Penetration Test

General information Code: PNT Duration: 3 days Present: 10 Maximum Price: 1775 € HT Public concerned Consultants in safety Engineers/Technicians System administrators/networks Pre-necessary Level course HSF/HSA Means Support of course 80% of practical exercises 1 PC by anybody/Internet Windows environment of demonstration (Windows XP, 2000,2003…), and Linux. CD of Pentest tools Objectives To organize a procedure of audit of safety of the test type of penetration on its IF. To put itself in real situation of Audit To apply your technical skills of courses HSF/HSA within the framework of a professional intervention.	Description This course will learn how to you to set up a true procedure of audit of the type PEN Test or Test of Intrusion on your S.I the trainees are plunged in a practical case approaching as much as possible a real situation of company. Indeed, PenTest is a very technical intervention, which makes it possible to determine the real potential of intrusion and destruction of a pirate on the infrastructure with auditer, and to validate the real effectiveness of the safety applied to the systems, the network and the confidentiality of information. You will study there in particular the specific organization and procedures to this type of audit; as to use your technical skills (competences equivalent to courses HSB and HSA recommended) and best tools of analysis and automation of the attacks (public or deprived tools developed by our teams) for the realization of this intervention.
	Day 1 & 2 Methodology of the Audit What is what a PEN Test? Interest of PenTest Integration of PenTest in a general Process of safety Definition of the policy of management safety and iterative PenTest. To organize its intervention To prepare the reference frame The technical range of the Audit To carry out PenTest The acquisition of information Acquisition of access Rise in privileges Maintenance of the access on the system Traces of the intrusion Tools of PenTest Tools of Scan The tools Networks Tools for analysis System Tools for analysis Web Tools of attack of the collaborators Tools of maintenance of the access Framework of exploitation Setting in Situation of Audit The trainees go auditer on the basis of scenario approaching a real case as much as possible, a corporate network. The day is a succession of discovered vulnerabilities and exploitation of those in order to penetrate the target network. The theoretical part of the previous day is put into practice. The trainer will guide throughout the audit the trainees and will make them benefit from its experiment ground. Development of planning Distribution of the spots	Days 3 Setting in Situation of audit (continuation) Preparation of the report/ratio Collect information Preparation of the document Writing of the report/ratio Total analysis of the safety of the system Description of the found vulnerabilities Definition of the recommendations of safety General synthesis on the safety of the system Transmission of the report/ratio Precautions necessary Methodology of transmission of report/ratio What to once submit the transmitted report?