Center For Advanced Security Training

CAST 611 - Advanced Penetration Testing

          CAST 611 will teach you how to do a professional security test and produce the most important thing from a test ... the findings and the report!
          The ranges progresses in difficulty and reflect an enterprise level architecture. There will be defenses to defeat and challenges to overcome. This is not your typical FLAT network!
          As the range levels increase you will encounter the top defenses of today and learn the latest evasion techniques.
          The format you will use has been used to train 1000s penetration testers globally, it is proven and effective!

     Course Description

          The course is ALL Hands-On - 100%.
          The format is practice the professional security testing methodology for the first half of the class.

     Course Features

          Students completing this course will gain in-depth knowledge in the following areas:
          - Advanced Scanning methods
          - Attacking from the Web
          - Client Side Pen-testing
          - Attacking from the LAN
          - Breaking out of Restricted Environments
          - Bypassing Network-Based IDS/IPS
          - Privilege Escalation
          - Post-Exploitation

     Course Outline

          Students completing this course will gain in-depth knowledge in the following areas:
          - Information gathering and OSINT
                - Nslookup
                - Dig
                - dnsenum
                - dnsrecon
                - dnsmap
                - reverseraider
                - Enumeration of DNS with fierce
                - Internet registrars and whois
                - Enumeration with the Harvester
                - ServerSniff
                - Google Hacking Database
                - metagoofil
                - Cloud Scanning with Shodan
          - Scanning
                - Scanning with the Nmap tool
                - Scanning with autoscan
                - Scanning with Netifera
                - Scanning with sslscan
                - Scanning and Scripting with Hping3
                - Building a Target Database
                - RANGE: Live Target Range Challenge Level One
          - Enumeration
                - Enumerating Targets
                - Enumerating SNMP
                - Using the nmap scripting engine
                - Enumerating SMB
                - OS Fingerprinting
          - Vulnerability Analysis
                - Vulnerability Sites
                - Vulnerability Analysis with OpenVAS
                - Vulnerability Analysis with Nessus
                - Firewalls and Vulnerability Scanners
                - Vulnerability Analysis of Web Applications
                - Vulnerability Scanning with W3AF
                - Vulnerability Scanning with Webshag
                - Vulnerability Scanning with Skipfish
                - Vulnerability Scanning with Vega
                - Vulnerability Scanning with Proxystrike
                - Vulnerability Scanning with Owasp-zap
                - RANGE: Live Target Range Challenge Level Two
          - Exploitation
                - Exploit Sites
                - Manual Exploitation
                - Exploitation with Metasploit
                - Exploiting with Armitage
                - Exploitation with SET
                - RANGE: Live Target Range Challenge Three
          - Post Exploitation
                - Conduct local assessment
                - RANGE: Live Target Range Challenge Four
          - Data Analysis and Reporting
                - Compiling Data in MagicTree
                - Compiling Data in Dradis
                - Developing a Professional Report
                - Reviewing findings and creating report information
          - Advanced Techniques
                - Scanning against defenses
                - Exploitation through defenses
                - Detecting Load Balancing
                - Detecting Web Application Firewalls
                - Evading Detection
                - Exploit writing
          - Practical Phase One
                - External penetration testing
          - Practical Phase two
                - External and Internal testing
          - Practical Phase Three
                - Internal testing