Certified Penetration Testing Specialist CPTS

Curso -  Especialista em Testes de Penetração.
Como tudo é em inglês sugiro que utilizem um tradutor para o texto abaixo:

Modulo 0: Introduction
Modulo 1: Business and Technical Logistics of Penetration Testing
Modulo 2: Information Gathering
Modulo 3: Linux Fundamentals
Modulo 4: Detecting Live Systems
Modulo 5: Reconnaissance — Enumeration
Modulo 6: Cryptography
Modulo 7: Vulnerability Assessments
Modulo 8: Malware – Software Goes Undercover
Modulo 9: Hacking Windows
Modulo 10: Advanced Vulnerability and Exploitation Techniques
Modulo 11: Attacking Wireless Networks
Modulo 12: Networks, Firewalls, Sniffing and IDS
Modulo 13: Injecting the Database
Modulo 14: Attacking Web Technologies

Modulo 1: Business and Technical Logistics of Pen Testing

• Definition of a Penetration Test
• Benefits of a Penetration Test
• ID Theft Statistics
• Recent Hacking News
• The Evolving Threat
• Vulnerability Life Cycle
• Exploit Time Line
• Zombie Statistics
• Zombie Definition
• Botnet Definition
• Types of Penetration Testing
• Pen Testing Methodology
• Hacker vs. Penetration Tester
• Tools vs. Technique
• Penetration Testing Methodologies
• OSSTMM – Open Source Security Testing Methodologies
• Website Review
• SecurityNOW! SX
• Case Study and Lab

Modulo 2: Information Gathering

• What Information is Gathered by the Hacker
• Methods of Obtaining Information
• Physical Access
• Social Access
• Digital Access
• Passive vs. Active Reconnaissance
• Footprinting Defined
• Footprinting Tool: Kartoo Website.
• Footprinting Tools
• Google and Query Operators
• Johnny.Ihackstuff.c om.
• Aura
• Wikto
• Websites used for Information Gathering
• Internet Archive: The WayBack Machine
• Domain Name Registration
• Whois
• Websites used to Gather Whois Information
• DNS Databases
• Using NSlookup
• Dig for Unix / Linux
• Traceroute Operation
• EDGAR for USA Company Info.
• Company House For British Company Info
• Intelius info and Background Check Tool
• Web Server Info Tool: Netcraft
• Countermeasure: Domainsbyproxy.com
• Footprinting Countermeasures
• Review White Papers/Templates
• Case Study and Lab.

Modulo 3: Linux Fundamentals

• History of Linux
• The GNU Operating System
• Linux Introduction
• Desktop Environment
• Linux Shell
• Linux Bash Shell
• Recommended Linux Book
• Password and Shadow File Formats
• User Account Management
• Changing a user account password
• Configuring the Network Interface
• Mounting Drives
• Tarballs and Zips
• Compiling Programs
• Typical Linux Operating Systems
• Gentoo = Simple Software Install Portal
• VLOS and Emerge
• Why Use Live Linux Boot CDs
• Security Live Linux CDs
• FrozenTech’s Complete Distro List
• Most Popular: BackTrack
• My Slax Creator
• Slax Modules (Software Packages)
• Case Study and Lab

Modulo 4: Detecting Live Systems

• Port Scanning Introduction
• Port Scan Tips
• What are the Expected Results
• How Do We Organize the Results
• Ping
• NMAP Introduction
• The TCP/IP Stack
• Ports and Services
• The TCP 3-way Handshake
• TCP Flags
• Vanilla Scan
• NMAP TCP Connect Scan
• Half-open Scan
• Tool Practice : TCP half-open and Ping Scan
• Fire-walled Ports
• NMAP Service Version Detection
• UDP Port Scanning
• Advanced Scanning Technique
• Popular Port Scanning Tools
• Tool: Superscan
• Tool: LookatLan
• Tool: Hping2
• Tool: Auto Scan
• Packet Crafting and Advanced Scanning Methods
• OS Fingerprinting
• OS Fingerprinting: Xprobe2 – Auditor Distro
• Xprobe Practice
• Fuzzy Logic
• Tool: P0f – Passive OS Finger Printing Utility
• Tool Practice: Amap
• Packet Crafting
• Tool Fragrouter: Fragmenting Probe Packets
• Countermeasures: Scanning
• Scanning Tools Summary
• Case Study and Lab

Modulo 5: Reconnaissance – Enumeration

• Overview of Enumeration
• Web Server Banner
• Practice: Banner Grabbing with Telnet
• Sam Spade Tool: Banner Grabbing
• SuperScan 4 Tool: Banner Grabbing
• SMTP Banner
• DNS Enumeration Methods
• Zone Transfers
• Countermeasure: DNS Zone Transfser
• SNMP Insecurity
• SNMP Enumeration
• SNMP Enumeration Countermeasures
• Active Directory Enumeration
• AD Enumeration countermeasures
• Null Session
• Syntax for a Null Session
• Viewing Shares
• Tool: DumpSec
• Tool: USE42
• Tool: Enumeration with Cain and Abel
• NAT Dictionary Attack Tool
• Injecting the Able Service
• Null Session Countermeasures
• Enumeration Tools Summary
• Case Study and Lab

Modulo 6: Cryptography

• Cryptography Introduction
• Encryption
• Encryption Algorithm
• Implementation
• Symmetric Encryption
• Symmetric Algorithms
• Crack Times
• Asymmetric Encryption
• Key Exchange
• Hashing
• Hash Collisions
• Common Hash Algorithms
• Hybrid Encryption
• Digital Signatures
• SSL Hybrid Encryption
• IPSEC
• Transport Layer Security – SSH
• PKI ~ Public Key Infrastructure Models
• PKI-Enabled Applications
• Quantum Cryptography
• Hardware Encryption: DESlock
• Attack Vectors
• Case Study & Lab

Modulo 7: Vulnerability Assessments

• Vulnerability Assessments Introduction
• Testing Overview
• Staying Abreast: Security Alerts
• Vulnerability Scanners
• Qualys Guard
• Nessus Open Source
• Nessus Interface
• Scanning the Network
• Nessus Report
• Retina
• Nessus for Windows
• LANguard
• Analyzing the Scan Results
• Microsoft Baseline Analyzer
• MBSA Scan Report
• Dealing with the Assessment Results
• Patch Management
• Patching with LANguard Network Security Scanner
• Case Study and Lab

Modulo 8: Malware – Software Goes Undercover

• Defining Malware: Trojans and Backdoors
• Defining Malware: Virus & Worms
• Defining Malware: Spyware
• Company Surveillance Software
• Malware Distribution Methods
• Malware Capabilities
• Auto Start Methods
• Countermeasure: Monitoring Autostart Methods.
• Tool: Netcat
• Netcat Switches
• Executable Wrappers
• Benign EXEs Historically Wrapped with Trojans
• Tool: Restorator
• Tool: Exe Icon
• The Infectious CD-ROM Technique
• Backdoor.Zombam.B
• JPEG GDI+ All in One Remote Exploit
• Advanced Trojans: Avoiding Detection
• Malware Countermeasures
• Gargoyle Investigator
• Spy Sweeper Enterprise
• www.Glocksoft.com
• Port Monitoring Software
• File Protection Software
• Windows File Protection
• Windows Software Restriction Policies
• Hardware-based Malware Detectors
• Countermeasure: User Education
• Case Study and Lab

Modulo 9: Hacking Windows

• Types of Password Attacks
• Keystroke Loggers
• Password Guessing
• Password Cracking LM/NTLM Hashes
• LanMan Password Encryption
• NT Password Generation
• SysKey Encryption
• Password Salting
• Password Extraction and Password Cracking
• Precomputation Detail
• Cain and Abel’s Cracking Methods
• Free LM Rainbow Tables
• NTPASSWD:Hash Insertion Attack
• Password Sniffing
• Windows Authentication Protocols
• Hacking Tool: Kerbsniff & KerbCrack
• Countermeasure: Monitoring Event Viewer Log
• Hard Disk Security
• Free HD Encryption Software
• Tokens & Smart Cards.
• Covering Tracks Overview
• Disabling Auditing
• Clearing the Event Log
• Hiding Files with NTFS Alternate Data Streams
• NTFS Streams Countermeasures
• Stream Explorer
• What is Steganography?
• Steganography Tools
• Shredding Files Left Behind
• Leaving No Local Trace
• SecurSURF
• StealthSurfer II Privacy Stick
• Tor: Anonymous Internet Access
• Encrypted Tunnel Notes
• Rootkits
• Rootkit Countermeasures
• Case Study and Lab.

Modulo 10: Advanced Vulnerability & Exploitation Techniques

• How Do Exploits Work?
• Memory Organization
• Buffer Overflows
• Stages of Exploit Development
• Prevention
• The Metasploit Project
• Defense in Depth
• Core Impact
• Case Study Lab

Modulo 11: Attacking Wireless Networks

• Wireless LAN Network Types
• Deployed Standards
• A vs. B vs. G
• 802.11n – MIMO
• SSID – Service Set Identifier
• MAC Filtering
• WEP – Wired Equivalent Privacy
• Weak IV Packets
• XOR Basics
• WEP Weaknesses
• TKIP
• How WPA improves on WEP
• The WPA MIC Vulnerability
• 802.11i – WPA2
• WPA and WPA2 Mode Types
• WPA-PSK Encryption
• Tool: NetStumbler
• Tool: KNSGEM
• Tool: Kismet
• Analysis Tool: OmniPeek Personal
• Tool: Aircrack
• DOS: Deauth/disassociate attack
• Tool: Aireplay
• ARP Injection (Failure)
• ARP Injection (Success)
• EAP Types
• EAP Advantages/Disadvantages
• Typical Wired/Wireless Network
• EAP/TLS Deployment
• Case Study and Lab

Para mais detalhes acesse a pagina oficial do curso (clicando aqui)

Modulo 12: Networks, Firewalls, Sniffing and IDS

• Packet Sniffers
• WinPcap / Pcap
• Tool: Wireshark (Ethereal)
• Re-assembling TCP Session Packets
• Tool: Packetyzer
• tcpdump & windump
• Tool: OmniPeek
• Sniffer Detection
• Passive Sniffing Methods
• Active Sniffing Methods
• Flooding the Switch Forwarding Table
• ARP Cache Poisoning in Detail
• ARP Normal Operation
• ARP Cache Poisoning
• Technique: ARP Cache Poisoning (Linux)
• ARP Countermeasures
• Tool: Cain and Abel
• Ettercap
• Dsniff Suite
• MailSnarf, MsgSnarf, FileSnarf
• What is DNS Spoofing?
• DNS Spoofing Tools
• Intercepting and Cracking SSL
• Tool: Breaking SSL Traffic
• Tool: Cain and Abel
• VoIP Systems
• Intercepting VoIP
• Intercepting RDP
• Cracking RDP Encryption
• Routing Protocols Analysis
• Countermeasures for Sniffing
• Firewalls, IDS and IPS
• Firewall ~ 1st Line of Defense
• IDS ~ 2nd Line of Defense
• IPS ~ Last Line of Defense
• Evading The Firewall and IDS
• Evasive Techniques
• Firewall – Normal Operation
• Evasive Technique –Example
• Evading With Encrypted Tunnels
• ‘New Age’ Protection
• SpySnare – Spyware Prevention System (SPS)
• Intrusion ‘SecureHost’ Overview
• Intrusion Prevention Overview
• Secure Surfing or Hacking?
• Case Study and Lab

Modulo 13: Injecting the Database

• Overview of Database Servers
• Types of Databases
• Tables, Records, Attributes, Domains
• Data Normalization, SQL , Object-Oriented Database Management
• Relational Database Systems
• Vulnerabilities and Common Attacks
• SQL Injection
• Why SQL “Injection
• SQL Connection Properties
• SQL Injection: Enumeration
• Extended Stored Procedures
• Shutting Down SQL Server
• Direct Attacks
• Attacking Database Servers
• Obtaining Sensitive Information
• Hacking Tool: SQL Ping2
• Hacking Tool: osql.exe
• Hacking Tool: Query Analyzers
• Hacking Tool: SQLExec
• Hacking Tool: Metasploit
• Hardening Databases
• Case Study and Lab

Modulo 14: Attacking Web Technologies

• Common Security Threats
• The Need for Monitoring
• Seven Management Errors
• Progression of The Professional Hacker
• The Anatomy of a Web Application Attack
• Web Attack Techniques
• Components of a generic web application system
• URL mappings to the web application system
• Web Application Penetration Methodologies
• Assessment Tool: Stealth HTTP Scanner
• HTTrack Tool: Copying the website offline
• Httprint Tool: Web Server Software ID
• Wikto Web Assessment Tool
• Tool: Paros Proxy
• Tool: Burp Proxy
• Attacks against IIS
• IIS Directory Traversal
• Unicode
• IIS Logs
• What is Cross Side Scripting (XSS?
• XSS Countermeasures
• Tool: Brutus
• Dictionary Maker
• Query String
• Cookies
• Top Ten Web Vulnerabilities
• Putting all this to the Test
• Case Study and Lab

Links para Download:
Servidor: Rapidshare
24 partes de 100MB.

http://rapidshare.com/files/167651603/Certified_Penetration_Testing_Specialist__CPTS_.part01.rar
http://rapidshare.com/files/167663331/Certified_Penetration_Testing_Specialist__CPTS_.part02.rar
http://rapidshare.com/files/167675074/Certified_Penetration_Testing_Specialist__CPTS_.part03.rar
http://rapidshare.com/files/167686833/Certified_Penetration_Testing_Specialist__CPTS_.part04.rar
http://rapidshare.com/files/167698484/Certified_Penetration_Testing_Specialist__CPTS_.part05.rar
http://rapidshare.com/files/167710266/Certified_Penetration_Testing_Specialist__CPTS_.part06.rar
http://rapidshare.com/files/167721204/Certified_Penetration_Testing_Specialist__CPTS_.part07.rar
http://rapidshare.com/files/167732062/Certified_Penetration_Testing_Specialist__CPTS_.part08.rar
http://rapidshare.com/files/167741584/Certified_Penetration_Testing_Specialist__CPTS_.part09.rar
http://rapidshare.com/files/167750214/Certified_Penetration_Testing_Specialist__CPTS_.part10.rar
http://rapidshare.com/files/167758372/Certified_Penetration_Testing_Specialist__CPTS_.part11.rar
http://rapidshare.com/files/167765730/Certified_Penetration_Testing_Specialist__CPTS_.part12.rar
http://rapidshare.com/files/167772547/Certified_Penetration_Testing_Specialist__CPTS_.part13.rar
http://rapidshare.com/files/167779160/Certified_Penetration_Testing_Specialist__CPTS_.part14.rar
http://rapidshare.com/files/167785313/Certified_Penetration_Testing_Specialist__CPTS_.part15.rar
http://rapidshare.com/files/167479956/Certified_Penetration_Testing_Specialist__CPTS_.part16.rar
http://rapidshare.com/files/167567396/Certified_Penetration_Testing_Specialist__CPTS_.part17.rar
http://rapidshare.com/files/167577620/Certified_Penetration_Testing_Specialist__CPTS_.part18.rar
http://rapidshare.com/files/167588144/Certified_Penetration_Testing_Specialist__CPTS_.part19.rar
http://rapidshare.com/files/167599352/Certified_Penetration_Testing_Specialist__CPTS_.part20.rar
http://rapidshare.com/files/167610569/Certified_Penetration_Testing_Specialist__CPTS_.part21.rar
http://rapidshare.com/files/167622701/Certified_Penetration_Testing_Specialist__CPTS_.part22.rar
http://rapidshare.com/files/167634296/Certified_Penetration_Testing_Specialist__CPTS_.part23.rar
http://rapidshare.com/files/167640123/Certified_Penetration_Testing_Specialist__CPTS_.part24.rar