cast 611 brochure

8/18/2019 Cast 611 Brochure

1/14

CAST EC-Council

EC-Council

CASTCENTER FOR ADVANCED

SECURITY TRAINING

Make The Difference

CAST 611

Advanced Penetration Testing


2/14

CAST EC-Council

CAST EC-Council

The rapidly evolving information security

landscape now requires professionals to stay up

to date on the latest security technologies,

threats and remediation strategies. CAST was

created to address the need for quality

advanced technical training for information

security professionals who aspire to acquire the

skill sets required for their job functions. CAST

courses are advanced and highly technical

training programs co-developed by EC-Council

and well-respected industry practitioners or

subject matter experts. CAST aims to

provide specialized training programs that will

cover key information security domains, at an

advanced level.

About EC-Council

Center of Advanced

Security Training

(CAST)


3/14

CAST EC-Council

CAST EC-Council

The course is ALL Hands-On - 100%.

The format is practice the professional security testing

methodology for the first half of the class.

Once you have practiced this then you will go against a

"live" range. The process is as follows:

The sample methodology:

- Information gathering and OSINT

- Scanning Building a Target Database

- Enumeration

- Vulnerability Analysis

- Exploitation

- Post exploitation

- Advanced techniques

- Data Analysis

- Report

Access the range:

- You will be provided a scope of work

- Have 2-3 hours on the range and then be provided a

debrief

Advanced Penetration TestingCourse Description


4/14

CAST EC-CouncilCAST EC-Council

The ranges are progressive and increase in

difficulty at each level. There are 3-4 levels to

complete then you are ready for the challenge

range practical!

Motto:

- So you think you can pen test? PROVE IT!

The course will teach you how to do aprofessional security test and produce the

most important thing from a test ... the

findings and the report!.

The ranges progresses in difficulty and reflect

an enterprise level architecture. There will be

defenses to defeat and challenges to

overcome. This is not your typical FLAT

network! As the range levels increase you will

encounter the top defenses of today and learn

the latest evasion techniques.

The format you will use has been used to train1000s penetration testers globally, it is proven

and effective!

Practical:

- Three phases

- scope of work for each phase.

- 6 hours to complete the practical.

- save all of the data and build a target

database of your findings. At completion ofthe range section.

- Two hours for written exam base on ranges

– Pass exam

- Receive CAST Advanced Penetration Tester

Certification


5/14

CAST EC-Council

Students completing this course will gain in-depth knowledge in the following areas:

CAST EC-Council

01 Advanced Scanning methods

02 Attacking from the Web

03 Client Side Pen-testing

04 Attacking from the LAN

05 Breaking out of Restricted Environments

06 Bypassing Network-Based IDS/IPS

07 Privilege Escalation

08 Post-Exploitation

What Will You Learn?


6/14


• Information security professionals

• Penetration Testers

• IT managers

• IT auditors

• Government & Intelligence Agencies

interested in real world attack and defense

in today’s complex and highly secure IT

environments

Who Should Attend


7/14

CAST EC-Council

1. Information gathering and OSINT

CAST EC-Council

Course Outline

• Nslookup

• Dig

• dnsenum

• dnsrecon

• dnsmap

• reverseraider

• Enumeration of DNS with erce

• Internet registrars and whois

• Enumeration with theHarvester

• ServerSni

• Google Hacking Database

• metagool

• Cloud Scanning with Shodan


8/14


2. Scanning

• Scanning with the Nmap tool

• Scan for live systems

• Scan for open ports

• Identify services

• Enumerate

• Output the scanner results in an XML

format for displa

• Scanning with autoscan

• Scanning with Netifera

• Scanning with sslscan

• Scanning and Scripting with Hping3

• Building a Target Database

RANGE: Live Target Range Challenge Level One


9/14


3. Enumeration 5. Exploitation

4. Vulnerability Analysis

• Enumerating Targets

• Enumerating SNMP

• Using the nmap scripting engine• Enumerating SMB

• OS Fingerprinting

• Exploit Sites

• Manual Exploitation

• Scanning the target• Identifying vulnerabilities

• Finding exploit for the

vulnerability

• Prepare the exploit

• Exploit the machine

• Exploitation with Metasploit

• Scan from within Metsaploit

• Locate an exploit, and attempt to

exploit a machine

• Exploiting with Armitage

• Scan from within Armitage

• Managing targets in Armitage

• Exploiting targets with Armitage

• Exploitation with SET

• Setup SET

• Access compromised web siteusing Java attack vector

• Gain user-level access to the latest

Windows machines

• Perform privilege escalation

• Gain system-level access to the

latest Windows machines

• Extract data with scraper

• Extract data with winenum

• Analyze the pilfered data

• Kill the antivirus protection

• Vulnerability Sites

• Vulnerability Analysis with

OpenVAS

• Vulnerability Analysis with Nessus

• Firewalls and Vulnerability Scanners

• Vulnerability Analysis of Web

Applications• XSS

• CSRF

• SQL Injection

• Others

• Vulnerability Scanning with W3AF

• Vulnerability Scanning with

Webshag

• Vulnerability Scanning with Skipsh

• Vulnerability Scanning with Vega


Proxystrike


Owasp-zap

RANGE: Live Target Range Challenge

Level Two


10/14


6. Post Exploitation

• Conduct local assessment

• Conduct the scanning

methodology against the

machine

• Identify vulnerabilities

• Search for an exploit

• Compile the exploit

• Attempt to exploit the machine

• Migrate the exploit to another

process

• Harvest information from an

exploited machine

• Capture and crack passwords

• Copy les to and from an

exploited machine

RANGE: Live Target Range Challenge

Four


11/14

CAST EC-Council

7. Data Analysis and Reporting

CAST EC-Council

• Compiling Data in MagicTree

• Take tool output and store it in a usable

form

• Compiling Data in Dradis

• Storing OpenVAS results

• Developing a Professional Report

• Identify the components of a report.• Cover Page

• Table of Contents

• Executive Summary

• Host Table

• Summary of ndings

• Detailed Findings

• Conclusion

• Appendices

• Reviewing ndings and creating report

information

• Conducting systematic analysis

• Validation and verication

• Severity

• Description

• Analysis/Exposure

• Screenshot

• Recommendation

• Reviewing sample reports

• Creating a custom report


12/14


8. Advanced Techniques

• Scanning against defenses

• Routers

• Firewalls

• IPS

• Exploitation through defenses

• Source port conguration

• Detecting Load Balancing

• DNS

• HTTP

• Detecting Web Application Firewalls

• wafW00f

• Evading Detection

• Identifying the threshold of a device

• Slow and controlled scanning

• Obfuscated exploitation payloads

• Exploit writing

• Writing custom exploits

• Exploit writing references


13/14


Master Trainer:

Kevin Cardwell

Kevin Cardwell served as the leader of a 5 person Red Team that achieved a 100% success rate at

compromising systems and networks for six straight years. He has conducted over 500 security

assessments across the globe. His expertise is in finding weaknesses and determining ways clients can

mitigate or limit the impact of these weaknesses.

He currently works as a free-lance consultant and provides consulting services for companies throughout

the world, and as an advisor to numerous government entities within the US, Middle East, Africa, Asia andthe UK . He is an Instructor, Technical Editor and Author for Computer Forensics, and Hacking courses. He

is the author of the Center for Advanced Security and Training (CAST) Advanced Network Defense course.

He is technical editor of the Learning Tree Course Penetration Testing Techniques and Computer

Forensics. He has presented at the Blackhat USA, Hacker Halted, ISSA and TakeDownCon conferences. He

has chaired the Cybercrime and Cyberdefense Summit in Oman. He is author of Bactrack: Testing Wireless

Network Security. He holds a BS in Computer Science from National University in California and a MS in

Software Engineering from the Southern Methodist University (SMU) in Texas. He developed the Strategy

and Training Development Plan for the first Government CERT in the country of Oman that recently was

rated as the top CERT for the Middle East. he serves as a professional training consultant to the Oman

Information Technology Authority, and developed the team to man the first Commercial Security

Operations Center in the country of Oman. He has worked extensively with banks and financial

institutions throughout the Middle East, Europe and the UK in the planning of a robust and secure

architecture and implementing requirements to meet compliance. He currently provides consultancy toCommercial companies, governments, major banks and financial institutions in the Gulf region to include

the Muscat Securities Market (MSM) and the Central Bank of Oman. Additionally, he provides training and

consultancy to the Oman CERT and the SOC team in the monitoring and incident identification of

intrusions and incidents within the Gulf region.


14/14

CAST EC-Council

EC-Council

cast 611 brochure

Documents