Certified Penetration Testing Consultant (CPTC) Updated 2020

The CPTC* Certified Penetration Testing Consultant course teaches the IT security professionals and IT network administrators about the penetration tests to check the security of large and complex network infrastructures. The course is based on the real world scenarios similar to large corporate networks, services provider networks and telecommunication networks. The course focuses on the attacks on the underlying network infrastructure and protocol loopholes rather than the L4-L7 attacks.

The CPTC training course starts from basic techniques such as packet capturing and continues to the more sophisticated and advanced techniques of conducting a penetration test on any kind of network infrastructure. The course includes practice labs as well to provide hands-on experience to the students and apply the learnt knowledge to real-world scenarios. The course is an essential part of the preparation for CPTC certification by Mile2.

Exam Information

The Certified Penetration Testing Consultant exam consists of two parts. Part 1 is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your mile2 account. The exam will take 2 hours and consist of 100 multiple choice questions. Part 2 is a multi-hour practical exam in which students are expected to penetrate between 3 - 5 targets (2 buffer overflows (ASLR and DEP enabled for one), 1 Linux local exploit + priv esc and 1 web exploit) and then create and provide a detailed penetration testing report to mile2.

Mile2 is:

• ACCREDITED by the NSA CNSS 4011-4016
• MAPPED to NIST / Homeland Security NICCS's Cyber Security Workforce Framework
• APPROVED on the FBI Cyber Security Certification Requirement list (Tier 1-3)

??????! ?м??? ?? ????? ?? ? ????????.

Prerequisites:

• C)PTE or equivalent knowledge
• A minimum of 24 months of experience in Networking Technologies
• Sound knowledge of TCP/IP
• Computer hardware knowledge

Student Materials:

Student Workbook
Student Prep Guide

Certification Exams:

Mile2 C)PTC

CPEs: 40

Who Should Attend?

• IT and network security officers
• Network and cloud administrators
• Penetration testers
• Ethical hackers
• Network security auditors

Course Curriculum

Module 1 - Pentesting Team Formation

Pentesting Team Formation (0:54)

What are we covering? (0:59)

Section 1: Project Management (0:27)

PMBOK (0:36)

PMBOK (1:26)

Initiating Process Activities (1:03)

Planning Process Activities (2:02)

Planning Process (cont.) (1:05)

Planning Process (cont.) (1:54)

Executing Process Activities (1:21)

Executing Process (cont.) (0:49)

Closing Process Activities (1:14)

Section 2: Pentesting Metrics (0:31)

Types of Analysis (0:49)

Quantitative Analysis (0:56)

Qualitative Analysis (1:11)

Mixed-Method Analysis (2:00)

Section 3: Team Roles, Responsibilities, and Benefits (0:55)

Pentesting Team Structure (0:54)

Roles/Responsibilities (6:35)

Benefits (1:02)

Module 1 Review (2:20)

Module 1 Quiz

Module 2 - NMAP Automation

NMAP Automation (0:10)

Introduction (0:58)

What are we covering? (0:28)

Section 1: NMAP Basics (1:14)

NMAP Basics (0:30)

NMAP Basics (0:21)

NMAP Basics - Options Summary (1:28)

NMAP Basics - Target Specification (1:41)

NMAP Basics - Host Discovery (1:10)

NMAP Basics - Host Discovery (cont.) (1:06)

NMAP Basics - Port Scanning Basics (2:54)

NMAP Basics - Port Scanning Techniques (0:54)

NMAP Basics - Port Specification and Scan Order (0:52)

NMAP Basics - Service and Version Detection (2:03)

NMAP Basics - OS Detection (1:05)

NMAP Basics - NMAP Scripting Engine (1:17)

NMAP Basics - NMAP Scripting Engine (0:42)

NMAP Basics - Timing and Performance (1:42)

NMAP Basics - Output (1:48)

NMAP Basics - Miscellaneous Options (0:34)

NMAP Basics - Runtime Interaction (0:41)

NMAP Basics - Examples (2:19)

Section 2: NMAP Automation (0:15)

NMAP Automation (0:53)

NMAP Automation (0:33)

Section 3: NMAP Report Documentation (0:14)

NMAP Report Documentation (1:00)

NMAP Report Documentation (1:16)

Module 2 Review (0:21)

Module 2 Quiz

Module 3 - Exploitation Process

Exploitation Process (0:10)

Review (1:07)

What are we covering? (0:49)

Section 1: Purpose (0:51)

Purpose (2:11)

Section 2: Countermeasures (0:14)

Countermeasures (0:48)

Countermeasures (1:53)

Countermeasures (1:03)

Countermeasures (1:39)

Countermeasures (2:02)

Section 3: Evasion (0:19)

Evasion (1:07)

Section 4: Precision Strike (0:17)

Precision Strike (0:32)

Section 5: Customized Exploitation (0:11)

Customized Exploitation (0:50)

Section 6: Tailored Exploits (0:12)

Tailored Exploits (0:57)

Section 7: Zero-Day Angle (0:16)

Zero-Day Angle (1:01)

Section 8: Example Avenues of Attack (0:16)

Example Avenues of Attack (0:34)

Section 9: Overall Objective of Exploitation (0:05)

Overall Objective (0:46)

Module 3 Review (1:00)

Module 3 Quiz

Module 4 - Fuzzing with Spike

Fuzzing with Spike (0:19)

What are we covering? (1:16)

Introduction to Spike (0:21)

Introduction to Spike (2:03)

Section 1: Vulnserver (0:29)

What is Vulnserver? (0:31)

What is Vulnserver? (cont.) (0:19)

Vulnserver Source Code (0:42)

Source Code (cont.) (1:26)

Source Code (cont.) (0:57)

Booting Vulnserver (0:34)

Vulnserver (0:31)

Section 2: Spike Fuzzing Setup (0:46)

Built-in 'Spike' (0:39)

Spikes (0:53)

Section 3: Fuzzing a TCP Application (0:55)

Generic_send_tcp (0:17)

Generic_send_tcp (cont.) (0:50)

Generic_send_tcp (cont.) (0:22)

Generic_send_tcp (cont.) (0:39)

Section 4: Custom Fuzzing Script (1:18)

TRUN primitive (0:40)

TRUN primitive (0:45)

Spiketrunaudit.spk (1:12)

Fuzzing in progress… (0:48)

Fuzzing Complete! (0:47)

Final Thoughts (0:54)

Module 4 Review (1:13)

Module 4 Quiz

Module 5 - Writing Simple Buffer Overflow Exploits

Writing Simple Buffer Overflow Exploits (0:11)

Introduction (1:05)

What are we covering? (0:30)

Setup (0:24)

Section 1: Exploit-DB (0:20)

Exploit-DB (0:24)

Exploit-DB (0:25)

Searchsploit (0:24)

Searchsploit (0:23)

Section 2: Immunity Debugger (0:49)

Immunity Debugger (0:18)

Immunity Debugger (2:49)

Immunity Layout (0:13)

Immunity Layout (0:20)

Immunity Layout (0:15)

Immunity Layout (0:23)

32-bit Registers (0:17)

32-bit Registers (2:58)

What is a Buffer Overflow? (2:18)

Running DPE (0:41)

Section 3: Python (0:44)

Searching Exploit-DB (0:13)

Pythons you say? (0:25)

Continued? (2:29)

Section 4: Shellcode (0:19)

MSFVenom (0:31)

MSFVenom (0:16)

Sending our Exploit (0:53)

Connect and Win (0:23)

Module 5 Review (0:32)

Module 5 Quiz

Module 6 - Stack Based Windows Buffer Overflow

Stack Based Windows Buffer Overflow (1:11)

Introduction (3:00)

What are we covering? (2:31)

Section 1: Debugger (0:33)

Debugger (0:58)

Immunity! (1:56)

Immunity! (1:21)

Immunity! (1:48)

Debugger (0:25)

Immunity! (2:22)

Section 2: Vulnerability Research (0:36)

Vulnerability Research (0:42)

Exploit-DB (1:31)

MiniShare Exploit Explained (1:13)

Proof of Concept Code (3:00)

Running the Script (2:00)

Running the Script (1:25)

Section 3: Control EIP, Control the Crash (0:34)

Control EIP, Control the Crash (1:42)

Control EIP, Control the Crash (2:04)

Section 4: JMP ESP Instruction (1:05)

JMP ESP Instruction (3:30)

Finding Loaded Modules (2:03)

Exploit Note (3:06)

Finding JMP ESP (1:39)

Search DLL for \xff\xe4 (1:08)

Section 5: Finding the Offset (0:39)

Finding the Offset (1:36)

Pattern_create.rb (1:00)

Proof of Concept Code (Update: pattern_create.rb) (0:32)

Running the Script (0:44)

Finding the Offset (0:47)

Proof of Concept Code (Update: Control EIP Overwrite) (0:53)

Running the Script (0:33)

Section 6: Code Execution and Shellcode (0:10)

Code Execution and Shellcode (0:52)

Proof of Concept Code (Update: JMP ESP Addition) (0:18)

Code Execution and Shellcode (2:14)

Running the Script (0:17)

Code Execution and Shellcode (1:10)

Proof of Concept Code (Update: Adding Shellcode) (0:41)

Section 7: Does the Exploit Work? (0:08)

Does the Exploit Work? (0:37)

Does the Exploit Work? (0:08)

Module 6 Review (3:11)

Module 6 Quiz

Module 7 - Web Application Security and Exploitation

Web Application Security and Exploitation (0:13)

Introduction (0:52)

What are we covering? (0:15)

Section 1: Web Applications (0:50)

Why Though? (0:52)

Where Though? (0:33)

Compromise (0:26)

Section 2: OWASP Top 10 - 2017 (0:07)

Top 10 (0:13)

A1 Injection (0:32)

A1 Injection (cont.) (0:18)

A2 Broken Authentication (1:18)

A3 Sensitive Data Exposure (0:39)

A4 XML External Entities (0:46)

A5 Broken Access Control (0:46)

A6 Security Misconfiguration (0:34)

A7 Cross-Site Scripting (1:29)

A8 Insecure Deserialization (1:04)

A9 Using Components with Known Vulnerabilities (0:18)

A9 Using Components with Known Vulnerabilities (cont.) (0:46)

A10 Insufficient Logging & Monitoring (0:49)

Tying it all together (1:01)

Section 3: Zap (0:24)

Everything you need for Free (0:38)

Proxy Connection (0:12)

Zed Attack Proxy (0:17)

Do What Now? (0:21)

Intercept All the Things!! (0:26)

Intercept All the Things!! (0:27)

Intercept All the Things!! (0:09)

Intercept All the Things!! (0:16)

Intercept All the Things!! (0:10)

Do What Now? (0:48)

So Then (0:26)

Section 4: Scapy (0:06)

The way of the packet (0:18)

The way of the packet (0:18)

Finding the Way (0:26)

Picturing the Way (0:52)

Module 7 Review (0:14)

Module 7 Quiz

Module 8 - Linux Stack Smashing

Linux Stack Smashing (0:33)

Introduction (2:16)

What are we covering? (0:30)

Section 1: Exploiting the Stack on Linux (0:19)

Demo: Exploiting the Stack on Linux (1:28)

Mile2_smash Program (0:10)

Buffer Overflow Found (0:51)

Creating the Exploit (1:00)

Looking to Overwrite RIP (1:00)

gdb ./mile2_smash

Currently there are no Q&As for this course. Be the first to ask a question.