Prerequisites and What to bring:
TCPIP and Linux, intermediate to advanced experience or education with security, testing, and vulnerability assessment, Windows and Linux. 1 year of IT Security experience.
The ECSA class is security testing and more. Certification, Process and Report Writing in 4 days.
The ECSA and LPT class is "how to test" and "how to report" to management network vulnerabilities. The ECSA class presented together with the LPT allows your team to spend 4 days and gain the tactical security skills to be a Qualified License Penetration Tester. The LPT labs from 5PM-8PM are separate from ECSA, you can stay and learn more - or go network with friends after the ECSA class ends at 5PM.
We use highly qualified SME instructors that know hacking and pen testing. This tactical ECSA class has MORE LABS focused on advanced vulnerability assessments, penetration testing, reporting and the knowledge to pass the ECSA test. You will gain the mind set used by both security testers and hackers alike. In 4 days, you will pass your ECSA exam and be prepared to write detailed and executive reports for management.
Each day you will spend 3 hrs in labs practicing how to gain access to unauthorized information with current exploitation tools and processes. Learn the tactical business skills necessary to perform valid security testing regardless of the architecture of the target network.
This is a four-day course.
There will be 3 hours of optional hacking attacks every night in addition to ECSA hands on labs. If your taking the LPT Test you'll want to stay for these labs. Perform every stage of an actual security assessment/penetration test in a target rich, controlled classroom environment. Penetration concepts you will master during this hands on class...
- Attacking network infrastructure devices
- Hacking by brute forcing remotely
- Security testing methodologies
- Security exploit testing with IMPACT from Core Security
- Stealthy network recon
- Remote root vulnerability exploitation
- Multi-OS banner grabbing
- Privilege escalation hacking
- Unauthorized data extraction
- Breaking IP-based ACLs via spoofing
- Evidence removal and anti-forensics
- Hacking Web Applications
- Breaking into databases with SQL Injection
- Cross Site Scripting hacking
- Remote access trojan hacking
- Offensive sniffing
- Stolen Laptop, Cellphones and PDA’s Penetration Testing
- Penetration Testing Report Analysis
- Penetration Testing Report and Documentation Writing
- Penetration Testing Deliverables and Conclusion
- Ethics and Conduct of a Licensed Penetration Tester
- Defensive techniques
- Instructor-led hands-on lab exercises
- Capture the Flag hacking exercises
- Abusing DNS for host identification
- Leaking system information from Unix and Windows
- Stealthy Recon
- Unix, Windows and Cisco password cracking
- Remote buffer overflow exploit lab - Stack mashing
- Remote heap overflow exploit lab - Beyond the Stack
- Desktop exploitation
- Remote keylogging
- Data mining authentication information from clear-text protocols
- Remote sniffing
- Malicious event log editing
- Transferring files through firewalls
- Hacking into Cisco routers
- Harvesting web application data
- Data retrieval with SQL Injection Hacking
- Wireless security assessments
What You Will Learn
Our ECSA / Qualified Security Analyst & Network Penetration Testing Methods course will provide you with valuable skills and information, including:
- Latest exploit goals and methodologies
- Understanding the mind set needed to perform penetration testing
- Advanced information-gathering techniques
- Expert network discovery tools and techniques
- Identifying and exploiting architectural weaknesses
- Advanced enumeration of network devices, platforms and protocols
- Cracking contemporary authentication and authorization
- Advanced router, firewall and IDS testing \ Exploiting IPS
- Vulnerability research and automated scanning in the enterprise
- Scanning for root kits, trojans, malware and viruses
- Tools for web application testing - Watchfire and freeware tools
- Exploiting complex protocols, such as SSH, SSL, and IPSEC
- Using payload generators
- Advanced wireless testing tools and techniques
- Penetration testing of "Wetware"
- Penetration testing and the law
You'll learn how to gather viable data on your network's vulnerabilities using leading edge tools like Nessus , NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for web attacks and the latest in exploit tools, IMPACT from Core Security and many Web Servers Penetration testers, including WatchFire’s Appscan.
Who Should Attend?
System and Network Administrators, Security Personnel, Auditors, Consultants concerned with network security, Threat management teams Software programmers, Forensic Experts.
Licensed Penetration Tester
Security University and Black Hat have been flooded with requests to include the LPT workshop "Test" at Black Hat USA 2007. This LPT "Test" is only available to ECSA registered attendees and takes place immediately after the ECSA exam on the last day of the ECSA class.
The LPT Test is an additional "workshop test fee" that lasts between 3-4 hours and is not a part of the ECSA class. The Black Hat LPT Test special will be $1600, 45% off the retail LPT workshop fee of $2,995 and is available only to those who complete the ECSA course at Black Hat USA 2007. The LPT Test will begin after the ECSA exam is completed in the same room. Pizza will be served to keep you focused on your targets. Don't miss this once in a life time opportunity to be one of the group to get your Black Hat LPT EC-Certification.
The LPT "Test" is gathering the documentation of the "LPT Test" target (information) and creating an executive and detailed report for management about network weaknesses, vulnerabilities and recommendations to improve risk. You will use your newly learned penetration testing skills (in teams) to escalate privileges and gather information on 4-6 LPT test boxes. After the 3-4 hours of gathering target information, you will take the documented information your team gathered and on your own, produce a complete Penetration Testing Report including an executive and detailed report for management to be delivered to your client, Security University by 12AM, Monday, August 6, 2007.
Learn more about the Licenced Peneteration Tester course.
Security University's goal is prepare and qualify security professionals to protect electronic assets. SU "helps raise the level of computer security and information assurance in your company" by providing hands-on computer security training for executives, network professionals, system administrators, security administrators and consultants.
Security University is the first computer security training company to provide IT professionals a complete hands-on computer security curriculum for the creation of secure infrastructures. And in 2007 is the first to provide qualified information security training, educations and testing.
Each class provides SU escalating security workshops and hands-on technical labs that teach how to plan, implement, build and maintain security and compliance to reduce risk.