Description
Pen test plus 101 (PEN+-101)
This is a closed class. It requires a contract. On-site for 22 people.
Days: 5 Days Labs: Yes –Local Cyber Range
Type of Course: Advanced Security / Technical
Prerequisite skills: Security+ or equivalent
About this course: In order to do great penetration testing you need to do what the bad guys do, before they do it to your client BUT you need to do it every way. The bad guys only need one way in, you must learn all the ways in. This is that course.
Goals: Become a well rounded penetration tester
Outline:
- Planning and Scoping a Penetration Testing Assessment
- Information Gathering and Vulnerability Identification
- Social Engineering Attacks and Physical Security Vulnerabilities
- Exploiting Wired and Wireless Networks
- Exploiting Application-Based Vulnerabilities
- Cloud, Mobile, and IoT Security
- Performing Post-Exploitation Techniques
- Reporting and Communication
- Tools and Code Analysis
Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.
Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures. Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.
