EC-Council Conference & Events
Advanced Penetration Testing (CAST 611) Attacking Hardened Defense Systems
|A 3 day highly intensive and technical program that focuses on attacking and defending highly secured environments. Here you will have the opportunity to learn and apply methods of attacking new operating systems such as Windows Vista, Windows 7, Windows Server 2008, and the latest Linux servers.|
Advanced Penetration Testing training
provides penetration testers the training needed to perform advanced pen testing against known or unknown applications, services, and network systems which are patched and hardened with both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) in place. The learning curve for this program is extremely steep, but the rewards are astronomical where students are presented with the opportunity of learning what it REALLY takes to hack into some of the most secure networks and applications in the world.
Views shared will include what it REALLY takes to hack and then defend some of the most secured networks and applications around today under the guidance and support of a world renowned expert in Advanced Pen Testing.
| ||Joe McCray has over 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance. Having performed hundreds of penetration tests assessing well over 250,000 hosts in the DoD, Federal, Financial, Gaming, Retail, and Hospitality industries – Joe’s specialty is pentesting high security environments, and bypassing high end security systems.|
Joe is a US Air Force veteran with 5 years of US Army contracting experience in information assurance (specifically Information Assurance Network Engineering, Incident Response, Forensics, Vulnerability Assessments, and Penetration Testing). He is well versed in cyber war, cyber terrorism tactics having spent 2 years in Iraq and 1 year at US Army NetCom. He now gives advanced hacking and forensics training to the FBI, NSA, DHS, Royal Canadian Mounties, and several other entities. Joe is also a frequent trainer and presenter at security conferences such as Black Hat, Def Con, BruCON, Hacker Halted, Techno Security, Techno Forensics, and many others.
Joe was awarded the EC-Council Instructor of the Year award for 2010, and a Circle of Excellence (Instructor) recipient for 2009.
Students completing this course will gain in-depth knowledge in the following areas:
Advanced Scanning methods
Attacking from the Web
Client Side Pen-testing
Attacking from the LAN
Breaking out of Restricted Environments
Bypassing Network-Based IDS/IPS
|Module 1: Advanced Scanning|
- Bypassing Network Filtering
- Stealth Scanning
- Bypassing IDS/IPS
|Module 2: Attacking From the Web|
- XSS to command-shell
- SQL Injection to command-shell
- File Handling to command-shell
- File Upload to command-shell
- RFI to command-shell
- LFI to command-shell
|Module 3: Client-Side Pentesting|
- Bypassing Antivirus
- Packing Binaries
- Modifying Binaries with OllyDBG
- Writing Custom Trojans
- Email Collection
- Pivoting into the LAN
Module 4: Attacking From the LAN
- USB Hacksaw/USB Switchblade
- Bypassing Port Security
- Bypassing NAC Solutions
|Module 5: Breaking out of Restricted Environments|
- Citrix in Kiosk Mode
- Restricted Desktops
- Group Policy Object Restricted Applications
|Module 6: Bypassing Network-Based IDS/IPS|
- Enumerating the network
- Defeating IDS/IPS Signatures
|Module 7: Privilege Escalation|
- Privilege Escalation in Windows XP
- Privilege Escalation in Windows Vista
|Module 8: Post-Exploitation|
- Remote Command Execution
- Automating Tasks
- Enabling RDP/VNC
How will this course benefit you?
Understanding what it REALLY takes to break into a highly secured organization from the outside
Reviewing proven methods on how to move around the network without being detected by IDS/IPS
Appreciating best practices that are applied for mitigating or circumventing common security implementations such as Locked Down desktops, GPOs, IDSs/IPSs/WAFs, among others
Having an in depth know-how on Pen-testing “High Security environments” such as government agencies, financial institutions, and other key installations
CAST On-site provides personalised Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service.
CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.
Key features of CAST On-site:
Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
Each individual client receives the required high level of training that is benchmarked to international best practise and standards
Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them
Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance
We at CAST would like to hear from you
if you have questions, comments or feedback for us, please send us a message using the from below or email us at email@example.com
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!