This course is already delivered, please contact us for the next available session tel:+357 22 44 14 92
Overview:
The course introduces delegates to commercial penetration testing software and exploitation frameworks commonly used by professionals to optimise the penetration testing process. Delegates also explore the exploitation and security auditing of web applications. Web application vulnerabilities can pose serious problems to an organisation’s security. Many do not realise how much control an attacker can gain over an entire corporate network via a simple flaw in the security of a public facing web application
Who Should Attend:
Those responsible for the security of IT systems, including (but not limited to): System/Network Administrators, Crime Prevention & Protection Offices, Auditors, Security Officers, Information Security Professionals & Penetration Testers.
At Course Completion:
•How to use professional penetration testing tools and frameworks
•How to exploit Windows Server 2003 vulnerabilities
•How to exploit flaws in SQL databases
•How to gain GUI based access to a compromised machine
•The implications of flawed web application security
•How web users are at threat
Outline:
Advanced infrastructure penetration testing
•Use professional penetration testing tools to audit compromise system security
•Use Nikto web server scanner & Nessus 3
•Elevate command-line access to GUI access
•Learn stealthy techniques to silently upload and deploy hacker tools
•Remote registry hacking & silent RAT installation
•Understand the Metasploit Framework
•Learn to use Core Impact for remote & client side attacks
•Transferring hacker tools using TFTP Server
Hacking Web applications
•Find & assess weakness in PHP & ASP.NET web applications
•Learn how you can use SQL injection to bypass authentication & reveal confidential information
•Gain SYSTEM level access to a web server hosting a poorly secured web application Attacks against Red Hat and Windows 2003 systems
•Exploit database vulnerabilities • including MS SQL server & MySQL
•Employ web application specific vulnerability scanners to rapidly map out weaknesses in web applications
•Practical injection techniques used to glean,manipulate & corrupt data
•Force web applications to malfunction using HTTP request & response modification
•Launch attacks using an HTTP proxy
•Elevate attacks using extended stored procedures
Client side attacks
•Discover the potential severity of the often underestimated XSS vulnerability
•Common browser & e-mail client hacking techniques used to access Internet users
•Attack a Windows XP Workstation
•Perpetrate attacks by e-mail spoofing/social engineering
•Use HTTP session hijacking to compromise a users online identity
•Use XSS with cookie theft to steal confidential information
•Compromise an end-users machine using modern exploits
•Launch a dictionary attack