Courses | Technitics Consulting
Penetration Testing
Overview
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders (who do not have an authorized means of accessing the organization's systems) and malicious insiders (who have some level of authorized access).
The process involves an active analysis of the system for any potential vulnerabilities that could result from poor or improper system configuration, both known and unknown hardware or software flaws, and operational weaknesses in process or technical countermeasures. This analysis is carried out from the position of a potential attacker and can involve active exploitation of security vulnerabilities.
Security issues uncovered through the penetration test are presented to the system's owner. Effective penetration tests will couple this information with an accurate assessment of the potential impacts to the organization and outline a range of technical and procedural countermeasures to reduce risks.
Pre-requisites
- Thorough knowledge of Networking Concepts.
- In-Depth understanding of various OS Architectures.
- Experience in usage of common Open-Source as well as commercial Tools for VA/PT.
- Exposure to programming will be beneficial.
- In-Depth knowledge of Web Applications.
Penetration Testing Boot-camps
You can attend in-depth penetration testing boot-camps offered by ISAC approved partners.
Program contents:
The Art of Hacking
The Hackers' Manifesto
The Cult behind it
The Scope
The Art of Breaking Things
Everything is a 'System'
Looking Beyond the Obvious
The Fundamental Flaws
Developing Intuition
The Essential Skills
Becoming a Programmer
Understanding how Systems work
The Ability to adapt quickly
The Google-Skills
Understanding the Network
Networking Basics
Understanding the Network Devices
Finding your way
Common Network level Attacks
Wisdom of Network Exploitation
Understanding Web-Applications
Web Application basics
Seeing how everything works
Known & the unknown Vulnerabilities
Exploiting Web-Applications
Possibilities & limitations
What next?
Reconnaissance
Mapping the entire Network
Studying the Web-Apps
Going a step further
Vulnerability Scanning
Planning the Attack
Identifying the Weak Targets
Selecting the easiest route
Importance of Lab-Testing
Making the Attack Layout
Selecting the right tools
Taking on the System
Understanding the existing tools
The art of tweaking
Web-Shells & Backdoors
Finding Juicy Info
In-Depth Case-Studies
Post Exploitation Kung-Fu
When to stop?
Knowing the Possibilities
Digging Deeper
In-Depth Case-Studies
Over 100+ hands-on labs and 25 Case studies covered in the boot-camp!
Study Guides
The NSD examination is based on open curriculum and you are free to refer any resources for your exam preperation.
Some study materials to get you started:
- Security-Tube
- Metasploit Unleased
- OWASP
Lab exam blueprint
The candidate will be provided with a target IP Address / Application. The objective is to do complete vulnerability analysis of the target system & then carry out Penetration Testing, within the alloted time.
We recommend you should be familiar with:
- Metasploit
- Social Engineering Tool-kit
- Vulnerability scanners
- Debuggers/Disassemblers
- Use of Web-Shells / Backdoors
Expected Solution Format
You will be asked to At the end of the lab exam, the candidate is required to submit a report that explains how exactly the 'VA/PT' was done. Its expected to be as technical as possible with every single detail mentioned.
Report must include -
Findings
- The challenges you faced
- All the Critical vulnerabilities that were found
- The exact Penetration Approach, that was used
- Specific answers as required by the lab
You will be given an answer paper on which the above details have to be provided.
