Penetration And Vulnerability Testing For Auditors
This 3 day course teaches students how to detect, assess and exploit multiple vulnerabilities that can exist in our systems. Many tools and techniques are explored, including those powered by AI. Students also look at the controls that could prevent exploitation. Coding errors, software misconfigurations and weak patching processes can lead to vulnerabilities that can be exploited by an attacker to take advantage of an organization’s network. Throughout the course, students look at the most common errors that are made by vendors, administrators and users which can lead to compromise. By using vulnerability assessments and penetration testing, weaknesses can be identified and mitigated. Detection and response are critical to ensure the protection of data and intellectual property.
CPE:
21
Program Level:
Intermediate
Delivery Method:
Live
Cost :
$990 for this live 3 day course
Course Contents/Objectives
I. Introduction and Background
• Differentiating between vulnerability testing and penetration testing
• Resources for vulnerability notification
• Rules of Engagement
• Creating a vulnerability and penetration testing methodology
• Cloud-based vulnerability testing tools
II. Reconnaissance
• Sources for gathering information
• Using Whois lookups, ARIN, RIPE and APNIC
• Using DNS to gather information
• Recon-ng
• Pushpin
• Maltego – AI for OSINT Analysis
• FOCA for metadata analysis
III. Scanning
• Identifying wireless LANs
• War dialing
• Locating network hosts
• Port scanning
• SNMP probes
• Active and passive Operating System fingerprinting
• Determining firewall filtering rules
• Configuring, running, and interpreting the results of vulnerability scanners including Nikto, ZAP, NSE and others
IV. Network Attacks
• Session hijacking
• Man-in-the-middle attacks
• Passive sniffing
• ARP cache poisoning
• DNS attacks
• Denial-of-Service Attacks
• Leveraging Netcat
V. OS and Application Attacks
• Buffer overflows in-depth
• Metasploit
• XploitGPT – AI -Powered Exploit Development
VI. Password Cracking
• Password cracking, including AI assisted
• Rainbow Tables
• Password spraying
• Tools including John, Cain and Hydra
VII. Web Application Attacks
• Account harvesting
• Session Hijacking
• Injection Vulnerabilties
• Cross-Site Scripting
VIII. Maintaining Access
• Backdoors
• Rootkits
• System camouflage
• Covert channels
IX. Summary
• Conclusions
Laptop Required
Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
• 16 GB RAM or higher
• 25 GB available hard drive space
• Windows 10 professional or later (Home or similar editions will not have some of the features needed.)
• Administrator privileges including the capability to install and run tools, as well as disable anti-virus
• VMWare Player should be installed
Target Audience
• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information System Managers
• Information Technology Auditors
• Information Security Officers
• Consultants
Target Audience
Participants should be familiar with Internet technologies and commonly used Internet security controls. No other advance preparation is required.
What People Say About Us
Paige
Liby
Rhonda