Penetration Testing Professional (PTP)
The Penetration Testing Professional (PTP) course is the most practical and comprehensive course on Penetration Testing. An online, self-paced training course built with the goal of creating knowledgeable IT security professionals.
It builds strong foundations by giving theoretical lessons enforced with practical exercises held in the most sophisticated virtual lab environment in the world.
At the end of the training course, the student will be challenged with a real-world exam environment, where he/she must produce a commercial-grade penetration testing report that correctly identifies the weaknesses in this “engagement.”
The training course is totally self-paced with interactive slides and video material that students can access online without any limitation. Students have lifetime access to the training material.
Students can study from home, office, or wherever an internet connection is available. It is always possible to resume studying from the last slide or video accessed.
The PTP course is integrated with Hera Lab: the most sophisticated virtual lab in IT Security. A minimum amount of 60 hours is advised. For more intensive use, 120 hours may be necessary. Hera Lab provides on-demand vulnerable infrastructures, where a student can practice every topic seen in the course in a dedicated and isolated environment.
All modules come in slides (HTML5), plus video format and PDFs. Modules can be accessed from within the eLearnSecurity Members Area.
Labs are also referenced within the slides in order to suggest the correct learning path to follow.
- HQ video training material
- Interactive slides
- Hands-on challenges in our industry-leading virtual labs
TARGET AUDIENCE AND PREREQUISITES
The PTP training course benefits those looking to move into a career as a professional penetration tester or IT Security personnel whose job is dependent on their ability to defend their organization.
This course allows organizations of all sizes to assess and mitigate the risk at which their infrastructure and web applications are exposed by building strong, practical in house skills.
Penetration testing companies can train their teams with a comprehensive and practical training course without having to deploy internal labs that are often outdated and not backed by solid theoretical material.
The student willing to enroll in the course must possess a solid understanding of operating systems, web applications and web application security models.
No programming skills are required. However, a basic understanding of networks, internet protocols, IT security issues, and penetration testing concepts, as well as the ability to read and understand code will greatly reduce the learning curve of a student
THIS TRAINING COURSE IS FOR…
The target audience of this course are:
- Penetration Testers
- IT Security Professionals
- Network security engineers
- IT Personnel
ORGANIZATION OF CONTENTS
The System Security section will provide you with a thorough understanding of x86
Architecture and its weaknesses.
- Module 1: Architecture Fundamentals
- Module 2: Assembler Debuggers and Tool Arsenal
- Module 3: Buffer Overflow
- Module 4: Shellcoding
- Module 5: Cryptography and Password Cracking
- Module 6: Malware
The Network Security section will cover security testing methodology, techniques, and tools for networked PC and devices.
- Module 1: Information Gathering
- Module 2: Scanning
- Module 3: Enumeration
- Module 4: Sniffing and MITM Attacks
- Module 5: Vulnerability Assessment & Exploitation
- Module 6: Post-Exploitation
- Module 7: Anonymity
- Module 8: Social Engineering
POWERSHELL FOR PENTESTERS SECTION
PowerShell is a powerful built-in shell and scripting environment we can utilize as penetration testers considering its wide-spread availability on all modern Windows based systems. The use of PowerShell allows us to take advantage of the “living-off the-land” concept, where using tools that are built-in to the Operating System work to our advantage once we’ve obtained access to a system.
While studying the PowerShell for Pentesters section, you will come across the following topics:
- Module 1: Introduction
- Module 2: Powershell Fundamentals
- Module 3: Offensive Powershell
LINUX EXPLOITATION SECTION
Linux and other variants of UNIX make up a very large segment of the overall internet infrastructure (including Critical Infrastructure), not to mention the exponentially expanding “Internet of Things” ecosystem of whose devices are mostly dependent on some form of *NIX or another. Those facts make Linux an increasingly popular target.
While studying the Linux Exploitation section, you will come across the following topics:
- Module 1: Introduction
- Module 2: Information Gathering
- Module 3: Exploitation Over the Network
- Module 4: Post Exploitation
WEB APPLICATION SECURITY
Today’s penetration testers must master web application attack techniques; this labintensive section will teach the student how to conduct a thorough Penetration test against web applications.
- Module 1: Introduction
- Module 2: Information Gathering
- Module 3: Cross-Site Scripting
- Module 4: SQL Injection
- Module 5: Other Common Web Attacks
WI-FI SECURITY SECTION
The Wi-Fi Security section is an extremely in-depth section covering the most important attack techniques used against Wi-Fi networks. The student will learn the security mechanisms implemented in Wi-Fi architectures as well as their weaknesses and how to exploit them.
- Module 1: Prerequisites
- Module 2: Environment Setup
- Module 3: Wireless Standards and Networks
- Module 4: Discover Wi-Fi Networks
- Module 5: Traffic Analysis
- Module 6: Attacking Wi-Fi Networks
- Module 7: Wi-Fi as Attack Vector
RUBY FOR PENTESTERS AND METASPLOIT SECTION
The Ruby for Pentesters and Metasploit section covers Ruby programming from the very basics to advanced techniques, in addition to penetration testing topics. This section also covers topics such as exploiting vulnerable applications with Ruby, as well as creating and editing Metasploit modules.
- Module 1: Ruby Basic: Installation and Fundamentals
- Module 2: Ruby Basic: Control Structures
- Module 3: Ruby Basic: Methods, Variables, and Scope
- Module 4: Ruby Advanced: Classes, Modules, and Exceptions
- Module 5: Ruby Advanced: Pentester Prerequisites
- Module 6: Ruby for Pentesters: Input / Output
- Module 7: Ruby for Pentesters: Network and OS interaction
- Module 8: Ruby for Pentesters: The Web
- Module 9: Ruby for Pentesters: Exploitation with Ruby
- Module 10: Ruby for Pentesters: Metasploit
Penetration Testing Professional (PTP) is the most practical training course on the Penetration testing. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience. Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform. Students can access Hera Lab from anywhere through VPN.
Modules will be accompanied by many hands-on labs.
- Lab 1: System Security
- Lab 2: Information Gathering
- Lab 3: Scanning
- Lab 4: VA and Exploitation
- Lab 5: Post-Exploitation
- Lab 6: Blind Penetration Test
- Lab 7: Nessus
- Lab 8: Cain and Abel
- Lab 9: NetBIOS Hacking
- Lab 10: Poisoning and Sniffing
- Lab 11: NBT-NS Poisoning and Exploitation with Responder
- Lab 12: Client-Side Exploitation
- Lab 13: DNS and SMB Relay Attack
- Lab 14: SNMP Analysis
- Lab 15: Privilege Escalation
- Lab 16: Privilege Escalation Via Services
- Lab 17: Finding and Exploiting DLL Hijacking Vulnerabilities
- Lab 18: Bypassing AV
- Lab 19: Leveraging PowerShell During Exploitation
- Lab 20: PowerShell for Post-exploitation and Lateral Movement
- Lab 21: Linux Exploitation – Remote Enumeration
- Lab 22: Linux Exploitation – Local Enumeration
- Lab 23: Linux Exploitation – Remote Exploitation and Post-Exploitation
- Lab 24: Linux Exploitation – Lateral Movement
- Lab 25: Ruby
- Lab 26: Exploitation with Ruby
- Lab 27: From XSS to Domain Admin
- Lab 28: ICMP Redirect Attack
- Lab 29: WebApp Labs – Introduction
- Lab 30: WebApp Labs – Web Application Attacks
Here are some of the ways eLearnSecurity Certified Professional Penetration Tester (v2) certification is different from conventional certification:
- Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a corporate network. This penetration test is modeled after a real-world scenario.
- Not only do you have to try different methodologies to conduct a thorough penetration test, you will also be asked to write a complete report as part of your evaluation. These are the same kinds of reports that will make you a valuable asset in the corporate sector.
- Only individuals who provide proof of their findings in addition to writing a commercial-grade penetration testing report that correctly identifies the weaknesses in this “engagement” are awarded the eCPPT Certification.
By obtaining the eCPPT, your skills in the following areas will be assessed and certified:
- Penetration testing processes and methodologies, against Windows and Linux targets
- Vulnerability Assessment of Networks
- Vulnerability Assessment of Web Applications
- Advanced Exploitation with Metasploit
- Performing Attacks in Pivoting
- Web application Manual exploitation
- Information Gathering and Reconnaissance
- Scanning and Profiling the target
- Privilege escalation and Persistence
- Exploit Development
- Advanced Reporting skills and Remediation
The candidate will be provided with a real-world engagement within the renowned Hera Lab: the virtual labs in VPN powered by cutting edge virtualization technology where thousands of penetration testers worldwide already practice different kinds of penetration testing techniques against real targets. Once valid credentials have been provided for the certification platform, the candidate will be able to perform the tests from the comfort of their home or office. An Internet connection and VPN software is necessary to carry out the exam.
eLearnSecurity’s eCPPTv2 is the only certification for Penetration testers that evaluates your abilities at attacking your target and providing thorough professional documentation and recommendation.
The Certification Process
- Obtain a voucherWhether you are attempting the ECPPT certification exam on your own or after having attended one of our approved training courses, you will need to obtain a voucher before you can start your certification process. Please note that the Penetration Testing course Professional includes a free voucher in all plans.Once you obtain the voucher you will receive login credentials to our Certification area where you will manage the exam, the VPN credentials and anything related to the certification process from the beginning up to the shipment of your certificate.
- Begin the certification processRegular vouchers expire after 180 days from purchase.
Infinity vouchers do not expire.
Before the certification expires, you will have to begin the certification process by clicking on the “Begin certification process”. The expiration date will always be available in your certification area and reminder emails are sent to make sure you take advantage of the voucher.
- Perform your testsAs soon as you click on the “Begin certification process” button you will receive an email with instructions regarding the scope of the engagement.This letter will contain exactly what you should test and how. At this point, you will start your penetration test against the designated targets, take note of your findings and start creating your report.The exam network will always be available 24/7 for 7 days and dedicated to you.
At any time you will be the only one on the network and will be able to reset the scenario should you damage it during your tests.
You can also pause the lab and resume from where you left off by simply clicking Start/Stop buttons in the Certification area as you would do with any other Hera Lab scenario.
- Upload your reportOnce you have performed a comprehensive penetration test it’s time to finalize your report.This should be a commercial-grade report proving all of your findings and providing remediation steps for your client.When ready and not after 14 days from the beginning of the certification process (step 2), you will upload your report in PDF format for review.
- Obtain your resultsOne of our instructors will carefully review your report and if your findings and the quality of the report is deemed sufficient to pass the exam, you will become an ECPPT.Should you fail the first attempt, the instructor will provide you with valuable feedback.Armed with this information you will have a free retake to be used within 7 days to upload a new report.The retake 7 days will begin from the moment you review the examiner’s feedback. During this period the exam lab network will be re-opened for further tests. In any case a new report should be uploaded no later than 14 days from the date you receive the first attempt results by email.
Once you pass the exam you will find the digital certificate immediately downloadable and verifiable.
- Lectures 0
- Quizzes 0
- Duration 120 hours
- Skill level All levels
- Language English
- Students 0
- Assessments Yes