EC-Council Certified Penetration Testing Professional (CPENT) - Inklusive certifiering

Kursmaterialet är på engelska, med detta innehåll:

Introduction to Penetration Testing and Methodologies

• Principles and Objectives of Penetration Testing
• Penetration Testing Methodologies and Frameworks
• Best Practices and Guidelines for Penetration Testing
• Role of Artificial Intelligence in Penetration Testing
• Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Penetration Testing Scoping and Engagement

• Penetration Testing: Pre-engagement Activities
• Key Elements Required to Respond to Penetration Testing RFPs
• Drafting Effective Rules of Engagement (ROE)
• Legal and Regulatory Considerations Critical to Penetration Testing
• Resources and Tools for Successful Penetration Testing
• Strategies to Effectively Manage Scope Creep

Open Source Intelligence (OSINT) and Attack Surface Mapping

• Collecting Open-source Intelligence (OSINT) on Target's Domain Name
• Collecting OSINT about Target Organization on the Web
• Perform OSINT on Target’s Employees
• Open Source Intelligence (OSINT) using Automation Tools
• Attack Surface Mapping

Social Engineering Penetration Testing

• Social Engineering Penetration Testing Concepts
• Off-Site Social Engineering Penetration Testing
• On-Site Social Engineering Penetration Testing
• Document Findings with Countermeasure Recommendations

Web Application Penetration Testing

• Security Frame vs. Vulnerabilities vs. Attacks
• OWASP Penetration Testing Framework
• Web Application Footprinting and Enumeration Techniques
• Techniques for Web Vulnerability Scanning
• Test for Vulnerabilities in Application Deployment and Configuration
• Techniques to Assess Identity Management, Authentication, and Authorization
• Evaluate Session Management Security
• Evaluate Input Validation Mechanisms
• Detect and Exploit SQL Injection Vulnerabilities
• Techniques for Identifying and Testing Injection Vulnerabilities
• Exploit Improper Error Handling Vulnerabilities
• Identify Weak Cryptography Vulnerabilities
• Test for Business Logic Flaws in Web Applications
• Evaluate Applications for Client-Side Vulnerabilities

API and Java Web Token Penetration Testing

• API and Java Web Tokens (JWT) Penetration Testing
• Techniques and Tools to Perform API Reconnaissance
• Test APIs for Authentication and Authorization Vulnerabilities
• Evaluate the security of JSON Web Tokens (JWT)
• Test APIs for Input Validation and Injection Vulnerabilities
• Test APIs for Security Misconfiguration Vulnerabilities
• Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
• Test APIs for Security of GraphQL implementations
• Test APIs for Business Logic Flaws and Session Management

Perimeter Defense Evasion Techniques

• Techniques to Evaluate Firewall Security Implementations
• Techniques to Evaluate IDS Security Implementations
• Techniques to Evaluate the Security of Routers
• Techniques to Evaluate the Security of Switches

Windows Exploitation and Privilege Escalation

• Windows Pen Testing Methodology
• Techniques to Perform Reconnaissance on a Windows Target
• Techniques to Perform Vulnerability Assessment and Exploit Verification
• Methods to Gain Initial Access to Windows Systems
• Techniques to Perform Enumeration with User Privilege
• Techniques to Perform Privilege Escalation
• Post-Exploitation Activities

Active Directory Penetration Testing

• Architecture and Components of Active Directory
• Active Directory Reconnaissance
• Active Directory Enumeration
• Exploit Identified Active Directory Vulnerabilities
• Role of Artificial Intelligence in AD Penetration Testing Strategies

Linux Exploitation and Privilege Escalation

• Linux Exploitation and Penetration Testing Methodologies
• Linux Reconnaissance and Vulnerability Scanning
• Techniques to Gain Initial Access to Linux Systems
• Linux Privilege Escalation Techniques

Reverse Engineering, Fuzzing and Binary Exploitation

• Concepts and Methodology for Analyzing Linux Binaries
• Methodologies for Examining Windows Binaries
• Buffer Overflow Attacks and Exploitation Methods
• Concepts, Methodologies, and Tools for Application Fuzzing

Lateral Movement and Pivoting

• Advanced Lateral Movement Techniques
• Advanced Pivoting and Tunneling Techniques to Maintain Access

IoT Penetration Testing

• Fundamental Concepts of IoT Pen Testing
• Information Gathering and Attack Surface Mapping
• Analyze IoT Device Firmware
• In-depth Analysis of IoT Software
• Assess the Security of IoT Networks and Protocols
• Post-Exploitation Strategies and Persistence Techniques
• Comprehensive Pen Testing Reports

Report Writing and Post Testing Actions

• Purpose and Structure of a Penetration Testing Report
• Essential Components of a Penetration Testing Report
• Phases of a Pen Test Report Writing
• Skills to Deliver a Penetration Testing Report Effectively
• Post-Testing Actions for Organizations

Fördjupning och självstudier

Materialet innehåller även dessa moduler för självstudier:

• Penetration Testing Essential Concepts
• Mastering Metasploit Framework
• PowerShell Scripting
• Bash Environment and Scripting
• Python Environment and Scripting
• Perl Environment and Scripting
• Ruby Environment and Scripting
• Wireless Penetration Testing
• OT and SCADA Penetration Testing
• Cloud Penetration Testing
• Database Penetration Testing
• Mobile Device Penetration Testing