Realtime website analytics

 

  



"Get Qualified" Special:
BUY 1 CEH / QEH Qualified Ethical Hacker +
ECSA/ QSA Qualified Security Analyst = FREE QPTL or CISSP Class!

ESCA/ QSA Qualified Security Analyst
NSA Approved Curriculum

 The QSA Qualified Security Analyst class is security vulnerability testing, hacking and much much more with 40 + hacking labs. Certification Hacking and Process in 5 days.

The QSA and PTL class is "how to test", "how to report" to management and how to find network vulnerabilities. The QSA class presented together with the additional QPT workshop allows your team to spend 1 week and gain the tactical security skills of a Qualified Security Analyst & QPT Qualified Penetration Tester.

Compliance requirements aside, penetration testing is an absolutely critical aspect of any security program. Attackers test every company's defenses every day. An organization either knows what the bad guys are going to find, or it doesn't. If it doesn't, it will be surprised, and security professionals, CFOs and CEOs all hate surprises.

Great pen-testers think like hackers. They use the same tools and techniques, only they tend to be much more comprehensive in their testing of attack scenarios.

Our Qualified SME instructors that know hacking, pen testing and policy. You will gain the mind set used by both security testers and hackers alike. In 5 days, you will pass your QSA exam and be prepared to write detailed executive reports for management.

Each night you'll practice 2+ hours gaining access to unauthorized systems and information with scanning, exploitation tools and processes. Learning the tactical business skills necessary to perform valid vulnerability security testing and reporting.

SU has over 595 ECSA/ QSA Qualified attendees

Customized ECSA/ QSA LPT training programs available.

Class Fee $2,995 + 1/2 price for LPT $1,500

 

 No Question!
Time: 8am -6:30 pm ( 2:30 hr labs )
Location: Click here to view the class schedule
Prerequisites: TCPIP and Linux, intermediate to advanced experience or education with security, testing, and vulnerability assessment, Windows and Linux.
1 year of IT Security experience.
CPE Credits: 40 +30
Instructor: Highly qualified instructor with
CEH/QEH, ECSA/QSA, EXAM incl

CORE IMPACT from Core Security 8IP, 7 Day eval LICENSE with ever class registration! a $25,000 value - only at Security University

Who should attend:
System and Network Administrators, Security Personnel, Auditors, Consultants concerned with network security, Threat management teams Software programmers, Forensic Experts.

Download the 2007 SU Computer Security Class Roadmap .Qualified Training for Qualified Results

Class Completion
Our ECSA / QSA Qualified Security Analyst & Network Penetration Tester class will provide you with valuable skills and information, including:

  • Latest exploit goals and methodologies
  • Understanding the mind set needed to perform penetration testing
  • Advanced information-gathering techniques
  • Expert network discovery tools and techniques
  • Identifying & exploiting network weaknesses with Core Impact and more tools
  • Advanced enumeration of network devices, platforms and protocols
  • Cracking contemporary authentication and authorization
  • Advanced router, firewall and IDS testing \ Exploiting IPS
  • Vulnerability research and automated scanning in the enterprise
  • Scanning for root kits, trojans, malware and viruses
  • Tools for web application testing - Watchfire and freeware tools
  • Exploiting complex protocols, such as SSH, SSL, and IPSEC
  • Using payload generators
  • Advanced wireless testing tools and techniques
  • Penetration testing of "Wetware"
  • Penetration testing and the law

You'll learn how to gather viable data on your network's vulnerabilities using leading edge tools like Nessus , NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for web attacks and the latest in exploit tools, CORE IMPACT from Core Security.

Penetration concepts you will master during this hands on class...

  • Attacking network infrastructure devices
  • Hacking by brute forcing remotely
  • Security testing methodologies
  • Security exploit testing with IMPACT from Core Security
  • Stealthy network recon
  • Remote root vulnerability exploitation
  • Multi-OS banner grabbing
  • Privilege escalation hacking
  • Unauthorized data extraction
  • Breaking IP-based ACLs via spoofing
  • Evidence removal and anti-forensics
  • Hacking Web Applications
  • Breaking into databases with SQL Injection
  • Cross Site Scripting hacking
  • Remote access trojan hacking
  • Offensive sniffing
  • Justifying a penetration test to management and customers
  • Defensive techniques

Instructor-led hands-on lab exercises

  • Capture the Flag hacking exercises
  • Abusing DNS for host identification
  • Leaking system information from Unix and Windows
  • Stealthy Recon
  • Unix, Windows and Cisco password cracking
  • Remote buffer overflow exploit lab I - Stack mashing
  • Remote heap overflow exploit lab - Beyond the Stack
  • Desktop exploitation
  • Remote keylogging
  • Data mining authentication information from clear-text protocols
  • Remote sniffing
  • Malicious event log editing
  • Transferring files through firewalls
  • Hacking into Cisco routers
  • Harvesting web application data
  • Data retrieval with SQL Injection Hacking

Phase I — Gather the Data
A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.

Phase II — Penetrate the Network
How hackers get past the security and into the data.
       • Non-intrusive target search
       • Intrusive target search
       • Data analysis
 Network Discovery Tools and Techniques: Hands-On Exercises
       • Discovery/profiling objectives
       • Locating Internet connections
       • Host-locating techniques: manual and automated
       • Operating system footprinting
       • Evaluating Windows and Unix-based network discovery software tools
       • Evaluating Windows and Unix-based application scanning software tools
       • Review Step-by-step process of each scanning and profiling tool
       • Directory services: DNS, DHCP, BOOTP, NIS
       • Look-up services: finger, whois, search engines
       • Remote sessions: telnet, "r" commands, X-Windows
       • File sharing and messaging: FTP, TFTP, World Wide Web
       • Windows Server Message Block (SMB), Network File
       • Systems (NFS), and e-mail
       • Sample exploits using common TCP/IP and NetBIOS utility software

Phase III — Analyze the Results
 Tips and techniques for effective, actionable penetration test analysis.
       • Identifying network services
       • Pinpointing vulnerabilities
       • Demonstrating risks
       • Reviewing reports and screens from prominent discovery/profiling tools
       • Analyzing current configuration
Real-World Scenarios
        • Abusive e-mail
       • Embezzlement
       • Pornography
       • Denial-of-service
       • Web defacement
       • Trojan Horse

Phase IV — Write the Report
 How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items.
In-Class Exercises
        • Building and maintaining a target list
       • Conducting multiple non-intrusive and intrusive target searches
       • Tools and techniques for testing for Web site vulnerabilities
       • Probing and attacking network firewalls
       • Performing multiple remote target assessment
       • Performing multiple host assessment
       • Writing up the final report
   

 
Current Schedule
SU Policies Webmaster Contact Us Opt-Out Testimonials Advertise Brochure
Copyright © 2008 Security University, Inc. All rights reserved.
Translate this page to