You've now graduated to the industry's most advanced ethical hacking course and it's time to take your pen testing skills to a new level. Learn how to orchestrate Advanced Persistent Threat (APT) attacks and defend against them.
Modern networks and systems are fully patched, hardened from attack, and armored to the hilt with expensive security gear --- but the bad guys still get in on a daily basis! How do they do this? Why is there a news release every day of another Fortune 500 company hacked, more government secrets lost to the adversary?
InfoSec Institute’s Advanced Ethical Hacking Boot Camp aims to train you on how to successfully attack fully patched and hardened systems, how to circumvent common security controls, and how to get to confidential data. You take this knowledge back to your organization and can then formulate a way to defend against these sophisticated attacks.
In this hands-on training class, you will learn how to:
All of this against fully patched, fully hardened systems.
You will learn how to chain a few commonly ignored low severity vulnerabilities into a highly critical remote exploit. Once your attacks are successful, you will practice data capture. Then, learn how to intercept and replay confidential data, for example, learn how to VoIP network traffic and data mine it for authentication information.
Every evening you will put everything you learned during the day together in an all-encompassing Capture the Flag (CTF) exercise. This enables you to test that you really understand how to use what you have learned in a real world situation, with an expert instructor by your side to assist your efforts.
The goal of this course is to help you master a more efficient and effective penetration testing process. By learning how to fully utilize 0day attacks that replicate an APT attack, you become a very valuable member of any penetration testing team. This course also supports and prepares you for the CEPT and ECSA certification exams.
Hundreds of exercises in over 31 separate Hands-On Labs bring up to speed with the latest threats your organization is most vulnerable to. Practice penetration testing on our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to compromise web servers, virtual machines, databases, routers, firewalls, and then put it all together in an unscripted evening CTF (Capture The Flag) exercise.
Be sure to check out our R&D site. We post tutorials, labs, white papers and articles to help you in your continued education. There are frequently forensics videos available. If you haven't taken a course with us yet, check out some of the types of thigns you'll be doing and learning about in class.
01/30/2012
This is the third article in a series on the topic of self-modifying code
01/24/2012
Figure 1. Yes there is a ship in the mall, and a whole bunch of wireless Much has been made in the media about the frequency of computer intrusions that result in masses of credit card and other personal data being expropriated by person’s unknown and often used for fraud and identity theft. The recent
01/23/2012
IP Address: On the Internet, each computer system is identified by its IP address. The work we do on the Internet is associated with the IP address of the system we are using. We know that every request or response process on the Internet is done on packets. The basic protocol for information exchange over
01/23/2012
Google hacking is a time honored tradition that goes back many years. There are specific Google searches that will allow users to directly download documents that the company might not want to have publicly available. This kind of attack takes on a number of different Google searches that will be covered in this paper. The
01/19/2012
In the first part of this article we looked at some of the common authentication types used in Web Applications these days and discussed their pros and cons. In this article we take it one step further and discuss some of the advanced authentication methods used these days. We will also discuss the various techniques for
Connie Brown
United States Air Force
Black Hat hackers are always changing their tactics to get one step ahead of the good guys. InfoSec Institute updates our course materials regularly to ensure that you learn about the most current threats to your organization's networks and systems.
This course focuses on advanced exploitation techniques. A brief introduction to system exploitation theory and process will be covered, the rest of the course covers advanced topics, such as:
| Dates | Location | Reserve a Seat! |
|---|---|---|
| Any Date! | Any Location! | Advanced Hacking Online - More Details Here |
| 02/13/12-02/17/12 | Colorado Springs, CO | Reserve a Seat |
| 04/30/12-05/04/12 | Dulles, VA | Reserve a Seat |
| 05/21/12-05/25/12 | Las Vegas, NV | Reserve a Seat |
| 06/25/12-06/29/12 | Baltimore, MD | Reserve a Seat |
| 01/12/31-01/12/31 | Online, | Reserve a Seat |
| Any Date | Your Office! |
Get Information for On-Site Training |
This course prepares you for two top hacking certifications in the industry, the CEPT and the ECSA. Both exams are given on-site, we have achieved a 93% pass rate for these ethical hacker and penetration testing certifications.
The exam consists of two parts, a traditional multiple choice, true/false and multiple answer examination and a take-home practical exam. The multiple choice exam consists of 50 questions randomly pulled from a master list of questions. The certification candidate has 2 hours to complete the exam. The 9 Certified Expert Penetration Tester (CEPT) Domains are as follows:
* Penetration Testing Methodologies
* Network Attacks
* Network Recon
* Windows Shellcode
* Linux & Unix Shellcode
* Reverse Engineering
* Memory Corruption/Buffer Overflow Vulnerabilities
* Exploit Creation - Windows Architecture
* Exploit Creation - Linux/Unix Architecture
* Web Application Vulnerabilities
Any candidate that answers 70% of the questions correctly is considered to have passed the multiple choice exam.Upon completion of the multiple choice exam, candidates are then distributed a take-home practical, in which they will be tested on their ability on three Challenges. Candidates have 60 days from the completion of the multiple choice exam to complete the practical examination. The three challenges are as follows:
Challenge #1: Discover and create a working exploit for Microsoft Windows Vulnerability.
Challenge #2: Discover and create a working exploit for Linux Vulnerability.
Challenge #3: Reverse engineer a Windows Binary.
Candidates are instructed to submit a working exploit for Challenges #1 and #2. Partial credit is given for non-working exploits, when submitted with detailed documentation.
The practical is then submitted to an exam proctor, who will grade the exam. A 70% is considered a passing grade. Generally, candidates that submit working exploits as well as a properly reversed binary will pass the exam.
Prerequisites:
SEC-300 is part of the Penetration Testing Track.
Core Classes:
Specialization:
