Training Course:Vulnerability and Penetration Testing: Ethical HackingSchool/Trainer:New Horizons Learning Centres of Australia
Sydney, Brisbane, Melbourne, Perth, Newcastle, Australia
Course Format: Classroom | E-learning | Virtual Class | Online | On-site | Blended | Self-paced
Course Description:
'' This is an exciting five-day, hands-on workshop presented by Bridge Point staff where you’ll learn the techniques of ethical hacking and get the chance to put them to the test. You’ll learn how your computer network can be attacked, and how to prevent it, and come away with an in-depth understanding of system vulnerabilities and attack methods to help you design the best way to secure your computer network. The course reviews the practices attackers use to assess and attack networks - so participants can plan and maintain their own system defences, knowing how and where the enemy will probably attack. This is a technical, hands-on course, delivered by experienced IT security specialists.
Target Audience:
Network and system engineers who are planning or managing network security
IT professionals who want to learn more about hacking tools and techniques
Auditors and web designers concerned with network security
Any IT professional who is responsible for planning or managing secure online services
Pre-requisites:
To be successful in completing this course, students should have a working knowledge of networking and understand basic commands in UNIX and Windows NT/2000. Other requirements will be listed in the Registration Form.
Outline:
Day 1 - Introduction
To help set the scene, there will be an introductory session on current attacks and their impact on organisations.
Day 1 - Reconnaissance - Information Gathering
The first step taken by a good attacker is to build an attack profile of their target. This profile can then be used as the basis for the search for exploitable
vulnerabilities. By reviewing the information that can be gathered by possible attackers, participants can start thinking about how to reduce the profile image
for their company. The less information publicly available means the fewer starting point for attackers. This day will be spent covering and applying the following concepts in order to develop an attack profile:
Using publicly available information to target the attack (whois, web search engines, Usenet, Directories)
Internet Relay Chat - IRC
Social engineering
Using DNS information for hacking
Banner grabbing
Other methods of identifying operating systems and services
War dialling
Sniffing,
Hubs vs. switches
Hacker sites and their importance to attackers
Information provision and risk exposure
What is useful to attackers?
Organisational Information Gathering
Basic company searches
Disclosing people’s names
Offering direct telephone numbers
Providing IT suppliers names
Showing website design house names
Requesting information directly from an organisation
Port scanning and
Operating system fingerprinting
Mapping the network topology
Day 2 Developing an Attack Plan
Day 2 builds on the skills acquired during Day 1. Using the attack profiling techniques and the image generated as a result of those techniques. the participants skills and knowledge shall be developed in how to craft an attack plan against the profiled target. This day will be the starting point for the participants to gain the skills and knowledge to achieve the following objectives:
Compromising the DMZ via exploiting vulnerabilities found on DMZ computers
Attacking a web Server and defacing it
Performing Denial of service (DOS) against targets
Corruption of services of a target
Insertion of Trojans
Create a beach-head, from which other attacks can be launched
Extinguishing the Firewall
Using malicious code to gather information
Using malicious code to gain access
Using malicious code to trigger an attack
Day 3 - Windows NT/2000
During this day, the course centres on exploiting Windows platforms.
Windows NT security architecture (user accounts, SAM database, file system permission)
Windows networking (NetBIOS, SMB/CIFS) - how it works
Windows-specific information gathering (null-sessions, DCE/RPC, SNMP, LDAP)
Remote attacks (share scanning, account brute-forcing)
Local privilege escalation
Day 3 - Unix
This part of the course aims to apply the news skills to UNIX platforms.
Unix security architecture (user accounts, root privileges, file permission, set-user-id bit, etc.)
Unix-specific information gathering (RPC portmapper, NFS, Finger daemon, SMTP, SNMP)
Programming errors resulting in security vulnerabilities (detailed explanation of each bug and methods of exploitation)
Buffer overflows
Format string issues
Race conditions
Incorrect input validation
Day 4 - Web Hacking
Web servers are a part of today’s world and are the most attacked components of a company’s assets. During this part of the course Web serves shall be
exploiting, gaining control of them. The following concepts shall be presented and applied.
Web reconnaissance
Getting information from the web server (version, directory structure, server-side applications installed, etc.)
Classification of web vulnerabilities (buffer overflows, directory traversal, incorrect input validation, encoding/decoding bugs, etc.)
Scanning for known vulnerabilities
Checking for configuration errors
Escalating privileges
Assessing the security of custom built web applications
Day 5 - Miscellaneous Topics and Network Penetration Contest
Day 5 will be used to concentrate on any particular areas of interest of the participants. As well, there will be a review of routers and other areas not
covered in the preceding 4 days, culminating in a network penetration contest between the participants.
Routers
What you can do with a hacked router
Services offered by routers
Checking known vulnerabilities
Router configuration errors
Password cracking
Rootkits and Trojans
A network penetration contest to put theory into practice - pit your newly acquired skills against the other participants! ...''
Please go to the school's official website for training price and schedule:
http://www.nhaustralia.com.au
Phone:+61 2 8263 5900
School Address:
Level 6, St. Martins Tower
31 Market Street
Sydney NSW 2000 Australia
Level 4, 200 Creek Street,
Brisbane, QLD 4000
Level 2, 31 Queen Street,
Melbourne, VIC 3000
Jobs & Resumes: Sydney, Brisbane, Melbourne, Perth, Newcastle
Houses & Roommates: Sydney, Brisbane, Melbourne, Perth, Newcastle
Other training courses offered by New Horizons Learning Centres of Australia:
Windows SharePoint Services Level 2 Building Extended Collaborative Solutions
InfoPath 2003 Creating Forms
VBA WORD 2002
Incident Investigations and Forensics
Practical Implementation of AS7799.2/ISO27001 & QGIS18 Compliant Information Security Management
Securing your IT Systems
Voice over IP Security
Wireless Networking Security and Audit
Administering Cisco Call Manager (ACCM)1.0
Aironet Wireless LAN Fundamentals & Site Survey
Cisco CCNA: Interconnecting Cisco Network Devices (ICND)
Cisco CCNA: Introduction to Cisco Networking Technologies (ICNT)
Cisco CCNP: Building Cisco Multi-Layer Switched Networks (BCMSN)
Cisco CCNP: Building Cisco Remote Access Networks (BCRAN) v2.0
Cisco CCNP: Building Scalable Cisco Internetworks (BSCI) v2.0
Cisco CCNP: Cisco Internetwork Troubleshooting (CIT)
Notice: The course description on this page was captured from the Internet as historical reference or submitted by visitors. It was archived statically and not updated from day to day.
Tips:
Try the search form on top of each page to find the latest course information, using course topic and location as keywords. Keep the course topic keyword short to get more results. |
|
|
