Learn Security Online

New Advanced Penetration Tester Course

Advanced Penetration Testing (APT): Pentesting High Security Environments course is a
five-day intensive that focuses attacking and defending highly secured environments
such as 3-letter agencies, DoD, financial organizations, federal organizations, and large companies.

This is NOT your normal Ethical Hacking course. You won't be attacking unpatched Windows 2000 Servers,
and you won't be learning a bunch of outdated tools like most Ethical Hacking courses.

In APT, you will be learning how to attack new operating systems such as Windows Vista, Windows 7,
Windows Server 2008, and the latest Linux servers. All of these servers will be patched, and hardened.
Both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) will be in place as well.
The learning curve is high, but the rewards are astronomical.

The course starts with attacking heavily protected environments from the outside and dealing with things
like Load Balancing, Deep Packet Inspection, and Network-Based IDS/IPS. Next is attacking web applications
and dealing with common application security measures in PHP/ASP.NET, and Web Application Firewalls.

Then the course moves on to attacking from the LAN, dealing with NAC solutions, locked down workstations/GPOs,
and Host-Based IDS/IPS. Then finally the last section of the course covers gaining control of Active Directory.

Pentesting High Security Environments is NOT a death by powerpoint course. Over 80% of class is hands-on hacking labs.

Students that are Network/System Administrators with three or more years experience working in environments such
as financial institutions, DoD networks, or similar high security environments will benefit greatly from this course.
It is however primarily designed for Network/Web Application Penetration testers that are looking for the little tips
and tricks that will help them better attack high security environments.

 

APT Course Syllabus

Stealth Scanning

        1. Bypassing IDS/IPS

Attacking From the Web

        1. XSS to command-shell

        2. SQL Injection to command-shell
                MS-SQL
                MySQL
                Oracle

        3. File Handling to command-shell

                File Upload to command-shell
                RFI to command-shell
                LFI to command-shell

Client-Side Pentesting

        1. Bypassing Antivirus

               Packing Binaries
               Modifying Binaries with OllyDBG
               Writing Custom Trojans

        2. Email Collection & Web Server Setup

        3. Pivoting into the LAN


Attacking From the LAN

        1. Bypassing Port Security

        2. Bypassing NAC Solutions



Breaking out of Restricted Environments

        1. Citrix in Kiosk Mode

        2. Restricted Desktops

        3. Group Policy Object Restricted Applications



Bypassing Network-Based IDS/IPS

        1. Enumerating the network

        2. Defeating IDS/IPS Signatures


Privilege Escalation
       

        1. Privilege Escalation in Windows XP

        2. Privilege Escalation in Windows Vista\Windows 7


Post-Exploitation

        1. Remote Command Execution

        2. Automating Tasks

        3. Enabling RDP/VNC

        4. Persistence



Course Instructor
The course instructor is security consultant and trainer Joe McCray. Joe McCray has 8 years of experience in the
security industry with a diverse background that includes network and web application penetration testing, incident
response, and forensics in the both DoD community and the private sector. Joe is also a frequent presenter at security
conferences such as Def Con, ToorCon, BruCON, LayerOne, TechnoSecurity, and TechnoForensics.


General Course Info

Course dates are 17th - 21st May 2010. The course will be comprised of 5 days of 50 minute sessions with 5-10 minute
breaks, and an hour for lunch.

Pre-requisites:
Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.

    * Basic Windows administration for both servers and workstations

    * Basic Linux/*NIX system administration skill

    * Basic command-line proficiency on both Windows and *NIX systems


Students should be familiar with the following web technologies and languages:
    * HTTP
    * HTML
    * Javascript
    * ASP
    * PHP
    * SQL

Students should also be familiar with Metasploit, and VMWare.


Training Location
Academy of Computer Education
7833 Walker Drive, Suite 520C
Greenbelt, Maryland 20770
Phone: (301) 220-2802
Toll-Free: (877) 564-TRAIN
http://www.trainace.com/

 

Pricing $3,500  



All software and necessary equipment is provided.



Need a hotel for the week of your class?

For a discounted hotel rate please contact us. ACE has pre-negotiated a
discounted stay for APT students in the Greenbelt Hilton Garden Inn.
The Hotel is located approximately 200 yards from the school.



All Inclusive APT Class Pricing:

If you are flying in from out of town for the APT training class, we
have an all-inclusive bootcamp style package which includes your flight,
hotel, and breakfast each day for $4,500

Hacker's Bootcamp

This is a 7-module course focuses on the familiarizing you with the critical aspects of "FUNCTIONAL" computer security.

The course material and labs are made up of optional content/labs so more advanced customers know what they can skip.

The content is broken up into modules, and you get one week of access to the lab for each module.

The modules step you through everything from Linux command-line basics, to scanning, to exploits, to web application security, to forensics, to basic reverse-engineering.

 You can purchase the course by clicking here:

September's Back To Hacking...err...I Mean Back To School Package Deal

We've put the "So You Wanna Be A Pentester", and the "So You Wanna Be A Web App Pentester"
courses into a package deal. For the month of September only you get 3 course options:

Option 1: So You Wanna Be A Pentester for $200 (regular price $300)

Option 2: So You Wanna Be A Web App Pentester $300 (regular price $450)

Option 3: Both courses for $500 (regular price $600)

So You Wanna Be A Pentester?

Description
This course will cover some of the newer aspects of penetration testing
such as Open Source Intelligence Gathering with Maltego and other Open
Source tools.

Advanced Scanning, Enumeration, Exploitation (remote and client-side),
and Post-Exploitation relying heavily on the features included in the
Metasploit Framework will also be covered.

Emphasis throughout the entire workshop will be placed on being as
stealthy as possible, and dealing with popular defensive technologies
such as:

• Network Intrusion Detection/Prevention Systems
• Host-Based Intrusion Detection/Prevention Systems
• Web Application Firewalls
• Anti-Virus
• Content-Filtering Proxies

Meeting Johnny Long was such a great experience. I have so much respect for him as a security professional, and even more as a person. I sincerely hope that people enjoy this interview with him.

I encourage you to check out:

http://hackersforcharity.org/

and I also want to thank Marcus Carey for his friendship, and for just being Marcus - thanks for everything bro - you are changing the security industry.

Check out: blog.marcusjcarey.com