Description

The intrusion test, or "PenTest", is a technical intervention which makes it possible to determine the real potential for intrusion and destruction of a hacker on an IT infrastructure. This course presents the approach and tools to carry out this type of test and professionally write the final audit report.

Who is this training for ?

For whom ?

Manager, security architect. Systems and network technicians and administrators. Auditor required to do the “PenTest”.

Prerequisites

Training objectives

Acquire a methodology for organizing a penetration test type security audit on your IS

Evaluate the risks faced by an IT system in the face of an external intrusion

Produce a final report following an intrusion test

Formulate security recommendations

Training program

• Introduction
  • Evolution of IT security.
  • State of IT security.
  • The mindset and culture of the hacker.
  • What risks and threats?
• Audit methodology
  • What is a "PenTest"? The benefit of performing an intrusion test.
  • How to integrate the intrusion test into a general security.
  • Learn to define a security management policy and an iterative "PenTest".
  • Organize and plan the intervention.
  • How to prepare the framework? The technical scope of the audit.
  • Carry out the "PenTest".
  • Gathering information.
  • Acquiring access.
  • Elevation of privileges.
  • Maintaining access to the system.
  • Traces of the intrusion .
• “PenTest” tools
  • Which tools to use? Scan and network tools.
  • System analysis and web analysis tools.
  • Scanning tools 'attack on employees.
  • Which tool for maintaining access? Operation frameworks.
  • Scenario Participants will audit a network of undertaken on the basis of a scenario as close as possible to a real case.
• Vulnerabilities and exploitation
  • Discovery of new vulnerabilities.
  • How to exploit them? Carry out the schedule.
  • Distribution of tasks.
  • Practical work Identify new vulnerabilities.
  • Example of creating a schedule.
• The final report
  • The importance of preparing the report.
  • Collecting information.
  • Preparing the document and writing the report.
  • L 'overall analysis of system security.
  • How to describe the vulnerabilities found? Formulate security recommendations.
  • The general summary of system security.
  • Send the report.
  • The necessary precautions.
  • What to do once the report has been sent? Collective reflection Preparation of a report following a penetration test.
• Network equipment and wireless
  • Vulnerabilities in network components.
  • How to identify them? Exploit a vulnerability linked to a component.
  • The wireless network.
  • Weaknesses of the Wi-Fi network.
  • Follow-up actions.