0345 4506120

Certified Security Testing Associate Ethical Hacking

Providing a comprehensive grounding in the methodology, techniques and culture of ethical hacking.

This 4-day ethical hacking training course is a hands-on journey into the hacking mind-set, examining and practically applying the tools and techniques that hackers use to launch "infrastructure" attacks.

Learning Objectives

The course looks at the various stages of a hacking attack, or equally a penetration test, from initial information discovery and target scanning through to exploitation, privilege escalation and retaining access. Practical exercises reinforce theory as you experiment with a Windows 2008 domain (server and workstation) plus a Linux server. The course demonstrates hacking techniques - there's no better way to understand attacks than by doing them yourself - but this is always done with defence in mind and countermeasures are discussed throughout. CSTA is suited to system administrators, IT security officers, and budding penetration testers.

Pre-Requisites

A basic understanding of TCP/IP networking, e.g.

  • Are you familiar with the OSI model?  Can you name a layer 2 and layer 3 protocol?
  • Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
  • What function does ARP perform?
  • How does a system know whether or not a gateway is required?
  • What is a TCP port?

Familiarity with Windows or Linux command line.

  • Understand how switches change the way commands work
  • How does adding > affect a command?
  • Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?)
  • Understand the difference between ../file and ./file
  • Understand how to pull up built-in help for a command

Course Content

Course Content

Introduction

• Motivations behind hacking

• The hacking scene

• Methodology

Networking Refresher

• Sniffing traffic

Information Discovery

• Useful information

• Sources – websites, metadata, search engines, DNS, social engineering

Target Scanning

• Host discovery

• Port scanning techniques

• Banner grabbing

Vulnerability Assessment

• Causes of vulnerabilities

• The classic buffer overflow

• Vulnerability tracking

• Scanning

• Client-side vulnerabilities

Attacking Windows

• Windows enumeration

• Metasploit

• Client-side exploits

Privilege Escalation – Windows

• Local information gathering

• Metasploit’s Meterpreter

• Keyloggers

• Password storage

• Password extraction

• Password cracking techniques

• Cached Domain Credentials

• Windows network authentication

• Access tokens

• Pass the hash

Attacking Linux

• Exploitation

• Web shells

• Pivoting the attack

• Online password cracking

• ARP Poisoning Man in the Middle

Privilege Escalation – Linux

• Standard streams

• Privilege escalation by exploit

• Commercial penetration testing tools

• Password storage

• Password cracking

• Permission errors

• Sudo

• SUID

• Flawed shell scripts

Retaining Access

• Backdoors

• Trojan Horses

• Delivery mechanisms

• Botnets

• Bypassing client-side security

Covering Tracks

• Hiding backdoors

• Simple obfuscation

• Rootkits

• Anti-forensics

• Log manipulation

• Connection laundering

Conclusions

CSTA Exam

 

Exams & Certification

Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Testing Associate (CSTA) qualification. CSTA, along with CSTP, is an ideal preparation towards the CREST Registered Tester qualification.

University-accredited training. Authored by experts.

Privacy Notice

In order to provide you with the service requested we will need to retain and use your contact information in accordance with our Privacy Notice. If you choose to provide us with this information you explicitly consent to us using the information as necessary to provide the request service to you. If you do not agree please do not proceed to request the service from us.

Marketing Permissions

Would you like to receive our newsletter and other information on products and services which we think will be of interest to you by email. We will always treat your information with care and in accordance with our Privacy Notice. You are free to withdraw this permission at any time.

 

Online Courses

You may prefer an online course if you are looking for a flexible and cost-effective solution. Online courses allow you to study at your own pace, at a time that suits you.

We have the following eLearning options available:

Our Customers Include