About this Course

Tech Type Premium
Code ECCAPTLPT
Duration 5 Days

What is CAST (Center for Advanced Security Training)?

With the speed at which the information security landscape evolves; professionals must stay up-to-date on the latest security techniques, threats and remediation strategies. In response, EC-Council created CAST to meet these challenges head-on. The Center for Advanced Security Training addresses the direct needs of those professionals who must retain the necessary skills required for their positions within the information security industry. CAST provides very specialized training programs coverning key information security domains, at an advanced level. EC-Council co-developed CAST with well-respected industry practitioners, ensuring you receive the most important learning experiences and everything needed to conquer any challenge.

Target Audience

  • Information Security Professionals
  • Penetration Testers
  • IT Managers
  • IT Auditors
  • Government and Intelligence Agencies interested in real world attack and defense in today’s complex and highly secure IT environments

Course Description

This course covers everything you need to know for a professional security test as well as how to produce the two most important items; the findings and report! The practical environment ranges progress in difficulty and reflect enterprise network architecture. This environment includes defenses and challenges which you must defeat and overcome. This is not your typical FLAT network! As you progress through the range levels, each encounter will present the top defenses of today and you will learn the best and latest evasion techniques.

This training format has helped thousands of penetration testers globally and is proven to be effective!

The CAST 611v3 course is 100% hands-on. No course materials, or slides to weigh you down. Everything presented in the course is through an enterprise network environment, which must be attacked, exploited, evaded, defended, etc.

The CAST 611v3 consists of the following lab modules:

  • Information Gathering and OSINT
  • Scanning
  • Enumeration
  • Vulnerability Analysis
  • Exploitation
  • Post Exploitation
  • Advanced Techniques
  • Data Analysis and Reporting

Once you have practiced this then you will go against a “live” range.

The process is as follows:

Access the range: Four Ranges

  • You will be provided a scope of work
  • Have 2-3 hours on the range and then be provided a debrief

The ranges are progressive and increase in difficulty at each level. There are 3-4 levels to complete then you are ready for the challenge range practical!

Practical: Two phases

  • Scope of work for each phase
  • 3 hours to complete the practical
  • Save all of the data and build a target database of your findings.

At completion of the range section

  • 75 minutes for written exam base on ranges – Pass exam
  • Receive CAST Advanced Penetration Tester Certification

Motto:

- So you think you can pen test? PROVE IT!

How Will This Course Benefit You?

  • Understand what it takes to break into a highly secured organization from the outside
  • Review proven methods on how to avoid detection by IDS/IPS and how to move around the network freely
  • How to apply the best practices for mitigating or circumventing security implementations such as locked desktops, GPOs, IDS/IPS, WAFs and several others
  • Professional understanding and skills on Pen Testing high security environments covering areas such as government, financial and other key industry installations

What's Included

QA offers more benefits. Here is what's included with this course:

Exam voucher(s)

Learning Outcomes

Students completing this course will gain in-depth knowledge in the following areas:

  • Advanced scanning methods
  • Breaking out of restricted environments
  • Attacking from the Web
  • Client side pen-testing
  • Attacking from the LAN
  • Bypassing network-based IDS/IPS
  • Privilege escalation
  • Post-exploitation

Course Outline

Module 01: Information Gathering and OSINT

  • Information Gathering with NSLOOKUP and Dig
  • DNS Enumeration with dnsenum and dnsrecon
  • Enumeration with fierce
  • Registrars and Whois
  • Google Hacking Database
  • Enumeration with Metagoofil
  • Cloud Scanning with Shodan

Module 02: Scanning

  • Scanning with Nmap
  • Scanning with the Tool DMitry
  • Scanning with the Tool Netdiscover
  • Scanning with the Tool sslscan
  • Scanning and Scripting with the Tool hping3
  • Scanning and Building a Target Database

Module 03: Enumeration

  • Enumerating Targets
  • Enumerating SMB
  • OS Fingerprinting with Nmap

Module 04: Vulnerability Analysis

  • Vulnerability Sites
    • Review the National Vulnerability Database Website
    • Review Secunia Website
    • Review Security Focus Website
    • Review Zero Day Initiative Website
  • Vulnerability Analysis with OpenVAS
  • WebGoat Tutorial
  • Vulnerability Scanning with W3AF Console
  • Vulnerability Scanning with Skipfish
  • Vulnerability Scanning with Vega
  • Vulnerability Scanning with Owasp-zap

Module 05: Exploitation

  • Exploit Sites
    • Review the Security Focus Website
    • Review GNU Citizen Website
    • Review TopSite Website
    • Review Exploit Database Website
  • Manual Exploitation
    • Scan the Target
    • Identify Vulnerabilities
    • Search for an Exploit for the Vulnerability
    • Prepare the Exploit
    • Attempt to Exploit the Target Machine
  • Exploitation with Metasploit
    • Scan the Target
    • Identify Vulnerabilities
    • Find Exploit for the Vulnerability
    • Exploit the Targets
  • Exploitation with Armitage
    • Scan from within Armitage
    • Manage Targets in Armitage
    • Exploit Targets with Armitage

Module 06: Post Exploitation

  • Local Assessment
    • Conduct the Scanning Methodology against the Machine
    • Identify Vulnerabilities
    • Search for an Exploit
    • Compile the Exploit
    • Attempt to Exploit the Machine
    • Harvest Information from an Exploited Machine
    • Grab the Password Files
    • Crack Passwords
    • Transfer Files or Copy Files to and from an Exploited Machine

Module 07: Advanced Techniques

  • Scanning with Nmap against Defenses
    • Scan for Live Systems
    • Scan for Open Ports
    • Observe and Troubleshoot the Scan
    • Attempt Advanced Options to Try to Get the Scan through a Filter
  • Detecting Load Balancing with Command Line Tools and Firefox
  • Detecting Load Balancing with lbd
  • Detecting Web Application Firewall Using WAFW00F
  • Evasion Using Social-Engineer Toolkit (SET)
    • Configure the SET Tool
    • Build the Payload (Create the Powershell Script)
    • Send the Powershell Code File to the Target Machine
    • Attempt to Exploit the Machine

Module 08: Data Analysis and Reporting

  • Compiling Data in MagicTree
  • Developing a Report
    • Identify the Components of a Report
    • Review the Findings and Create Report Information
    • Review Sample Reports
    • Create a Custom Report
  • Developing a Report Using KeepNote
Premium Course

5 Days

Duration

This course is authored by QA

Delivery Method

Delivery method

Classroom / Attend from Anywhere

Receive classroom training at one of our nationwide training centres, or attend remotely via web access from anywhere.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.