Practical Penetration Test Training

1
PENETRATION TESTING AND TRAINING

• Practical Penetration Test Training is a hands-on
  training
• designed to test weaknesses in services, services
  and web
• applications that are running at the network
  level, along
• with services and applications running on local
  networks.
• This training is proper for the people who want
  to work in
• this area primarily but anyone interested in
  cyber security
• can enroll this training because it is taught
  from beginning
• to end and basic to advanced.

2
Because of the knowledge learned during the
training is mainly based on the field
experiences, those who can complete the
training will have a solid foundation to become
Penetration Test Expert in the cyber security
field. In addition, they will have a good
technical knowledge of the network and will
learn details by experiencing which points we
must pay attention during the tests, in our
laboratory that we have developed for
training. The training term is 5
days. Participants in the trainings will be
given a certificate of participation by SECURIUM
FOX.
3

• Penetration Test (pentest) Attacking a computer
  system to ?nd its vulnerabilities Many times
  resumes to gaining access to the system. Why need
  for a pentest? Its one of the most effective
  ways to identify weaknesses A pentester has to
  think like a real world (black hat) cracker, so a
  pentest could re?ect the real life behaviour of
  an assault He has to discover means in which a
  cracker might compromise the security and deliver
  damage to the organization.

4
Types of pentests

• Overt pentest (also called white box)
• The pentester has insider knowledge the system,
  its infrastructure, etc. (used when time is
  limited.)
• Covert pentest (also called black box)
• The pentester has basic or no information
  whatsoever, except the company name.

5
Terminology

• Exploit
• Taking advantage of a ?aw within the attacked
  target. (i.e. SQL injection, con?guration
  errors.)
• Payload
• Code to be executed on the attacked target. (i.e.
  and usually a reverse shell or bind shell.)
• Shellcode
• A piece of code to be run after exploitation,
  typically written in machine code, usually spawns
  a shell (hence the name).

6
Terminology

• Vulnerability scanners
• Automated tools to identify known ?aws
• First of all - ?ngerprinting target OS, also
  its services Very important in the intelligence
  gathering step
• Can provide comprehensive vulnerability reports,
  thus replacing some missing experience
• e.g. Retina, Nessus, NeXpose, OpenVAS, Vega, etc.

7
PTES (Penetration Testing Execution Standard)

• Pre-engagement interactions (and coffee,
  probably)
• Intelligence gathering (passive active)
• Threat modeling
• Vulnerability analysis
• Exploitation
• Post exploitation
• Reporting.

8
Tools utilities
Operating systems Kali Linux (formerly
BackTrack) - based on Debian Pentoo - based on
Gentoo WHAX - based on Slackware. Frameworks
Metasploit w3af. Tools nmap, netcat, John
the Ripper, tcpdump, Wireshark, upx, etc.
9
Training Content

• Cyber Security Fundamentals
• Penetration Test Fundamentals
• Basic Network Information
• Basic Web Application Security Information
• Basic Linux Information
• Information Gathering Methods
• Security Vulnerabilities and Discovery Methods
• Introducing Favorite Tools
• Introduction of Metasploit
• Introduction of BurpSuite
• Exploitation

10

• Post Exploitation
• Packet Analyzing and Sniffing
• Security Systems and Bypass Methods
• IPS/IDS/WAF Bypass Methods
• DoS/DDoS Attacks
• Password Crack Attacks
• Wi-Fi Attacks
• Applications
• Reporting

11

• INFO
• 3rd Floor,Lohia Towers,
• Nirmala Convent Rd,
• Gurunanak Nagar,Patamata,Vijyawada,
• Andhra Pradesh -520010
• 9652038194
• 08666678997
• info_at_securiumfoxtechnologies.com