Penetration Test

General information Code: PNT Duration: 2 days Present: 10 Maximum Price: 1350 € HT Public concerned Consultants in safety Engineers/Technicians System administrators/network Prérequis Level run HSB Means Support of course 50% of practical exercises 1 PC by anybody/Internet Environment Windows of demonstration (2000, 2003, XP...), and Linux CD of Pentest tools Objectives To organize a procedure of audit of safety of the test type of penetration on its IF To use the most powerful tools for analysis of safety Apply your technical skills of courses HSB/HSA within the framework of a professional intervention.	Description This course will learn how to you to set up a true procedure of audit of the type PEN Test on your S.I. It acts of a very technical intervention, which makes it possible to determine the real potential of intrusion and destruction of a pirate on the infrastructure with auditer, and to validate the real effectiveness of the safety applied to the systems, the network and the confidentiality of information. You will study there in particular the specific organization and procedures to this type of audit; as to use your technical skills (compéten these equivalent to courses HSB and HSA recommended) and best tools of analysis and automation of the attacks (tools public or deprived developed by our teams) for the realization of this intervention.
	Day 1 What a PEN test Interest of the PEN test Integration of a pentest in a general process of safety Definition of the policy of management safety, and PEN iterative test. To organize its intervention Expression of the needs, perimeter and objectives of the audit and to structure the intervention. To prepare the reference frame Technical aspects and legal aspects. The technical range of the audit To determine the technical elements on which will carry the intervention: Acquisitions of information, network, Web, applicatifs, systems and collaborators. To carry out the audit The acquisition of information Enumeration and identification of the systems and the users. Acquisition of access Attacks of the technical elements: systems, network, Web, applicatifs and services, collaborators. Rise in privileges To become administrators, exceed protections systems and network, to find information sensitive on the systems. Maintenance of the access on the system To keep and use the accesses obtained to continue l`audit network. Traces of the intrusion To evaluate the logs systems and IDS	Day 2 Tools of PEN test Presentation, use and comparative of the tools Tools of scan The tools networks Tools for analysis of the rules of Firewall, diversions of session, attacks of the made safe protocols, refusals of services. Tools for analysis system Under Windows, Linux, UNIX and Mac. Tools for analysis Web Scanner of web/CGI pages, tools of exploitation of vulnerabilities in the Web pages and data bases. Tools of attack of the collaborators Social engineering, attacks by email. Tools of Maintenance of the access Backdoor system and network. Framework of exploitation Presentation of CANVAS and Metasploit. The report/ratio Evaluation of the risks Impact, potentiality and criticality of a vulnerability. To organize the report/ratio Synthesis, enumeration of the systems and the vulnerabilities. Writing and submission of the report