Network Security: Penetration Attack Testing

Course 238

 Request information about bringing this course to your site.

Summary

This two-day course is meant to bring security professionals up to speed with tools, tactics, and skills of today’s hackers. It also serves as an introduction to the methodology of penetration testing and how to conduct and manage such test. The skills learnt throughout this course are the first steps towards being an effective penetration tester. We will learn about the characteristics of social engineering attacks, how they exploit human emotions, how a successful attack is conducted, and proper defense mechanisms against them. We will also discuss physical and logical penetration, the tactics hackers follow to place themselves physically or logically inside an organization, and proper defense mechanisms. Insider attacks are one of the most dangerous as they involve entities that already have some level of access. We will discuss examples of insider attacks and how to defend against them. Finally, we will learn about vulnerability analysis (scanning and fuzzing), exploitation (software buffer/heap overflow), and Wi-Fi penetration.

This is an experiment-oriented course where we will be conducting experiments in a lab environment for every topic discussed. Students will participate in experiments, which the instructor will prepare, to show how a given attack is conducted and how to defend against it.

Learning objectives

Upon completing the course you will be able to:

  • Understand the ethics of penetration testing
  • The legal system and how it might affect a penetration test
  • Social engineering attacks, how one is conducted, and proper defense mechanism (Lab: using the Social Engineering Toolkit)
  • Insider attacks, the potential damage, how such attack is carried, and proper defense mechanisms (Lab: password cracking)
  • Vulnerability analysis (using Nessus and OpenVAS) and fuzzing
  • Vulnerability exploitation (using Metasploit/W3AF/custom exploits)
  • Wi-Fi penetration testing (scanners, password crackers, DoS)
  • Managing a successful penetration test

Target Audience

Professionals such as engineers, product developers, managers, security officers, city/state government or law enforcement professional, and network administrators who have a special interest in quickly getting up to speed with the penetration testing methodology, skills, and techniques

Outline

Day One

Introduction to Penetration Testing
 • Overview of penetration testing • Ethics of penetration testing • Pennetration testing and the Legal System
Penetration Testing Techniques I
 • Social engineering attacks • Physical penetration testing • Insider attacks

Day Two

Penetration Testing Techniques II
 • Vulnerability analysis • Vulnerability exploitation • Wi-Fi penetration testing • Managing a penetration test