Translate by BabelFish

Penetration Test

General information
Code: PNT
Duration: 2 days
Present: 10 Maximum
Price: 1350 € HT
Public concerned
  • Consultants in safety
  • Engineers/Technicians
  • System administrators/network
Prérequis
  • Level run HSB
Means
  • Support of course
  • 50% of practical exercises
  • 1 PC by anybody/Internet
  • Environment Windows of demonstration (2000, 2003, XP...), and Linux
  • CD of Pentest tools
Objectives
  • To organize a procedure of audit of safety of the test type of penetration on its IF
  • To use the most powerful tools for analysis of safety
  • Apply your technical skills of courses HSB/HSA within the framework of a professional intervention.
Description

This course will learn how to you to set up a true procedure of audit of the type PEN Test on your S.I.

It acts of a very technical intervention, which makes it possible to determine the real potential of intrusion and destruction of a pirate on the infrastructure with auditer, and to validate the real effectiveness of the safety applied to the systems, the network and the confidentiality of information.

You will study there in particular the specific organization and procedures to this type of audit; as to use your technical skills (compéten these equivalent to courses HSB and HSA recommended) and best tools of analysis and automation of the attacks (tools public or deprived developed by our teams) for the realization of this intervention.

Day 1
What a PEN test
Interest of the PEN test
Integration of a pentest in a general process of safety
Definition of the policy of management safety, and PEN iterative test.
To organize its intervention
Expression of the needs, perimeter and objectives of the audit and to structure the intervention.
To prepare the reference frame
Technical aspects and legal aspects.
The technical range of the audit
To determine the technical elements on which will carry the intervention: Acquisitions of information, network, Web, applicatifs, systems and collaborators.
To carry out the audit
The acquisition of information
Enumeration and identification of the systems and the users.
Acquisition of access
Attacks of the technical elements: systems, network, Web, applicatifs and services, collaborators.
Rise in privileges
To become administrators, exceed protections systems and network, to find information sensitive on the systems.
Maintenance of the access on the system
To keep and use the accesses obtained to continue l`audit network.
Traces of the intrusion
To evaluate the logs systems and IDS
Day 2
Tools of PEN test
Presentation, use and comparative of the tools
Tools of scan
The tools networks
Tools for analysis of the rules of Firewall, diversions of session, attacks of the made safe protocols, refusals of services.
Tools for analysis system
Under Windows, Linux, UNIX and Mac.
Tools for analysis Web
Scanner of web/CGI pages, tools of exploitation of vulnerabilities in the Web pages and data bases.
Tools of attack of the collaborators
Social engineering, attacks by email.
Tools of Maintenance of the access
Backdoor system and network.
Framework of exploitation
Presentation of CANVAS and Metasploit.
The report/ratio
Evaluation of the risks
Impact, potentiality and criticality of a vulnerability.
To organize the report/ratio
Synthesis, enumeration of the systems and the vulnerabilities.
Writing and submission of the report

Forum

Sysdream opens a technical forum for all its customers, on whom you will be able to request from our consultants any precision or council relative to our courses or the technical questions that you are posed!

If you already followed a session of course on our premises, come to be registered.

REFWEO
ntm Football drinkact rocco sifredi reiki
"));