Description
This training prepares you for the PECB Lead Ethical Hacker certification.
You acquire the knowledge and skills necessary to plan and carry out internal and external pentests, in compliance with different standards (PTES, OSSTMM) as well as the drafting of reports and countermeasure proposals.
Who is this training for ?
For whom ?
Managers, security architects.
System and network technicians and administrators.
Prerequisites
Training objectives
Training program
- Introduction
- Panorama and highlights (WannaCry, NotPetya, Facebook)
- Security components (CID)
- Pentest types and repositories: BlackBox / GreyBox / White / RedBlue Team - PTES , OSSTM (OWASP)
- The attacker cycle
- The toolkit and environment: Kali (Kali site and system ), study of the environment, conservation of results (Use of keepnote or equivalent)
- Intelligence Gathering
- The principles of Internet/Passive research (OSINT): case example
- Organizational research: physics, logic, organization, electronics, infrastructure research, finance
- Research on the employee: social network, presence on the internet
- External recognition: passive recognition (DNS and BGP search), active recognition (service scan, version scan, OS scan, Advanced service search, AXFR, SMTP, DNS_BF etc...)
- Internal recognition: enumeration of the current network (ARP/ICMP), internal focus
- Vulnerability modeling and analysis
- Study and understanding of CVEs: types (Remote, Local, Web)
- Examination and review of manual vulnerabilities: NMAP → CVE DETAILS
- Examination and review of automatic vulnerabilities: Nessus, Openvas, NSE
- Assessment and mapping
- Exploitation
- Common network exploitations: the man in the middle, fake DHCP
- Client exploitation: common attacks on humans (browser, attack on files, USB)
- Post - Exploitation
- Privilege escalation: Windows (Linux)
- Persistence / Backdoor: setting up backdoors under Windows and Linux, Cron, Scheduled Task
- Pivoting and bouncing
- Data exfiltration
- Preparing for and passing the PECB Certified Lead Ethical Hacker certification exam
- Concept Review for Certification Mock Exam
- Signing the PECB Code of Ethics is required to obtain certification.
- In case of failure, candidates are given a second chance to take the exam within 12 months of the first attempt.
- The exam covers the following competency areas: Domain 1: Fundamental Principles and Concepts of Ethical Hacking - Domain 2: Attack Mechanisms - Domain 3: Penetration Testing Principles and Frameworks - Domain 4: Planning and Conducting Penetration Tests Using Various Tools and Techniques - Domain 5: Writing Penetration Test Reports
- The exam consists of two parts. The first part is a paper-based exam consisting of essay-style questions. The second part is more technical, in which the candidate will perform computer-based penetration testing exercises and write an analysis report.
- Participants are allowed to use their personal notes during the paper-based exam and the practical portion of the exam.
