Realtime website analytics

 

  

GET QISP - NSA/CNSS APPROVED!

Register Now!ECSA™/ QSA & LPT™ Workshop in 5 days!  
Or instructor led ON-LINE!

NOW AVAILABLE instructor led ON-LINE from your PC!
Remotly log into live instructor led class. Seats are limited. no kidding :)

The ECSA / QSA Qualified Security Analyst class is security vulnerability testing, hacking and much much more with 40 + hacking labs. Certification Hacking and Process in 5 days.

The ECSA/ QSA and LPT class is "how to test", "how to report" to management and how to find network vulnerabilities. The ECSA/ QSA class presented together with the additional LPT workshop allows your team to spend 1 week and gain the tactical security skills of ECSA / QSA & LPT/ Qualified License Penetration Tester.

Our Qualified SME instructors that know hacking, pen testing and policy. You will gain the mind set used by both security testers and hackers alike. In 5 days, you will pass your ECSA/ QSA exam and be prepared to write detailed executive reports for management.

3 hrs each night you'll practice how to gain access to unauthorized information with current exploitation tools and processes. Not just learn the tactical business skills necessary to perform valid vuln security testing regardless of the target.

SU has over 595 ECSA/ QSA Qualified attendees
Customize your ECSA/ QSA LPT training program

instructor led ON-LINE from your PC! Remotly log into live instructor led class. Seats are limited.

Class Fee $2,995 + 1/2 price for LPT $1,500
Time: 8:30 am -7 pm (3 hr in class labs)
Location: Click here to view the class schedule
Prerequisites: TCPIP and Linux, intermediate to advanced experience or education with security, testing, and vulnerability assessment, Windows and Linux.
1 year of IT Security experience.
CPE Credits: 40 + 30 for QLPT
Instructor: Highly qualified instructor with
CEH, ECSA, EXAM Vouchers incl
 
ON SALE NOW
NEW V5 CEH STUDY GUIDE Written by Kimberly Graves
SU instructor

Tech Editor
CEO Sondra Schneider

   

 


CORE IMPACT from Core Security 8IP, 7-day eval LICENSE with evey class registration! a $25,000 value - only at Security University!

Who should attend:

  • System and Network Administrators
  • Security Personnel
  • Auditors
  • Consultants concerned with network security
  • Threat management teams software programmers
  • Forensic experts


    Download the 2007 SU Computer Security Class Roadmap .Qualified

    Training for Qualified Results

    Class Completion
    Our ECSA / QSA Qualified Security Analyst & Network Penetration Tester class will provide you with valuable skills and information, including:

    • Latest exploit goals and methodologies
    • Understanding the mind set needed to perform penetration testing
    • Advanced information-gathering techniques
    • Expert network discovery tools and techniques
    • Identifying & exploiting network weaknesses with Core Impact and more tools
    • Advanced enumeration of network devices, platforms and protocols
    • Cracking contemporary authentication and authorization
    • Advanced router, firewall and IDS testing \ Exploiting IPS
    • Vulnerability research and automated scanning in the enterprise
    • Scanning for root kits, trojans, malware and viruses
    • Tools for web application testing - Watchfire and freeware tools
    • Exploiting complex protocols, such as SSH, SSL, and IPSEC
    • Using payload generators
    • Advanced wireless testing tools and techniques
    • Penetration testing of "Wetware"
    • Penetration testing and the law

    You'll learn how to gather viable data on your network's vulnerabilities using leading edge tools like Nessus , NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for web attacks and the latest in exploit tools, CORE IMPACT from Core Security.

    Penetration concepts you will master during this hands on class

    • Attacking network infrastructure devices
    • Hacking by brute forcing remotely
    • Security testing methodologies
    • Security exploit testing with IMPACT from Core Security
    • Stealthy network recon
    • Remote root vulnerability exploitation
    • Multi-OS banner grabbing
    • Privilege escalation hacking
    • Unauthorized data extraction
    • Breaking IP-based ACLs via spoofing
    • Evidence removal and anti-forensics
    • Hacking Web Applications
    • Breaking into databases with SQL Injection
    • Cross Site Scripting hacking
    • Remote access trojan hacking
    • Offensive sniffing
    • Justifying a penetration test to management and customers
    • Defensive techniques

    Instructor-led hands-on lab exercises

    • Capture the Flag hacking exercises
    • Abusing DNS for host identification
    • Leaking system information from Unix and Windows
    • Stealthy Recon
    • Unix, Windows and Cisco password cracking
    • Remote buffer overflow exploit lab I - Stack mashing
    • Remote heap overflow exploit lab - Beyond the Stack
    • Desktop exploitation
    • Remote keylogging
    • Data mining authentication information from clear-text protocols
    • Remote sniffing
    • Malicious event log editing
    • Transferring files through firewalls
    • Hacking into Cisco routers
    • Harvesting web application data
    • Data retrieval with SQL Injection Hacking

    Phase I — Gather the Data
    A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.

    Phase II — Penetrate the Network
    How hackers get past the security and into the data.
           • Non-intrusive target search
           • Intrusive target search
           • Data analysis
     Network Discovery Tools and Techniques: Hands-On Exercises
           • Discovery/profiling objectives
           • Locating Internet connections
           • Host-locating techniques: manual and automated
           • Operating system footprinting
           • Evaluating Windows and Unix-based network discovery software tools
           • Evaluating Windows and Unix-based application scanning software tools
           • Review Step-by-step process of each scanning and profiling tool
           • Directory services: DNS, DHCP, BOOTP, NIS
           • Look-up services: finger, whois, search engines
           • Remote sessions: telnet, "r" commands, X-Windows
           • File sharing and messaging: FTP, TFTP, World Wide Web
           • Windows Server Message Block (SMB), Network File
           • Systems (NFS), and e-mail
           • Sample exploits using common TCP/IP and NetBIOS utility software

    Phase III — Analyze the Results
     Tips and techniques for effective, actionable penetration test analysis.
           • Identifying network services
           • Pinpointing vulnerabilities
           • Demonstrating risks
           • Reviewing reports and screens from prominent discovery/profiling tools
           • Analyzing current configuration
    Real-World Scenarios
            • Abusive e-mail
           • Embezzlement
           • Pornography
           • Denial-of-service
           • Web defacement
           • Trojan Horse

    Phase IV — Write the Report
     How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items.

    In-Class Exercises
            • Building and maintaining a target list
           • Conducting multiple non-intrusive and intrusive target searches
           • Tools and techniques for testing for Web site vulnerabilities
           • Probing and attacking network firewalls
           • Performing multiple remote target assessment
           • Performing multiple host assessment
           • Writing up the final report

    		•
       

     
    Current Schedule
    SU Policies Webmaster Contact Us Opt-Out Testimonials Advertise Brochure
    Copyright © 2008 Security University, Inc. All rights reserved.
    Translate this page to