CSTP Ethical Hacking: Hands-On 2
7 safe
training
Course Outline
CSTP Ethical Hacking: Hands-On 2
Building on the techniques learnt
from the CSTA Ethical Hacking:
Hands-On training course, CSTP
Ethical Hacking: Hands-On 2 teaches
further tools & methods adopted
within the professional arena of
penetration testing.
The course introduces delegates to
commercial penetration testing software
and exploitation frameworks commonly
used by professionals to optimise the
penetration testing process.
Delegates also explore the exploitation and
security auditing of web applications.
Web application vulnerabilities can pose
serious problems to an organisation’s
security. Many do not realise how much
control an attacker can gain over an entire
corporate network via a simple flaw in the
security of a public facing web application.
The CSTP and CSTP + qualifications
command industry recognition and the
latter forms part of 7Safe’s ground-breaking
Masters-level education programme.
What you will learn
• How to use professional penetration testing tools
and frameworks
• How to exploit Windows Server 2003
vulnerabilities
• How to exploit flaws in SQL databases
• How to gain GUI based access to a compromised
machine
• The implications of flawed web application
security
• How web users are at threat
Benefits
• Gain practical experience under the expert
guidance of 7Safe’s tutors
• Develop your skills in a state-of-the-art class
environment with Windows & Linux operating
systems & associated server software
• Learn how to use powerful utilities within
the context of realistic case scenarios and
convincing simulated environments
• Gain in-depth experience with Core Impact,
Metasploit & more, against purpose built ‘victim’
applications
• Journey through the entire process of a pen
test, focussing on the core infrastructure, web
applications and the end user
• Includes examination, successful completion of
which earns delegates the industry recognised
Certified Security Testing Professional (CSTP)
certification
• The course ensures comprehensive preparation
for the university-accredited Certified Security
Testing Professional + (CSTP + ) practical
assignment (taken separately)
Who should attend
systems
Those responsible for the security of IT systems,
including (but not limited to): System/Network
Administrators, Crime Prevention & Protection
Offices, Auditors, Security Officers, Information
Security Professionals & Penetration Testers.
• Exploit database vulnerabilities including MS SQL
server & MySQL
Course style
• Practical injection techniques used to glean,
manipulate & corrupt data
• This is a practical, hands-on course where
delegates are encouraged to experiment, discuss
& explore
• Builds on the techniques learnt in the CSTA Ethical
Hacking: Hands-On course, allowing delegates to
gain comprehensive practical experience of the
penetration testing tools used within the industry
Level & Prerequisites
• A familiarity with Microsoft Windows & Linux/UNIX
operating systems
• Prior attendance on the CSTA Ethical Hacking:
Hands-On training course and completion of the
CSTA examination is strongly recommended
• A basic understanding of HTML and JavaScript is
useful
Course content highlights
Advanced infrastructure penetration testing
• Use professional penetration testing tools to audit
& compromise system security
• Use Nikto web server scanner & Nessus 3
• Elevate command-line access to GUI access
• Learn stealthy techniques to silently upload and
deploy hacker tools
• Employ web application specific vulnerability
scanners to rapidly map out weaknesses in web
applications
• Force web applications to malfunction using HTTP
request & response modification
• Launch attacks using an HTTP proxy
• Elevate attacks using extended stored procedures
Client side attacks
• Discover the potential severity of the often
underestimated XSS vulnerability
• Common browser & e-mail client hacking
techniques used to access Internet users
• Attack a Windows XP Workstation
• Perpetrate attacks by e-mail spoofing/social
engineering
• Use HTTP session hijacking to compromise a users
online identity
• Use XSS with cookie theft to steal confidential
information
• Compromise an end-users machine using modern
exploits
• Launch a dictionary attack
• Use Acunetix Web Vulnerability Scanner
Duration
• Remote registry hacking & silent RAT installation
2 days
• Understand the Metasploit Framework
Cost
• Learn to use Core Impact for remote & client
side attacks
• Transferring hacker tools using TFTP Server
Hacking Web applications
• Find & assess weakness in PHP & ASP.NET web
applications
• Learn how you can use SQL injection to bypass
authentication & reveal confidential information
• Gain SYSTEM level access to a web server hosting
a poorly secured web application
• Attacks against Red Hat and Windows 2003
£999+VAT
7safe
information security services
University Accredited Training
The CSTP Ethical Hacking: Hands-On 2 training
course, Certified Security Testing Professional
(CSTP) certification and university-accredited CSTP+
qualification have proven to be increasingly important
to individuals working within the area of penetration
testing. The latter also forms part of 7Safe’s
Masters-level education programme.
CPE Credits: 16
Penetration Testing
Education
Computer Forensics
Payment Card Industry DSS
ISO 27001 Consulting
t +44 (0)870 600 1667
e contact@7safe.com
w www.7safe.com
PgC Credits: 10
MSc Credits: 15