Курс Certified Penetration Testing Professional

Програма курсу включає понад 25 лабораторних завдань, які імітують реальні атаки та дозволяють працювати із середовищами IoT, хмарними сервісами (AWS, Azure), SCADA-системами та інфраструктурами Active Directory. Сухачі навчаться проводити атаки на мережі з обмеженим доступом, розробляти власні експлойти, працювати з методами Pivoting і підвищення привілеїв.

Програма курсу

Module 01. Introduction to penetration testing and methodologies

• Principles and objectives of penetration testing
• Penetration testing methodologies and frameworks
• Best practices and guidelines for penetration testing
• Role of artificial intelligence in penetration testing
• Role of penetration testing in compliance with laws, acts, and standards

Key topics covered:

• penetration testing
• penetration testing process
• penetration testing methodologies and frameworks
• MITRE ATT&CK framework
• characteristics of a good penetration test
• AI-driven penetration testing
• AI-driven tools for penetration testing
• compliance-driven penetration testing
• role of AI and machine learning in compliance-driven testing

Module 02. Penetration testing scoping and engagement

• Penetration testing: pre-engagement activities
• Key elements required to respond to penetration testing RFPs
• Drafting effective rules of engagement (ROE)
• Legal and regulatory considerations critical to penetration testing
• Resources and tools for successful penetration testing
• Strategies to effectively manage scope creep

Key topics covered:

• preparing for proposal submission
• rules of engagement
• drafting a ROE
• drafting penetration testing contract
• rules of behavior
• nondisclosure agreement
• liability issues
• engagement letter
• kickoff meeting
• statement of work
• preparing the test plan
• data use agreement
• mission briefing
• scope creeping

Module 03. Open-source intelligence (OSINT)

• Collect open-source intelligence (OSINT) on target's domain name
• Collect OSINT about target organization on the web
• Perform OSINT on target's employees
• OSINT using automation tools
• Map the attack surface

Labs:

• collect OSINT on target's domain name, web, and employees
• collect OSINT using automation tools
• identify and map attack surface

Key topics covered:

• find domain and subdomains
• Whois lookups
• DNS records
• reverse lookups
• DNS zone transfer
• web searches using advanced operators
• Google dork
• footprint target using Shodan
• email harvesting
• people search online services
• automate OSINT process using tools/frameworks
• attack surface mapping
• traceroute analysis
• scanning target network
• discover live hosts
• port scanning
• OS banner grabbing
• service fingerprinting

Module 04. Social engineering penetration testing

• Social engineering penetration testing concepts
• Off-site social engineering penetration testing
• On-site social engineering penetration testing
• Document findings with countermeasure recommendations

Labs: sniff credentials using the social-engineer toolkit (SET).

Key topics covered:

• social engineering penetration testing process
• off-site social engineering penetration testing
• phishing
• social engineering using phone
• social engineering using AI and ML
• on-site social engineering penetration testing
• social engineering countermeasures

Module 05. Web application penetration testing

• Web application footprinting and enumeration techniques
• Techniques for web vulnerability scanning
• Test for vulnerabilities in application deployment and configuration
• Techniques to assess identity management, authentication, and authorization mechanisms
• Evaluate session management security
• Evaluate input validation mechanisms
• Detect and exploit SQL injection vulnerabilities
• Techniques for identifying and testing injection vulnerabilities
• Exploit improper error handling vulnerabilities
• Identify weak cryptography vulnerabilities
• Test for business logic flaws in web applications
• Evaluate applications for client-side vulnerabilities

Labs:

• perform website footprinting
• perform web vulnerability scanning using AI
• perform various attacks on target web application

Key topics covered:

• OWASP penetration testing framework
• website footprinting
• web spidering
• website mirroring
• HTTP service discovery
• web server banner grabbing
• test for default credentials
• enumerate webserver directories
• web vulnerability assessment
• web application fuzz testing
• directory brute forcing
• web vulnerability scanning
• test handling of file extensions
• test backup and unreferenced files
• username enumeration
• authorization attack
• insecure access control methods
• session token sniffing
• session hijacking
• cross-site request forgery (XSRF)
• URL parameter tampering
• SQL injection
• LDAP injection
• improper error handling
• logic flaws
• frame injection

Module 06. API and java web token penetration testing

• Techniques and tools to perform API reconnaissance
• Test APIs for authentication and authorization vulnerabilities
• Evaluate the security of JSON web tokens (JWT)
• Test APIs for input validation and injection vulnerabilities
• Test APIs for security misconfiguration vulnerabilities
• Test APIs for rate limiting and denial of service (DoS) attacks
• Test APIs for security of GraphQL implementations
• Test APIs for business logic flaws and session management

Labs:

• perform API reconnaissance using AI
• scan and identify vulnerabilities in APIs
• exploit various vulnerabilities to gather information on the target application

Key topics covered:

• API reconnaissance
• test APIs for broken authentication
• test APIs for object-level permissions (BOLA)
• test for JWT issues
• test APIs for SQL injection vulnerabilities
• test APIs for cross-site scripting (XSS)
• fuzzing API inputs
• API vulnerability scanning
• unsafe consumption of APIs
• API for throttling and rate limiting attacks
• GraphQL issues
• API for workflows' circumvention
• API for session hijacking

Module 07. Perimeter defense evasion techniques

• Techniques to evaluate firewall security implementations
• Techniques to evaluate IDS security implementations
• Techniques to evaluate the security of routers
• Techniques to evaluate the security of switches

Labs:

• identify and bypass a firewall
• evade perimeter defenses using social-engineer toolkit (SET)
• perform WAF fingerprinting

Key topics covered:

• testing the firewall
• locate the firewall
• enumerate firewall access control list
• scan the firewall for vulnerabilities
• bypass the firewall
• IDS penetration testing
• techniques used to evade IDS systems
• test the IDS using different techniques
• bypass IDS
• router testing issues
• port scan the router
• test for router misconfigurations
• security misconfigurations in switch
• test for OSPF performance
• router and switch security auditing tool

Module 08. Windows exploitation and privilege escalation

• Windows pen testing methodology
• Techniques to perform reconnaissance on a Windows target
• Techniques to perform vulnerability assessment and exploit verification
• Methods to gain initial access to Windows systems
• Techniques to perform enumeration with user privilege
• Techniques to perform privilege escalation
• Post-exploitation activities

Labs:

• exploit Windows OS vulnerability
• exploit and escalate privileges on a Windows operating system
• gain access to a remote system
• exploit buffer overflow vulnerability on a Windows machine

Key topics covered:

• reconnaissance on Windows
• Windows vulnerability scanning
• gain access to Windows system
• vulnerability scanning and exploit suggestion using AI
• crack passwords
• gain access to Windows using remote shell
• exploit buffer overflow vulnerability on Windows
• Meterpreter post exploitation
• escalating privileges
• UAC bypass
• antivirus evasion
• disable Windows Defender
• setup backdoor at boot
• evade antivirus detection

Module 09. Active directory penetration testing

• Architecture and components of Active Directory
• Active Directory reconnaissance
• Active Directory enumeration
• Exploit identified Active Directory vulnerabilities
• Role of artificial intelligence in AD penetration testing strategies

Labs:

• explore the Active Directory environment
• perform Active Directory enumeration
• perform horizontal privilege escalation and lateral movement
• retrieve cached Active Directory credentials

Key topics covered:

• Active Directory
• Active Directory components
• Active Directory reconnaissance
• enumerate Active Directory
• Active Directory service interfaces (ADSI)
• Active Directory enumeration tools
• password spraying attack
• Active Directory certificate services (AD CS)
• Exchange Server user enumeration
• exploit Exchange Server
• extract password hashes
• crack NTLM hashes
• Active Directory exploitation
• AD enumeration using AI

Module 10. Linux exploitation and privilege escalation

• Linux exploitation and penetration testing methodologies
• Linux reconnaissance and vulnerability scanning
• Techniques to gain initial access to Linux systems
• Linux privilege escalation techniques

Labs:

• perform reconnaissance and vulnerability assessment on Linux
• gain access and perform enumeration
• identify misconfigurations for privilege escalation

Key topics covered:

• Linux reconnaissance
• Linux vulnerability scanning
• gaining initial access
• privilege escalation methods
• post-exploitation activities
• persistence techniques
• password attacks
• misconfiguration exploitation
• enumeration tools
• file permission issues
• kernel exploits
• sudo misconfigurations
• cron job abuse
• exploiting SUID binaries

Module 11. Reverse engineering, fuzzing, and binary exploitation

• Concepts and methodology for analyzing Linux binaries
• Methodologies for examining Windows binaries
• Buffer overflow attacks and exploitation methods
• Concepts, methodologies, and tools for application fuzzing

Labs:

• perform binary analysis
• explore binary analysis methodology
• write an exploit code
• reverse engineering a binary
• identify and debug stack buffer overflows
• fuzzing an application

Key topics covered:

• machine instructions
• 32-bit assembly
• ELF binary
• IA-32 instructions for pentesting
• binary analysis methodology
• Capstone framework
• static analysis
• dynamic analysis
• x86 C program
• buffer overflow
• heap overflow
• memory corruption exploits
• cross-compile binaries
• fuzzing
• fuzzing steps
• types of fuzzers
• debugging
• fuzzing tools
• building fuzzer

Module 12. Lateral movement and pivoting

• Advanced lateral movement techniques
• Advanced pivoting and tunneling techniques to maintain access

Labs: perform pivoting, perform DNS tunneling and HTTP tunneling.

Key topics covered:

• lateral movement
• pass the hash (PtH) attack
• pass the ticket (PtT) attack
• Kerberos attacks
• silver ticket
• golden ticket
• Kerberoasting
• PsExec Metasploit framework for lateral movement
• Windows remote management (WinRM) for lateral movement
• crack RDP
• pivoting
• pivoting tools
• HTTP tunneling
• DNS tunneling
• ICMP tunneling
• SSH tunneling
• port forwarding

Module 13. IoT penetration testing

• Fundamental concepts of IoT pentesting
• Information gathering and attack surface mapping
• Analyze IoT device firmware
• In-depth analysis of IoT software
• Assess the security of IoT networks and protocols
• Post-exploitation strategies and persistence techniques
• Comprehensive pentesting reports

Labs: perform IoT firmware acquisition, extraction, analysis, and emulation, probe IoT devices.

Key topics covered:

• IoT penetration testing
• OWASP top 10 IoT threats
• OWASP IoT attack surface areas
• IoT penetration testing methodology
• identify IoT devices
• firmware analysis
• extract the firmware image
• firmware extraction
• reverse engineering firmware
• static analysis of binaries
• dynamic analysis of binaries
• IoT software analysis
• IoT network and protocol security testing
• network traffic analysis between devices
• gateways, and servers
• privilege escalation techniques in IoT
• lateral movement techniques within IoT networks
• IoT penetration testing report

Module 14. Report writing and post-testing actions

Labs: generate penetration test reports

• Purpose and structure of a penetration testing report
• Essential components of a penetration testing report
• Phases of a pentest report writing
• Skills to deliver a penetration testing report effectively
• Post-testing actions for organizations

Key topics covered:

• characteristics of a good pentesting report
• report components
• phases of report development
• writing a draft report
• report writing tools
• delivering the penetration testing report
• report retention
• destroying the report
• sign-off document
• developing and implementing data backup plan
• conducting training
• retesting and validation

Вимоги до рівня знань студента

• Глибоке розуміння комп'ютерних мереж, IP-адресації та передових протоколів (DNS, DHCP, ARP, ICMP, SNMP, Kerberos)
• Глибокі знання концепцій інформаційної безпеки, методологій тестування на проникнення та управління вразливостями
• Рекомендовано: сертифікація CEH Ради ЄС (або еквівалент) та щонайменше два роки практичного досвіду в галузі кібербезпеки або тестування на проникнення
• Володіння інструментами та фреймворками для тестування на проникнення (Nmap, Metasploit, Burp Suite, Wireshark, PowerShell, Python)
• Практичний досвід роботи з методами експлуатації, ескалацією привілеїв та методами пост-експлуатації
• Знайомство з передовими галузями: безпека Active Directory, хмарні середовища, безпека Інтернету речей та методи ухилення від загроз
• Здатність виконувати розвідку, сканування, експлуатацію, горизонтальне переміщення та звітування у складних умовах
• Зручна робота з кількома операційними системами: Windows, Linux та macOS
• Здатний виконувати розширені операції командного рядка, сценарії та автоматизацію
• Досвід роботи з завданнями системного адміністрування (керування користувачами, налаштування сервісів, посилення безпеки)
• Наполегливо рекомендується знайомство з платформами віртуалізації, лабораторними середовищами та хмарними платформами (AWS, Azure, GCP)

Особливості курсу

• Офіційні навчальні матеріали від EC-Council у електронному вигляді з доступом на 12 місяців
• Доступ до платформи лабораторних робіт Cyber Range на 6 місяців: практичний доступ до реалістичних середовищ для виконання завдань із тестування на проникнення
• Сертифікат про проходження курсу C|PENT від EC-Council: отримується після завершення курсу як підтвердження участі у програмі
• Ваучер для складання іспиту C|PENT (дійсний 12 місяців): дозволяє пройти офіційний сертифікаційний іспит
• Міжнародний сертифікат C|PENT від EC-Council після успішного складання іспиту: офіційне підтвердження вашого рівня компетенції у роботі з багаторівневими мережами, хмарними середовищами, IoT та SCADA-системами