Certified Penetration Testing Expert (CPTE) – 6 months

The CPTE training is designed to make you an expert in the domain of cybersecurity. CPTE covers a wide variety of topics, starting right from the basics, and then leading up to database, OS security, network and even mobile security. The best part about the CPTE is the fact that you get hands-on practical training on live projects. Our trainers have included all the fundamental information related to ethical hacking / penetration testing which would help you to evolve into a professional penetration tester. The entire course aims to help you in learning all the skillset that will allow you to use the latest Penetration tools and to secure the organizations.

In this CPTE training, you will also learn about the dark web and walked through the technical details of how it works. You will get hands-on experience conducting dark web Intelligence & investigations. This includes how to identify relevant information and how to investigate it and how to use different techniques and tools to identify information.

Target Audience

• All those who are interested in ethical hacking and penetration testing.
• Security Engineers
• Penetration Testers
• Cyber Security Analyst
• Working Professionals

Module1 - Introduction and Fundamentals

• Introduction to Information Security – CIA Traid
• Testing – Black, white, Gray
• Security Terminologies
• Introduction to Computer Networks
  • The OSI Model
  • TCP/IP Model
  • Understanding Ports and protocols
• Network Basics
  • IPV4 & IPV6
  • Router, Firewalls,VPN, VLAN,etc
  • Routing Protocols
• Advanced Networking Concept
  • Network Packet Analysis (Wireshark)
  • Sniffing through Wireshark
  • tshark
• Windows & Linux Basics
  • Windows fundamentals
  • Windows system architecture
  • Windows Server
  • Linux Basics (Introduction to Linux file system architecture) and Commands

Module 2- Network Security- Advance techniques

• Steps of Recon
• Passive Recon
• Active Recon
• Wireshark
  • ICMP Packet Analysis
  • ARP Packet Analysis
  • 3 way handshake Analysis
  • TCP / UDP streams
  • Malformed Packets
  • Geolocation service usage
• Vulnerability Assessment (VA)
• Penetration testing
• Packet Crafting using Hping3 and Scapy
  • Different Attacks using packet crafting
  • SYN flood attack
  • DoS / DDoS attack
  • Random Source Attack
  • Spoofing
  • Smurf attack
  • Land Attack, etc.
  • Different Attacks using packet crafting
  • SYN flood attack
  • DoS / DDoS attack
  • Random Source Attack
  • Spoofing
  • Smurf attack
  • Land Attack, etc.
• Network Mapper (NMAP) Basics
• Advance Nmap commands and NSE scripts
• Enumeration of services i.e – FTP, SSH, SMTP, HTTP, SNMP, NetBIOS, SMB, RDP etc.
• Google Hacking Database
• Metasploit
  • Metasploit Basics

• • Payload and encoders creation using msfvenom
  • Auxiliary scanner
  • Reverse Payloads
  • Bypass techniques using Macros
  • Post Exploitation

• Exploit-DB
• Nessus and Nexpose Vulnerability scanner
• Getting exploit code – Exploitation Framework (MSF)
• Working with Armitage
• Attacking Linux and Windows

Module3- Sever Security

• Database Security
  • Database Fundamentals
  • Database Management System -DBMS and RDBMS
  • Working with MongoDB
  • DBA, System administrator, default configuration, Database Security Issues
  • Perform database auditing- oracle, MySQL etc.
• Windows Security
  • Windows security architecture
  • Windows General Security Practices
  • Windows Auditing – Group policy, registries, local policy, etc.
• Linux server security
  • Linux Auditing – Boot Security, working with tools, patching misconfiguration
  • Perform Auditing on – RHEL, Apache, etc.
• Follow Hardening document – CIS Benchmark and exercises 

Module 4 – Application Security

1. Functional & Security Testing
2. Overview on web Application

What is OWASP?

OWASP Top 10 2017

• A1 - Working with Injection flaws
• A2 - Broken Authentication
• A3 - Sensitive data exposure
• A4- XML External Entities (XXE)
• A5- Broken Access Control (directory browsing, directory traversal, IDOR)
• A6- Security Misconfiguration
• A7- Cross-site scripting
• A8- Insecure Deserialization:
• A9- Using Components with Known Vulnerabilities
• A10- Insufficient Logging & Monitoring

Beyond OWASP -WASC

• Command Injection
• LFI / RFI
• Shell Upload
• Business Logic Testing
• DoS Attack
• Brute Force Attack
• API / CMS Based Vulnerabilities
• Cookie Stealing.
• Transport Layer vulnerabilities
• Advance threats (SSRF, CORS, S3 Bucket Misconfiguration) etc.
• ESAPI (Enterprise Security API)
• Working APIs

Module 5 – Mobile Security

Android Application Testing

• Introduction to Android
• Android Security Architecture
• What is ADB?
• Setting up Android Pentesting Environment (Genymotion)
• Santoku OS
• Android Applications Components
• Setting up a Burp proxy
• What is an APK
• Reversing android applications
• Local storage Issues
• Logging Issues
• Leaking Content Providers
• Client Side Injections
• Read Based Content Providers Vulnerabilities
• Insecure Data Storage
• Broken Cryptography
• Android application interaction and Intent manipulation with Drozer
• Exploiting Android devices with Metasploit
• SSL Pinning Bypass
• Root Detection Bypass Techniques
• API Hooking Attacks

iOS Pentesting

• Introduction to iOS
• iOS security model
• What makes IOS security different? 
• App Sigining
• Introduction to Objective-C and Swift
• Lab Setup overview
• Basics of Jailbreaking
• Device Setup
• Jailbreaking your IOS device
• Cydia, Mobile Substrate
• Static Analysis and sources for Static Analysis
• Extract information from IPA files
• Investigating Binaries
• Hands-on Lab: Binary Static Analysis manual and automated
• Basics of IOS reverse engineering
• Introduction to Hopper
• Disassembling methods
• Modifying assembly instructions
• Client-side attacks
• Configure Burpsuite for iOS application
• Traffic Analysis and Manipulation
• Session Management Issues
• Importing SSL certificates & trusted CA's
• Run time Analysis

• Lifecycle of an Application
• Cycript + Class-dump-Z
• Decrypting Applications:
  • GDB
  • Clutch
• Runtime Analysis with GDB

• Exploiting iOS Apps

Testing for the OWASP Top 10 2016 of Mobile Applications:

• • Improper Platform Usage
  • Insecure Data Storage
  • Insecure Communication
  • Insecure Authentication
  • Insufficient Cryptography
  • Insecure Authorization
  • Client Code Quality
  • Code Tampering
  • Reverse Engineering
  • Extraneous Functionality

Module 6 – Digital Forensics

• Digital Forensics Overview
• IT Act and Cyber Law
• Email Misuse
• Pornography
• What is an event and Incident?
• Detection of Incidents
• Chain of Custody
• Evidence Collection and Analysis
  • Defining Evidence
  • Evidence Collection
  • Evidence Handling
  • Online Vs Offline Response

• 6 A’s of Digital Forensic

Types of Digital Forensics 

• Network Forensics
• Disk Based Forensic
• Database Forensics
• Memory Forensics
• Live Forensics
• Dead Forensics

Disk Based Forensics-

• Risk Imaging using Linux ( dd, sdd, dcfldd) and Netcat
• Disk Imaging using Encase, Helix Bootable disk
• Forensic analysis using Encase

Network Forensics

• Network Devices
• Introduction to Log Analysis
• Log Analysis of servers, firewall, etc.
• Using Tcpdump, Snort, Wireshark, Network Investigator

Live Forensics

• Windows Live Response
• Linux Live Response
• SysInternals

Memory Forensics

• Evidence acquisition – DumpIt, FTK Imager, LiME, AVML
• Evidence analysis – Volatility

Database Forensics

• Forensic study of databases and their metadata.
• Investigation on database contents, log files and in-RAM data

Documenting the Investigation

Module 7 – Dark Web Intelligence

• An overview and exploration of the dark web
• Tor and other dark web entry points
• The structure and mechanics of Tor
  • Nodes
  • Relays and bridges
  • Onion routing
  • Directory servers
  • Onion crawlers

• Technologies review and enumeration
• Finding Onion Sites
• How to create an identity for investigation
  • Investigating unique identifiers
  • Content and text analysis
  • Validating data and content

• Vulnerability scanning the dark web
• Breaching markets
• Crawling the dark web

• Tools used
• Working with CTFs
• Working on Live Scenarios