Suggested Course Track:
CEH  >  CHFI  >  ECSA/LPT

EC Council Authorized

GlobalNet Training’s Certified Security Analyst (ECSA) / Licensed Penetration Tester (LPT) combined 6-day Boot Camp certifies individuals in the specific network security discipline of Security Analysis and Penetration Testing.

Certified Security Analyst (ECSA)

ECSA is a security class like no other! Providing real world hands-on experience, it is the only in-depth Advanced Hacking and Penetration Testing class available that covers testing in all modern infrastructures, operating systems and application environments.

EC-Council’s Certified Security Analyst (ECSA) program is a highly interactive security class designed to teach Security Professionals the advanced uses of the available methodologies, tools and techniques required to perform comprehensive information security tests. Students will learn how to design, secure and test networks to protect your organization from the threats hackers and crackers pose. By teaching the tools and groundbreaking techniques for security and penetration testing, this class will help you perform the intensive assessments required to effectively identify and mitigate risks to the security of your infrastructure. As students learn to identify security problems, they also learn how to avoid and eliminate them, with the class providing complete coverage of hacking and network security-testing topics.

ECSA complements the Certified Ethical Hacker (CEH) certification by exploring the analytical phase of ethical hacking. While CEH exposes the learner to hacking tools and technologies, ECSA takes it a step further by exploring how to analyze the outcome from these tools and technologies. Through groundbreaking penetration testing methods and techniques, the ECSA class helps students perform the intensive assessments required to effectively identify and mitigate risks to the security of the infrastructure. The objective of ECSA is to add value to experienced security professionals by helping them analyze the outcomes of their tests. ECSA leads the learner into the advanced stages of ethical hacking. This makes ECSA a relevant milestone towards achieving EC-Council’s Licensed Penetration Tester, which also ingrains the learner in the business aspect of penetration testing. The Licensed Penetration Tester standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.

Benefits

• ECSA is for experienced hands in the industry and is backed by a curriculum designed by the best in the field.
• Greater industry acceptance as a seasoned security professional.
• Learn to analyze the outcomes from using security tools and security testing techniques.

EC-Council's Licensed Penetration Tester

“The Most Prestigious Certification for Penetration Testing Professionals.”

EC-Council’s Licensed Penetration Tester (LPT) is a natural evolution and extended value addition to its series of security related professional certifications. LPT standardizes the knowledge base for penetration testing professionals by incorporating the best practices followed by experienced experts in the field.

The objective of a LPT is to ensure that each professional licensed by EC-Council follows a strict code of ethics, is exposed to the best practices in the domain of penetration testing and is aware of all compliance requirements required by the industry.
Unlike a normal security certification, the Licensed Penetration Tester is a program that trains security professionals to analyze the security posture of a network exhaustively and to recommend corrective measures authoritatively. EC-Council's license vouches for their professionalism and expertise thereby making these professionals more sought-after by organizations and consulting firms globally.

LPT is a professional certification that is used to measure penetration testing skills. A candidate can initiate training to become a Licensed Penetration Tester by attending EC-Council’s CEH training program. All of the LPT courses come with high-quality supporting materials, aids and resources.

LPT Certification was designed to recognize mastery of an international standard for penetration testing and understanding of a Common Body of Knowledge. Certification can enhance a professional’s career and provide added IS credibility and is ideal for anyone who is involved with penetration testing in the organization - System administrators, IT managers, IT Auditors, database professionals, etc.

Benefits

1. EC-Council's endorsement as a licensed penetration testing professional allows them to practice as a penetration testing consultant internationally.
2. Industry acceptance as a legal and ethical security professional
3. Access to proprietary EC-Council software, templates and penetration testing methodologies.
4. License to practice and conduct security testing in organizations accredited by EC-Council.
5. Acquire knowledge from experienced, hands-on penetration testingmethodologies and latest penetration testing practices.

Dallas Facility Information

We recently announced the grand opening of GlobalNet Training's new headquarters in Dallas, Texas. Our brand new state-of-the-art training center boasts four large classrooms with flat screen monitors along with a spacious break room stocked with modern appliances, free sodas & snacks, and a plasma cable TV. We also offer student lounge areas, easy access from both Dallas airports, and we are within walking distance of hotels, restaurants, grocery stores, and shopping. More

Prerequisites

Students should have experience with Windows and/or UNIX/LINUX operating systems, along with knowledge of TCP/IP and networking. CEH certification is strongly recommended. This course is also a prerequisite to EC-Council’s Licensed Penetration Tester Program.

Who Should Attend

• System and Network Administrators
• Security and Firewall Administrators
• Security Engineers and Architects
• MIS Directors
• Professional Security Testers
• Chief Security Officers
• Professional Security
• Chief Intelligence Officers
• IT Auditors
• Security Analyst
• Risk Assessment Professionals
• Vulnerability Auditors

EC Council

The International Council of Electronic Commerce Consultants (EC-Council) is a member-supported professional organization. The purpose of the EC-Council is to support and enhance the role of individuals and organizations who design, create, manage or market e-Business solutions. EC Council supports their members by providing Electronic Commerce Consultant certification as well as educational, technical, placement, member advantage, and discounted services. They enhance their membership by providing a community where discussion and information exchange can operate freely in the context of mutual trust and benefit.

Frequently Asked Questions

ECSA

1. How does ECSA deliver value to a security professional like me?
   
   
2. Why should I take ECSA when I am already certified as a security professional?
   
   
3. How does ECSA deliver value to the enterprise’s security team?
   
   
4. How is ECSA different from CEH?
   
   
5. I have over three years experience in the industry. Should I opt for ECSA instead of CEH?

LPT

1. Why should I be licensed?
   
   
2. I am a Penetration Tester why do I need to be a Licensed Penetration Tester?
   
   
3. What is the difference between a Licensed Penetration Tester and a Certified Ethical Hacker?
   
   
4. Why does EC-Council License Penetration testing?
   
   
5. How is EC-Council’s Licensed Penetration Testing course different from training and other methodologies?
   
   
6. I have experience in Penetration Testing can I skip the LPT workshop?
   
   
7. What is EC-Council’s Tiger Team?
   
   
8. How do I join EC-Council’s Tiger Team?
   
   
9. If I have a penetration testing assignment how do I go about completing it?
   
   
10. Are there any LPT exams?
    
    
11. What if someone breaks the EC-Council code of ethics?
    
    
12. How do I apply for the Licensed Penetration Tester course?
    
    
13. How long is the License for Penetration Testers valid?

 

ECSA

1. How does ECSA deliver value to a security professional like me?
   
   ECSA teaches you to interpret and analyze outcomes you come across during routine and exceptional security testing. It helps you analyze the symptoms and pinpoint the causes of those symptoms which reflect the security posture of the network. top
   
   
2. Why should I take ECSA when I am already certified as a security professional?
   
   Most security certifications highlight the management aspects or the technical aspects alone. ECSA helps you bridge the gap to a certain extent by helping you detect the causes of security lapses and what implications it might carry for the management. This places you a step closer to becoming a Licensed Penetration Tester, where you become a complete penetration testing professional. top
   
   
3. How does ECSA deliver value to the enterprise’s security team?
   
   Having an ECSA on your enterprise security team will enhance value to the team as you will have a professional aboard who is exposed to advanced security testing and proficient to make studied analysis of the situation. top
   
   
4. How is ECSA different from CEH?
   
   CEH exposes the learner to various hacking tools and techniques, while ECSA exposes the learner to the analysis and interpretation of results obtained from using those tools and techniques. top
   
   
5. I have over three years experience in the industry. Should I opt for ECSA instead of CEH?
   
   ECSA is not a replacement for CEH. CEH provides you with a foundation in which to fortify your skills using knowledge gained from ECSA. top

LPT

1. Why should I be licensed?
   
   Penetration testers today have been certified by different agencies, but are they trusted? Do they follow a code of ethics? The answer is no. The Licensed Penetration Tester program offered by EC-Council gives certified penetration testers the opportunity to practice their skills so that they are able to function as a Licensed Penetration Tester. EC-Council Licensed Penetration Testers use hands-on penetration testing methodologies and are trained by experts and specialists who are Licensed Penetration Testers from EC-Council. top
   
   
2. I am a Penetration Tester why do I need to be a Licensed Penetration Tester?
   
   Being a certified penetration tester would be of little help. Corporate organizations today are looking for penetration testers who can analyze vulnerabilities of the network and who can be trusted not to disclose network vulnerabilities to competitors. Thereby, many companies would be looking for a Penetration Tester who is licensed to carry out these tasks and who has hands-on experience in penetration testing. top
   
   
3. What is the difference between a Licensed Penetration Tester and a Certified Ethical Hacker?
   
   A Certified Ethical Hacker is an individual who is trained in mastering hacking technologies. A Licensed Penetration Tester is a professional who is equipped with a License to conduct penetration testing of corporate networks. Licensed Penetration Testers are preferred over non-licensed ones by companies for recruitments and assignments. top
   
   
4. Why does EC-Council License Penetration testing?
   
   With the Licensed Penetration Testing program from EC-Council, companies are assured that Licensed Penetration testers are being taught, tested and certified by a globally recognized and professionally managed body like E C-Council. Thus, organizations can be completely assured and confident of the deliverables of the Licensed Penetration Tester authorized by EC-Council. This could be compared to procuring a driving license from your license-issuing authority. top
   
   
5. How is EC-Council’s Licensed Penetration Testing course different from training and other methodologies?
   
   The Licensed Penetration Testing course provided by EC-Council is different from other training programs as the instructors teaching the course are experts and specialists in the field of Penetration testing and are qualified and licensed penetration testers themselves. EC-Council provides specialized training for licensed penetration testers to have a competitive edge in the information security market. top
   
   
6. I have experience in Penetration Testing can I skip the LPT workshop?
   
   It is mandatory for certified penetration testers to attend the LPT workshop. The LPT workshop is conducted by specialized and experienced LPTs who provide insights to common vulnerabilities to networks. This workshop teaches penetration testers how to conduct a penetration test step by step. The workshop is conducted by Licensed Penetration Testers at selected locations. top
   
   
7. What is EC-Council’s Tiger Team?
   
   EC-Council’s Tiger Team is made up of Licensed Penetration Testers from around the world and different disciplines. The Tiger Team consists of Database Penetration Testers, Firewall Penetration Testers, Cisco Penetration Testers, Oracle Penetration Testers, Report writers, etc., and is headed by a Chief Penetration Tester. top
   
   
8. How do I join EC-Council’s Tiger Team?
   
   Penetration Testers can join EC-Council’s Tiger Team after they obtain the LPT license. Once the penetration tester has received his /her license he or she shares a common platform with other LPTs and can become a part of EC-Council’s Tiger Team through EC-Council’s member portal for LPT professionals. top
   
   
9. If I have a penetration testing assignment how do I go about completing it?
   
   Penetration Testing assignments given by EC-Council teach candidates to start penetration testing from scratch. Candidates are taught advanced techniques in penetration testing. top
   
   
10. Are there any LPT exams?
    
    There are currently no LPT exams; however, the exam is currently under development and will most likely be available in the near future. top
    
    
11. What if someone breaks the EC-Council code of ethics?
    
    If any candidate breaks the EC-Council code of ethics his/her Penetration testing license would immediately be revoked after EC-Council conducts a detailed investigation into the case. top
    
    
12. How do I apply for the Licensed Penetration Tester course?
    
    Candidates are able to apply for the Licensed Penetration Testing course after filling out the application form providing a training source agreement for approval that should be endorsed by the sponsoring agency. Candidates must agree to the EC-Council code of ethics. top
    
    
13. How long is the License for Penetration Testers valid?
    
    The validity of the license for the penetration tester expires after 2 years. The penetration tester can apply for renewal of license providing payment of $250 to EC-Council. top

ECSA Outline | LPT Certification Outline

EC-Council's Certified Security Analyst Detailed Course Outline

Module 1 - Penetration Testing Methodologies

• Understand how to structure and organize security tests
• Understand the five stages of a common penetration test attack methodology
• Analyze the tactical application of each phase
  • Get an overview of The Security Map and sections of the OSSTMM
• Learn about an OSSTMM certified security test
• Understand what is a complete and valid OSSTMM security test
• See how the OSSTMM addresses privacy law compliance
• Learn how the OSSTMM addresses “Best Practices” compliance
• The NIST Methodology
• See an overview of the NIST Four-Stage Penetration Testing methodology
• See escalation of privileges according to he NIST methodology
• Learn about the course methodology
• Learn about the methodology followed in this course

• Learn about malicious hackers methodologies
  • Review a common malicious hacker attack methodology
• Examine methodological variants
  

Module 2 - Test Planning and Scheduling

• Estimation of Resources for the Test
  • Estimating time and cost of a test
• Defining the test scope
  • Determination of Test Objectives
• Technical Preparation
  • Attack network
• Attack workstation
• Gathering tools and exploits
• How to manage confidential data
• Rules of Engagement
• Non-disclosure agreement
• Liability limitations
• Emergency phone number
• Know the rules of engagement as they pertain to client target networks/systems
• Defined Roles of the Involved Personnel
• Review rules of engagement
• What should be included in rules of engagement
• Reporting
• Deliverables
• Knowing what results are expected at the end of the test
• Presentation of results

Module 3 - Information Gathering

• Demonstrate understanding of the field of Competitive Intelligence
• Develop skills involved in competitive intelligence gathering
• Demonstrate understanding of Informational Vulnerabilities in depth
• Engage in Passive network discovery techniques
  • Use advanced web resource skills to research identified targets in depth
• Formulate a picture of network boundaries, using IP and DNS information
• Analyze documents for potential Information Vulnerabilities
• Information vulnerability and source of information
• Business intelligence
• Sales data
• R&D data
• Job advertising
• Web site
• Mailing list
• Other sources of great interest
• Information gathering types
• Passive
• Active
• How and where to passively gather information
• Information gathering applications
• Dig
• Host
• Nslookup
• Sam Spade
• Registrars
• DNSTracer
• kartOO
• Advanced web tricks
• And other tools and websites
• Controls to protect information

Module 4 - Advanced Vulnerability Analysis Penetration Testing and Security Analysis

• Understand the three most common present vulnerability types
  • Identify the potential impact of Information Vulnerabilities
  • Identify the risks of Network Vulnerabilitie
  • Understanding the different types of System Vulnerabilities and their impact
• TCP overview
  • TCP protocol suite
  • ICMP, UDP, ICMP, TC
  • Handshake
  • Tear Down
  • Port and Services
  • Flags
• Traceroute and TCPTraceroute
• LFT
• Tools to probe protocols
  • Paketto Kieretsu
  • ScanRand
  • Minewt
  • Linkcat
  • Paratrace
• Identifying targets through sweeping
  • Type of sweeps
• Evaluating services through scanning
  • Type of scans
  • Stealth Scanning
  • Bounce Attacks
  • Reverse Ident Scanning
• Nmap
  • How to use Nmap
• Nessus
  • How to use Nessus
  • How to avoid problems using Nessus
  • Limitations of Nessus
• Other scanners and tools overview
  • Retina
  • Saint
  • Hping2
  • Firewalk
  • Nikto
  • Languard
  • ISS
  • IpEye
  • Netscan Tools
  • SuperScan
  • Friendly Pinger
  • Cheops
  • SATAN
• Advanced OS fingerprinting techniques
• Proxy Servers
• Sniffing
  • Tcpdump
  • Windump
  • Snort
  • Ethereal
  • Ettercap
  • Dsniff
• Windows Tools
  • Dumpsec
  • Winfo
  • NAT
  • Netbios Enumeration Techniques
  • Userinfo
  • Getacct
  • Dumpreg
  • WinFingerprint
  • AD Enumeration
• SNMP
  • Weaknesses
  • Snmpwalk
  • Snmpget
  • Snmpgetnext
  • SolarWinds
  • SNScan
• Phone Phreakers
• PBX testing
• Modem Testing
• WarDialing
• Fax Security
• PhonSweep
• Toneloc
• THCScan
• Countermeasures

Module 5 - Advanced Denial of Service (DoS) Penetration Testing and Security Analysis

• Describe the components of a DoS attack
• Attack Vectors
• The Battlefield
• DoS, DDoS, DRDoS
• Identify the harm caused to the target system
• Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack
• Outline the necessary steps to test a system’s strength against a DoS attack
• Gathering and documenting the results

Module 6 - Advanced Password Cracking Penetration Testing and Security Analysis

• Demonstrate understanding how passwords work in common operating systems
• Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM, Active Directory)
• Demonstrate knowledge of Linux/Unix authentication mechanisms
• Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP, PAM, etc)
• Demonstrate knowledge of how distributed password cracking works
• Demonstrate knowledge of advanced password cracking attacks, such as Rainbow Tables
• Demonstrate ability to test strength of authentication mechanisms using password cracking
• Use common tools to crack Windows Passwords
• Use several free tools to crack Linux and common Unix passwords
• Use advanced approaches to password cracking by combining techniques and resources to compromise the target credentials

Module 7 - Advanced Social Engineering Penetration Testing and Security Analysis

• Describe what Social Engineering is
  • Principles of social engineering
• Social Engineering Tips
• Type of social engineering attacks
• Define the techniques used to execute Social Engineering
• Social Engineering Goals
• Social Engineering Rules of engagement
• Recognize the threat of Social Engineering
• Outline the methods by which Social Engineering is performed
  • Trusted positions enumeration
• Trusted person testing
• Request Testing
• Guided Suggestions
• Phishing
• Security Policies
• Gather and document the test results

Module 8 - Advanced Internal Penetration Testing and Security Analysis

• Review the most common platforms
• Appraise a typical network environment
• Outline the steps of the assessment
• Describe the tools used for internal testing
• Viruses and Containment Testing
  • Categorize and Identify range and function of present Viruses
• Identify threat levels and countermeasures of various viruses
• Define impact and points of consideration of Viruses on security testing and analysis
• Understand how common viruses work
• Learn how to safely test containment measures
• Evaluate target networks for proper containment measures
• Explain how vulnerabilities are discovered
• Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
  • Employ advanced tools to fingerprint specific operating systems
• Implement advanced port scanning techniques to further refine targeting information
• Employ tools like Netcat to verify service information, and eliminate false positives
• Learn operating system specific tools and techniques
• Use commonly available Microsoft Resource Kits for advanced Windows enumeration
• Use Null-Sessions for advanced Windows enumeration
• Use various common tools in Linux for Linux and Unix enumeration
• Employ Automated Vulnerability Scanners
• Understand the strengths and weaknesses of Automated Scanners
• Using Nessus to refine target information
• Overview of common vulnerability scanners
• Cerberus Internet Scanner
• Somarsoft Hyena
• Languard
• Nessus
• Saint
• SATAN
• Employing Exploitation for verification of Vulnerabilities: Owning the Box
• Understand the specifics of common classes of System Vulnerabilities
  • Understand Stack based overflows
• Understand Format String vulnerabilities
• Understand Heap based overflows
• Develop and execute proof of concept Stack based overflows
• Develop and execute proof of concept Understand Format String vulnerabilities
• Develop and execute proof of concept Understand Heap based overflows
• Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
• Demonstrate ability to employ Shellcode within exploits
• Gather and document the test results

Module 9 - Advanced External Penetration Testing and Security Analysis

• Describe the goals of external testing
• Network Categories
• Understand the challenges facing a tester in an external penetration test
• Evaluate the potential attacks from outside of a security perimeter
• Web Security Challenges
• Current situation
  • Attack Trends
• What creates those vulnerabilities
• Understand the impact of web applications on Perimeter Security
• Test and Analyze higher-layer applications for Network Vulnerabilities
• Demonstrate Knowledge of common types of web application System Vulnerabilities
• Employ attack proxies to audit web applications
• Employ application scanners to audit web applications
• Anatomy of a remote exploit
• Common Attacks
  • Network packet sniffers
• IP spoofing
• Password attacks
• Distribution of sensitive internal information to external sources
• Man-in-the-middle attacks
• Phishing
• Examine the methodology of external penetration testing
• Demonstrate the tools used for external penetration testing
  • Website Crawler
• Idle Scanning
• Form Scalpel
• Java Decompiler
• Brutus AET2
• Achilles
• Web Proxies
• Gather and document the results

Module 10 - Advanced Router Penetration Testing and Security Analysis

• Overview of routing technologies
  • Router Security
• Routing Protocols
• Demonstrate knowledge of vulnerabilities in Routers
• Understanding many Informational Vulnerabilities, as well as network vulnerabilities present in many routers
• Analyzing Cisco packet captures for information disclosure and cracking Cisco passwords
• Demonstrate knowledge of vulnerabilities in various network devices
  • Explore the role of Network Appliances such as printers and PBX's in potential security violations
• Using Man in the Middle Attacks to intercept secured and encrypted traffic
• The potential for router exploitation
• Router Attacks
• DDoS Attacks
• Routing Table Attacks
• Arp Poisoning
• SNMP Attacks
• Brute Force Attacks
• BGP attacks
• Analysis of router vulnerabilities and attacks
• CVE
• US-CERT
• Packet Storm
• Neohapsis
• Bugtraq
• SecurityFocus
• Tools used for testing
• Gathering and documenting the results

Module 11 - Advanced Firewall Penetration Testing and Security Analysis

• Introduction to firewalls
  • What is a Firewall
• Commonly use Firewall
• Personal Firewall
• Type of Firewall
• Technical overview of firewall systems
• Different implementations
• NAT
• PAT
• Limitations
• Vulnerability analysis of firewalls
• Things a firewall cannot see
• Penetration testing steps
• Tools used for testing firewalls
  • Firewalk
• Ftester
• Gathering and documenting the results

Module 12 - Advanced Intrusion Detection Systems (IDS) Penetration Testing and Security Analysis

• What is Intrusion Detection?
  • The need for IDS
• Sensor Placement
• IDS overview
• IDS detection methods
• Detection Engines
• IDS analysis challenges
• Analysis Engines
• Host Based Challenges
• Network Based challenges
• Penetration testing techniques
• IDS Evasion Techniques
• IDS Insertion Attack
• IDS Fragmentation Attack
• Tools used for IDS testing and countermeasures
• PSAD
• Samhain
• Tripwire
• Stick
• Snot
• AdMutate
• Nikto
• Apsend
• Apsr
• Gathering and documenting test results

Module 13 – Advanced Wireless Penetration Testing and Security Analysis

• Present an overview of Wireless Security
  • Types of wireless Network
• Technology used in WLAN
• Access Point
• Chipsets
• Learn about Wireless Technologies
• Understand the problems with WLAN security
  • Issues with WLAN Security
• WEP security issues
• Cisco LEAP
• EAP
• 802.1X
• WPA
• TKIP
• RADIUS
• Examine the tools used for Wireless Networks Testing
• Airsnort
• WepCrack
• Monkey-Jack
• Kismet
• Examine Countermeasures

Module 15 - Advanced Application Penetration Testing and Security Analysis

• Identify types of common applications
  • Common Applications used
• Outline the technology of the applications
• Mobile code
• OLE
• DCOM
• ActiveX
• JAVA
• CGI
• Detect the vulnerabilities in the applications
• Buffer Overflow
• Stack Overflow
• Format Strings
• Vulnerable functions
• Examine the techniques of penetration testing
• Reverse Engineering
• Spoofing Authentication
• Intercepting Data
• Modifying input
• CSS/XSS
• Describe the tools employed in testing the applications
• Modifying source of pages
• Intercepting and modifying requests
• GDB
• Metasploit
• CANVAS
• CORE Impact
• NIKTO
• SQLDict
• SQLbf
• SQLexec
• SQLSmack
• Discover and analyze Web Application System Vulnerabilities
• Use SQL-Injection attacks against target servers to retrieve database information
• Test for Cross-Site Scripting vulnerabilities
• Use automated scanners, such as Nikto, for web application testing
• Document the results of the testing

Module 16 - Advanced Physical Security Penetration Testing and Security Analysis

• Identify the goal of physical security
  • The four security processes
• Component of physical security
• Threats to physical security
• Recognize the potential vulnerabilities of an organization with poor physical security
• Piggybacking
• Perimeter compromise
• Stolen Equipment
• Bypassing system security mechanisms
• Social Engineering
• Analyze the potential attacks against the physical environment
• Intrusion Detection systems
• Types of locks and their features
• Point out recommended safeguards to these attacks
  • Access Control
• Equipment anti-theft devices
• Restricted zones
• Security Policies
• Guards
• Awareness, Training, and Education
• Document the test results

Module 17 - Reporting and Documentation

• Learn the basics of report writing
  • Major Stages of report writing
• Understand the requirements of the report
  • Report types
• Focus of the report
• Review different report writing options
  • Online DB
  • Spreadsheet
  • Using Template
  • Using a tree
  • Free Flow document
• Outline reporting tips
• Do a report workshop
• Questionable areas, how to address them
• Describe the reporting consultation

top

LPT Course Outline

The LPT course consists of 21 modules that cover structured penetration testing steps and processes.

• Module 1: Penetration Testing Methodologies
• Module 2: Customers and Legal Agreements
• Module 3: Penetration Testing Planning and Scheduling
• Module 4: Information Gathering
• Module 5: Vulnerability Analysis
• Module 6: External Penetration Testing
• Module 7: Internal Network Penetration Testing
• Module 8: Routers Penetration Testing
• Module 9: Firewalls Penetration Testing
• Module 10: Intrusion Detection System Penetration Testing
• Module 11: Wireless Networks Penetration Testing
• Module 12: Denial of Service Penetration Testing
• Module 13: Password Cracking Penetration Testing
• Module 14: Social Engineering Penetration Testing
• Module 15: Stolen Laptop, PDAs and Cellphones Penetration Testing
• Module 16: Application Penetration Testing
• Module 17: Physical Security Penetration Testing
• Module 18: Penetration Testing Report Analysis
• Module 19: Penetration Testing Report and Documentation Writing
• Module 20: Penetration Testing Deliverables and Conclusion
• Module 21: Ethics and Conduct of a Licensed Penetration Tester

top

• Students will be prepared for EC-Council’s ECSA exam 412-79 on the last day of the class. This certification is also the pre-requisite to EC-Council’s Licensed Penetration Tester Program.
• Number of Questions: 50 Passing Score: 70% Test Duration: 2 Hours Test Format: Multiple Choice

EC Council’s Security Analyst Exam Objectives

Candidate will need to have competency in the following objectives to be certified as an ECSA:

• Understand the five stages of a common penetration test attack methodology
  • Understand how to structure and organize security tests
  • Analyze the tactical application of each phase
• Define the five main professional categories:
  • Compare and contrast the different job roles in the security testing and analysisindustry
• Understand the three most common present vulnerability types
  • Identify the potential impact of Information Vulnerabilities
  • Identify the risks of Network Vulnerabilities
  • Understanding the different types of System Vulnerabilities and their impact
• Understand the scoping process of designated target systems
  • Know the rules of engagement as they pertain to client target networks/systems
  • Knowing what results are expected at the end of the test
• Demonstrate understanding of the field of Competitive Intelligence
• Develop skills involved in competitive intelligence gathering
• Demonstrate understanding of Informational Vulnerabilities in depth
• Engage in Passive network discovery techniques
  • Use advanced web resource skills to research identified targets in depth
  • Formulate a picture of network boundaries, using IP and DNS information
  • Analyze documents for potential Information Vulnerabilities
• Demonstrate understanding of Network Vulnerabilities in depth
  • Build a secure network design, and analyze it for vulnerabilities using threat modeling
  • Explore the role of modems and Virtual Private Networks in Perimeter breaches
  • Understand common vulnerabilities with 802.11 Wireless
• Analyze and map live network hosts using multiple correlated modalities
  • Employ common and advanced tools to identify live hosts leveraging output from previous discovery processes
  • Analyze e-mail headers to enumerate target network resources for location, type and other data points
• Install various Packet Sniffers
• Demonstrate skills in deploying Packet Sniffers for the purpose of packet analysi
  • Demonstrate use of Packet Sniffers to intercept user-names and passwords
  • Demonstrate use of Packet Sniffers in intrusion signature analysis
  • Understand the output and results from common Packet Sniffers
• Employ advanced techniques, such as ARP-spoofing and Port Stealing, to sniff switched environments
• Demonstrate knowledge of vulnerabilities in Firewalls
  • Use software such as Firewalk to map out a Firewalls ruleset
• Demonstrate knowledge of vulnerabilities in routers
  • Understanding many Informational Vulnerabilities, as well as network vulnerabilities present in many routers
  • Analyzing Cisco packet captures for information disclosure and cracking Cisco passwords.
• Demonstrate knowledge of vulnerabilities in various network devices
  • Explore the role of Network Appliances such as printers and PBX's in potential security violations
  • Using Man-in-the-Middle Attacks to intercept secured and encrypted traffic
• Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
  • Employ advanced tools to fingerprint specific operating systems
  • Implement advanced port scanning techniques to further refine targeting information
  • Employ tools like Netcat to verify service information and eliminate false positives
• Learn operating system specific tools and techniques
  • Use commonly available Microsoft Resource Kits for advanced Windows enumeration
  • Use Null Sessions for advanced Windows enumeration
  • Use various common tools in Linux for Linux and Unix enumeration
• Employ Automated Vulnerability Scanners
  • Understand the strengths and weaknesses of Automated Scanners
  • Using Nessus to refine target information
  • Analyzing the results given by Nessus and other Automated Scanners
• Understand the specifics of common classes of System Vulnerabilities
  • Understand Stack-based overflows
  • Understand Format String vulnerabilities
  • Understand Heap-based overflows
  • Develop and execute proof of concept Stack-based overflows
  • Develop and execute proof of concept Understand Format String vulnerabilities
  • Develop and execute proof of concept Understand Heap-based overflows
• Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
• Demonstrate ability to employ Shellcode within exploits
  • Verify payload differences across multiple operating systems
• Demonstrate ability to use Exploits against targets in a non-destructive manner
  • Use a debugger to find the Return Address
  • Develop proof-of-concept code to generate a working exploit
  • Execute actual exploit code to compromise target servers
• Demonstrate understanding how passwords work in common operating systems
  • Demonstrate knowledge of the Windows password schemes (PWL, LANMAN, NTLM, Kerberos)
  • Demonstrate knowledge of Linux/Unix authentication mechanisms
  • Demonstrate knowledge of alternate authentication mechanisms (SASL, LDAP, PAM, etc)
  • Demonstrate knowledge of how distributed password cracking works
  • Demonstrate knowledge of how advanced password cracking attacks, such as Rainbow Tables, work
• Demonstrate ability to test strength of authentication mechanisms using password cracking
  • Use common tools to crack Windows passwords
  • Use several free tools to crack Linux and common Unix passwords
  • Use advanced approaches to password cracking by combining techniques and resources to compromise target credentials
• Understand the safe utilization of malicious software in a penetration test
  • Understand how Rootkits work
  • Understand how Trojans work
  • Understand where Rootkits and Trojans fit into the security test
• Understand the impact of web applications on Perimeter Security
  • Test and analyze higher-layer applications for Network Vulnerabilities
  • Demonstrate knowledge of common types of web application System Vulnerabilities
  • Employ attack proxies to audit web applications
  • Employ application scanners to audit web applications
• Discover and analyze Web Application System Vulnerabilities
  • Use SQL Injection attacks against target servers to retrieve database information
  • Test for Cross-Site Scripting vulnerabilities
  • Use automated scanners, such as Nikto, for web application testing
• Categorize and identify range and function of present Viruses
• Identify threat levels and countermeasures of various viruses
• Define impact and points of consideration of Viruses on security testing and analysis
  • Understand how common viruses work
  • Learn how to safely test containment measures
  • Evaluate target networks for proper containment measures
• Understand the role of the Security Tester regarding Intrusion Detection Systems
  • Learning methods for testing IDSs, and IDS limitations
  • Analyzing output from an IDS running on the target network
  • Learning methods for bypassing IDSs
• Understand threat posed by inside and outside human threat agents
  • Define coherent policy and policy enforcement
  • Analyze implicit vulnerabilities resulting from improper policy design and enforcement
  • Understand Operational Security doctrine and Information Vulnerabilities as they pertain to personnel
  • Employ methods for testing personnel security compliance
• Synthesize data from analysis for reporting on vulnerabilities discovered in the target network over the course of the class
• Develop an Executive Summary
• Develop a detailed report from security testing process
• Demonstrate effective communication of security test results

Guarantee

GlobalNet has developed a training and certification solution that provides results in an economical and expedient manner. GlobalNet ensures that you are up to the challenge of passing the course. If you do not pass the ECSA exam on the first attempt, you are welcome to come back and resit the course at no additional charge provided a seat is available in the class. (Travel costs associated with resitting the course are at the student’s expense.)