IT-Trainer Jobs und Stellenangebote: Certified Penetration Testing Professional v2 (CPENT AI)

Seminardauer: 5 Tage

Trainer gesucht

IT-Trainer Jobs und Stellenangebote: Certified Penetration Testing Professional v2 (CPENT AI), EC-Council, IT-Security Spezialist, Penetration Testing.

Anmelden / Registrieren als Trainer

Agenda

Module 01: Introduction to Penetration Testing and Methodologies

  • Principles and objectives of penetration testing
  • Penetration Testing Methodologies and Frameworks
  • Best Practices and Guidelines for Penetration Testing
  • Role of Artificial Intelligence in Penetration Testing
  • Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Module 02: Penetration Testing Scoping and Engagement

  • Penetration Testing: Pre-engagement Activities
  • Key Elements Required to Respond to Penetration Testing RFPs
  • Drafting Effective Rules of Engagement (ROE)
  • Legal and Regulatory Considerations Critical to Penetration Testing
  • Resources and Tools for Successful Penetration Testing
  • Strategies to Effectively Manage Scope Creep

Module 03: Open Source Intelligence (OSINT) & Attack Surface Mapping

  • Collecting Open-source Intelligence (OSINT) on Target's Domain Name
  • Collecting OSINT about Target Organization on the Web
  • Perform OSINT on Target’s Employees
  • Open Source Intelligence (OSINT) using Automation Tools
  • Attack Surface Mapping

Module 04: Social Engineering Penetration Testing

  • Social Engineering Penetration Testing Concepts
  • Off-Site Social Engineering Penetration Testing
  • On-Site Social Engineering Penetration Testing
  • Document Findings with Countermeasure Recommendations

Module 05: Web Application Penetration Testing

  • Security Frame vs. Vulnerabilities vs. Attacks
  • OWASP Penetration Testing Framework
  • Web Application Footprinting and Enumeration Techniques
  • Techniques for Web Vulnerability Scanning
  • Test for Vulnerabilities in Application Deployment and Configuration
  • Techniques to Assess Identity Management, Authentication, and Authorization Mechanisms
  • Evaluate Session Management Security
  • Evaluate Input Validation Mechanisms
  • Detect and Exploit SQL Injection Vulnerabilities
  • Techniques for Identifying and Testing Injection Vulnerabilities
  • Exploit Improper Error Handling Vulnerabilities
  • Identify Weak Cryptography Vulnerabilities
  • Test for Business Logic Flaws in Web Applications
  • Evaluate Applications for Client-Side Vulnerabilities

Module 06: API and Java Web Token Penetration Testing

  • API and Java Web Tokens (JWT) Penetration Testing
  • Techniques and Tools to Perform API Reconnaissance
  • Test APIs for Authentication and Authorization Vulnerabilities
  • Evaluate the security of JSON Web Tokens (JWT)
  • Test APIs for Input Validation and Injection Vulnerabilities
  • Test APIs for Security Misconfiguration Vulnerabilities
  • Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
  • Test APIs for Security of GraphQL implementations
  • Test APIs for Business Logic Flaws and Session Management

Module 07: Perimeter Defense Evasion Techniques

  • Techniques to Evaluate Firewall Security Implementations
  • Techniques to Evaluate IDS Security Implementations
  • Techniques to Evaluate the Security of Routers
  • Techniques to Evaluate the Security of Switches

Module 08: Windows Exploitation & Privilege Escalation

  • Windows Pen Testing Methodology
  • Techniques to Perform Vulnerability Assessment and Exploit Verification
  • Methods to Gain Initial Access to Windows Systems
  • Techniques to Perform Enumeration with User Privilege
  • Techniques to Perform Privilege Escalation
  • Post-Exploitation Activities

Module 09: Active Directory Penetration Testing

  • Architecture and Components of Active Directory
  • Active Directory Reconnaissance
  • Active Directory Enumeration
  • Exploit Identified Active Directory Vulnerabilities
  • Role of Artificial Intelligence in AD Penetration Testing Strategies

Module 10: Linux Exploitation & Privilege Escalation

  • Linux Exploitation and Penetration Testing Methodologies
  • Linux Reconnaissance and Vulnerability Scanning
  • Techniques to Gain Initial Access to Linux Systems
  • Linux Privilege Escalation Techniques

Module 11: Reverse Engineering, Fuzzing & Binary Exploitation

  • Concepts and Methodology for Analyzing Linux Binaries
  • Methodologies for Examining Windows Binaries
  • Buffer Overflow Attacks and Exploitation Methods
  • Concepts, Methodologies, and Tools for Application Fuzzing

Module 12: Lateral Movement & Pivoting

  • Advanced Lateral Movement Techniques
  • Advanced Pivoting and Tunneling Techniques to Maintain Access

Module 13: IoT Penetration Testing

  • Fundamental Concepts of IoT Pen Testing
  • Information Gathering and Attack Surface Mapping
  • Analyze IoT Device Firmware
  • In-depth Analysis of IoT Software
  • Assess the Security of IoT Networks and Protocols
  • Post-Exploitation Strategies and Persistence Techniques
  • Comprehensive Pen Testing Reports

Module 14: Report Writing & Post-Testing Actions

  • Purpose and Structure of a Penetration Testing Report
  • Essential Components of a Penetration Testing Report
  • Phases of a Pen Test Report Writing
  • Skills to Deliver a Penetration Testing Report Effectively
  • Post-Testing Actions for Organizationss