For more information about CSM-ACE 2018, please contact: 
  • secretariat@csm-ace.my |
  • +60 3 8992 6888

Certified Penetration Tester (CPT)

Date 24th, 26th & 27th Sept 2018
Time 8.30 am - 5.00 pm
Venue Royale Chulan, Kuala Lumpur, Malaysia
Fee Training: RM4,250.00 | Exam: RM800.00 (Fees Include 0% GST)
Level Certification

Certified Penetration Tester is 3 days hands-on training and certification programmes that enable the participants handle the vulnerability assessment and penetration test for their customers.

  1. To understand different attacks used by hackers
  2. To learn how to conduct a vulnerability assessment on the network and systems
  3. To learn ways to harden the network and systems thus securing the corporate network and systems.
  4. To prepare and submit Vulnerability Assessment & Pentest Reports
  1. Network administrators
  2. Network executives
  3. Security professionals who insterested in conducting vulnerability assessment and penetration test for their customers.

The CPT examination is certified by the Global ACE Scheme. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an Information Security Awareness Manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CPT examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Scheme.

  1. Introduction to Vulnerability Assessment & Penetration Testing
    • Vulnerability Exploit, Payload, Listener
    • Vulnerability Assessment Vs. Penetration Testing
    • Types  of  Vulnerabilities  Vulnerability  Research  Sources  for  Penetration  Testers,  Exploits  and
    • Tools  sources  for  Penetration  Testers,  Commercial  Tools  for  Penetration  Testers,  Penetration Testing Methodologies and Penetration Test Report Template

     

  2. Information Intelligence Techniques
    • Passive Information Gathering
    • Information intelligence and Map the Customer organization
    • Information intelligence and Map the infrastructure of the Target organization

     

  3. Scanning & Vulnerability Assessment
    • Scanning Types & Scan Options
    • NMap Scanning
      • Ninja & Non-Ninja Scan types
      • Multiple IP Addresses scanning
      • Host Discovery
      • Ping & Port Scanning
      • OS Fingerprinting & Service Enumerations
      • NMap Scripts
      • Host Scanning : Bypassing Firewalls
      • Decoys
    • ZenMap
    • Netcat Fingerprinting
    • Nessus : Vulnerability Scanning & Reporting
    • NeXpose : Vulnerability Scanning & Reporting
    • OpenVAS

     

  4. Cracking & Social Engineering
    • MiTM Concepts & Attacks
    • Password Cracking
      • Brute Force Tools : Hydra, Medusa
      • Crunch Password generator
      • FTP Credential cracking
      • Telnet Brute Force
      • SSH Login Brute Force Attack
      • Password cracking with John the Ripper
    • Social  Engineering  Attacks  :  Java  Applet  Attack  Vectors,  Infectious  Media  Generator, Credential Harvester Attack Method, Spear-Phishing Attack Method and many more

     

  5. Exploitation & Pentest
    • Metasploit Framework Concepts
    • Metasploit Community & Armitage
    • Metasploit Exploitations : Dump Password Hash, Capture Screenshots, Capture Keystrokes,
    • Privilege  Escalation,  Pivoting,  ARP  Scan,  Stdapi  and  Priv,  Persistence  and  Backdoors
    • (Maintaining Access), Cover Tracks, Post Exploitations.
    • Veil Anti-Virus Evasion Framework
    • Netcat Exploitations
    • Backdoor using msfvenom & Netcat
    • Advanced Exploitations using PowerShell
    • Pentest Reporting

     

  6. PowerShell Exploitation
    • PowerShell Basics
    • PowerShell Log Analysis
    • PowerShell Malwares Evading Antivirus and End Point Defenses

     

  7. Web Pentest
    • Web Application Basics
    • Web Application Fingerprinting
    • Payment Gateway & Order Tampering
    • Labs on OWASP TOP 10 Vulnerabilities and its sub categories using Mutillidae, DVWA [SQL  Injection,  Cross  Site  Scripting,  Cross  Site  Request  Forgery,  LDAP  Injection, Command  Injection,  Parameter/Form  Tampering,  Payment  Gateway  hacking, Improper Error Handling, Directory Traversal, Insecure storage, Information Leakage, Broken  Account  Management,  Denial  of  Service,  Buffer  Overflow,  Broken  Session Management, Session Fixation, Security Misconfiguration, File Upload and Download and many more ]
    • Pentest Reporting
    • Tools Covered : Acunetix, Qualys, Burp Suite

     

  8. Wireless Pentest
    • Introduction on WEP, WPA, WPA2
    • Wireless cracking with Reave
    • Uncovering hidden SSIDs
    • WiFi Twining Attacks
  • 2 x tea break and 1 lunch for 3 day training
  • Exam Voucher worth RM1,196