Who should attend ?

IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers.

Prerequisites

Basic knowledge of networks is a plus.

Course Syllabus

• Introduction: Basic concepts, Pentest approaches, Planning, Reporting
• Linux Basics
• Network basics
• Reconnaissance
  • Active/Passive information gathering
  • Using search engines & Google hacking
  • Footprinting
• Web application pentests
  • Web technologies & standards
  • Personal proxy
  • Information gathering
  • Configuration management & flaws
  • Input/output manipulation
    • XSS (Cross Site Scripting)
    • SQL injection
  • Authentication flaws
    • Brute force & dictionary attacks
    • CAPTCHA & flaws
  • Authorization flaws
    • Privilege escalation
    • Path traversal
  • Session management flaws
    • Session fixation
    • CSRF (Cross Site Request Forgery)
  • Business logic flaws
• Scanning networks
  • Host detection
  • Discovering network topology
• Network layer (Layer 2) attacks
• Vulnerability scanning
• Exploit – Post Exploit
  • Exploit databases
  • Metasploit framework
  • Post exploitation
• Pivoting and tunnelling
• Social Engineering
  • Evading detection devices
  • Preparing custom payloads
  • Embedding malware into files
  • Social engineering attacks on Mobile devices
• Persistency

Duration

5 Days.

Benefits

Attendees will be able to participate and contribute to penetration tests.