Certified Penetration Testing Consultant Cptc

Updated 2020

What you'll learn

Risk Management

Cyber-security Management

Systems Analysis

Test and Evaluation

Threat Analysis

Requirements

C)PTE or equivalent knowledge

A minimum of 24 months of experience in Networking Technologies

Sound knowledge of TCP/IP

Computer hardware knowledge

Description

The course is designed for cyber security experts and IT system administrator who are interested to conduct vulnerability scans against large network infrastructures similar to huge business networks, network operators and telecom companies.By becoming a Certified Penetration Testing Consultant, you are becoming a cyber security expert with the aptitude to plan, manage and perform a penetration test.This cyber security certification training series covers everything you required to know about becoming a Certified Penetration Testing Consultant. Students will learn about packet capturing, Layer 2 attacks, Layer 3 attacks on Cisco-based infrastructures, pivoting and relays, IPv6 attacks, VPN attacks, defeating SSL, and IDS/IPS evasion. SIGN UP TODAY!

Overview

Section 1: Pentesting Team Formation

Lecture 1 Pentesting Team Formation

Lecture 2 What are we covering?

Lecture 3 Section 1: Project Management

Lecture 4 PMBOK

Lecture 5 PMBOK

Lecture 6 Initiating Process Activities

Lecture 7 Planning Process Activities

Lecture 8 Planning Process (cont.)

Lecture 9 Planning Process (cont.)

Lecture 10 Executing Process Activities

Lecture 11 Executing Process (cont.)

Lecture 12 Closing Process Activities

Lecture 13 Section 2: Pentesting Metrics

Lecture 14 Types of Analysis

Lecture 15 Quantitative Analysis

Lecture 16 Qualitative Analysis

Lecture 17 Mixed-Method Analysis

Lecture 18 Section 3: Team Roles, Responsibilities, and Benefits

Lecture 19 Pentesting Team Structure

Lecture 20 Roles/Responsibilities

Lecture 21 Benefits

Lecture 22 Module 1 Review

Section 2: NMAP Automation

Lecture 23 NMAP Automation

Lecture 24 Introduction

Lecture 25 What are we covering?

Lecture 26 Section 1: NMAP Basics

Lecture 27 NMAP Basics

Lecture 28 NMAP Basics

Lecture 29 NMAP Basics - Options Summary

Lecture 30 NMAP Basics - Target Specification

Lecture 31 NMAP Basics - Host Discovery

Lecture 32 NMAP Basics - Host Discovery (cont.)

Lecture 33 NMAP Basics - Port Scanning Basics

Lecture 34 NMAP Basics - Port Scanning Techniques

Lecture 35 NMAP Basics - Port Specification and Scan Order

Lecture 36 NMAP Basics - Service and Version Detection

Lecture 37 NMAP Basics - OS Detection

Lecture 38 NMAP Basics - NMAP Scripting Engine

Lecture 39 NMAP Basics - NMAP Scripting Engine

Lecture 40 NMAP Basics - Timing and Performance

Lecture 41 NMAP Basics - Output

Lecture 42 NMAP Basics - Miscellaneous Options

Lecture 43 NMAP Basics - Runtime Interaction

Lecture 44 NMAP Basics - Examples

Lecture 45 Section 2: NMAP Automation

Lecture 46 NMAP Automation

Lecture 47 NMAP Automation

Lecture 48 Section 3: NMAP Report Documentation

Lecture 49 NMAP Report Documentation

Lecture 50 NMAP Report Documentation

Lecture 51 Module 2 Review

Section 3: Exploitation Process

Lecture 52 Exploitation Process

Lecture 53 Introduction

Lecture 54 What are we covering?

Lecture 55 Section 1: Purpose

Lecture 56 Purpose

Lecture 57 Section 2: Countermeasures

Lecture 58 Countermeasures

Lecture 59 Countermeasures

Lecture 60 Countermeasures

Lecture 61 Countermeasures

Lecture 62 Countermeasures

Lecture 63 Section 3: Evasion

Lecture 64 Evasion

Lecture 65 Section 4: Precision Strike

Lecture 66 Precision Strike

Lecture 67 Section 5: Customized Exploitation

Lecture 68 Customized Exploitation

Lecture 69 Section 6: Tailored Exploits

Lecture 70 Tailored Exploits

Lecture 71 Section 7: Zero-Day Angle

Lecture 72 Zero-Day Angle

Lecture 73 Section 8: Example Avenues of Attack

Lecture 74 Example Avenues of Attack

Lecture 75 Section 9: Overall Objective of Exploitation

Lecture 76 Overall Objective

Lecture 77 Module 3 Review

Section 4: Fuzzing with Spike

Lecture 78 Fuzzing with Spike

Lecture 79 What are we covering?

Lecture 80 Introduction to Spike

Lecture 81 Introduction to Spike

Lecture 82 Section 1: Vulnserver

Lecture 83 What is Vulnserver?

Lecture 84 What is Vulnserver? (cont.)

Lecture 85 Vulnserver Source Code

Lecture 86 Source Code (cont.)

Lecture 87 Source Code (cont.)

Lecture 88 Booting Vulnserver

Lecture 89 Vulnserver

Lecture 90 Section 2: Spike Fuzzing Setup

Lecture 91 Built-in 'Spike'

Lecture 92 Spikes

Lecture 93 Section 3: Fuzzing a TCP Application

Lecture 94 Generic_send_tcp

Lecture 95 Generic_send_tcp (cont.)

Lecture 96 Generic_send_tcp (cont.)

Lecture 97 Generic_send_tcp (cont.)

Lecture 98 Section 4: Custom Fuzzing Script

Lecture 99 TRUN primitive

Lecture 100 TRUN primitive

Lecture 101 Spiketrunaudit.spk

Lecture 102 Fuzzing in progress…

Lecture 103 Fuzzing Complete!

Lecture 104 Final Thoughts

Lecture 105 Module 4 Review

Section 5: Writing Simple Buffer Overflow Exploits

Lecture 106 Writing Simple Buffer Overflow Exploits

Lecture 107 Introduction

Lecture 108 What are we covering?

Lecture 109 Setup

Lecture 110 Section 1: Exploit-DB

Lecture 111 Exploit-DB

Lecture 112 Exploit-DB

Lecture 113 Searchsploit

Lecture 114 Searchsploit

Lecture 115 Section 2: Immunity Debugger

Lecture 116 Immunity Debugger

Lecture 117 Immunity Debugger

Lecture 118 Immunity Layout

Lecture 119 Immunity Layout

Lecture 120 Immunity Layout

Lecture 121 Immunity Layout

Lecture 122 32-bit Registers

Lecture 123 32-bit Registers

Lecture 124 What is a Buffer Overflow?

Lecture 125 Running DPE

Lecture 126 Section 3: Python

Lecture 127 Searching Exploit-DB

Lecture 128 Pythons you say?

Lecture 129 Continued?

Lecture 130 Section 4: Shellcode

Lecture 131 MSFVenom

Lecture 132 MSFVenom

Lecture 133 Sending our Exploit

Lecture 134 Connect and Win

Lecture 135 Module 5 Review

Section 6: Stack Based Windows Buffer Overflow

Lecture 136 Stack Based Windows Buffer Overflow

Lecture 137 Introduction

Lecture 138 What are we covering?

Lecture 139 Section 1: Debugger

Lecture 140 Debugger

Lecture 141 Immunity!

Lecture 142 Immunity!

Lecture 143 Immunity!

Lecture 144 Debugger

Lecture 145 Immunity!

Lecture 146 Section 2: Vulnerability Research

Lecture 147 Vulnerability Research

Lecture 148 Exploit-DB

Lecture 149 MiniShare Exploit Explained

Lecture 150 Proof of Concept Code

Lecture 151 Running the Script

Lecture 152 Running the Script

Lecture 153 Section 3: Control EIP, Control the Crash

Lecture 154 Control EIP, Control the Crash

Lecture 155 Control EIP, Control the Crash

Lecture 156 Section 4: JMP ESP Instruction

Lecture 157 JMP ESP Instruction

Lecture 158 Finding Loaded Modules

Lecture 159 Exploit Note

Lecture 160 Finding JMP ESP

Lecture 161 Search DLL for \xff\xe4

Lecture 162 Section 5: Finding the Offset

Lecture 163 Finding the Offset

Lecture 164 Pattern_create.rb

Lecture 165 Proof of Concept Code (Update: pattern_create.rb)

Lecture 166 Running the Script

Lecture 167 Finding the Offset

Lecture 168 Proof of Concept Code (Update: Control EIP Overwrite)

Lecture 169 Running the Script

Lecture 170 Section 6: Code Execution and Shellcode

Lecture 171 Code Execution and Shellcode

Lecture 172 Proof of Concept Code (Update: JMP ESP Addition)

Lecture 173 Code Execution and Shellcode

Lecture 174 Running the Script

Lecture 175 Code Execution and Shellcode

Lecture 176 Proof of Concept Code (Update: Adding Shellcode)

Lecture 177 Section 7: Does the Exploit Work?

Lecture 178 Does the Exploit Work?

Lecture 179 Does the Exploit Work?

Lecture 180 Module 6 Review

Section 7: Web Application Security and Exploitation

Lecture 181 Web Application Security and Exploitation

Lecture 182 Introduction

Lecture 183 What are we covering?

Lecture 184 Section 1: Web Applications

Lecture 185 Why Though?

Lecture 186 Where Though?

Lecture 187 Compromise

Lecture 188 Section 2: OWASP Top 10 - 2017

Lecture 189 Top 10

Lecture 190 A1 Injection

Lecture 191 A1 Injection

Lecture 192 A2 Broken Authentication

Lecture 193 A3 Sensitive Data Exposure

Lecture 194 A4 XML External Entities

Lecture 195 A5 Broken Access Control

Lecture 196 A6 Security Misconfiguration

Lecture 197 A7 Cross-Site Scripting

Lecture 198 A8 Insecure Deserialization

Lecture 199 A9 Using Components with Known Vulnerabilities

Lecture 200 A9 Using Components with Known Vulnerabilities (conti…)

Lecture 201 A10 Insufficient Logging & Monitoring

Lecture 202 Tying it all together

Lecture 203 Section 3: Zap

Lecture 204 Everything you need for Free

Lecture 205 Proxy Connection

Lecture 206 Zed Attack Proxy

Lecture 207 Do What Now?

Lecture 208 Intercept All the Things!!

Lecture 209 Intercept All the Things!!

Lecture 210 Intercept All the Things!!

Lecture 211 Intercept All the Things!!

Lecture 212 Intercept All the Things!!

Lecture 213 Do What Now?

Lecture 214 So Then

Lecture 215 Section 4: Scapy

Lecture 216 The way of the packet

Lecture 217 The way of the packet

Lecture 218 Finding the Way

Lecture 219 Picturing the Way

Lecture 220 Module 7 Review

Section 8: Linux Stack Smashing

Lecture 221 Linux Stack Smashing

Lecture 222 Introduction

Lecture 223 What are we covering?

Lecture 224 Section 1: Exploiting the Stack on Linux

Lecture 225 Demo: Exploiting the Stack on Linux

Lecture 226 Mile2_smash Program

Lecture 227 Buffer Overflow Found

Lecture 228 Creating the Exploit

Lecture 229 Looking to Overwrite RIP

Lecture 230 gdb ./mile2_smash (Part1)

Lecture 231 gdb ./mile2_smash (Part2)

Lecture 232 Program Crashed

Lecture 233 Pattern_create

Lecture 234 gdb ./mile2_smash (pattern_create) (Part1)

Lecture 235 gdb ./mile2_smash (pattern_create) (Part2)

Lecture 236 Finding the Offset

Lecture 237 Updating the Exploit

Lecture 238 gdb ./mile2_smash (updated exploit) (Part 1)

Lecture 239 gdb ./mile2_smash (updated exploit) (Part 2)

Lecture 240 gdb ./mile2_smash (updated exploit) (Part 3)

Lecture 241 Gained Control RIP

Lecture 242 Environment Variable Location

Lecture 243 Final Updates to the Exploit

Lecture 244 Throwing our Exploit

Lecture 245 Module 8 Review

Section 9: Linux Address Space Layout Randomization

Lecture 246 Linux Address Space Layout Randomization

Lecture 247 Introduction

Lecture 248 What are we covering?

Lecture 249 Section 1: Stack Smashing to the Extreme

Lecture 250 Demo: Stack Smashing to the Extreme

Lecture 251 Mile2_leak Program

Lecture 252 ASLR Explained

Lecture 253 Additional ASLR Information

Lecture 254 Additional ASLR Information

Lecture 255 Mile2_leak Program (cont.)

Lecture 256 Mile2_leak Program (cont.)

Lecture 257 Mile2_leak Program (cont.)

Lecture 258 Mile2_leak Program (cont.)

Lecture 259 Mile2_leak Program (cont.)

Lecture 260 Mile2_leak Program (cont.)

Lecture 261 Mile2_leak Program (cont.)

Lecture 262 Mile2_leak Program (cont.)

Lecture 263 Global Offset Table (memset())

Lecture 264 poc.py Program (part 1)

Lecture 265 poc.py Program (part 2)

Lecture 266 Confirming memset()'s Address

Lecture 267 Calculate libc's Base Address

Lecture 268 Calculate libc's Base Address

Lecture 269 memset()'s offset

Lecture 270 system()'s offset

Lecture 271 Find the address of any library function

Lecture 272 poc.py updated (part 1)

Lecture 273 poc.py updated (part 2)

Lecture 274 Seeing our PoC in action

Lecture 275 ret2libc to complete the exploit

Lecture 276 poc.py final (part 1)

Lecture 277 poc.py final (part 2)

Lecture 278 poc.py final (part 3)

Lecture 279 Final PoC in action

Lecture 280 Module 9 Review

Section 10: Windows Exploit Protection

Lecture 281 Windows Exploit Protection

Lecture 282 What are we covering?

Lecture 283 Section 1: Introduction to Windows Exploit Protection

Lecture 284 Software Exploits

Lecture 285 Common Targets

Lecture 286 Common Targets - YOU!

Lecture 287 Section 2: Structured Exception Handling (SEH)

Lecture 288 Structured Exception Handling

Lecture 289 Types of SEH

Lecture 290 How to Use SEH

Lecture 291 How to Use SEH (conti…)

Lecture 292 How to Use SEH (conti…)

Lecture 293 Section 3: Data Execution Prevention (DEP)

Lecture 294 Data Execution Prevention

Lecture 295 DEP Types

Lecture 296 DEP Benefits

Lecture 297 Configuring DEP

Lecture 298 Configuring DEP (cont.)

Lecture 299 Configuring DEP (cont.)

Lecture 300 Configuring DEP (cont.)

Lecture 301 Configuring DEP (cont.)

Lecture 302 Configuring DEP (cont.)

Lecture 303 Section 4: SafeSEH/SEHOP

Lecture 304 SEH Exploit Buffer

Lecture 305 SEH Exploit Buffer Explained

Lecture 306 SafeSEH

Lecture 307 SEHOP

Lecture 308 Module 10 Review

Section 11: Getting Around SEH and ASLR (Windows)

Lecture 309 Getting Around SEH and ASLR (Windows)

Lecture 310 Introduction

Lecture 311 What are we covering?

Lecture 312 Section 1: Vulnerable Server Setup

Lecture 313 Vulnerable Server Setup

Lecture 314 VulnServer in Action

Lecture 315 Section 2: Time to Test it out

Lecture 316 Time to Test it out

Lecture 317 Section 3: "VulnServer" meet Immunity

Lecture 318 Immunity!

Lecture 319 Immunity!

Lecture 320 Section 4: VulnServer Demo

Lecture 321 Demo: Getting Around SEH and ASLR

Lecture 322 Proof of Concept Code

Lecture 323 Running the Script

Lecture 324 Immunity Crash Review

Lecture 325 Immunity Crash Review (cont.)

Lecture 326 Immunity Crash Review (cont.)

Lecture 327 Immunity Debugger

Lecture 328 Proof of Concept Code (updated)

Lecture 329 Crash Again

Lecture 330 Crash Again (cont.)

Lecture 331 Immunity Debugger

Lecture 332 Proof of Concept Code (updated)

Lecture 333 Crash Again

Lecture 334 Immunity Debugger

Lecture 335 Proof of Concept Code (updated)

Lecture 336 Crash Again

Lecture 337 Crash Again (cont.)

Lecture 338 Finding loaded modules

Lecture 339 Redirecting Mona logs

Lecture 340 Finding ROP Gadgets with Mona

Lecture 341 Immunity Debugger

Lecture 342 Proof of Concept Code (updated)

Lecture 343 Crash Again

Lecture 344 Crash Again (cont.)

Lecture 345 nasm_shell

Lecture 346 Proof of Concept Code (updated)

Lecture 347 Crash Again

Lecture 348 Crash Again (cont.)

Lecture 349 Crash Again (cont.)

Lecture 350 Immunity Debugger

Lecture 351 Proof of Concept Code (updated)

Lecture 352 Crash Again

Lecture 353 Immunity Debugger

Lecture 354 Proof of Concept Code (updated)

Lecture 355 Crash Again

Lecture 356 Crash Again (cont.)

Lecture 357 Crash Again (cont.)

Lecture 358 Crash Again (cont.)

Lecture 359 Crash Again (cont.)

Lecture 360 Crash Again (cont.)

Lecture 361 Crash Again (cont.)

Lecture 362 Crash Again (cont.)

Lecture 363 Crash Again (cont.)

Lecture 364 Vulnerable Server

Lecture 365 Proof of Concept Code (updated)

Lecture 366 Proof of Concept Code (updated)

Lecture 367 Throwing our Exploit

Lecture 368 Module 11 Review

Section 12: Penetration Testing Report Writing

Lecture 369 Penetration Testing Report Writing

Lecture 370 What are we covering?

Lecture 371 Introduction

Lecture 372 Findings Document

Lecture 373 Section 1: Reporting

Lecture 374 Pentest Report Format Sections

Lecture 375 Cover Page

Lecture 376 Confidentiality Statement

Lecture 377 Confidentiality Statement

Lecture 378 Confidentiality Statement

Lecture 379 Document Control

Lecture 380 Timeline

Lecture 381 Executive Summary

Lecture 382 Executive Summary Sections

Lecture 383 Executive Summary Sections

Lecture 384 Executive Summary Sections

Lecture 385 Security Risk Origin/Category

Lecture 386 Executive Summary Sections

Lecture 387 Executive Summary Sections

Lecture 388 Executive Summary Sections

Lecture 389 Technical Report

Lecture 390 Technical Report Sections

Lecture 391 Technical Report Sections

Lecture 392 Technical Report Sections

Lecture 393 Technical Report Sections

Lecture 394 Technical Report Sections

Lecture 395 Technical Report Sections

Lecture 396 Technical Report Sections

Lecture 397 Technical Report Sections

Lecture 398 Technical Report Sections

Lecture 399 Technical Report Sections

Lecture 400 Technical Report Sections

Lecture 401 Module 12 Review

IS Security Officers,Cyber Security Managers / Admins,Ethical Hackers,Auditors