• Online, Self-Paced
Course Description
In this course we will lay out the Penetration Testing Execution Standard (PTES) in all its phases and their application for business leaders and Security Professionals alike.

Learning Objectives

By the end of the course, students should be able to: ● Understand and apply pre-engagement activities such as: o Client engagement and scoping questions o Understanding scope creep and how to avoid it o Specifying targets within the scope o Discussion on DoS testing o Dealing with Third Parties ● Understand and apply Intelligence Gathering activities such as: o Level 1, 2, and 3 Information gathering o Target selection and limitations o Time considerations and end goals o Open Source Intelligence and its forms o External foot-printing concepts and tools o Internal foot-printing concepts and tools ● Understand and apply Threat Modeling activities such as: o High level modeling processes o Business Asset Analysis o Business Processes Analysis o Reviewing threat agents o Threat capabilities o Motivation Modeling o Finding Relevance ● Understand and apply Vulnerability Analysis activities such as: o Testing Systems o Active versus Passive testing o Validation o Research Principles ● Understand and apply Exploitation activities such as: o The purpose and reason for exploitation o Application of countermeasures against appropriate technologies o Evasion techniques against IPS and IDS o Example of Network Service Exploitation ● Understand and apply Post Exploitation activities such as: o Rules of Engagement o Legal Protections o Infrastructure Analysis o Data and Systems Review o High Value System Targeting o Data Exfiltration Testing o Establishing persistence o Lateral Movement o Cleanup ● Understand and apply Reporting concepts such as: o Executive summary development o Terminology and layout o Addressing the audience o Protection of Sensitive data

Framework Connections