The ECSA class is security penetration testing by experts for experts. Certification and Process in 5 days.
The ECSA and LPT class is "how to test" and "how to report" to management network vulnerabilities. The ECSA class presented together with the LPT allows your team to spend 1 week and gain the tactical security skills to be a qualified License Penetration Tester.
We use highly qualified SME instructors that know hacking and pen testing. This tactical ECSA class has MORE LABS focused on advanced vulnerability assessments, penetration testing, reporting and the knowledge to pass the ECSA test. You will gain the mind set used by both security testers and hackers alike.
In 5 days, you will pass your ECSA exam and be prepared to write detailed and executive reports for management.
Each day you will spend 3 hrs in labs practicing how to gain access to unauthorized information with current exploitation tools and processes. Learn the tactical business skills necessary to perform valid security testing regardless of the architecture of the target network. Call for more details today! Customize your ECSA & LPT training program
TCPIP and Linux,
intermediate to advanced experience or education with security, testing, and vulnerability assessment, Windows and Linux.
1 year of IT Security experience.
Highly qualified instructor with
CEH, ECSA, EXAM Vouchers incl
Core Security8IP, 7 Day eval LICENSE with ever class registration! a $25,000 value - only at Security University
Who should attend: System and Network Administrators, Security Personnel, Auditors, Consultants concerned with network security, Threat management teams Software programmers, Forensic Experts.
Download the 2007 SU Computer Security Class Roadmap .Qualified Training for Qualified Results
Our ECSA / Qualified Security Analyst & Network Penetration Testing Methods course will provide you with valuable skills and information, including:
Latest exploit goals and methodologies
Understanding the mind set needed to perform penetration testing
Advanced information-gathering techniques
Expert network discovery tools and techniques
Identifying and exploiting architectural weaknesses
Advanced enumeration of network devices, platforms and protocols
Cracking contemporary authentication and authorization
Advanced router, firewall and IDS testing \ Exploiting IPS
Vulnerability research and automated scanning in the enterprise
Scanning for root kits, trojans, malware and viruses
Tools for web application testing - Watchfire and freeware tools
Exploiting complex protocols, such as SSH, SSL, and IPSEC
Using payload generators
Advanced wireless testing tools and techniques
Penetration testing of "Wetware"
Penetration testing and the law
You'll learn how to gather viable data on your network's vulnerabilities using leading edge tools like Nessus , NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for web attacks and the latest in exploit tools, IMPACT from Core Security.
You'll run 3 hours of hacking attacks every night in addition to ECSA hands on labs. Perform every stage of an actual security assessment/penetration test in a target rich, controlled classroom environment.
Penetration concepts you will master during this hands on class...
Attacking network infrastructure devices
Hacking by brute forcing remotely
Security testing methodologies
Security exploit testing with IMPACT from Core Security
Stealthy network recon
Remote root vulnerability exploitation
Multi-OS banner grabbing
Privilege escalation hacking
Unauthorized data extraction
Breaking IP-based ACLs via spoofing
Evidence removal and anti-forensics
Hacking Web Applications
Breaking into databases with SQL Injection
Cross Site Scripting hacking
Remote access trojan hacking
Justifying a penetration test to management and customers
Instructor-led hands-on lab exercises
Capture the Flag hacking exercises
Abusing DNS for host identification
Leaking system information from Unix and Windows
Unix, Windows and Cisco password cracking
Remote buffer overflow exploit lab I - Stack mashing
Remote heap overflow exploit lab - Beyond the Stack
Data mining authentication information from clear-text protocols
Malicious event log editing
Transferring files through firewalls
Hacking into Cisco routers
Harvesting web application data
Data retrieval with SQL Injection Hacking
Phase I Gather the Data A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.
Phase II Penetrate the Network How hackers get past the security and into the data. Non-intrusive target search
Intrusive target search
Data analysis Network Discovery Tools and Techniques: Hands-On Exercises Discovery/profiling objectives
Locating Internet connections
Host-locating techniques: manual and automated
Operating system footprinting
Evaluating Windows and Unix-based network discovery software tools
Evaluating Windows and Unix-based application scanning software tools
Review Step-by-step process of each scanning and profiling tool
Directory services: DNS, DHCP, BOOTP, NIS
Look-up services: finger, whois, search engines
Remote sessions: telnet, "r" commands, X-Windows
File sharing and messaging: FTP, TFTP, World Wide Web
Windows Server Message Block (SMB), Network File
Systems (NFS), and e-mail
Sample exploits using common TCP/IP and NetBIOS utility software
Phase III Analyze the Results Tips and techniques for effective, actionable penetration test analysis.
Identifying network services
Reviewing reports and screens from prominent discovery/profiling tools
Analyzing current configuration Real-World Scenarios Abusive e-mail
Phase IV Write the Report How to combine methodology, results, and analysis into a report that generates management attention and buy-in and provides clear, workable action items. In-Class Exercises Building and maintaining a target list
Conducting multiple non-intrusive and intrusive target searches
Tools and techniques for testing for Web site vulnerabilities
Probing and attacking network firewalls
Performing multiple remote target assessment
Performing multiple host assessment
Writing up the final report