PTS: Procedures & Methodologies


The Security Analyst Series from EC-Council \| Press is comprised of five books covering a broad base of topics in advanced penetration testing and information security analysis. The content of this program is designed to expose the reader to groundbreaking methodologies in conducting thorough information security analysis, as well as advanced penetration testing techniques. Armed with the knowledge from the Security Analyst series, along with proper experience, readers will be able to perform the intensive assessments required to effectively identify and mitigate risks to the security of the organization's infrastructure. This book discusses the various penetration testing training techniques, strategies, planning, scheduling, and also frames a guideline that a penetration tester can adopt while performing a penetration test. This book also discusses the various test agreements that depict the outline of the test being performed. Become a Penetration Tester

This course will significantly benefit the security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. Duration: 2 days (9:00AM – 5:00PM) CPE/ECE Qualification: 2 ECE Credits awarded for attendance (1 for each 8 hour class day) Program Cost: $750 USD Supplement Cost (Courseware & Certificate exam Access): $75 USD Bundle Price: $799 USD Getting Started: Find Training Click HERE Corporate Trainers interested in setting up internal company training programs, click here

What’s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Related Certificates: Penetration Testing: Security Analysis Penetration Testing: Communication Media Testing Penetration Testing: Network Threat Testing Penetration Testing: Network & Perimeter Testing

Course Briefing

01 Penetration-Testing Methodologies
02 Customers and Legal Agreements
03 Duties of a Licensed Penetration Tester
04 Penetration-Testing Planning and Scheduling
05 Pre–Penetration Testing Checklist
06 Information Gathering and Social Engineering Penetration Testing
07 Vulnerability Analysis
08 External Penetration Testing
09 Internal Network Penetration Testing
10 Penetration-Testing Deliverables
11 Post-testing Actions
12 Advanced Exploits and Tools

Penetration testing goes a step ahead of vulnerability scanning in security assessment. Unlike vulnerability scanning which examines the security of individual computers, network devices, or applications, penetration testing assesses the security model of the network as a whole. This module discusses in detail about the need of penetration testing, common penetration testing techniques and frames a guideline that a penetration tester can adopt while performing a penetration test. The module discusses various penetration testing methods and strategies for penetration testing.

Various customer requirements need to be identified and the objectives of the penetration test should be developed in relevance to those requirements. “Rules of Behavior” is a test agreement that depicts the outline of the test being performed. It explains in detail the internal and external aspects surrounding the testing procedure. Before the test is performed, authorized representatives from both the parties have to sign this agreement. This module deals with various legal agreements of penetration testing, the need for penetration testing, stages of penetration testing, customer requirements, rules of behavior, and risks associated with penetration testing.

“Rules of Engagement” is the formal permission to conduct a pen-test. It provides certain rights and restriction to the test team for performing the test and helps testers to overcome legal, federal, and policy-related restrictions to use different penetration testing tools and techniques. This module discusses the Rules of Engagement (ROE), the scope of ROE, steps in framing of ROA, and the clauses in an ROE.

A penetration test plan is a part of an overall security plan and sets the ground rules for the test. The important part of the penetration test plan is to improve the test ground rules. The goal of the penetration testing is to focus on developing adequate evidence of flawlessness and to reach a security assurance level. This module explains the purpose of a test plan, building a test plan, penetration testing planning phase, test teams, testing project plan, and the various penetration testing project scheduling tools.

This module briefs the list of steps that should be taken before starting a penetration test.

This module familiarizes with details in information gathering phase such as newspaper cuttings, articles, websites, notes, papers, photos, snapshots, email messages, letters, documents, napkins with data, CD-ROMs and DVD, floppy disks, tapes, zip drives, USB disks, handwritten notes, employee signatures, employee writing style, and grammar syntax The term social engineering is used to describe the various techniques used to trick people (employees, business partners, or customers) into voluntarily giving away personal information that would not normally be known to the general public. Attackers are always looking for new ways to access information. They ensure that they know the surroundings and certain people in an organization like security guards, receptionists, and help desk workers. This module also discusses the various steps and methods for gathering information about the potential victim. It also showcases various spy gadgets that aid the attacker in gathering information.

This module familiarizes with vulnerability assessment training and types of vulnerability assessment that can be used to identify weaknesses that could be exploited and test the effectiveness of additional security measures taken to defend attacks. This module also tells how time management scheduling of a task is important and also explains in detail about various vulnerability assessment tools.

This module discusses External Intrusion Test and Analysis as a process of determining the security flaws and strengths of the client systems. It also familiarizes with various steps involved in external penetration testing and scan for default ports of various services which are vulnerable.

This module provides internal network penetration testing and various methods like port testing and vulnerability testing. It also explains sniffing with various sniffing tools.

Documentation writing plays a major role in penetration testing process. The documentation report prepared should contain the details of the final test results and recommendations to rectify the problems that might be found during the test process. This module explains the structure of the documentation report which should include-“Summary of the test execution”, “Scope of the project”, “Result analysis”, “Recommendations”, “Appendices”. It also discusses about the test reports on a network such as executive report, active report, and host report, vulnerability report, creating and writing the final report, report format, delivery and retention.

In post penetration testing, the first focus is on high-priority security worries. This module discusses how to adopt technical solutions for the originated security issues, developing strategies to achieve short-term and long-term security postures, and deciding on the required and available resources to maintain reliable information security.

This module discusses in detail the common vulnerabilities. It also tells the anatomy of an exploit and what a typical overflow is. This module explains the strengths and uses of payload generators and exploitation tools including: GDB, Metasploit, Canvas, CORE Impact M.B.S.A, NSAT, and Network Security Inspector.