Certified Security Testing – (CPSA/CRT) Exam Prep
 /  Certified Security Testing – (CPSA/CRT) Exam Prep

This course comprises 2 components – Infrastructure and Web Application Ethical Hacking.

This course in particular will give you: Valuable preparation and hands- on practice in preparation for the CREST Practitioner Security Analyst (CPSA) and CREST Registered Penetration Tester (CRT) examination.

Infrastructure Ethical Hacking

1.Introduction

  • Motivations behind hacking
  • The hacking scene
  • Methodology

2.Networking Refresher

  • Sniffing Traffic – Wireshark, Ettercap

3.Information Discovery

  • Information Gathering – wget, metadata, pdfinfo & extract
  • DNS – dig, zone transfers, DNSenum and Fierce

4.Target Scanning

  • Host Discovery – Nmap and Netdiscover
  • Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
  • Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)

5.Vulnerability Assessment

  • Nikto
  • Nessus

6.Attacking Windows

  • Windows Enumeration – (SNMP, IPC$)
  • Enum4linux
  • RID Cycling – Enum4linux, Cain
  • Metasploit
  • Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules

7.Privilege Escalation – Windows

  • Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
  • Privilege Escalation – Keylogging, Service Configuration
  • Password Cracking – John The Ripper, Cain, Rainbow tables
  • Brute-Force Password Attacks
  • Attacks on Cached Domain Credentials
  • Token Stealing – PsExec, Incognito, local admin to domain admin
  • Pass the Hash

8.Attacking Linux

  • Linux User Enumeration
  • Linux Exploitation without Metasploit
  • Online Password – Cracking – Medusa
  • User Defined Functions
  • ARP Poisoning Man in the Middle – clear-text protocols, secured protocols

9.Privilege Escalation – Linux

  • Exploiting sudo through file Permissions
  • Exploiting SUID and Flawed Scripts – logic errors
  • Further Shell Script Flaws – command injection, path exploits
  • Privilege Escalation via NFS
  • Cracking Linux Passwords

10.Pivoting the Connection

  • Pivoting with Meterpreter
  • Port Forwarding

11.Retaining Access

  • Netcat as a Backdoor
  • Dark Comet RAT – Metasploit Handlers, a full end-to-end attack

12.Covering Tracks

  • Alternative Data Streams
  • Dark Comet

Web App. Ethical Hacking

1.Principles

  • Web refresher
  • Proxies
  • The OWASP Top Ten
  • Web application security auditing
  • Tools and their limitations
  • HTTP request and response modification
  • Logic flaws

2.Injection

  • Types
  • Databases overview – data storage, SQL
  • SQL injection – data theft, authentication
  • Bypass, stored procedures
  • Information leakage through errors
  • Blind SQL injection

3.Broken Authentication and Session Management

  • Scenarios
    Attacking authentication pages
    Insecure Direct Object Reference
  • Direct vs indirect object references
  • Authorization
  • Cross-site Request Forgery (CSRF)
  • Exploiting predictable requests

4.Cross-site Scripting (XSS)

  • JavaScript
  • Email spoofing
  • Phishing
  • Reflected and Stored/Persistent XSS
  • Cookies, sessions and session hijacking

5.Insecure Direct Object Reference

  • Scenarios
  • Information leakage through logs

6.Security Misconfiguration

  • Scenarios

7.Sensitive Data Exposure

  • Identifying sensitive data
  • Secure storage methods

8.Un-validated Redirects and Forwards

  • Scenarios

9.Conclusions

WHO SHOULD ATTEND?

Anyone with responsibility for, or an interest in, the security of infrastructure / web applications, including: Network Engineers, System Administrators, System Architects, Software Developers, Budding Penetration Testers, etc.

Prerequisite

Basic understanding of TCP/IP networking and comfortable with Windows & Linux command line.

An understanding of how a web page is requested and delivered.

An understanding of databases and SQL would be an advantage.

Singapore
  • 5 – 8 Feb 2018
  • 12 – 15 Mar 2018
  • 7 – 10 May 2018
  • 30 Jul – 3 Aug 2018
  • 10 – 13 Sep 2018
  • 3 – 6 Nov 2018

Book Now

 








Book Online
Enquiry

  • Duration 4 Days

Course Fee

UTAP Eligible*

 

All Singapore Citizens and Permanent Residents*
$3,363.00
For International Students
$6,313.00
Certification Body
This course is supported by
Need more information?

Categories: CRESTCyber Security

Related Courses