Certified Penetration Testing Specialist / Certified Ethical Hacker / Backtrack by SecureIA

CPTS is built upon proven hands-on Penetration Testing methodologies as utilized by our international group of vulnerability consultants. SecureIA trainers keep abreast of their expertise by practicing what they teach because we believe that an equal emphasis on theoretical and real world experience is essential for effective knowledge transfer to you, the student. The CPTS presents information on the latest vulnerabilities and defenses. This class also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk. We go far beyond simply teaching you to “Hack” -- the norm with the classes that have been available until now. Our course is developed based on principles and methods used by malicious hackers, but its focus is professional penetration testing and securing information assets.

Upon completion, CPTS - Certified Penetration Testing Specialist students will be able to confidently undertake the Thompson Prometric CPTS examination (recommended) or the easier Certified Ethical Hacker (312-50) Self Study. Students will enjoy an in-depth course that is continuously updated to maintain and incorporate the ever changing security environment. This course offers up-to-date proprietary laboratories that have been researched and developed by leading security professionals from around the world .

Our reputation speaks for itself! See what others are saying... Testimonials

Package Includes

14 CD Levels on 3 DVDs featuring live instructor-led classroom sessions with full audio, video and demonstration components
Printable Courseware
Exclusive LearningZone Live Mentor Click for Details (Value at $295)
Help whenever you need it! Exclusive LearningZone - Why wait for email support? Chat Live with our Certified Instructors anytime around the clock (24x7)
Free 1 Year Upgrade Policy
Certificate of Completion

Wayne Burke - SecureIA Security Expert
Wayne Burke initially started his career as a hardware engineer, where he diagnosed many complex problems. He later proceeded to expand his knowledge and acquired a computer science degree. After a few years in the field he began to focus his energies on the software side of IT. He has worked with virtually all the OS/Networking combinations which put him in a good position to become the security expert he is today. Ultimately all these experiences have help build his vast knowledge base.

Course Features:

Main Menu
Move through hours of in-depth content - quickly and easily due to the efficient and organized structure.
PowerPoint
Utilizing PowerPoint presentations enhances the delivery by displaying a variety of visual information to the user. This type of representation allows the user to better interpret the material through charts, definitions, graphs, and more...
Exclusive Learning Zone
Train around the clock, around the world. Our certified online instructors are located at global support centers in the U.S., U.K., Australia, and Singapore to provide real-time answers to technology- and soft-skill-related questions 24x7. This means access to a live subject matter expert no matter where you are - day or night. This level of student/instructor interaction provides real-time training specific support and extends training beyond content and instructor-led solutions by providing flexibility to accommodate individual needs and schedules.
Controls
Move forward, back, and repeat entire topics or just a section. A progress bar illuminates as you advance through exercises.
Full Motion Video
All courses feature full-motion videos of instructors teaching the information as if they are speaking directly to you. Our unique delivery simulates a one-on-one classroom environment creating a more personal lesson and learning experience.
Study Guides
Printable study guides for the entire course are available. This allows all material to be viewed, reviewed, and printed for viewing at a later date.
Review Exercises
Each section has a review quiz to aid in the learning process by validating the comprehension of the material covered before moving on to a new section.
Resume
All courses are resumed to where you left off last session allowing you to learn when it is convenient for you without the hassle of remembering where you where.
Live Demonstrations
Demonstrations are a way for the instructor to show and tell the user how to perform a task by actually doing it on screen in front of them. In this format it gives the user the power to see things done by a professional in the intended environment as many times as they would like.
Certificate of Completion
Career Academy is recognized worldwide for its technology-based IT training curriculums. Upon successful completion of our program, you will be receiving a Career Academy Distance Education Certificate of Completion.

Career Academy Computer-Based Training is a cost effective method that meets the critical demands of computer users. Experience our expert-led computer training courses in a comfortable and convenient environment. You get the feel of a computer training school delivered through flexible and familiar technology.

Following 9/11 ** Career Academy's security training partner, SecureIA has through necessity, been thrust into position as the World's largest specialty IT security training organization. SecureIA has provided training services to every US military and intelligence agency, as well as similar agencies for some of the USA's closest allies. These same classes are available to the corporate world with students coming from industries ranging from charities, banking, insurance, health, communications, transport, law enforcement, education and almost any sector imaginable. SecureIA's distinction over the competition is that our instructors eat, drink, sleep and breath IT security.

Training comes to life with our full motion video, challenging labs, critical assessment and real-world insight from experts with vast experience in the subject matter. Engage in dynamic learning where multiple senses help reinforce learning concepts. See the steps, hear the explanations then put your skills to work. Our proven methodology provides an unequalled training experience with exceptional results.

Choosing Career Academy’s training with our expert-created study guides and interactive labs will result in an engaging learning experience. You will find that Career Academy’s training is second to none. Career Academy alone is the best site to offer the equivalent to an actual Microsoft training. See the steps, hear the explanations then put your skills to work. Our proven methodology provides an unequalled training experience with exceptional results. Distinguish your knowledge. Enhance your career.

Module 1 - Business and Technical Logistics for Pen Testing

Business and Technical Logistics for Pen Testing
Definition of a Penetration Test
Benefits of a Penetration Test
ID Theft Statistics
Demo - ID theft center website
VA loses another 48,000 records
TK Maxx hit by theft of 46m credit cards
Demo - Security Focus Website
The Evolving Threat
Demo - ANI Zero-Day
Security Vulnerability Life Cycle
Exploit Timeline
Zombie Statistics
Zombie Definition
Botnet Definition
Types of Penetration Testing
Methodology for Penetration Testing / Ethical Hacking
Hacker vs. Penetration Tester
Not Just Tools
Demo - OSSTMM Methodology
Demo - NIST Methodology
Demo - FFIEC ISSAF Methodology
Penetration Testing Methodologies
OSSTMM - Open Source Security Testing Methodologies
Demo - WebSite
Website Review
Tool: SecurityNOW! SX
Demo - Cioview SecuirtyNow SX Tool
Lab - Overview
Lab - Exercise 1
Lab - Exercise 2
Lab - Exercise 3
Module 1 Review

Information Gathering - Reconnaissance 1: Passive

Information Gathering - Reconnaissance 1: Passive
What Information is Gathered by the Hacker
Methods of Obtaining Information
Physical Access
Demo - Bump Key
Social Access
Digital Access
Passive vs. Active Reconnaissance
Footprinting Defined
Footprinting Tool: Kartoo Website
Demo - Kartoo Search Engine
Footprinting tools
Google and Query Operators
Demo - Google Hacking
Johnny.Ihackstuff.com
Aura : Google API Utility Tool
www.myspace.com
www.facebook.com
Identity Theft and MySpace
Blogs, Forums & Newsgroups
Internet Archive: The WayBack Machine
Demo - Way Back Machine
Domain Name Registration
WHOIS
WHOIS Output
Demo - Searching For Information
DNS Databases
Using Nslookup
Dig for Unix / Linux
Traceroute Operation
Visual Mapping
www.answers.com
EDGAR For USA Company Info
Company House For British Company Info
Demo - Information discovery
www.fboweb.com
Intelius info and Background Check Tool
Web Server Info Tool: Netcraft
Countermeasure: Domainsbyproxy.com
Footprinting Countermeasures
Lab - Exercise 1
Module 2 Review

Module 3 - Linux Fundamentals

Linux Fundamentals
Linux History – Linus + Minix = Linux
The GNU Operating System
Linux Introduction
Linux GUI Desktops
Demo - Linux GUI Desktops
Linux Shell
Demo - Linux Shell
Linux Bash Shell
Recommended Linux Book
Password & Shadow File Formats
User Account Management
Demo - User Account Files
Changing a user account password
Demo - Creating User Accounts
Configuring Network Interfaces with Linux
Demo - ifconfig usage
Mounting Drives with Linux
Demo - Mounting Drives
Tarballs and Zips
Compiling Programs in Linux
Demo - Compiling programs using gcc
Typical Linux Operating Systems
Gentoo = Simple Software Install Portal
Gentoo
Demo - Gentoo Overview
VLOS
Why Use Live Linux Boot CD’s
Security Live Linux CD’s
FrozenTech’s Complete Distro List
Most Popular: BackTrack
http://forums.remote-exploit.org/
My Slax Creator
Slax Modules (Software Packages)
Lab - Installing BackTrack into a VM
Lab - Updating BackTrack Files
Lab - BackTrack Services
Module 3 Review

Module 4 - Detecting Live Systems - Reconnaissance 2: Active

Detecting Live Systems - Reconnaissance 2: Active
Introduction to Port Scanning
Port Scan Tips
Expected Results
Tools: Organizing Results
Leo meta-text editor
Demo - Methods to log your results
Free Mind: Mind mapping
Method: Ping
Stealth Online Ping
Demo - Port scanning know your tools
NMAP: Is the Host Online
The TCP/IP stack
Recommended Video: It’s Showtime
Demo - Recommended Video and NMAP Basic Online Test
Which services use which ports?
TCP 3-Way Handshake
TCP Flags
Demo - Tool Engage Packet Builder
Vanilla (TCP Connect Port Scan)
NMAP TCP Connect Scan
Demo - NMAP TCP Connect Scan
Demo - NMAP SYN Scan
Half-open Scan
Tool Practice: TCP half-open & Ping Scan
Firewalled Ports
NMAP Service Version Detection
Demo - NMAP sV Scan and export results
Saving NMAP results
Output results
UDP Port Scan
Advanced Technique
Popular Port Scanning Tools
Tool: Superscan
Tool: LookatLan
Demo - Look at Lan Tool
Tool: Hping2
Demo - Hping2 Tool
Tool: Auto Scan
Demo - Auto Scan Tool
Advanced Port Scanning / Packet Crafting
OS Fingerprinting
Demo - OS Fingerprinting with NMAP
OS Fingerprinting: Xprobe2
Demo - OS Fingerprinting with Xprobe AMAP P0F
Xprobe2 Options
What Is Fuzzy Logic?
Tool: P0f - Passive OS Finger Printing Utility
Tool Practice: Amap
Packet Crafting
Tool Fragrouter: Fragmenting Probe Packets
Countermeasures: Scanning
Scanning Tools Summary
Lab - Exercise 1
Lab - Exercise 2
Lab - Exercise 3
Module 4 Review

Module 5 - Enumeration - Reconnaissance 3: Active

Enumeration - Reconnaissance 3: Active
Methodology Recap
Web Server Banners
Demo - Web Server Banner Grabbing with Telnet
Practice: Banner Grabbing with Telnet
Demo - Windows 2003 and SMTP Banner Grabbing with Telnet
Sam Spade Tool: Banner Grabbing
SuperScan 4 Tool: Banner Grabbing
SMTP Server Banner
Demo - DNS Zone Transfer using nslookup
DNS Enumeration
Zone Transfers from Windows 2000 DNS
Countermeasure: DNS Zone Transfers
SNMP Insecurity
SNMP Enumeration
Demo - SNMP enumeration using Windows and Linux
SNMP Enumeration Countermeasures
Active Directory Enumeration
AD Enumeration countermeasures
Null sessions
Syntax for a Null Session
Viewing Shares
Tool: DumpSec
Tool: USE42
Tool: Enumeration with Cain and Abel
Demo - Null Sessions and tool usage
NAT Dictionary Attack Tool
Demo - Null Sessions and NAT
Injecting Abel Service
Demo - Injecting Abel
Null Session Countermeasures
Enumeration Tools Summary
Lab - Exercise 1
Module 5 Review

Module 6 - Cryptography Decrypted

Cryptography Decrypted
Introduction
Encryption
Encryption Algorithm
Implementation
Symmetric Encryption
Symmetric Algorithms
Demo - Cryptool
Crack Times
Asymmetric Encryption
Key Exchange
Hashing
Hash Collisions
Common Hash Algorithms
Demo - Hashing Tools
Hybrid Encryption
Digital Signatures
Demo - Digital Signature with Cryptool
SSL Hybrid Encryption
IPSec
Demo - IPSEC
Transport Layer Security - SSH
Public Key Infrastructure
PKI-Enabled Applications
Quantum Cryptography
Hardware Encryption: DESlock
Demo - Hardware Encryption
Attack Vectors
Lab - Exercise 1
Module 6 Review

Module 7 - Vulnerability Assessments

Vulnerability Assessments
Vulnerability Assessment Intro
Testing Overview
Staying Abreast: Security Alerts
Demo - Keeping up to date with Websites
Vulnerability Scanners
Qualys Guard
Tool: Nessus Open Source
Nessus Client Interface
Nessus Report
Tool: Retina
Video Recommendation
Nessus for Windows
Tool: LANguard
Demo - Nessus on Windows XP
Analyzing the Scan Results
Microsoft Baseline Analyzer
MBSA Scan Report
Dealing with the assessment results
Patch Management
Lab - Exercise 1
Lab - Exercise 2
Module 7 Review

Module 8 - Malware, Trojan's & Back Doors

Malware, Trojan's & Back Doors
Defining Malware: Trojans and Backdoors
Defining Malware: Virus & Worms
Defining Malware: Spyware
Company Surveillance Software
Distributing Malware
Malware Capabilities
Auto starting Malware
Countermeasure: Monitoring Autostart Methods
Tool: Netcat
Netcat Switches
Demo - Exploiting and spawning a remote cmd with netcat
Executable Wrappers
Demo - Creating upload packages with elitewrap
Benign EXE’s Historically Wrapped with Trojans
Tool: Restorator
Tool: Exe Icon
The Infectious CD-Rom Technique
Trojan: Backdoor.Zombam.B
Trojan: JPEG GDI+ All in One Remote Exploit
Advanced Trojans: Avoiding Detection
Typical Wired/Wireless Network
Malware Countermeasures
Demo - Gargoyle
Spy Sweeper Enterprise
Malware Reference: www.Glocksoft.com
CM Tool: Port Monitoring Software
CM Tools: File Protection Software
CM Tool: Windows File Protection
CM Tool: Windows Software Restriction Policies
CM Tool: Hardware-based Malware Detectors
Countermeasure: User Education
Lab - Exercise 1
Module 8 Review

Module 9 - Windows Hacking

Windows Hacking
Types of Password Attacks
Demo - Video Surveillance Sunglasses
Keystroke Loggers
Demo - Keystroke loggers
Password Guessing
Demo - Tsgrinder tutorial
Password Cracking LM/NTLM Hashes
LM Hash Encryption
NT Hash Generation
Syskey Encryption
Demo - RainbowTables, Cain and Abel
Salting
Cracking Techniques
Precomputation Detail
Cain and Abel’s Cracking Methods
Free Rainbow Tables
NTPASSWD:Hash Insertion Attack
Password Sniffing
Windows Authentication Protocols
Hacking Tool: Kerbsniff & KerbCrack
Countermeasure: Monitoring Event Viewer Log
Hard Disk Security
Free HD Encryption Software
Tokens & Smart Cards
Smart Cards
Covering Tracks Overview
Disabling Auditing
Clearing and Event log
Hiding Files with NTFS Alternate Data Stream
Demo - Alternate Data Streams
NTFS Streams countermeasures
Stream Explorer
What is Steganography
Demo - Steganography tools
Steganography Tools
Shedding Files Left Behind
Leaving No Local Trace
More Anonymous Software
Demo - Anonymizer tools
Demo - Janus VM Appliance
StealthSurfer II Privacy Stick
Tor: Anonymous Internet Access
How Tor Works
Encrypted Tunnel Notes:
Hacking Tool: RootKit
Windows RootKit Countermeasures
Lab - Exercise 1
Lab - Exercise 2
Lab - Exercise 3
Lab - Exercise 4
Lab - Exercise 5
Lab - Exercise 6
Module 9 Review

Module 10 - Advanced Exploit Techniques

Advanced Exploit Techniques
How Do Exploits Work?
Memory Organization
Buffer OverFlows
Demo - Buffer Overflow
Stages Of Exploit Development
Prevention
The Metasploit Project
Core Impact Overview
Demo - Fuzzers in action
Lab - Exercise 1
Lab - Exercise 2
Lab - Exercise 3
Lab - Exercise 4
Module 10 Review

Module 11 - Attacking Wireless Networks

Attacking Wireless Networks
Wi-Fi Network Types
Widely Deployed Standard’s
A vs B vs G
802.11n - MIMO
SSID (Service Set Identity)
MAC Filtering
Wired Equivalent Privacy
Weak IV Packets
XOR - Basics
WEP Weaknesses
TKIP
How WPA improves on WEP
The WPA MIC Vulnerability
802.11i - WPA2
WPA and WPA2 Mode Types
WPA-PSK Encryption
Tool: NetStumbler
Demo - Using NetStumbler
War Driving With KNSGEM
Demo - War Driving Mapping
Tool: Kismet
Demo - Kismet Usage
Analysis Tool: OmniPeek Personal
Demo - OmniPeek Personal Capturing
DOS: Deauth/disassociate attack
What is Aircrack-ng?
Demo - Linux Wireless Commands
Tool: Airodump-ng
Tool: Aireplay-ng
Tool: Aircrack-ng
ARP Injection (Failure)
802.1X: EAP Types
EAP Advantages/Disadvantages
Typical Wired/Wireless Network
EAP/TLS Deployment
Lab - Exercise 1
Module 11 Review

Module 12 - Networks, Sniffing and IDS

Networks, Sniffing and IDS
Packet Sniffers
Example Packet Sniffers
Tool: Pcap & WinPcap
Tool: Wireshark (Ethereal)
TCP Stream Re-assembling
Tool: Packetyzer
tcpdump & windump
Tool: OmniPeek
Demo - Network Sniffers
Demo - TCP Dump Packet Sniffer
Sniffer Detection using Cain & Abel
Demo - Dsniff and ARP Cache Poisoning
Passive Sniffing
Active Sniffing
Active Sniffing Methods
Switch Table Flooding
ARP Cache Poisoning
ARP Normal Operation
ARP Cache Poisoning (Cont.)
Technique: ARP Cache Poisoning (Linux)
Countermeasures
Tool: Cain and Abel
Demo - Cain & Abel ARP Cache Poisoning
Ettercap
Linux Tool Set:Dsniff Suite
Dsniff Operation
MailSnarf, MsgSnarf, FileSnarf
What is DNS spoofing?
Demo - Cain & Abel DNS Spoofing
Tools: DNS Spoofing
Breaking SSL Traffic
Tool: Breaking SSL Traffic
Tool: Cain and Abel (Cont..)
Demo - Cain & Abel MITM SSL Interception
Voice over IP (VoIP)
Intercepting RDP
Cracking RDP Encryption
Routing Protocols Analysis
Demo - Cain & Abel VOIP Interception
Countermeasures for Sniffing
Firewalls, IDS and IPS
Firewall - First line of defense
IDS - Second line of defense
IPS - Last line of defense?
Evading The Firewall and IDS
Evasive Techniques
Firewall - Normal Operation
Evasive Technique - Example
Evading with Encrypted Tunnels
Demo - Engage Custom Packet Builder
New Age' Protection
Demo - SSH Tunnels
SpySnare - Spyware Prevention System (SPS)
Intrusion ‘SecureHost’ Overview
Intrusion Prevention Overview
Secure Surfing or Hacking????
Module 12 Review

Module 13 - Injecting the Database

Injecting the Database
Overview of Database Server
Types of databases
Overview of Database Server Relational Databases
Overview of Database Server
Vulnerabilities and Common Attacks
SQL Injection
Why SQL “Injection”? SQL Connection Properties
SQL Injection: Enumeration SQL Extended Stored Procedures Demo: SQL Injection Shutting Down SQL Server
Direct Attacks
Attacking Database Servers
Obtaining Sensitive Information
Hacking Tool: SQL Ping2
Hacking Tool: osql.exe
Hacking Tool: Query Analyzers
Hacking Tool: SQLExec
Hacking Tool: Metasploit
Hardening Databases
Module 13 Review

Module 14 - Attacking Web Technologies

Attacking Web Technologies
Common Security Threats
The Need for Monitoring
Seven Management Errors
Progression of The Professional Hacker
The Anatomy of a Web Application Attack
Demo: Banner Grabbing
Demo: The Anatomy of a Web Application Attack
Web Attack Techniques
Components of a generic web application system
URL mappings to the web application system
Web Application Penetration Methodologies
Assessment Tool: Stealth HTTP Scanner
HTTrack Tool: Copying the website offline
Httprint Tool: Web Server Software ID
Wikto Web Assessment Tool
Tool: Paros Proxy
Tool: Burp Proxy
Attacks against IIS
IIS Directory Traversal
Unicode
IIS Logs
What is Cross Side Scripting (XSS)?
XSS Countermeasures
Tool: Brutus
Dictionary Maker
Query String
Cookies
OWASP Top Ten Web Vulnerabilities
Putting All This To The Test
Lab - Exercise 1
Lab - Exercise 2
Lab - Exercise 3
Lab - Final Exercise 1
Lab - Final Exercise 2
Lab - Summary
Module 14 Review
Course Closure