Course titel: Penetration Testing 1: Digital Reconnaissance – Target Identification and Analysis
Course type: Intensive course on our online learning platform, in a small group along with other participants
Course length: 2 weeks (every Monday to Friday, weekends optional for practical exercises)
Course objectives: You will learn how professional “Ethical” hackers work and which tools and methods they use to approach their targets. You will acquire the relevant knowledge about theory (threats, vulnerabilities, protocols, system services etc.) and practice (preparation, tools, analysis and interpretation) as well. You will apply and test your gained skills in various lab exercises under the guidance of an experienced instructor. By deeper understanding of today’s attack- and defense methods, you’ll be able to better protect networks against hacking attacks.
Penetration testing professionals are more successful if they proceed methodically and don’t rely on lucky coincidence. To select the right tools and aids is as important as perfect preparation, scheduling and methodology.
“Penetration Testing 1” will focus on Digital Reconnaissance, i.e. on information gathering to lay the groundwork for the actual attack. Digital Recon is a key success factor and probably the most important step of a pentest project.
Profit from the experience of other expert colleagues and our IT security experts, from their approaches and tips for successfully completing pentest projects.
- Hacking as a job: different objective targets, approaches, scoping, project options. Blackbox versus whitebox testing, simulation of different threat scenarios
- Analysis- and hacking tools: which tool for which task, installation, application, documentation and reporting functions
- Open source intelligence: methods for information gathering, Unix tools, Google hacking, public databases, DNS, metadata (in emails, dokuments), etc.
- Footprinting: which details about our target environment are required? How and where do we get this information? How can we use this for our attack?
- Host discovery and network mapping: which clients and servers are in our target environment, how are these structured/connected?
- Port scanning: how to identify open ports and active services? How to cross-check the correctness of scanner results?
- Wireless networks (WiFi): track down users and networks, usage pattern analysis, intercept communication via rogue access points and evil twins
- Interception, storage and analysis of user data in local networks: Wireshark and other tools
- Decryption of intercepted passwords using different password crackers
- Firewalls and intrusion detection systems: how to avoid getting caught
- Logging your own activities and how to document and report them to your customer
- Analysis and interpretation of reconnaissance data, attack plan, preparation of reports and deliverables
- Practical tips for teamwork with other specialists who focus on different aspects
- Legal situation: is reconnaissance always allowed? Is scanning legal? Customer-client model agreements that keep you out of trouble
- International standards and methodologies for penetration testing and security assessment
- Presentation and discussion of practical exercises
Over the course, you will regularly work through small tasks and receive tips and feedback from the course leader. You will discuss the course contents together with other participants in internal discussion forums and are able to participate in expert exchanges. Finally, towards the end of the course, you will create a short text based on a self-selected question (task takes a half to whole day).
Certificate of completion: if you completed your homework and your participation was regular you will receive upon completing the course a certificate of completion. The small tests are exclusively for your personal self-assessment; no grade is given.
Advantages: intensive, daily support from course leaders, discussions and expert exchanges with other participants, regular self-assessment through multiple choice tests and quizzes, working through various tasks including feedback.
Who should attend: This course is aimed at consultants, companies and government employees with one of the following requirements:
- You are entrusted with the implementation or contracting of penetration and/or security testing
- You have to know appropriate requirements when formulating security projects or tendering
- You allow your colleagues to enjoy systematic further education in addition to ‘learning on the job’
- You are an experienced IT security professional and would like to see what working methods other colleagues make use of
- You are a security manager and work together with penetration testers
- You work in law enforcement and need to know how hackers operate
- Anyone who for work reasons wants to find out how to pentest systems and networks
Prerequisites: Our courses are directed at participants with a background in IT. Basic knowledge of systems and networks is recommended in order to make the most of our course.
Requirements for participation:
- You would need to plan in half a day (or a whole evening) daily for working through the course contents and practical exercises
- You will require a computer with connection to the Internet and a copy of the free penetration testing suite “Kali Linux” (easily installable in a virtual environment, e.g. Oracle Virtual Box or VMWare)
- Next course: April 1, 2019
- Early Bird Discount: if you register up to one month before starting date: your course fee is 980 USD
- For late registrations (30 days or less before starting date): 1180 USD
- Payment is to be made after registration is confirmed. Places are limited, and as such early registration is recommended
Infos about the process and setup of our online courses are found >>here<<.
→ Registration: You can register here with our online registration form.