The most affordable Penetration Testing Training on the planet. Period! Here’s the syllabus

The most affordable Penetration Testing Training on the planet. Period! Here’s the syllabus

Henry Dalziel | Concise Courses, Information Security Careers, Latest InfoSec News | October 24, 2013

We offer a variety of information security training certifications, most of them are vendor neutral certs, but we have a particular soft spot for what we term ‘mini affordable infosec certs’ and our Applied Penetration Testing L1 Course is, in our honest opinion (and hopefully yours!) the most affordable Penetration Testing Training on the planet!

Our trainers are exceptional and experienced, as is the content, content delivery and support that each student receives.

In this post we just want to outline the Applied Penetration Testing L1 Course syllabus – and we hope that you agree with us, that for what this course costs, our students are receiving exceptional value. If you are reading this and have been working in the field and have penetration testing experience we’d appreciate your thoughts by dropping a comment below. If you’d like to meet the instructor please jump to the bottom of this post.

The Applied Penetration Testing L1 Course syllabus:
The course is built up of eight class units or modules as we prefer to call them. In summary these are:

  • Class 1: Toolset Introduction
  • Class 2: Basics
  • Class 3: Reconnaissance, Scanning and Enumeration
  • Class 4: Web Servers
  • Class 5: Databases
  • Class 6: Service Exploitation
  • Class 7: Leveraging Your Targets
  • Class 8: Password Attacks

Our award winning leaning management system
We provide every student with access to our awarding winning learning management system, which incidentally won awards from ‘The Best of Elearning!” in 2011 and 2012 and is short listed again for 2013. All the content that students receive is placed on our mobile responsive learning platform – meaning that when you have any downtime you can pull out your phone or tablet and study! Aside from providing the course content in an organized manner, our system also contains a messaging system for your tutor and tests that you can take.

In addition, you can also monitor your progress and network with other processionals taking the course.

Class 1: Toolset Introduction

  • Introduction to APT L-1
  • BT5r2-PTE Lab Introduction
  • BT5r2-PTE Lab Setup
  • BT5r2-PTE Tools Introduction

In this initial module Jeremy, your instructor (jump to the bottom to read his profile) will present an overview on how to set up a penetration testing lab designed for helping to practice pentesting skills that you will work on throughout the course as well as when completing the homework assignments. In addition, this module will also cover BackTrack Linux as a penetration tester’s toolkit and the special edition created specifically by the instructor for use as a pentesting lab (PenTesting Edition). This will also include a brief introduction into the technologies used in the lab and how the lab works.

Class 2: Basics

  • Networking
  • Operating Systems
  • Services

In the second class, Jeremy covers technical basics that are required by every penetration tester. Starting with some basics on networking technology including IP addresses, ports, subnetting, and routing this module then continues to examine firewalls and general networking. This section is concluded by examining network topology and what the penetration tester can expect when auditing and securing a network.

This module also includes a section dedicated to examining operating system basics. More of an overview, Jeremy will touch on some differences that you’ll see between different operating systems (OS) when performing your penetration testing. The OS section will be followed by reviewing some of the services that are native (or work best natively) on those operating systems including WWW, FTP, SSH, DHCP, DNS and SSH.

Class 3: Reconnaissance, Scanning and Enumeration

  • Introduction to penetration testing methodology
  • Reconnaissance
  • Scanning
  • Documenting

Class 3 will focus on reconnaissance, scanning, and enumeration which many consider to be the fun part of hacking and pentesting. This module falls within the remit of information gathering and gives the student the foundation needed to perform testing. Jeremy will review the concepts of a penetration testing methodology, how to perform reconnaissance, scanning, and enumeration, and how to audit and document your findings for your client. All of these processes are necessary when performing a penetration test and will be required in order to complete your assignments.

Class 4: Web Servers

  • Viewing a website from a Penetration Tester’s Point of View
  • Looking for weaknesses manually
  • Vulnerability Scanning

Class 4 is all about web servers – clearly a vital component of any security testing! Jeremy will focus on how a professional would examine a web site and associated web applications for vulnerabilities that are commonly found. The taught techniques will be demonstrated with a mix of manual and automated tools and the class will wrap up with a fun assignment where the students try and find a vulnerability in a web site.

Class 5: Databases

  • Why attack databases?
  • Introduction to SQL
  • Exploiting SQL injection
  • Analyzing your results

Databases and database security is a massive subject. Remembering that 70% of hacks are still database related (SQL Injection etc) this is clearly a very important module. Jeremy will talk about why databases are a typical target for hackers and how their (the hackers) processes help us firm up our systems. The module will teach concepts of SQL and how that language works with particular emphases to SQL injection.

Class 6: Service Exploitation

  • What are we looking for?
  • Identifying services
  • Introduction to exploit generation
  • Researching vulnerabilities
  • Exploiting vulnerabilities
  • Information gathering

Class 6 is all about service exploitation. We’ll talk about what this actually means and review some fundamentals regarding how to identify vulnerable services and how to take potentially exploit them. Jeremy will examine some common types of exploits and discuss how these work and how to prevent them. The class will also review what to do after you have successfully exploited a service and how to gather more information about the target system or network. The assignment will include identifying a vulnerable service on a remote system (via the lab) and how to use an exploit to gain administrative access to the vulnerable system.

Class 7: Leveraging Your Targets

  • Got Root, now what?
  • Adding tools
  • Using the host
  • Using the host network

Digging in deeper is the primary focus of class 7 where your instructor will be discussing what to do after you have gained administrative access. Jeremy will talk about how the penetration testing methodology recycles and what steps you can take next. A few methods for putting tools on a remote system will be taught as well as how you can use the compromised host to further your pentesting. We’ll cover some really cool techniques that can be used to gain access to additional systems and practice one of those techniques in the assignment.

Class 8: Password Attacks

  • Password authentication basics
  • Obtaining passwords
  • Guessing passwords
  • Password tools

We’ll wrap up the course with a class on passwords and password attacks – vital to any professional pentesters tool kit. While this may seem a little late in the course to talk about such a basic topic, you’ll discover why this has been left until the end! You’ll see how password hacking can be very easy when done correctly but it can also be a laborious and a time consuming task if done incorrectly. In this class we’ll talk about different password attacks and the homework will involve cracking a password on a remote system.

Your instructor
Jeremy Faircloth is not only a great guy, but he is very hands-on, knowledgeable and an excellent educator. Having written the content above – who better than Jeremy to teach the class? Jeremy currently holds CISSP, Security+, CCNA, MCSE, MCP+I, and A+ certifications whilst his career spans into having managed technical teams at multiple Fortune 50 companies. He is a member of the Society for Technical Communication and frequently acts as a technical resource for other IT professionals through teaching and writing, using his expertise to help others expand their knowledge.

As a systems engineer with over 20 years of real-world IT experience, he has become an expert in many areas including Web development, database administration, enterprise security, network design, large enterprise applications, and project management. Jeremy is also an author that has contributed to over a dozen technical books covering a variety of topics and teaches courses on many of those topics.

In Summary
This is an awesome course and we are very proud to be working with Jeremy to offer this training package – at an unbelievable price. For more information, the price, and to enroll please follow this link. Please get in contact with us if you have any questions and we look forwarding to working with you!

Leave a comment or reply below...thanks!