP Automation
    • NMAP Report Documentation
    • Lab Exercise –Automation Breakdown
  3. Exploitation Process
    • Purpose
    • Countermeasures
    • Evasion
    • Precision Strike
    • Customized Exploitation
    • Tailored Exploits
    • Zero Day Angle
    • Example Avenues of Attack
    • Overall Objective of Exploitation
  4. Fuzzing with Spike
    • Vulnserver
    • Spike Fuzzing Setup
    • Fuzzing a TCP Application
    • Custom Fuzzing Script
    • Lab Exercise –Fuzzing with Spike
  5. Simple Buffer Overflow
    • Exploit-DB
    • Immunity Debugger
    • Python
    • Shellcode
    • Lab Exercise –Let’s Crash and Callback
  6. Stack Based Windows Buffer Overflow
    • Debugger
    • Vulnerability Research
    • Control EIP, Control the Crash
    • JMP ESP Instruction
    • Finding the Offset
    • Code Execution and Shellcode
    • Does the Exploit Work?
    • Lab Exercise –MiniShare for the Win
  7. Web Application Security and Exploitation
    • Web Applications
    • OWASP Top 10 -2017
    • Zap
    • Scapy
  8. Linux Stack Smashing & Scanning
    • Exploiting the Stack on Linux
    • Lab Exercise –Stack Overflow. Did we get root?
  9. Linux Address Space Layout Randomization
    • Stack Smashing to the Extreme
    • Lab Exercise –Defeat Me and Lookout ASLR
  10. Windows Exploit Protection
    • Introduction to Windows Exploit Protection
    • Structured Exception Handling
    • Data Execution Prevention (DEP)
    • SafeSEH/SEHOP
  11. Getting Around SEH ASLR
    • Vulnerable Server Setup
    • Time to Test it Out
    • Podatny serwer (VulnServer) a odporność
    • VulnServer Demo
    • Lab Exercise –Time to overwrite SEH and ASLR
  12. Penetration Testing Report Writing
    • Reporting
Download conspect training as PDF

Additional information

Requirements
  • C)PTE - Penetration Testing Engineer or equivalent experience.
Difficulty level
Duration 4 days
Certificate

The participants will obtain certificates signed by Mile2 (course completion).

This course will help prepare you for the Certified Penetration Testing Consultant exam, which is available through the on-line Mile2’s Assessment and Certification System (“MACS”),  which is accessible on your mile2.com account. The exam will take 2 hours and consist of 100 multiple choice questions.

Each participant in an authorized training C)PTC - Certified Penetration Testing Consultant will receive a free CPTC exam voucher.

Trainer

Certified Mile2 Instructor.

Additional informations

We also recommend further training and certification:

  • C)IHE - Certified Incident Handling Engineer
  • C)DRE - Certified Disaster Recovery Engineer

Other training Mile2 | Pen Testing & Ethical Hacking

Training thematically related

IT Security

Contact form

Please fill form below to obtain more info about this training.







* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

1150 EUR

close

Discount codes

Discount code may refer to (training, producer, deadline). If you have a discount code, enter it in the appropriate field.
(green means entering the correct code | red means the code is incorrect)

FORM OF TRAINING ?

close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

TRAINING MATERIALS ?

close

Paper materials

Traditional Materials: The price includes standard materials issued in the form of paper books, printed or other, depending on the arrangements with the manufacturer.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

 

SELECT TERM TRAINING

    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
    • General information
    • Guaranteed dates
    • Last minute (-10%)
    • Language of the training
    • English
Book a training appointment