Download - Module 1 - Introduction
![Page 1: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/1.jpg)
Module 1 - Introduction
About This Course Why Perform Penetration Tests? Security Certifications Types of Pentesting
![Page 2: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/2.jpg)
About This Course
Presenter Information Video Access Course Disks Network Configuration Certificate of Course Completion Course Support
![Page 3: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/3.jpg)
About This Course
Presenter InformationThomas Wilhelm
○ ISSMP / CISSP / SCSECA / SCNA / SCSA / IAM○ IT Industry: 15+ years○ Security Industry: 7+ years○ U.S. Army
SIGINT Analyst / Cryptanalyst
○ Fortune 100Penetration Testing / Risk Assessments
○ Author “Penetration Tester’s Open Source Toolkit, Vol.2”
![Page 4: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/4.jpg)
About This Course
Video Access30 days access to videos
○ Use login information provided when enrolled60 days to complete PenTest Document to
ISSAF standardshttp://heorot.net/instruction/PTF/
![Page 5: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/5.jpg)
About This Course
Course DisksDisk 1.100
○ Used in Video Instruction
Disk 1.101○ Used in Hands-On Exercises & “Independent
PenTest Effort” for Course Completion Certification
BackTrack○ Used as Penetration Tester’s Toolkit
![Page 6: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/6.jpg)
About This Course
Network Configuration
Configuration Issues:•http://de-ice.net/index.php?name=PNphpBB2&file=viewforum&f=17•Can be used in a virtual machine
![Page 7: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/7.jpg)
About This Course
Certificate of Course CompletionAwarded upon receipt and acceptance of
formal documentation of Independent PenTest Effort○ Meet ISSAF standards○ “Independent PenTest Effort” uses Disk 1.101○ Required material is covered in Module 4-8
![Page 8: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/8.jpg)
About This Course
Certificate of Course Completion - GradingGeneral Documentation – 250
Management Summary Scope of the project (and Out of Scope parts) Tools that have been used (including exploits) Dates & times of the actual tests on the systems
Identification of Weakness & Vulnerabilities – 650 A list of all identified vulnerabilities Output of tests performed (screenshots or “script” text file)
Action Points – 100 Recommendation of what to mitigate first Recommended solution
![Page 9: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/9.jpg)
About This Course
Course SupportEmail: [email protected]
○ Support 24x7Instructor: [email protected]
○ Online chat T,Th 9pm EasternAlso available by appointment
○ Available via phone by appointment
![Page 10: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/10.jpg)
Why PerformPenetration Tests?
Black Hat vs. White Hat Code of Ethics Legal Responsibilities
![Page 11: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/11.jpg)
Why PerformPenetration Tests?
Code of EthicsCISSP Code of Ethics Canons:
○ Protect society, the commonwealth, and the infrastructure.
○ Act honorably, honestly, justly, responsibly, and legally.
○ Provide diligent and competent service to principals.
○ Advance and protect the profession.
![Page 12: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/12.jpg)
Why PerformPenetration Tests?
Black Hat vs. White HatBlack Hat:
“A black hat is a person who compromises the security of a computer system without permission from an authorized party, typically with malicious intent”
- Wikipedia
White Hat:“A white hat hacker, also rendered as ethical hacker, is,
in the realm of information technology, a person who is ethically opposed to the abuse of computer systems”
- Wikipedia
![Page 13: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/13.jpg)
Why PerformPenetration Tests?
Legal ResponsibilitiesFederal Mandates
○ SOX○ HIPPA○ FISMA, etc.
State Mandates○ California Senate Bill 1386○ Many other states are following California’s
Example
![Page 14: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/14.jpg)
Security Certifications
Generalized Knowledge Appliance-Specific Methodology
![Page 15: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/15.jpg)
Security Certifications
Generalized Knowledge(ISC)2
ISSMP / ISSAP / ISSEP / CISSP / SSCP
Prosoft LearningCertified Internet Web Professional ProgramDesigner / Administrator / Manager / Developer
SANS InstituteGlobal Information Assurance CertificationGISF / GSEC / GCFW / GCIA / GCUX… and more
![Page 16: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/16.jpg)
Security Certifications
Appliance-Specific
CISCO CCSP / CCIE
Check Point CCSA / CCSE
RSA Security CSA / CSE
TruSecure TICSA / TICSE
Operating Systems SCSECA RHCSS MCSE: Security
![Page 17: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/17.jpg)
Security Certifications
MethodologyNational Security Agency
○ IAM / IEMEC-Council
○ CEH
![Page 18: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/18.jpg)
Types of Penetration Testing
Network Host Application Database
![Page 19: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/19.jpg)
Types of Penetration Testing
Network
PasswordSwitches / RoutersFirewallIntrusion DetectionVPNStorage
WLAN Security Internet User SecurityAS400Lotus Notes
![Page 20: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/20.jpg)
Types of Penetration Testing
HostUnix / LinuxWindowsNovell NetwareWeb Server
![Page 21: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/21.jpg)
Types of Penetration Testing
ApplicationWeb ApplicationSource Code AuditingBinary Auditing
![Page 22: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/22.jpg)
Types of Penetration Testing
DatabaseDatabase SecuritySocial Engineering
![Page 23: Module 1 - Introduction](https://reader035.vdocuments.site/reader035/viewer/2022081514/56815520550346895dc2feb1/html5/thumbnails/23.jpg)
Module 1 - Conclusion
Why Perform Penetration Tests? About This Course Security Certifications Types of Pentesting