Realtime website analytics


ECSA & LPT workshop in 5 days!

The ECSA class is security penetration testing by experts for experts. Certification and Process in 5 days.

The ECSA and LPT class is "how to test" and "how to report" to management network vulnerabilities. The ECSA class presented together with the LPT allows your team to spend 1 week and gain the tactical security skills to be a qualified License Penetration Tester.

We use highly qualified SME instructors that know hacking and pen testing. This tactical ECSA class has MORE LABS focused on advanced vulnerability assessments, penetration testing, reporting and the knowledge to pass the ECSA test. You will gain the mind set used by both security testers and hackers alike. In 5 days, you will pass your ECSA exam and be prepared to write detailed and executive reports for management.

Each day you will spend 3 hrs in labs practicing how to gain access to unauthorized information with current exploitation tools and processes. Learn the tactical business skills necessary to perform valid security testing regardless of the architecture of the target network. Call for more details today! Customize your ECSA & LPT training program

Class Fee $2,995 + 1/2 price for LPT $1,500


NoQuestion I'm Qualified!
Request Your FREE T-Shirt!
Time: 8am -5 pm + 3 hr labs
Location: Click here to view the class schedule
Prerequisites: TCPIP and Linux, intermediate to advanced experience or education with security, testing, and vulnerability assessment, Windows and Linux.
1 year of IT Security experience.
CPE Credits: 40
Instructor: Highly qualified instructor with
CEH, ECSA, EXAM Vouchers incl

Core Security 8IP, 7 Day eval LICENSE with ever class registration! a $25,000 value - only at Security University

Who should attend:
System and Network Administrators, Security Personnel, Auditors, Consultants concerned with network security, Threat management teams Software programmers, Forensic Experts.

Download the 2007 SU Computer Security Class Roadmap .Qualified
Training for Qualified Results

Class Completion
Our ECSA / Qualified Security Analyst & Network Penetration Testing Methods course will provide you with valuable skills and information, including:

  • Latest exploit goals and methodologies
  • Understanding the mind set needed to perform penetration testing
  • Advanced information-gathering techniques
  • Expert network discovery tools and techniques
  • Identifying and exploiting architectural weaknesses
  • Advanced enumeration of network devices, platforms and protocols
  • Cracking contemporary authentication and authorization
  • Advanced router, firewall and IDS testing \ Exploiting IPS
  • Vulnerability research and automated scanning in the enterprise
  • Scanning for root kits, trojans, malware and viruses
  • Tools for web application testing - Watchfire and freeware tools
  • Exploiting complex protocols, such as SSH, SSL, and IPSEC
  • Using payload generators
  • Advanced wireless testing tools and techniques
  • Penetration testing of "Wetware"
  • Penetration testing and the law

You'll learn how to gather viable data on your network's vulnerabilities using leading edge tools like Nessus , NeWT and NeVO vulnerability detection tools, MetaSploit, SaintScanner and Exploit, SOLARWINDS, NMAP, App Detective for web attacks and the latest in exploit tools, IMPACT from Core Security.

You'll run 3 hours of hacking attacks every night in addition to ECSA hands on labs. Perform every stage of an actual security assessment/penetration test in a target rich, controlled classroom environment.
Penetration concepts you will master during this hands on class...

  • Attacking network infrastructure devices
  • Hacking by brute forcing remotely
  • Security testing methodologies
  • Security exploit testing with IMPACT from Core Security
  • Stealthy network recon
  • Remote root vulnerability exploitation
  • Multi-OS banner grabbing
  • Privilege escalation hacking
  • Unauthorized data extraction
  • Breaking IP-based ACLs via spoofing
  • Evidence removal and anti-forensics
  • Hacking Web Applications
  • Breaking into databases with SQL Injection
  • Cross Site Scripting hacking
  • Remote access trojan hacking
  • Offensive sniffing
  • Justifying a penetration test to management and customers
  • Defensive techniques

Instructor-led hands-on lab exercises

  • Capture the Flag hacking exercises
  • Abusing DNS for host identification
  • Leaking system information from Unix and Windows
  • Stealthy Recon
  • Unix, Windows and Cisco password cracking
  • Remote buffer overflow exploit lab I - Stack mashing
  • Remote heap overflow exploit lab - Beyond the Stack
  • Desktop exploitation
  • Remote keylogging
  • Data mining authentication information from clear-text protocols
  • Remote sniffing
  • Malicious event log editing
  • Transferring files through firewalls
  • Hacking into Cisco routers
  • Harvesting web application data
  • Data retrieval with SQL Injection Hacking

Phase I — Gather the Data
A first look at a network site, from the eyes of a potential hacker. The simple, and often overlooked, things that tell hackers if a site is worth a penetration attempt.

Phase II — Penetrate the Network
How hackers get past the security and into the data.
       • Non-intrusive target search
       • Intrusive target search
       • Data analysis
Network Discovery Tools and Techniques: Hands-On Exercises
       • Discovery/profiling objectives
       • Locating Internet connections
       • Host-locating techniques: manual and automated
       • Operating system footprinting
       • Evaluating Windows and Unix-based network discovery software tools
       • Evaluating Windows and Unix-based application scanning software tools
       • Review Step-by-step process of each scanning and profiling tool
       • Directory services: DNS, DHCP, BOOTP, NIS
       • Look-up services: finger, whois, search engines
       • Remote sessions: telnet, "r" commands, X-Windows
       • File sharing and messaging: FTP, TFTP, World Wide Web
       • Windows Server Message Block (SMB), Network File
       • Systems (NFS), and e-mail
       • Sample exploits using common TCP/IP and NetBIOS utility software

Phase III — Analyze the Results
Tips and techniques for effective, actionable penetration test analysis.
       • Identifying network services
       • Pinpointing vulnerabilities
       • Demonstrating risks
       • Reviewing reports and screens from prominent discovery/profiling tools
       • Analyzing current configuration
Real-World Scenarios
       • Abusive e-mail
       • Embezzlement
       • Pornography
       • Denial-of-service
       • Web defacement
       • Trojan Horse

Phase IV — Write the Report
How to combine methodology, results, and analysis into a report that generates management attention and buy-in… and provides clear, workable action items.
In-Class Exercises
       • Building and maintaining a target list
       • Conducting multiple non-intrusive and intrusive target searches
       • Tools and techniques for testing for Web site vulnerabilities
       • Probing and attacking network firewalls
       • Performing multiple remote target assessment
       • Performing multiple host assessment
       • Writing up the final report

*Class fees are subject to change


View Class Schedule  

Current Schedule
SU Policies Webmaster Contact Us Opt-Out Testimonials Advertise Brochure
Copyright © 2007 Security University, Inc. All rights reserved.
Translate this page to