Training approach
This structured course uses Instructor Led Training to provide the best possible learning experience. Small class sizes ensure students benefit from our engaging and interactive style of teaching with delegates encouraged to ask questions throughout the course. Quizzes follow each major section allowing checking of learning. Hands on sessions are used throughout to allow delegates to consolidate their new skills.
Overall rating:
Customer reviews
"Hard concepts were explained very simply."
J. S. Framestore CFC
J. S. Framestore CFC
"Excellent presentation - very good course structure."
B. M. London Internet Exchange
B. M. London Internet Exchange
Penetration testing training course contents
Introduction
Hacking concepts, phases, types of attacks, “White hacking”, What is penetration testing? Why use pen testing, black box vs. white box testing, equipment and tools, security lifecycles, counter hacking, pen testing reports, methodologies, legal issues.
Physical security and social engineering
Testing access controls, perimeter reviews, location reviews, alarm response testing. Request testing, guided suggestions, trust testing. Social engineering concepts, techniques, counter measures, Identity theft, Impersonation on social media, Footprints through social engineering
Reconnaissance (discovery)
Footprinting methodologies, concepts, threats and countermeasures, WHOIS footprinting, Gaining contacts and addresses, DNS queries, NIC queries, ICMP ping sweeping, system and server trails from the target network, information leaks, competitive intelligence. Scanning pen testing.
Gaining access
Getting past passwords, password grinding, spoofed tokens, replays, remaining anonymous.
Scanning (enumeration)
Gaining OS info, platform info, open port info, application info. Routes used, proxies, firewalking, Port scanning, stealth port scanning, vulnerability scanning, FIN scanning, Xmas tree scanning, Null scanning, spoofed scanning, Scanning beyond IDS. Enumeration concepts, counter measures and enumeration pen testing.
Hacking
Hacking webservers, web applications, Wireless networks and mobile platforms. Concepts, threats, methodology, hacking tools and countermeasures.
Trojan, Backdoors, Sniffers, Viruses and Worms
Detection, concepts, countermeasures, Pen testing Trojans, backdoors, sniffers and viruses. MAC attacks, DHCP attacks, ARP poisoning, DNS poisoning Anti-Trojan software, Malware analysis Sniffing tools.
Exploiting (testing) vulnerabilities
Buffer overflows,, simple exploits, brute force methods, UNIX based, Windows based, specific application vulnerabilities.
DoS/DDoS
Concepts, techniques, attack tools, Botnet, countermeasures, protection tools, DoS attack pen testing.
SQL Injection
Types and testing, Blind SQL Injection, Injection tools, evasion and countermeasures
Securing networks
“Hurdles”, firewalls, DMZ, stopping port scans, IDS, Honeypots, Router testing, firewall testing, IDS testing, Buffer Overflow.
Cryptography
PKI, Encryption algorithms, tools, Email and Disk Encryption.
Information security
Document grinding, privacy.
Why Choose Us
- Ability to teach
- Technical knowledge
- Answering questions
We limit our maximum class size to 8 delegates; often we have less than this. This ensures optimal interactivity between delegates and instructor.
"Excellent course. The small class size was a great benefit…"
M.B. IBM
We write our own courses; courseware does not just consist of slides and our slides are diagrams not bullet point text. A typical chapter provides clearly defined objectives with a chapter overview, slides with text underneath, a quiz at the end to check the learning of the students. Hands on exercises are at the end and are used to reinforce the theory.