Course Outline for E|CDE:
-
Understanding DevOps Culture
-
Introduction to DevSecOps
-
DevSecOps Pipeline—Plan Stage
-
DevSecOps Pipeline—Code Stage
-
DevSecOps Pipeline—Build and Test Stage
-
DevSecOps Pipeline—Release and Deploy Stage
-
DevSecOps Pipeline—Operate and Monitor Stage
EC-COUNCIL C|Pent & L|PT
Description:
A rigorous Penetration Testing program that, unlike contemporary Penetration Testing courses, teaches you how to perform an effective Penetration test across filtered networks. C|PENT is a multidisciplinary course with extensive hands-on training in a wide range of crucial skills, including advanced Windows attacks, Internet of Things (IoT) and Operational Technology (OT) systems, filtered network bypass techniques, exploit writing, single and double pivoting, advanced privilege escalation, and binary exploitation. In summary, there is no program of its kind in the world!
Bridge the Gap:
The CPENT (Certified Penetration Testing Professional) by EC-Council is an advanced certification focused on penetration testing. The course is designed to prepare cybersecurity professionals to handle complex network environments and exploit system vulnerabilities. CPENT goes beyond traditional pentesting approaches, covering perimeter-segmented networks, IoT systems, SCADA environments, and more. The certification places professionals in real-world scenarios where they must demonstrate both offensive and defensive skills in real-time, aiming to bridge the gap between theoretical knowledge and practical applications.
Establish yourself as a world class penetration testing professional:
1. Apply correct methodology in engagements
2. Exploit IoT, SCADA, and Cloud systems
3. Bypass the human factor (Social Engineering)
4. Evade Enterprise Defenses
5. Go Beyond Automated Tools
6. Access complex segmented networks
7. Write world-class reports!
That’s why for the first time in the industry, the assessment for the Certified Penetration Testing Professional (C|PENT) is about multiple disciplines and not just one or two specialty types.
1. The course is presented through an enterprise network environment that must be attacked, exploited, evaded, and defended.
2. EC-Council’s C|PENT assesses a Penetration Tester’s skills across a broad spectrum of “network zones”.
3. What makes the C|PENT different is the requirement to be provided a variety of different scopes of work so that the candidate can “think on their feet.”
4. The result of this is that there are different zones representing different types of testing.
5. Anyone attempting the test will have to perform their assessment against these different zones.
C|PENT is a 100% Hands-on Course featuring the industry’s most robust, in-depth, hands-on lab and practice range experience.
The C|PENT range, which is where our Penetration Testers gain real-world skills, is designed to provide challenges across every level of the attack spectrum. Additionally, the range contains multiple layers of network segmentation, and once access is gained in one segment, the latest pivoting techniques are required to reach the next segment. Many of the challenges will require outside-the-box thinking and customization of scripts and exploits to get into the innermost segments of the network. The key to being a highly skilled Penetration Tester is to go up against various targets that are configured in a variety of ways. The C|PENT consists of entire network segments that replicate an enterprise network — this is not a computer game simulation; this is an accurate representation of an enterprise network that will present the latest challenges to the Penetration Tester. Since the targets and technology continue to change, the C|PENT is dynamic, and machines and defenses will be added as they are observed in the wild. Finally, the targets and segments are progressive in nature. Once you get into one machine and or segment, the next one will challenge you even more.
With C|PENT, Learn the Next-Generation Techniques and Methodologies for Handling Real-World Threat Situations:
The following are 12 reasons that make the C|PENT Program one of a kind. This exceptional course can make you one of the most advanced Penetration Testers in the world. The course has one purpose: To help you overcome some of the most advanced obstacles that real-world practitioners face when conducting Penetration tests. Here are some examples of the challenges you will face when you are exposed to the C|PENT Range:
01. ADVANCED WINDOWS ATTACKS:
This course will teach you attacks that hackers have kept secret and used for years! These attacks allow bypassing all Windows protections and getting SYSTEM privileges on fully patched systems like never before. You will get hands-on experience with advanced exploits such as Syswhisper2 and Ghostwriting! The course also includes advanced credential hijacking with WCE and Pass-the-Pass-the-hash, amongst others.
02. ATTACKING IOT SYSTEMS:
The course focuses on attacks against IoT devices, including the IOT programs that require you to learn how to bypass such devices. IoT is different from regular operating systems, and therefore traditional methods don’t work. We show how to gain root access to devices, dump firmware, patch firmware, and reverse engineer them.
03. WRITING EXPLOITS: ADVANCED BINARIES EXPLOITATION:
The IoT-focused hacking course won’t stop here! We go into more depth and show you how to find vulnerabilities in binaries and write your own exploits. You will learn how to deal with real-world obfuscated binaries and other techniques attackers use in the real world! The task is much detailed and needs your dedication from the beginning to the process. You need a lot of practice, experience, and dedication to make such attacks. The overall experience during this workshop will take you to the next level! For those of you who feel comfortable with basic scripting skills, we will be covering Python Scripting, enabling you to write your own fully exploit-proof shells to allow for faster execution. Furthermore, you need a good understanding of the x86 and x64 architectures! These are must-have skill sets. We will go through important debugging tricks and compile/code-steps in x86 and x64. This workshop provides the opportunity to massively up your skill level and break into binary exploitation. Upon completion, you will have the skills necessary to get started and build further upon more advanced systems attacks.
04. BYPASSING A FILTERED NETWORK:
The CPTED Certification offers the class, but provides some challenges to test your knowledge. The challenge is based on a real-world network and how to exploit weaknesses, find pivot points, and target vulnerable applications and weak points.
05. PENTESTING OPERATIONAL TECHNOLOGY (OT):
A section in Industrial Technology Certification, the CPTED contains a zone dedicated to pentesting OT systems. The OT part of the course is based on a real-world system that mirrors real attacks. The task includes capturing data from field devices, reverse engineering communication protocols, and finding vulnerabilities in their associated ICS devices, PLCs, and SCADA.
06. ACCESS HIDDEN NETWORKS WITH PIVOTING:
This task focuses on scenarios where the attack has to identify the hidden networks and systems. Hidden networks offer an additional level of security and are not normally visible. The CPTED course teaches you how to use pivoting techniques to access these hidden networks and attack them. The challenge includes using different pivoting techniques and finding weak access points and methods to compromise them.
07. DOUBLE PIVOTING:
Double pivoting has revolutionized the challenges of the task, the most challenging part of the CPTED training. This section focuses on setting up pivot routes in two systems and dealing with the challenges of defending these routes. The double pivoting requires advanced skills in system understanding.
08. PRIVILEGE ESCALATION:
There’s always that need of privilege escalation as covered earlier within the course material. Learn how to gain root access on a compromised system through kernel-level exploits and deal with systems where privilege escalation is required.
09. EVADING DEFENSE MECHANISMS:
This part of the course introduces a series of techniques that you can try to get your exploits past active defenses by weaponizing them.
10. ATTACK AUTOMATION WITH SCRIPTS:
Programs like Automated Pentesting techniques, including scripts that automate testing of networks, allow you to increase your attack efficiency. Python, Powershell, Perl, Bash, and Ruby all form part of the training.
11. BUILD YOUR ARMORY: WEAPONIZE YOUR EXPLOITS:
During this workshop, you will learn how to weaponize your code, create PoCs, and hack by exploiting vulnerabilities that you have identified during an exploit development session.
12. WRITE PROFESSIONAL REPORTS:
During this task, the focus is shifted towards delivering a professional and impactful utilization report. A structured report is essential when providing your pentest results to your client. During the training, you will learn how to write such reports in a way that is accepted by clients, C-levels, and anyone requiring a professional overview of the pentesting process.
C|PENT IS RESULTS ORIENTED
> 100% mapped with the NICE framework.
> Maps to the job role of a Penetration Tester and security analyst, based on major job portals.
> 100% methodology-based Penetration Testing program.
> Provides strong reporting writing guidance.
> Blended with both manual and automated Penetration Testing approach.
> Gives a real-world experience through an Advanced Penetration Testing Range.
> Designed based on the most common Penetration Testing services offered by the best service providers in the market.
> Offers standard templates that can help during a Penetration test
PROGRAM OUTLINE
Module 01 Introduction to Penetration Testing and Methodologies:
Cover the fundamentals of penetration testing, including penetration testing types, approaches, strategies, methodologies, techniques, and various guidelines and recommendations for penetration testing.
Module 02 Penetration Testing Scoping and Engagement:
Learn the essential stages and elements of scoping and engagement in penetration testing.
Module 03 Open-Source Intelligence (OSINT):
Learn how to locate and gather valuable public intelligence about the target through open-source information, such as the World Wide Web (WWW), through website analysis, by using various frameworks/scripts, and tools.
Module 04 Social Engineering Penetration Testing:
Learn different social engineering techniques and perform social-engineered penetration testing at a target organization.
Module 05 Network Penetration Testing – External:
Learn how to implement a comprehensive penetration testing methodology for assessing networks from outsiders’ perspectives. Learn various techniques and tools that can help identify vulnerabilities from the outside of the network perimeter.
Module 06 Network Penetration Testing – Internal:
Learn how to implement a comprehensive penetration testing methodology for assessing networks from insiders' perspectives.
Module 07 Network Penetration Testing – Perimeter Devices:
Learn how to implement a comprehensive penetration testing methodology for assessing the security of network perimeter devices, such as Firewalls, IDS, Routers, and Switches.
Module 08 Web Application Penetration Testing:
Learn how to analyze web applications for various vulnerabilities, including the OWASP (Open Web Application Security Project) Top 10, and determine the risk of exploitation.
Module 09 Wireless Penetration Testing:
Learn how to test various components of wireless networks, such as WLAN, RFID devices, and NFC technology-based devices.
Module 10 IoT Penetration Testing:
Understand various threats to Internet of Things (IoT) networks and learn how to exploit security controls for various inherent IoT risks.
Module 11 OT and SCADA Penetration Testing:
Understand OT and SCADA concepts and learn the process of testing critical components of OT and SCADA networks.
Module 12 Cloud Penetration Testing:
Understand various security threats and concerns in cloud computing. Learn how to perform cloud penetration testing to determine the vulnerability of cloud-based systems.
Module 13 Binary Analysis and Exploitation:
Learn how to use techniques such as vulnerability and reverse engineer analysis to find potential vulnerabilities that may lead to the execution of arbitrary code.
Module 14 Report Writing and Post Testing Actions:
Learn how to document and analyze the results of a penetration test and recommend post-test mitigation actions.
SINGLE EXAM, DUAL CERTIFICATION?
Should you score at least 70% in the C|PENT practical exam, you shall attain the C|PENT credential. However, if you are one of the few rare experts on the planet, you may be able to hit the minimum 90% to earn the Licensed Penetration Tester (LPT) Master Credential!
C|PENT is a fully online, remotely proctored practical exam that evaluates candidates through a challenging 24-hour performance-based, hands-on exam. The exam is broken into two practical exams of 12 hours each that will test your perseverance and focus by forcing you to outdo yourself with each new challenge. Candidates have the option to choose either two 12-hour exams or one 24-hour exam. Candidates who score more than 90% will establish themselves as Penetration Testing Masters and attain the prestigious LPT (Master) credential!
COMMON JOB ROLES FOR C|PENT
-
Ethical Hackers
-
Penetration Testers
-
Network Server Administrators
-
Firewall Administrators S
-
ecurity Testers
-
System Administrators and Risk Assessment Professionals
-
Cybersecurity Forensic Analyst
-
Cyberthreat Analyst
-
Cloud Security Analyst
-
Information Security Analyst
-
Application Security Analyst
-
Cybersecurity Assurance Engineer
-
Security Operations Center (SOC) Analyst
-
Technical Operations Network Engineer
-
Information Security Engineer
-
Network Security Penetration Tester
-
Network Security Engineer
-
Information Security Architect
Exam Information:
• Exam name: C|Pent
• Test format: Multiple Choice
• Test duration: 4 hours
• Required score: 70%
Course Duration:
10 Days | 40 Hours | 4 hours per day
L|PT Master
Description:
The goal is to equip cybersecurity professionals with advanced skills in penetration testing, focusing on attack and defense techniques in complex enterprise networks, aiming to achieve the LPT (Master) certification.
Course Outline:
-
Introduction to Vulnerability Assessment and Penetration Testing:
Overview of the process of identifying and exploiting vulnerabilities in enterprise systems. -
Information Gathering Methodology:
Techniques for gathering crucial data about the target, essential for executing effective attacks. -
Scanning and Enumeration:
Learning to explore networks and systems to identify services, ports, and exploitable weaknesses. -
Vulnerability Identification:
Discovery of known and zero-day vulnerabilities in applications and systems. -
Vulnerability Exploitation:
Advanced techniques, from SQL injection, RFI/LFI to exploitation of operating system vulnerabilities. -
Post-Exploitation:
How to maintain access, perform privilege escalation, and exfiltrate data after the initial breach. -
Advanced Techniques and Tips:
Exploration of concepts such as SSH tunneling, exploit customization, and evasion of network defenses. -
Report Preparation:
Creating professional reports that summarize the penetration test and highlight risk mitigation recommendations. -
Practice Environment:
Virtual labs replicating enterprise networks, offering hands-on practice with real attacks and defenses.
L|PT Master Exam Information:
The exam is online and divided into three practical levels of six hours each, totaling 18 hours. Candidates face progressive challenges that test their ability to overcome enterprise defenses and exploit vulnerabilities. The LPT (Master) certification is awarded upon successful completion.
Target Audience:
Aimed at cybersecurity professionals such as Penetration Testers, Security Analysts, Security Engineers, and IT Consultants seeking an advanced and highly recognized certification. This structure can be adjusted as needed to meet specific requirements or the preparation level of the trainees.
Course Brochures (click the icon)