Pentesting High Security Environments

Joseph McCray


Register Now // july 26 - 27


USA 2010 Weekday Training Session //July 26 - 27


Overview:

This course will focus on penetration testing techniques that can be used when testing highly secured environments. If you are tired of attacking unpatched Windows 2000 Servers in your hacking courses and want to take a course where you will be attacking new Operating Systems/Applications that are patched, locked down, and protected with an IDS/IPS then this is the course for you.

The first day of the course starts with attacking heavily protected environments from the outside and dealing with Network-Based IDS/IPS. Next is attacking web applications and dealing with Load Balancing, common application security measures in PHP/ASP.NET, and Web Application Firewalls.

The second day covers attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs, and Host-Based IDS/IPS. The last section of the course covers gaining control of Active Directory.

syllabus:

  • Advanced Scanning
  • Stealth Scanning
  • Attacking From the Web
  • Client-Side Pentesting
  • Attacking From the LAN
  • Breaking out of Restricted Environments
  • Bypassing Network-Based IDS/IPS
  • Privilege Escalation
  • Post-Exploitation

Prerequisites:

Students that are Network/System Administrators with three (3) or more years experience working in environments such as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course. It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips and tricks that will help them better attack high security environments.

Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.

  • Basic Windows administration for servers and workstations
  • Basic Linux/*NIX system administration skill
  • Basic command line proficiency on both Windows and *NIX systems

Students should be familiar with the following web technologies and languages:

  • HTTP
  • HTML
  • Javascript
  • ASP
  • PHP
  • SQL

Students should be familiar with Metasploit, and VMWare.

What to bring:

Each student must bring his/her own laptop with a DVD player running Windows XP/Vista or a recent Linux distribution such as:

  • Fedora
  • RHEL
  • Gentoo
  • Ubuntu

Software packages that should be install prior to class are:

  • Metasploit: www.metasploit.com
  • Nmap: nmap.org/download.html
  • Nessus: http://nessus.org/ (Personal Feed)
  • VMPlayer: www.vmware.com/products/player/

or

  • VMServer (1.0.9 for WinXP and 2.0.x for Vista)
    http://downloads.vmware.com/d/info/datacenter_downloads/vmware_server/1_0
    http://downloads.vmware.com/d/info/datacenter_downloads/vmware_server/2_0

Windows Specific Tool:

  • PSTools: technet.microsoft.com/en-us/sysinternals/bb896649.aspx

Linux Specific Tool:

  • Winexe: http://eol.ovh.org/winexe/

What you get:

DVD with software utilized in this course

Trainer:

Joseph McCray has 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, incident response, and forensics in both the DoD community and the private sector.

Joe is also a frequent presenter at security conferences such as Def Con, ToorCon, BruCON, TechnoSecurity, TechnoForensics, and currently works as a security consultant/trainer both national and internationally with a focus on high security environments.


Super Early:
Ends Apr 1

Early:
Ends May 15

Regular:
Ends Jun 15

Late:
Ends Jul 23

Onsite:

$1800

$2000

$2200

$2400

$2700