This 4-day ethical hacking training course is a hands-on journey into the hacking mindset, examining and practically applying the tools and techniques that hackers use to launch "infrastructure" attacks. Practical exercises reinforce theory as you experiment with a Windows 2008 domain (server and workstation) plus a Linux server. The course demonstrates hacking techniques - there's no better way to understand attacks than by doing them yourself - but this is always done with defence in mind and countermeasures are discussed throughout. The course is therefore suited to system administrators, IT security officers and budding penetration testers.
Delegates who successfully complete the exam included at the end of the training course will be awarded the Certified Security Testing Associate (CSTA) qualification. CSTA, along with CSTP, is an ideal preparation towards the CREST Registered Tester qualification.
University-accredited training. Authored by experts.
Practical Course Content
- Networking Refresher
- Sniffing Traffic – Wireshark, Ettercap
- Information Discovery
- Information Gathering – wget, metadata, pdfinfo and extract
- DNS – dig, zone transfers, DNSenum and Fierce
- Target Scanning
- Host Discovery – Nmap and Netdiscover
- Port Scanning with Nmap – Connect, SYN and UDP scans, OS detection
- Banner Grabbing – Amap, Netcat, Nmap, Nmap scripts (NSE)
- Vulnerability Assessment
- Attacking Windows
- Windows Enumeration – net commands, Active Directory searches
- RID Cycling – Enum4linux, Cain
- Client-side Exploits – Internet Explorer, Metasploit Auxiliary modules
- Privilege Escalation – Windows
- Information Gathering with Meterpreter – Stuxnet exploit, Meterpreter scripts
- Privilege Escalation – Keylogging
- Privilege Escalation exploit – Meterpreter's hashdump, privileged keylogging
- Password Cracking with John The Ripper
- Password Cracking with Cain – fgdump, tailoring dictionaries
- Brute-Force Password Attacks
- Password Cracking with Rainbow Tables – Ophcrack Live CD, Ophcrack application
- Attacks on Cached Domain Credentials
- Token Stealing – PsExec, Incognito, local admin to domain admin
- Pass the Hash
- Attacking Linux
- Exploiting Linux
- Pivoting the Attack
- Online Password Cracking – Medusa
- ARP Poisoning Man in the Middle – clear-text protocols, secured protocols
- Privilege Escalation – Linux
- Privilege Escalation – standalone exploit
- Cracking UNIX Passwords – John The Ripper
- Exploiting sudo through File Permissions
- Exploiting SUID and Flawed Scripts – logic errors
- Further Shell Script Flaws – command injection, path exploits
- Retaining Access
- Netcat as a Backdoor (via a Java Exploit)
- Bandook RAT (via a PDF Exploit) – Metasploit Handlers, a full end-to-end attack
- Covering Tracks
- Simple Obfuscation
- HXD Rootkit
- Log Manipulation – wevtutil, Meterpreter scripts, audit policy
An understanding of TCP/IP networking, e.g.
- Are you familiar with the OSI model? Can you name a layer 2 and layer 3 protocol?
- Can you describe at a high-level how a request reaches a web server through Ethernet, IP and TCP?
- What function does ARP perform?
- How does a system know whether or not a gateway is required?
- What is a TCP port?
Be comfortable with Windows and Linux command line. As a guideline, you should be able to tick off the following (without heavy recourse to Google):
- Understand how switches change the way commands work
- How does adding > affect a command?
- Understand the difference between cd /folder/file and cd folder/file (i.e. what does / at the front of the path do?)
- Understand the difference between ../file and ./file
- Understand how to pull up built-in help for a command
Read the CSTA ethical hacking training course outline to find out more
about the many topics covered in CSTA Ethical Hacking: Hands-On
Frequently Asked Questions (FAQ)