Course Details

Penetration Testing and Ethical Hacking (CEH-based) Training Course

INTRODUCTION

This essential training course provides comprehensive knowledge and practical skills for mastering Penetration Testing and Ethical Hacking, aligned with the Certified Ethical Hacker (CEH) methodology. In a world of escalating cyber threats, understanding the attacker's mindset and techniques is crucial for building robust defenses. Penetration Testing and Ethical Hacking (CEH-based) Training Course equips participants with a systematic understanding of reconnaissance, scanning, vulnerability analysis, exploitation, and post-exploitation techniques, all performed ethically and legally. Participants will gain deep insights into identifying security weaknesses in systems, networks, and applications, simulating real-world attacks to uncover exploitable flaws, and providing actionable recommendations to enhance an organization's security posture, all crucial for proactive defense and minimizing organizational risk.

This course is designed for aspiring penetration testers, ethical hackers, security analysts, and IT professionals who seek to validate and enhance their offensive security skills. It provides hands-on experience with industry-standard tools and methodologies, empowering participants to effectively discover, assess, and report vulnerabilities, thereby transforming them into proactive defenders capable of identifying and remediating weaknesses before malicious actors can exploit them.

DURATION

10 days

TARGET AUDIENCE

This course is specifically designed for IT and security professionals who wish to pursue a career in ethical hacking or enhance their defensive capabilities by understanding offensive techniques, including:

• Aspiring Penetration Testers.
• Ethical Hackers.
• Security Analysts and Engineers.
• Security Operations Center (SOC) Analysts.
• IT Auditors with technical responsibilities.

OBJECTIVES

Upon completion of this course, participants will be able to:

• Understand the phases and methodologies of ethical hacking and penetration testing.
• Perform reconnaissance and scanning to gather information about targets.
• Identify and analyze vulnerabilities in systems, networks, and applications.
• Execute ethical exploitation techniques to test security controls.
• Prepare comprehensive penetration test reports with actionable recommendations.

MODULES

Module 1: Introduction to Ethical Hacking and Penetration Testing

• Define Ethical Hacking, Penetration Testing, and their legal/ethical boundaries.
• Understand the phases of ethical hacking (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks).
• Discuss the importance of scopes of engagement and legal authorization.
• Explore different types of penetration testing (e.g., black-box, white-box, grey-box).
• Examine the Certified Ethical Hacker (CEH) certification and its relevance.

Module 2: Reconnaissance and Footprinting

• Understand the purpose and techniques of Reconnaissance (Footprinting).
• Discuss passive reconnaissance (e.g., Google Dorking, OSINT tools, social media analysis).
• Explore active reconnaissance (e.g., DNS queries, network sniffing).
• Examine tools for information gathering about targets (e.g., Maltego, Shodan, Whois).
• Learn about identifying network ranges, domains, and potential targets.

Module 3: Network Scanning and Enumeration

• Understand various network scanning techniques (e.g., port scanning, vulnerability scanning).
• Discuss the use of Nmap for host discovery, port scanning, and service version detection.
• Explore vulnerability scanners (e.g., Nessus, OpenVAS) and interpreting their output.
• Examine enumeration techniques for identifying users, shares, and system information (e.g., SMB, SNMP, LDAP).
• Learn about avoiding detection during scanning.

Module 4: Vulnerability Analysis

• Understand how to analyze scan results to identify exploitable vulnerabilities.
• Discuss the concept of Common Vulnerabilities and Exposures (CVEs).
• Explore the Common Vulnerability Scoring System (CVSS) for prioritizing vulnerabilities.
• Examine techniques for manual vulnerability assessment and false positive identification.
• Learn about correlating vulnerabilities with potential exploits.

Module 5: System Hacking and Gaining Access

• Understand methods for gaining initial access to systems.
• Discuss password attacks (e.g., brute-force, dictionary, rainbow tables) and cracking tools (e.g., Hashcat, John the Ripper).
• Explore buffer overflows and other memory corruption exploits.
• Examine techniques for privilege escalation after initial access.
• Learn about creating and using malware (for ethical purposes) and backdoors.

Module 6: Web Application Hacking

• Understand common web application vulnerabilities as per OWASP Top 10.
• Discuss SQL Injection attacks and mitigation.
• Explore Cross-Site Scripting (XSS) and its variants.
• Examine Broken Authentication and Session Management vulnerabilities.
• Learn about Cross-Site Request Forgery (CSRF), file upload vulnerabilities, and insecure deserialization.

Module 7: Wireless Network, Mobile, and IoT Hacking

• Understand the security vulnerabilities of wireless networks (e.g., WEP, WPA2, WPA3).
• Discuss techniques for wireless network cracking and rogue access point detection.
• Explore common mobile device vulnerabilities (e.g., insecure apps, broken cryptography).
• Examine the unique security challenges of Internet of Things (IoT) devices.
• Learn about ethical hacking techniques specific to these technologies.

Module 8: Maintaining Access, Covering Tracks, and Reporting

• Understand techniques for maintaining access (e.g., persistent backdoors, rootkits).
• Discuss methods for covering tracks (e.g., clearing logs, anti-forensics).
• Explore the importance of professional reporting in penetration testing.
• Examine the structure and content of a comprehensive penetration test report (technical findings, executive summary, recommendations).
• Learn about post-engagement activities and retesting.

CERTIFICATION

• Upon successful completion of this training, participants will be issued with Macskills Training and Development Institute Certificate

TRAINING VENUE

• Training will be held at Macskills Training Centre. We also tailor make the training upon request at different locations across the world.

AIRPORT PICK UP AND ACCOMMODATION

• Airport pick up and accommodation is arranged upon request

TERMS OF PAYMENT

• Payment should be made to Macskills Development Institute bank account before the start of the training and receipts sent to info@macskillsdevelopment.com