How to look at your network through a hacker’s eyes… and close the doors on unauthorized penetration.
The Mandatory Q/ISP Certificate Program of Mastery Q/SA- Q/PTL Qualified/ Security Analyst Penetration Tester certification class & Q/PTL Qualified/ Penetration Tester License validation lab prepares you to learn "how to do Vulnerability Analysis" & "how to report" how compromised the network can be. You learn SU's Vulnerability Analysis & Penetration Testing process and methodology while doing "no harm". SU courses and certificate programs of mastery are designed to provide you with an immersive learning experience -- from hands-on workshops, certifications, with deep dives on a particular cyber security topic or technology. Every class is structured to give you expertise in critical areas that you can immediately put to use.
The majority of the class consists of probing target networks, gaining user-level access and demonstrating just how compromised the network can be. SU teaches you the red team skills like leaving an innocuous file on a secure part of a network as a calling card, as if to say, “This is your friendly red team. We danced past the comical precautionary measures you call security hours ago. This file isn't doing anything, but if we were anywhere near as evil as the hackers we're simulating, it might just be deleting the very secrets you were supposed to be protecting. Have a nice day!”
The Mandatory Q/SA® - Q/PTL® is the only security skills assessment certification that validates your Qualified/ Security Analyst Penetration Tester skills. There is only one way to get a Q/PTL Qualified/ Penetration License - you EARN one, not buy one.
To achieve your Mandatory Q/PTL you must perform a real penetration test the last day of class and report back a “Practical”, fully detailed management report. Your report is due to SU 60 days from the start of class. This practical shows your penetration testing skills and valids them beyond question. Nightly exercise are no walk in the park, each Q/PTL session increases in complexity and scope. The more skilled the security team becomes, the more complex the target range.
|Contact Hours:||40 hr Lecture 32 hr labs|
|Prerequisites:||Understanding of TCP/IP Protocols|
|Credits:||72 CPE / 3 CEU|
|Method of Delivery:||Residential (100% face-to-face) or Hybrid|
|Method of Evaluation:||95 % attendance 2. 100 % completion of Lab|
|Grading:||Pass = Attendance+ labs & quizzes Fail > 95% Attendance|
Sample Job Titles:
Information Assurance (IA) Operational Engineer
Information Assurance (IA) Security Officer
Information Security Analyst/Administrator
Information Security Manager
Information Security Specialist
Information Systems Security Engineer
Information Systems Security Manager
Security Control Assessor
This 72 hour accelerated class is taught using face to face modality or hybrid modality. Class includes 72 hours of contact studies, labs, reading assignments and final exam - passing the final exam is a requirement for graduation.
- Students will be able to describe potential system attacks and the actors that might perform them.
- Students will be able to describe cyber defense tools, methods and components.
- Students will be able to apply cyber defense methods to prepare a system to repel attacks.
- Students will be able to describe appropriate measures to be taken should a system compromise occur.
Systems Security Analysis - Conducts and documents the systems integration, testing, operations, maintenance, and security of an information environment. Coordinates threat and mitigation strategies across the enterprise
Text Materials: labs, SU Pen Testing Materials, resource CD’s and attack handouts.
Machines a Dual Core 18M Ram, 1TGig drives, running MS OS, linux, and VMWare Workstation
Tools for class - Whois, Google Hacking, Nslookup, Sam Spade, Traceroute, NMap, HTTrack, Superscan, Nessus, PSTool, Nbtstat, Solarwinds, Netcat, John the ripper, Nikto/Wikto, Web Scarab, HTTP Tunnel (hts.exe), LCP , Cain and Abel, Ettercap system hacking, John the Ripper Wireshark sniffers, TCP dump, D sniff, tcpdump, Metasploit, ISS exploit, web app,Core Impact, Snort, Infostego, Etherape, Firefox with plugins (Hackbar, XSSme...), ebgoat, X Wget, Cyrpto tool, 'Curl'
Who Should Attend System and Network Administrators, Security Personnel, Auditors, and Consultants concerned with network security.
- Develop tailored focused, well defined rules of engagement for penetration testing projects- conducted in a safe manner
- Conduct reconnaissance using metadata, search engines, & public information to understand the target environment
- Utilize a scanning tool such as Nmap to conduct comprehensive network sweeps, port scans, OS finger- printing, and version scanning to develop a map of target environments
- Learn how to properly execute Nmap, and sripts to extract information from target systems
- Configure and launch a vulnerability scanners, like Nessus, Metaspolit, to discovery vulnerabilities in un/authenticated and scans safely, and customize the output from such tools to represent the business risk to the organization
- Analyze the output of scanning tools to manually verify findings and perform false positive reduction using connection-making tools such as Netcat and packet crafting tools such as Scapy
- Utilize the Windows and Linux command likes to plunder target systems for vital information that can further the overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
- Configure an exploitation tool such as Metasploit to scan, exploit, and then pivot through a target environment
- Conduct comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional pass- word cracking, rainbow table password cracking, and pass-the-hash attacks
- Utilize wireless attack tools for Wifi networks to discover access points and clients (actively and passively), crack WEP/WPA/WPA2 keys, and exploit client machines included within a projects scope
- Launch web application vulnerability scanners such as ZAP and then manually exploit Cross-Site Request Forgery, Cross-Site Scripting, Command Injection, and risk faced by an organization.
Lesson Plan Lesson I 20 hr Lecture 30 hr labs
Penetration concepts you will master during this hands on class
- Attacking network infrastructure devices
- Hacking by brute forcing remotely
- Security testing methodologies
- Security exploit testing with IMPACT from Core Security
- Stealthy network recon
- Remote root vulnerability exploitation
- Multi-OS banner grabbing
- Privilege escalation hacking
- Unauthorized data extraction
- Breaking IP-based ACLs via spoofing
- Evidence removal and anti-forensics
- Hacking Web Applications
- Breaking into databases with SQL Injection
- Cross Site Scripting hacking
- Remote access trojan hacking
- Offensive sniffing
- Justifying a penetration test to management and customers
- Defensive techniques
Expectations Your are expected to complete the hands-on lab exercises -
- Capture the Flag hacking exercises
- Abusing DNS for host identification
- Leaking system information from Unix and Windows
- Stealthy Recon
- Unix, Windows and Cisco password cracking
- Data mining authentication information from
- Remote sniffing
- Malicious event log editing
- Harvesting web application data
- Data retrieval with SQL Injection Hacking
10 years ago SU started training security professionals with the very best penetration step by step process and methodology class, SU is still the leader in security Analysis & Penetration Testing Certifications in the industry. SU Q/SA® class is CNSS-approved. Now you can take the same Penetration Testing process and methodology class that trains the US Air Force, Army, Navy and Marines trained to defend military networks. Your class is taught by SSME (Security Subject Matter Experts) who know the "Art of Penetration Testing & Hacking". You'll gain serious tactical security skills that will set you apart from your peers. "This is an class, the instructor was excellent & very knowledgeable. I feel that I am leaving this course a much better Security Specialist. Wilson DHS"
Appendix I,II,III - Packet Filtering, IDS Log Analysis, Vulnerability, Log Analysis, IPS & IDS correlation, IDS & IPD countermeasures, Wireless Security, Software Security, Network Security, Event Correlation, Threat Mgt, Security Polices, Virus Malware, Code Review, Reverse Engineering, COOP, Incident Response, C&A
Compliance requirements aside, penetration testing is an absolutely critical aspect of any security class. Actors test every company's defenses every day.
Lesson Plan Lesson I 4 hr Lecture 5 hr labs
1. Gather the Data
A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.
Lesson Plan Lesson 2
4 hr Lecture 5 hr labs
2. Penetrate the Network
How hackers get past the security and into the data.
- Non-intrusive target search
- Intrusive target search
- Data analysis
Lesson Plan Lesson 2-3
4 hr Lecture 5 hr labs
3. Network Discovery Tools and Techniques: Hands-On Exercises
- Discovery/profiling objectives
- Locating Internet connections
- Host-locating techniques: manual and automated
- Operating system footprinting
- Evaluating Windows and Unix-based network discovery software tools
- Evaluating Windows and Unix-based application scanning software tools
- Review Step-by-step process of each scanning and profiling tool
- Directory services: DNS, DHCP, BOOTP, NIS
- Look-up services: finger, whois, search engines
- Remote sessions: telnet, "r" commands, X-Windows
- File sharing and messaging: FTP, TFTP, World Wide Web
- Windows Server Message Block (SMB), Network File
- Systems (NFS), and E-mail
- Sample exploits using common TCP/IP and NetBIOS utility software
Lesson Plan Lesson 4
3 hr Lecture 4 hr labs
4. Analyze the Results
Tips and techniques for effective, actionable penetration test analysis.
- Identifying network services
- Pinpointing vulnerabilities
- Demonstrating risks
- Reviewing reports and screens from prominent discovery/profiling tools
- Analyzing current configuration
3 hr Lecture 2 hr labs
5. Real World Scenarios
- Abusive E-mail
- Web defacement
- Trojan Horse
Lesson Plan Lesson 5
1 hr Lecture 9 hr labs
6. Write the Report
- How to combine methodology results
- How to prioritized results that generate management attention and buy-in
- How to provides clear, workable action items.
- Building and maintaining a target list
- Running PGP (Pretty Good Privacy)
- Conducting multiple non-intrusive and intrusive target searches
- Tools and techniques for testing for Web site vulnerabilities
- Probing and attacking network firewalls
- Performing multiple remote target assessment
- Performing multiple host assessment
- Writing up the final report
- 50 Question Online Exam 1PM - 3 Hr Q/PTL Penetration Test 2-5pn 1 hr gather data 6pm
Grades -All students must ordinarily take all quizzes, labs, final exam and submit the class practical in order to be eligible for a Q/ISP, Q/IAP, Q/SSE, or Q/WP credential unless granted an exception in writing by the President. Know that Q/ISP classes draws quite the spectrum of students, including "those less comfortable," "those more comfortable," and those somewhere in between.
Books - No books are required for this course. However, you may want to supplement your preparation for or review of some lectures with self-assigned readings relevant to those lectures' content from either of the books below. The first is intended for those inexperienced in (or less comfortable with the idea of) hacking. The second is intended for those experienced in (or more comfortable with the idea of) hacking. Both are available at sites like Amazon.com. Both are avail at the SU Hacker Library. Realize that free, if not superior, resources can be found on the SU website.
Those Less Comfortable - Hacking for Dummies, Kevin Beaver - Publication Date: January 29, 2013 | ISBN-10: 1118380932 | Edition: 4
For Those More Comfortable The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy by Patrick Ngebretson (Jun 24, 2013)
The book below is recommended for those interested in understanding how their own computers work for personal edification
How Computers Work, Ninth Edition Ron White Que Publishing, 2007 ISBN 0-7897-3613-6
This last book below is recommended for aspiring hackers, those interested in programming techniques and low-level optimization of code for applications beyond the scope of this course. Hacker’s Delight, Second Edition Henry S. Warren Jr. Addison-Wesley, 2012 ISBN 0-321-84268-5