Module 01 Fundamentals of IT Security and Penetration Testing (Pentesting)(Allowing for the fact that you may come from different backgrounds and skill levels, this module presents the baseline knowledge needed. You will learn the fundamentals of IT security; the IT Security element (Confidentially, Integrity and Availability – CIA); the need for penetration testing; documentation; reporting; and presentation. Topics include IT Security Fundamentals; Pentesting types; Pentesting steps; and the first step in the Pentesting steps ie Footprinting/Information Gathering).
Module 02 Scanning, Attacks and Post Attacks (This module covers technique as well as proof of concept in attacking. After collecting the information of the target, we learn how to attack and post-attack behaviour. You will be given 80 percent hands on/practical to carry out various attacks/pentests and post attacks, including remotely installing a backdoor, spyware and keylogger. You will learn how to see what others cannot see. Topics include Network Scanning; Port Scanning Types; Vulnerability Scanning; Password Cracking; Server side Attacks; Client side Attacks, Evading or bypassing the firewall; and Covering your tracks).
Module 03 Application and Web Application Attacks (This session covers application attacks including how to debug a custom application, how to locate holes in applications and how to write the exploit code or script as well as attacking the most popular type of application nowadays, web applications. You will learn hands-on how to deal with web application vulnerabilities based on OWASP ( Open Source Web Application Security Project) Top 10 attacks. Topics include Buffer Overflow; Application Debugging; Writing your Own Exploit Code; Web Application Attack; SQL Injection and Simple and Blind SQL Injection; Cross Site Scripting and Local and Remote File Inclusion; Cookie Stealing; Parameter Manipulation; Directory Traversal; With or without Automatic Web Application Scanner.
Module 04 Other Attacks/PenTesting Vectors (You will discover that attacks and pentesting do not only concern application or system attacks but can also result from other IT infrastructure such as wireless attacks. You will conduct hands-on attacks at the network layer (which is now also the most dangerous type of attack), such as DHCP Attack, ARP and DNS Poisining, Sniffing or data interception, and Distributed Denial of Service (DDOS) attack.
Module 05 PenTesting Challenge/Simulation (Optional) (You will be given the task of doing a simulation exercise on a few vulnerable servers and will need to create a report and relevant documentation, which will be subject to review later).