Description

Day 1

Appendix A: Soft Skills and Assessment Management
Module 1: Engagement Lifecycle (A1)
Module 2: Law and Compliance (A2)
Module 3: Scoping (A3)
Module 4: Understanding, Explaining and Managing Risk (A4)
Module 5: Record Keeping, Interim Reporting and Final Results (A5)
Appendix A Quiz

Appendix B: Core Technical Skills
Module 1: IP Protocols (B1)
Module 2: Network Architectures (B2)
Module 3: Network Mapping and Target Identification (B4)
Guided Exercise: Network Mapping and Target Identification (B4) (CRT)
Guided Exercise: Interpreting Tool Output (B5) (CRT)
Module 4: Filtering Avoidance Techniques (B6)
Module 5: OS Fingerprinting (B8)
Guided Exercise: OS Fingerprinting (B8) (CRT)
Guided Exercise: Application Fingerprinting and Evaluating Unknown Services (B9) (CRT)
Module 6: Cryptography (B11)
Module 7: Applications of Cryptography (B12)
Module 8: File System Permissions (B13)
Guided Exercise: File System Permissions  (B13) (CRT)
Module 9: Audit Techniques (B14)
Appendix B Quiz

Day 2

Appendix C: Background Information Gathering & Open Source
Module 1: Registration Records (C1)
Module 2: Domain Name Server (DNS) (C2)
Guided Exercise: Domain Name Server (DNS) (C2) (CRT)
Module 3: Google Hacking and Web Enumeration (C4)
Module 4: Information Leakage from Mail Headers (C6)
Appendix C Quiz

Appendix D: Networking Equipment
Module 1: Management Protocols (D1)
Guided Exercise: Management Protocols (D1) (CRT)
Module 2: Network Traffic Analysis (D2)
Module 2: Network Traffic Analysis (D2)
Module 4: IPsec (D4)
Module 5: VoIP (D5)
Module 6: Wireless (D6)
Module 7: Configuration Analysis (D7)
Appendix D Quiz

Day 3

Appendix E: Microsoft Windows Security Assessment
Module 1: Domain Reconnaissance (E1)
Guided Exercise: Domain Reconnaissance and Active Directory (E1 & E3) (CRT)
Module 2: User Enumeration (E2)
Guided Exercise: User Enumeration (E2) (CRT)
Module 3: Active Directory (E3)
Module 4: Windows Passwords (E4)
Module 5: Windows Vulnerabilities (E5)
Guided Exercise: Windows Vulnerabilities and Common Windows Applications (E5 & E9) (CRT)
Module 6: Windows Patch Management Strategies (E6)
Module 7: Desktop Lockdown (E7)
Module 8: Exchange (E8)
Module 9: Common Windows Applications (E9)
Appendix E Quiz

Appendix F: Unix Security Assessment
Module 1: User Enumeration (F1)
Guided Exercise: User Enumeration (F1) (CRT)
Module 2: UNIX/Linux Vulnerabilities (F2)
Guided Exercise: Unix Vulnerabilities (F2) (CRT)
Module 3: FTP (F3)
Guided Exercise: FTP (F3) (CRT)
Module 4: Sendmail/SMTP (F4)
Guided Exercise: Sendmail/SMTP (F4) (CRT)
Module 5: Network File System (NFS) (F5)
Guided Exercise: Network File System (NFS) (F5) (CRT)
Module 6: R-Services (F6)
Guided Exercise: R-Services (F6) (CRT)
Module 7: X11 (F7)
Guided Exercise: X11 (F7) (CRT)
Module 8: RPC Services (F8)
Guided Exercise: RPC Services (F8) (CRT)
Module 9: SSH (F9)
Guided Exercise: SSH (F9) (CRT)
Appendix F Quiz

Day 4

Appendix G: Web Technologies
Module 1: Web Server Operation & Web Servers and Their Flaws (G1 & G2)
Guided Exercise: Web Server Operation (G1) (CRT)
Guided Exercise: Web Servers & Their Flaws (G2) (CRT)
Module 2: Web Enterprise Architectures (G3)
Module 3: Web Protocols (G4)
Guided Exercise: Web Protocols (G4) (CRT)
Module 4: Web Markup Languages (G5)
Module 5: Web Programming Languages (G6)
Module 6: Web Application Servers (G7)
Guided Exercise: Web Application Servers (G7) (CRT)
Module 7: Web APIs (G8)
Module 8: Web Sub-Components (G9)
Appendix G Quiz

Appendix H: Web Testing Methodologies
Web Application Reconnaissance (H1)
Threat Modelling and Attack Vectors (H2)
Information Gathering from Web Mark-up (H3)
Authentication Mechanisms (H4)
Authorisation Mechanisms (H5)
Input Validation (H6)
Information Disclosure in Error Messages (H8)
Use of Cross Site Scripting (XSS) (H9)
Use of Injection Attacks (H1)
Session Handling (H11)
Encryption (H12)
Source Code Review (H13)
Appendix H Quiz

Day 5

Appendix I: Web Testing Techniques
Guided Exercise: Web Site Structure Discovery (I1) (CRT)
Guided Exercise: Cross Site Scripting Attacks (I2) (CRT)
Guided Exercise: SQL Injection (I3) (CRT)
Guided Exercise: Parameter Manipulation (I6) (CRT)
SQL Injection (I3)

Appendix J: Databases
Module 1: Databases
Module 2: Microsoft SQL Server (J1)
Guided Exercise: Microsoft SQL Server (J1) (CRT)
Module 3: Oracle RDBMS (J2)
Guided Exercise: Oracle RDBMS (J2) (CRT)
Module 4: MySQL (J3)
Guided Exercise: MySQL (J3) (CRT)
Appendix J Quiz

CPSA Mock Exam
CRT Mock Exam

Accreditation

Audience Profile

• Penetration Tester
• Ethical hackers
• Red Team members
• Vulnerability Tester
• Security Analyst
• Vulnerability Assessment Analyst
• Network Security Operations

Exam Information

Exam Vouchers included (CPSA and CRT)