7Safe Certified Security Testing Associate Training (CSTA)

Introduction:

CSTA takes delegates on a journey through the various stages of a hacking attack, or equally a penetration test, from initial information discovery and target scanning through to exploitation, privilege escalation and retaining access. In this course, practical exercises reinforce theory with each delegate having access to a Windows 2008 domain (server and workstation) along with a Linux server. Although the course demonstrates current hacking techniques, this is always done with defense in mind and countermeasures are discussed throughout.

REQUEST A QUOTE

Customize It

With onsite Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don’t incur travel costs and students won’t be away from home. Onsite classes can also be tailored to meet your needs. You might shorten a 5-day class into a 3-day class, or combine portions of several related courses into a single course, or have the instructor vary the emphasis of topics depending on your staff’s and site’s requirements.

7Safe Certified Security Testing Associate Training (CSTA) Related Courses

Duration: 4 days

Objectives:

After completing this course, attendees will be able to:

• How to use the tools, techniques and methodologies employed by hackers, in 7Safe’s purpose-built lab environment
• How hackers collect information about an organisation prior to an attack
• Measures to secure and protect information against hacker attacks

Course Content:

Introduction
• Motivations Behind Hacking
• The Hacking Scene
• Methodology

Networking Refresher
• Sniffing Traffic

Information Discovery
• Useful Information
• Sources: websites, metadata, search engines, DNS, social engineering

Target Scanning
• Host Discovery
• Port Scanning Techniques
• Banner Grabbing

Vulnerability Assessment
• Causes of Vulnerabilities
• Classic Buffer Overflow
• Vulnerability Tracking
• Scanning
• Client-Side Vulnerabilities

Attacking Windows
• Windows Enumeration
• Metasploit
•Client-side exploits

Privilege Escalation
• Local Information Gathering
• Metasploit’s Meterperter
• Keyloggers
• Password Storage
• Password Extraction
• Password Cracking Techniques
• Cached Domain Credentials
• Windows Network
• Authentication
• Access Tokens
• Pass the Hash

Attacking Linux
• Exploitation
• Web Shells
• Pivoting the Attack
• Online Password Cracking
• ARP Poisoning Man in the Middle

Privilege Escalation Linux
• Standard Streams
• Privilege Escalation by Exploit
• Commercial Penetration
• Testing Tools
• Password Storage
• Password Cracking
• Permission Errors
• Sudo
• SUID
• Flawed Shell Scripts

Retaining Access
• Backdoors
• Trojan Horses
• Delivery Mechanisms
• Botnets
• Bypassing Client-Side Security

Covering Tracks
• Hiding Backdoors
• Simple Obfuscation
• Rootkits
• Anti-Forensics
• Log Manipulation
• Connection Laundering

Conclusions

REQUEST A QUOTE

No Comments Yet.

Leave a comment