1 / 9

Cyber security course in kerala | C|PENT | Blitz Academy

Become a skilled cyber security professional in Kerala with the comprehensive C|PENT course at Blitz Academy. Gain hands-on experience and training. Contact now!

amal64
Télécharger la présentation

Cyber security course in kerala | C|PENT | Blitz Academy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CPENT Certified PenetrationTestingProfessional MasterBest-in-Class Penetration Testing Skills to Safeguard Enterprises Against Advanced Cyber-Attacks CERTIFIEDPENETRATION TESTINGPROFESSIONAL GOBEYOND|KALI|AUTOMATEDTOOLS FLATCYBERRANGES

  2. WHATISTHEC|PENTCOURSE? A rigorous Penetration Testing program that, unlike contemporary Penetration Testing courses, teaches you how to perform an effective Penetration test across filtered networks.C|PENTisamultidisciplinarycoursewithextensivehands-ontraininginawide rangeofcrucialskills,includingadvancedWindowsattacks,InternetofThings(IoT)and OperationalTechnology(OT)systems,filterednetworkbypasstechniques,exploitwriting, singleanddoublepivoting,advancedprivilegeescalation,andbinaryexploitation. Insummary,thereisnoprogramofitskindintheworld! MINDTHEGAP Years of research indicate that the majority of Penetration Testing professionals have gaps in their skills when it comes to multiple disciplines. The metrics also prove that whenthe targetsarenotlocatedonthesameoradirectlyconnectedandreachable segment,veryfewcanperformaswellastheydowhenitisdirectandonaflatnetwork.

  3. That’swhyforthefirsttimeintheindustry,theassessment fortheCertifiedPenetrationTestingProfessional(C|PENT)is aboutmultipledisciplinesandnotjustoneortwospecialty types. Thecourseispresentedthroughanenterprisenetworkenvironmentthat mustbeattacked,exploited,evaded,anddefended. 01 EC-Council’sC|PENTassessaPenetrationTester’sskillsacrossabroad spectrumof“networkzones”. 02 WhatmakestheC|PENTdifferentistherequirementtobeprovidedavariety ofdifferentscopesofworksothatthecandidatecan“thinkontheirfeet.” 03 Theresultofthisisthattherearedifferentzonesrepresentingdifferenttypes oftesting. 04 Anyoneattemptingthetestwillhavetoperformtheirassessmentagainst thesedifferentzones. 05 TheC|PENTrange,whichis whereourPenetrationTestersgain real-worldskills,isdesignedtoprovide challenges across every level of the attackspectrum.Additionally,the rangecontainsmultiplelayersof networksegmentation,andonce access is gained in one segment, the latestpivotingtechniquesarerequired to reach the next segment. Many of thechallengeswillrequireoutside- the-boxthinkingand customization of scripts and exploits to get into the innermostsegmentsofthenetwork. The key to being a highly skilled Penetration Tester is to go up against various targets thatareconfiguredinavarietyofways.TheC|PENTconsistsofentirenetworksegments thatreplicateanenterprisenetwork—thisisnotacomputergamesimulation;thisisan accuraterepresentationofanenterprisenetworkthatwillpresentthelatestchallenges tothePenetrationTester.Sincethetargetsandtechnologycontinuetochange,the C|PENTisdynamic,andmachinesanddefenseswillbeaddedastheyareobservedin thewild.Finally,thetargetsandsegmentsareprogressiveinnature.Onceyougetinto onemachineandorsegment,thenextonewillchallengeyouevenmore.

  4. WithC|PENT,LearnNext-GenerationTechniquesand MethodologiesforHandlingReal-WorldThreatSituations Thefollowingare12reasonsthatmaketheC|PENTProgramoneofakind.Thisexceptional course can make you one of the most advanced Penetration Testers in the world. The coursehasonepurpose:Tohelpyouovercomesomeofthemostadvancedobstacles that real-world practitioners face when conducting Penetration tests. Here are some examplesofthechallengesyouwillfacewhenyouareexposedtotheC|PENTRange: ADVANCEDWINDOWSATTACKS Thiszonecontainsacompleteforestthatyoufirsthavetogainaccesstoandonce youdo, your challengeistousePowerShellandanyothermeanstoexecuteSilver andGoldTicketandKerberoasting.The machineswillbeconfigured withdefenses in place; therefore, you will have to use PowerShell bypass techniques and other advancedmethodstoscorepointswithinthezone. 1 ATTACKINGIOTSYSTEMS WiththepopularityofIOTdevices,thisisthefirstProgramthatrequiresyoutolocate the IOT device(s) then gain access to the network. Once on the network, you must identifythefirmwareoftheIOTdevice,extractitandthenreverse engineerit. 2 WRITINGEXPLOITS:ADVANCEDBINARIESEXPLOITATION ThechallengesfacedbyPenetrationTesterstodayrequirethemtousetheirownskills to find a flaw in the code. In this zone you will be required to find the flawed binaries, reverseengineerthemoncefound,andthenwriteexploitstotakecontroloftheprogram execution. The task is complicated and requires Penetration from the perimeter to gain access thendiscoverthebinaries.Oncesuccessful,youmustreverseengineerthecode. Unlikeother certifications, thiswillnot justbe a simple 32-bitcode. There willbe 32-and64-bitcodechallenges,andsomeofthecodewillbecompiledwiththebasic protectionsofnon-executablestacks. Furthermore,youmustbeabletowriteadriverprogramtoexploitthesebinaries,then discover a method to escalate privileges. This will require advanced skills in binary exploitationthatincludethelatestdebuggingconceptsandegghuntingtechniques. You are required to craft input code first to take control of program execution and secondtomapanarea in memorytogetyourshellcodetoworkandbypasssystem protections. 3

  5. BYPASSINGAFILTEREDNETWORK TheC|PENTCertificationdiffersfromtheothers.Itprovideswebzonechallenges thatexistwithinasegmentationarchitecture.Asaresult, you havetoidentify the filteringofthearchitecture,leverageittogainaccesstothewebapplicationsthat you will have to compromise, and then extract the required data to achieve points. 4 PENTESTINGOPERATIONALTECHNOLOGY(OT) Asa firstina PenetrationTesting Certification,the C|PENTcontains a zone dedicatedtoICSSCADAnetworks.Thecandidatewillhavetopenetratethemfrom the IT network side, gain access to the OT network, and once there, identify the Programmable LogicController(PLC)andthenmodifythedatato impacttheOT network. The candidate must be able to intercept the Mod Bus Communication protocolandcommunicationbetweenthePLCandothernodes. 5 ACCESSHIDDENNETWORKSWITHPIVOTING Based on studies and research, few professionals have been able to identify the rulesinplacewhentheyencounteralayerednetwork.Therefore,inthiszone,youwill havetoidentifythefilteringrulesthenpenetratethedirectnetwork,andfromthere, attemptpivotsintothehiddennetworkusingsinglepivotingmethods,butthrough afilter.Mostcertificationsdonothaveatruepivotacrossdisparatenetworksand afew,ifany,havetherequirementintoandoutofafilteringdevice. 6 DOUBLEPIVOTING Onceyouhavebravedandmasteredthechallengesofthepivot,thenextchallenge isthedoublepivot.Thisisnotsomethingthatyoucanuseatoolfor.Inmostcases, thepivothastobesetupmanually.C|PENTisthefirstcertificationintheworldthat requiresyoutoaccesshiddennetworksusingdoublepivoting. 7 PRIVILEGEESCALATION The latest methods of privilege escalation are covered as well as there will be challengesthatrequireyoutoreverseengineercodeandtakecontrolofexecution, thenbreakoutofthelimitedshellandgainroot/admin. 8 EVADINGDEFENSEMECHANISMS Thedifferentmethodsofevasionarecoveredsothatyoucantryandgetyour exploitspastthedefensesbyweaponizingthem. 9

  6. ATTACKAUTOMATIONWITHSCRIPTS Prepare for advanced Penetration Testing techniques/scripting with seven self- study appendices – Penetration Testing with Ruby, Python, PowerShell, Perl, BASH, andlearnaboutFuzzingandMetasploit. BUILDYOURARMORY:WEAPONIZEYOUREXPLOITS Carryyourowntoolsandbuildyourarmorywithyourcodingexpertiseandhackthe challengespresentedtoyouasyouwouldinreallife. 11 WRITEPROFESSIONALREPORTS Experience how a Penetration Tester can mitigate risks and validate the report presented to the client that makes an impact. The best part of it all, is that during this rigorous process, you would be carrying your own tools, building your armory with your coding expertise and hacking the challenges presented to you as you wouldinreallife. 12 10 • TARGETAUDIENCE • EthicalHackers • PenetrationTesters • NetworkServerAdministrators • FirewallAdministrators • SecurityTesters • SystemAdministratorsandRisk AssessmentProfessionals • CybersecurityForensicAnalyst • CyberthreatAnalyst • CloudSecurity • AnalystInformationSecurity Consultant • ApplicationSecurityAnalyst • CybersecurityAssuranceEngineer • SecurityOperationsCenter(SOC) Analyst • TechnicalOperationsNetwork Engineer • InformationSecurityEngineer • NetworkSecurityPenetrationTester • NetworkSecurityEngineer • InformationSecurityArchitect SUGGESTEDDURATION 5DAYS (9:00AM–5:00PM) MINIMUM TRAINING EXAM

  7. ATTAININGTHEC|PENTCERTIFICATION SINGLEEXAM,DUALCERTIFICATION? Shouldyouscoreatleast70%intheC|PENTpracticalexam,youshallattaintheC|PENTcredential. However,ifyouareoneofthefewrareexpertsontheplanet,youmaybeabletohittheminimum 90%toearntherighttobecalledaLicensedPenetrationTester(Master)! C|PENTisafullyonline,remotelyproctoredpracticalexam,whichchallengescandidatesthrough a grueling 24-hour performance-based, hands-on exam, categorized into 2 practical exams of 12-hourseach,whichwilltestyourperseveranceandfocusbyforcingyoutooutdoyourselfwith each new challenge. Candidates have the option to choose either two 12-hour exams or one 24-hourexamdependingonhowstrainingtheywouldwanttheexamtobe. Candidates whoscoremorethan90%willestablishthemselvesas the Penetration TestingMastersandattaintheprestigious LPT (Master)credential! C|PENTISRESULTSORIENTED 01 02 03 04 100%mappedwith theNICEframework. Mapstothejobrole of a Penetration Tester and security analyst, based on majorjobportals. 100%methodology- based Penetration Testingprogram. Providesstrong reportingwriting guidance. 05 06 07 08 Blended with both manual andautomated PenetrationTesting approach. Gives a real-world experiencethrough an Advanced PenetrationTesting Range. Offers standard templates that canhelpduringa Penetrationtest. Designedbasedon the most common PenetrationTesting servicesoffered bythebestservice providersinthe market.

  8. PROGRAMOUTLINE ADDITIONALSELF-STUDYMODULES A G PenetrationTestingEssentialConcepts PerlEnvironmentandScripting B H RubyEnvironmentandScripting Fuzzing C I ActiveDirectoryPenetrationTesting MasteringMetasploitFramework D J DatabasePenetrationTesting PowerShellScripting E K MobileDevicePenetrationTesting BashEnvironmentandScripting F PythonEnvironmentandScripting EC-COUNCIL’SVULNERABILITYASSESSMENTAND PENETRATIONTESTING(VAPT)LEARNINGTRACK • OUTCOMES • MasteryofPenetrationTestingskills. • Performtherepeatablemethodology. • Commitmenttothecodeofethics. • Presentanalyzedresultsthroughstructuredreports. CPENT CertifiedPenetrationTestingProfessional • OUTCOMES • Masteryofethicalhackingskills. • Usefulinreal-lifecyberattackscenarios. • OUTCOMES • Athoroughintroductiontoethicalhacking. • Exposuretothreatvectorsandcountermeasures. • OUTCOMES • Protect,detect,respond,andpredictapproach. • Vendor-neutralcertificationwithnotools/technologiesrestrictions. • Learngeneralnetworksecurityconcepts,tools,andprocedures. • Design,develop,andmaintainsecurenetworks.

  9. www.eccouncil.org

More Related