Certified Penetration Testing Professional (CPENT) Training

Siber Güvenlik Eğitimleri Certified Cybersecurity Technician (C|CT) Eğitimi

About the Training

The Certified Penetration Testing Professional (CPENT) Training is a comprehensive program specifically designed for information security professionals. This training aims to equip participants with the skills necessary to conduct effective penetration testing. It also provides in-depth knowledge and practical experience in the field of cybersecurity. The CPENT training enables you to gain proficiency in identifying security vulnerabilities, assessing risks, and implementing effective countermeasures in real-world scenarios.

The CPENT training focuses on key topics such as network attacks, vulnerability analysis, attack detection, web application security, data security, and network security strategies. This approach enhances your ability to understand various attack vectors, identify vulnerabilities, and remediate security weaknesses. Additionally, you will become familiar with the processes of planning, executing, and reporting on penetration tests, establishing yourself as a trusted expert in the field.

By combining theoretical knowledge with practical exercises and live scenarios, the CPENT training offers real-world experience. You will have the opportunity to apply security strategies effectively while testing your knowledge and skills through penetration tests conducted in realistic scenarios and network environments. This hands-on experience positions you to play a crucial role in preventing cyberattacks and addressing security vulnerabilities.

Participants who successfully complete the CPENT training will earn the CPENT certification. This certification validates your competency in penetration testing, earning you recognition and credibility among employers and other professionals in the industry. The CPENT certification provides a competitive edge in your career, helping you advance in the cybersecurity field.

The CPENT training presents a significant opportunity for cybersecurity professionals. By enhancing your skills in identifying security vulnerabilities, assessing risks, and implementing security measures, you can contribute to the protection of organizations. The CPENT certification supports your specialization in the field and helps you advance to higher-level positions in your career.

What Will You Learn?

 
  • Penetration Testing Fundamentals: You will learn the basic concepts and processes of penetration testing. This includes understanding the steps of a penetration test, such as target identification, information gathering, attack planning, attack execution, and reporting.
  • Network Security Vulnerabilities: You will explore common security vulnerabilities and attack vectors in network systems. By working on topics like web application security, vulnerabilities in network protocols, and application layer security weaknesses, you will develop your skills in identifying and exploiting vulnerabilities.
  • Attack Tools and Techniques: You will learn about various attack tools and techniques. This includes discovering tools used for port scanning, weak password attacks, and XSS (Cross-Site Scripting) attacks, among others, to perform different types of attacks and detect security vulnerabilities.
  • Vulnerability Analysis and Reporting: You will understand the process of vulnerability analysis and reporting methods. By applying techniques for identifying vulnerabilities, assessing risks, and preparing detailed reports, you will enhance your skills in vulnerability analysis.
  • Ethical Standards and Legal Compliance: You will learn about ethical standards and legal compliance during penetration tests. This includes gaining knowledge of ethical penetration testing practices and understanding the legal requirements and regulations to ensure that tests are conducted correctly and do not lead to negative consequences.
The CPENT training enables you to develop your skills in testing network systems and identifying weaknesses in real-world scenarios. This training helps you gain in-depth knowledge and skills in network security, making you proficient in security testing.

Prerequisites

  • Basic Computer Knowledge: Having an understanding of computer systems, networks, operating systems, and basic network protocols will be beneficial.
  • Fundamentals of Network and System Security: Knowledge of network security principles, types of attacks, security measures, and basic network and system security controls will help you better understand the training.
  • Network and System Administration Experience: Experience in network and system administration will make it easier for you to understand network infrastructure, system configurations, and evaluate environments encountered during penetration testing.
  • Basic Cryptography Knowledge: An understanding of basic cryptographic concepts, encryption algorithms, and key management will provide you with a foundation in secure communication and data protection.
These prerequisites can give you an advantage before participating in the CPENT training, but they are not mandatory. It is important to check the specific prerequisites set by the organization offering the training, as requirements may vary between providers. Ensuring that you meet the prerequisites established by the training provider is recommended.

Who Should Attend?

 
  • Information Security Specialists: Professionals working in the field of information security may wish to enhance their knowledge and skills in network security testing and penetration testing. These specialists typically work in companies or consultancy firms focused on security testing.
  • Network and System Administrators: Network and system administrators are responsible for ensuring the security of an organization’s network infrastructure and identifying vulnerabilities. The CPENT training provides these administrators with knowledge and skills in security testing techniques and vulnerability analysis.
  • Security Consultants and Auditors: Security consultants and auditors mayseek to provide security testing services and identify vulnerabilities for their clients. The CPENT training enhances their ability to perform effective security testing during consulting and auditing processes.
  • Application Developers: Application developers may want to conduct vulnerability analysis and security testing as part of creating secure software and applications. The CPENT training equips them with knowledge and skills in application-level security testing and vulnerability analysis.
  • Cybersecurity Researchers: Researchers in the field of cybersecurity may participate in the CPENT training to discover new vulnerabilities and study attack techniques. This training helps them develop advanced expertise in cybersecurity by enhancing their research skills.
The groups mentioned above are examples of those who may benefit from CPENT training. However, anyone with an interest and motivation in network security and penetration testing can participate in this training to enhance their knowledge and skills. Whether you are looking to work in network security or strengthen your existing knowledge and skills, the CPENT training is suitable for anyone.

Outline

Module 01: Introduction to Penetration Testing and Methodologies
  • Cover the fundamentals of penetration testing, including penetration testing approaches, strategies, methodologies, techniques, and various guidelines and recommendations for penetration testing.
Key topics covered:
  • Penetration Testing, Penetration Testing Service Delivery Models, ROI for Penetration Testing, Types of Penetration Assessment, Strategies of Penetration Testing, Selection of Appropriate Testing Type, Different Methods of Penetration Testing, Common Areas of Penetration Testing, Penetration Testing Process, Penetration Testing Phases, Penetration Testing Methodologies, EC-Council’s LPT Methodology, Qualities of a Licensed Penetration Tester, Characteristics of a Good Penetration Test, Ethics of a Penetration Tester; Qualification, Experience, Certifications, and Skills Required for a Pen Tester; Risks Associated with Penetration Testing
Module 02: Penetration Testing Scoping and Engagement
  • Learn the different stages and elements of scoping and engagement in penetration testing.
Key topics covered:
  • Penetration Testing: Pre-engagement Activities, Initiation of a Pen Testing Engagement Process, Proposal Submission, Determining the Project Schedule, Staffing Requirements, Rules of Engagement, Estimating the Timeline for the Engagement, Penetration Testing Schedule, Identifying the Reporting Time Scales, Deciding the Time of Day for the Test, ROE Document, Penetration Testing Contract, Penetration Testing “Rules of Behavior,” Confidentiality and Nondisclosure Agreement Clauses, Identifying the Security Tools Required for the Penetration Test, Preparing the Test Plan, Penetration Testing Hardware/Software Requirements, Gathering Information on the Client Organization’s History and Background, Identifying the Local Equipment Required for the Pen Test, Mission Briefing, Scope Creeping
Module 03: Open-Source Intelligence (OSINT)
  • Learn how to use techniques and tools to gather intelligence about the target from publicly available sources such as the World Wide Web (WWW), through website analysis, by using tools/frameworks/scripts, and so on.
Key topics covered:
  • OSINT through the WWW, OSINT through Website Analysis, OSINT through DNS Interrogation, Whois Lookups, Reverse Lookups, DNS Zone Transfer, Traceroute Analysis, Automating the OSINT Process using Tools/Frameworks/Scripts
  Module 04: Social Engineering Penetration Testing
  • Learn different social engineering techniques and perform social-engineering penetration testing on a target organization.
Key topics covered:
  • Social Engineering Penetration Testing, Social Engineering Penetration Testing Modes, Social Engineering Penetration Testing Process, Social Engineering Using Email, Phishing, Spear Phishing, Whaling, Phone (Vishing), SMiShing (SMS Phishing), Social Engineering Using Physical Attack Vector, Piggybacking/Tailgating, Eavesdropping, Dumpster Diving, Reverse Social Engineering, Social Engineering Using Motivation Techniques, Social Engineering Countermeasures and Recommendations
Module 05: Network Penetration Testing – External
  • Learn how to implement a comprehensive penetration testing methodology for assessing networks from outsiders’ perspectives. Learn the process attackers follow to exploit the assets using vulnerabilities from the outside of the network perimeter.
Key topics covered:
  • Network Penetration Testing, External vs. Internal Penetration Testing, External Network Penetration Testing, Internal Network Penetration Testing. Network Penetration Testing Process, Port Scanning, Fingerprinting the OS, Examining the Patches Applied to the Target OS, fingerprinting the Services, External Vulnerability Assessment, searching and Mapping the Target with the Associated Security Vulnerabilities, Find Out the Security Vulnerability Exploits, Running the Exploits against Identified Vulnerabilities, Document the Result
Module 06: Network Penetration Testing – Internal
  • Learn how to implement a comprehensive penetration testing methodology for assessing networks from insider’s perspectives.
Key topics covered:
  • Internal Network Penetration Testing, Footprinting, Network Scanning, Scanning Analysis, Scanning Methodology, OS and Service Fingerprinting, Identifying the OS, SMB OS Discovery, Manual Banner Grabbing, Identifying the Services, Displaying Services within Metasploit, Map the Internal Network, Enumeration, Vulnerability Assessment, Internal Vulnerability Assessment, Network Vulnerability Scanning, Host Vulnerability Scanner, Vulnerability Assessment Reports, Scan Analysis Process, Windows Exploitation, Unix/Linux Exploitation, Attempt Replay Attacks, Attempt ARP Poisoning, Attempt Mac Flooding, Conduct a Man-in-the-Middle Attack, Attempt DNS Poisoning, Automated Internal Network Penetration Testing, Post Exploitation, Pivoting, Port Forwarding, OS Discovery, Proxychains, Web Shells, Document the Result
  Module 07: Network Penetration Testing – Perimeter Devices
  • Learn how to implement a comprehensive penetration testing methodology for assessing the security of network perimeter devices, such as Firewalls, IDS, Routers, and Switches.
Key topics covered:
  • Assessing Firewall Security Implementation, Testing the Firewall from Both Sides, Find Information about the Firewall, Enumerate Firewall Access Control List using Nmap, Scan the Firewall for Vulnerabilities, Trying to Bypass the Firewall Using Various Techniques, Assessing IDS Security Implementation, Common Techniques Used to Evade IDS Systems, Test for Resource Exhaustion, Test the IDS by Using Various Techniques, Assessing Security of Routers, Need for Router Testing, Identify the Router Operating System and its Version, Identify Protocols Running, Try to Gain Access to the Router, Test for IP Spoofing, Router Penetration Testing using Secure Cisco Auditor (SCA), Assessing Security of Switches, Test for Address of Cache Size, Test for Data Integrity and Error Checking, Test for Frame Error Filtering, Test for VLAN Hopping, Test for MAC Table Flooding, Testing for ARP Attack, Document the Result
Module 08: Web Application Penetration Testing
  • Learn how to analyze web applications for various vulnerabilities, including the Open Web Application Security Project (OWASP) Top 10, and determine the risk of exploitation.
Key topics covered:
  • Web Application Penetration Testing, Web Application Security Frame, Security Frame vs. Vulnerabilities vs. Attacks, Website Footprinting, Web Enumeration, Discover Web Application Default Content, Discover Web Application Hidden Content, Conduct Web Vulnerability Scanning, Test for SQL Injection Vulnerabilities, Test for XSS Vulnerabilities, Test for Parameter Tampering, Test for Weak Cryptography Vulnerabilities, Tests for Security Misconfiguration Vulnerabilities, Test for Client-Side Attack, Tests for Broken Authentication and Authorization Vulnerabilities, Tests for Broken Session Management Vulnerabilities, Test for Web Services Security, Test for Business Logic Flaws, Test for Web Server Vulnerabilities, Test for Thick Clients Vulnerabilities
Module 09: Wireless Penetration Testing
  • Learn how to test various components of wireless networks, such as WLAN, RFID devices, and NFC technology devices.
Key topics covered:
  • Wireless Penetration Testing, Wireless Local Area Network (WLAN) Penetration Testing, Discovering the Wireless Networks, Detect Wireless Connections, Use a Wireless Honeypot to Discover Vulnerable Wireless Clients, Performing a Denial-of-Service Attack, Attempt Rapid Traffic Generation, Attempt Single-packet Decryption, Perform an ARP Poisoning Attack, Crack WPA-PSK Keys, Crack WPA/WPA2 Enterprise Mode, Check for MAC Filtering, Spoof the MAC Address, Create a Direct Connection to the Wireless Access Point, Introduction to RFID Penetration Testing, Perform Reverse Engineering, Perform Power Analysis Attack, Perform Eavesdropping, Perform an MITM Attack, Perform a DoS Attack, Perform RFID Cloning/Spoofing, Perform an RFID Replay Attack, Perform a Virus Attack; Oscilloscopes, RFID Antennas, and RFID Readers; Introduction to NFC Penetration Testing, Perform a Data Modification Attack, Perform Data Corruption Attack, Perform a MITM Attack, Document the Result
Module 10: IoT Penetration Testing
  • Understand various threats to Internet of things (IoT) networks and learn how to audit security controls for various inherent IoT risks.
Key topics covered:
  • IoT, Popular IoT Hacks, IoT Challenges, IoT Penetration Testing, Abstract IoT Testing Methodology, Attack Surface Mapping, IoT Architecture, Typical IoT Vulnerabilities, Steps to Analyzing the IoT Hardware, Firmware Attacks, Attack Surface Map, Sample Architecture Diagram, Sample Firmware Analysis Process, Binwalk to Extract the File System, Exploring the File System, Firmware Emulation
  Module 11: OT and SCADA Penetration Testing
  • Understand OT and SCADA concepts and learn the process of testing various components of OT and SCADA networks
Key topics covered:
  • IT vs OT System Architecture, ICS/SCADA Protocols, Modbus, ICS and SCADA Pen Testing, Attack Monitoring, Testing Environment, Penetration Testing Actions, Host Attack Types, Network Attack Types, Ports of SCADA, Attack Modifications, OT Testing Tools, BACnet, Commercial SCADA Fuzzing Tool, Danger of Port Scanning, Types of Vulnerability Scans, Device Separation, ICS Cyber Test Impact
Module 12: Cloud Penetration Testing
  • Understand various security threats and concerns in cloud computing and learn how to perform cloud penetration testing to determine the probability of exploitation.
Key topics covered:
  • Cloud Computing Security and Concerns, Security Risks Involved in Cloud Computing, Role of Penetration Testing in Cloud Computing, Scope of Cloud Pen Testing, Shared Responsibilities in Cloud; Penetration Testing Process, Identifying the Type of Cloud to be Tested, Identifying Tools for Penetration Testing, Perform Cloud Reconnaissance, Perform a Detailed Vulnerability Assessment, AWS Specific Penetration Testing, Attempt to Identify S3 Buckets, Azure Specific Penetration Testing, Google Cloud Platform Specific Penetration Testing, Google Cloud’s Provision for Penetration Testing
Module 13: Binary Analysis and Exploitation
  • Understand the binary analysis methodology and reverse engineer applications to identify vulnerable applications that may lead to the exploitation of an information system.
Key topics covered:
  • Binary Coding, Machine Instructions, Sample Stack Frame, C program memory, Analyzing Binaries, Registers, Important IA-32 Instructions for Pen Testing, Executable and Linkable Format, Advanced Binary Analysis, Obfuscation Challenges, Binary Instrumentation, IA-64, Binary Analysis Methodology, Sample Program, Sample x86 C Program, Shellcode, ASLR, Return-to-libc vulnerability, Defeating the No-execute Stack, 64-bit Fundamentals, Attack using ROP
Module 14: Report Writing and Post Testing Actions
  • Learn how to document and analyze the results of a penetration test and recommend post-penetration test actions.
Key topics covered:
  • Goal of the Penetration Testing Report, Penetration Testing Deliverables, Report Formats, Types of Pen Test Reports, Characteristics of a Good Pen Testing Report, Phases of Report Development, Sample Pen Testing Report Format, Report Components, Penetration Testing Report Analysis, Sections of the Penetration Testing Report, Pen Test Team Meeting, Research Analysis, Prioritize Recommendations, Delivering Penetration Testing Report, Letter of Attestation, Cleanup and Restoration, Report Retention, Sign-off Document, Post-Testing Actions for Organizations, Develop an Action Plan, Develop and Implement Data Backup Plan, Create a Process for Minimizing Misconfiguration Chances, Updates and Patches, Capture Lessons Learned and Best Practices, Create Security Policies, Conduct Training

Training Request Form

PenTest Training

Penetration Testing (PenTest) Training provides in-depth education on the methods, tools, and techniques used to detect and analyze security vulnerabilities in computer systems and networks.

Eğitimi İncele »