Penetration Testing:
Tools and Techniques

What is ethical hacking?

An ethical hacker uses the same techniques as a malicious hacker but has permission from an organization, either as an employee of the organization or as an outside consultant, to use the tools employed by malicious hackers for the purpose of testing, reporting and fixing security weaknesses.

What is this course about?

In this course you learn to discover weaknesses in your network using the same methodologies as hackers such as footprinting, enumeration, exploiting and escalating privileges. You acquire the knowledge to systematically test and exploit internal and external defenses by following an established methodology. Exploit frameworks are used to accomplish these tasks. You also learn countermeasures such as patching in order to mitigate and reduce risks to your enterprise.

Who will benefit from this course?

This course is beneficial to security consultants, auditors, firewall/IDS personnel, those responsible for securing enterprise systems from unwanted intrusion, and others involved in cybersecurity measures and implementation.

What background knowledge do I need?

You should have experience with security issues at the level of Course 468, System and Network Security: A Comprehensive Introduction. A background knowledge in TCP/IP concepts is also helpful.

Will I learn techniques used by malicious hackers?

Throughout this course, you learn how to use the tools and techniques deployed by malicious hackers to probe, compromise and exploit your network. You gain experience extending the reach of an attack by performing pivoting or island hopping and the evasion techniques to bypass antivirus firewalls and IDS. A working knowledge of these techniques is essential in learning how to prevent or counteract hackers in a real-world environment.

Will I learn defensive measures in this course?

Yes. You use the same tools as malicious hackers, tools such as Metasploit, MalWare generators, IDS evasion, decryption tools, rootkits and protocol analyzers, to better prepare you to defend against and nullify future attacks.

Will this course help prepare me for the CEH (Certified Ethical Hacker) exam?

This course helps prepare you for many objectives on the CEH exam, but is not an exam prep course. While the knowledge gained in this course will certainly be of benefit when studying for the exam, this course cannot guarantee you will pass the CEH or be fully prepared to take the exam.

Are the tools used in class based on UNIX/Linux or Windows platforms?

Both UNIX/Linux and Windows-based tools are used throughout the course. Exercises are performed using Linux and Windows.

How is this course different from Course 589?

Course 589, Hands-On Vulnerability Assessment: Protecting Your Organization, focuses on detecting and responding to vulnerabilities in your organization. Course 537 focuses on exploitations and hacking techniques in a case study format and covers intelligence gathering, scanning and exploitation of systems and networks.

How much time is spent on each topic?

What kinds of hands-on exercises are in the course?

Approximately 40 percent of class time is spent gaining valuable real-world experience to improve your organization's security from malicious hacking. Exercises include:

• Executing advanced port scanning
• Linking vulnerabilities and exploits
• Determining the vulnerabilities of a network
• Performing injection attacks
• Predicting and hijacking Web sessions
• Poisoning DNS to lure clients
• Configuring and using the Metasploit Framework
• Defeating stateless firewalls, IDS and antivirus software
• Deploying rootkits

How does this course relate to other Learning Tree courses?

This course is part of the Security curriculum. Other courses of interest include:

• 468, System and Network Security: A Comprehensive Introduction gives a detailed introduction to analyzing the security risks to your computer and network systems, and is a prerequisite for this course.
• 940, Securing Web Applications, Services and Servers: Hands-On provides in-depth, hands-on experience securing Web-based applications and host servers.
• 367, TCP/IP: A Comprehensive Hands-On Introduction provides a comprehensive technical introduction to TCP/IP, which is valuable for understanding vulnerabilities.
• 433, UNIX® and Linux® Security: Hands-On enables you to understand, assess and combat threats to the security of your UNIX platforms.
• 536, Implementing an Incident Response Strategy: Hands-On provides you with extensive experience in the latest Windows-based computer forensic techniques.
• 289, Disaster Recovery Planning: Ensuring Business Continuity enables you to identify vulnerabilities and implement appropriate countermeasures to prevent and mitigate threats.
• 589, Hands-On Vulnerability Assessment: Protecting Your Organization enables you to configure and use vulnerability scanners to detect weaknesses and prevent network exploitation.