Certified Penetration Testing Consultant (C)PTC)

Description

The Certified Penetration Testing Consultant (C)PTC) is the highest certification in the Mile2 penetration testing track and builds on the knowledge gained in the C)PTE (Penetration Testing Engineer). Where the C)PTE focuses on performing penetration tests at the operating system level, the C)PTC shifts focus to the underlying network infrastructure and protocols. You will learn to attack and defend large, complex network environments such as those of major organizations, service providers and telecommunications companies.

The designation “Consultant” reflects the depth and breadth of understanding required to manage a penetration testing project involving multiple team members, manage client expectations, and deliver a security controls audit that is thorough, well documented and ethically sound. You will learn to work with advanced techniques such as buffer overflows on Windows and Linux, bypassing security measures like DEP and ASLR, and Layer 2 and Layer 3 attacks on Cisco-based infrastructures.

Additional topics include packet capturing, pivoting and relays, IPv6 attacks, VPN attacks, defeating SSL, and IDS/IPS evasion. The training concludes with professional reporting: how to document findings and recommendations in a way that delivers immediate value to the client.

Learning Objectives

Upon completion of this training, you will be able to:

• Assemble, manage and coordinate a penetration testing team
• Apply advanced NMAP automation for network reconnaissance
• Understand and execute the full exploitation process
• Use fuzzing techniques to discover vulnerabilities in software
• Develop and execute buffer overflows on Windows and Linux systems
• Bypass security mechanisms such as DEP, ASLR and SEH
• Test and exploit web applications at an advanced level
• Perform and prevent Layer 2 and Layer 3 network attacks
• Write professional penetration testing reports for clients and stakeholders

Prerequisites

The following prior knowledge is recommended:

• Mile2 Certified Penetration Testing Engineer (C)PTE) or equivalent knowledge
• Extensive experience with penetration testing and ethical hacking
• Sound knowledge of TCP/IP, network protocols and infrastructure
• Experience with Windows and Linux environments

Target Audience

• Penetration Testers
• Ethical Hackers
• IS Security Officers
• Cybersecurity Managers and Administrators
• Auditors

Topics

• Penetration Testing Team Formation – Team composition, project planning, role allocation and coordination of penetration testing engagements
• NMAP Automation – Advanced network reconnaissance and automation using NMAP scripts
• Exploitation Process – The full exploitation process from vulnerability to access
• Fuzzing with Spike – Using fuzzing techniques to discover unknown vulnerabilities in applications
• Simple Buffer Overflow – Fundamentals of buffer overflow exploitation
• Stack Based Windows Buffer Overflow – Advanced stack-based buffer overflows on Windows systems
• Web Application Security and Exploitation – Identifying and exploiting web application vulnerabilities at consultant level
• Linux Stack Smashing & Scanning – Buffer overflow techniques and scanning specific to Linux environments
• Linux Address Space Layout Randomization – Techniques for bypassing ASLR on Linux
• Windows Exploit Protection – Analysis and bypass of Windows security mechanisms such as DEP
• Getting Around SEH ASLR – Advanced techniques for bypassing Structured Exception Handling and ASLR
• Penetration Testing Report Writing – Professional reporting, documenting findings and producing recommendations for clients