Certified Penetration Testing Professional (CPENT)
Certified Penetration Testing Professional (CPENT)
Overview
EC-Council’s Certified Penetration Testing Professional (CPENT) program teaches you how to perform an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, CPENT’s live practice range will teach you to take your skills to the next level by teaching you how to pen test IoT systems, OT systems, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network.
Objectives
- Demonstrate a repeatable and measurable approach to penetration testing.
- Perform advanced techniques and attacks to identify SQL injection, Cross site scripting (XSS), LFI, RFI vulnerabilities in web applications.
- Submit a professional and industry accepted report that achieves management and technical buy-in.
- Get access to proprietary EC-Council penetration testing methodologies.
- Write exploit codes to gain access to a vulnerable system or application.
- Exploit vulnerabilities in Operating systems such as Windows, Linux.
- Perform privilege escalation to gain root access to a system.
- Demonstrate ‘Out-of-the-box’ and ‘lateral’ thinking.
- Ensure the integrity and value of the penetration testing certification, in a fully online, remotely proctored certification exam.
Audience
- Ethical Hackers
- Penetration Testers
- Network Server Administrators
- Firewall Administrators
- Security Testers
- System Administrators and Risk
- Assessment Professionals
- Cybersecurity Forensic Analyst
- Cyberthreat Analyst
- Cloud Security
- Analyst Information Security
- Consultant
- Application Security Analyst
- Cybersecurity Assurance Engineer
- Security Operations Center (SOC)
- Analyst
- Technical Operations Network
- Engineer
- Information Security Engineer
- Network Security Penetration Tester
- Network Security Engineer
- Information Security Architect
Outline
- Penetration Testing Concepts
- LPT Penetration Testing Methodology
- Guidelines and Recommendations for Penetration Testing
- Request for Proposal
- Preparing Response Requirements for Proposal Submission
- Setting the Rules of Engagement
- Establishing Communication Lines
- Timeline
- Time/Location
- Frequency of meetings
- Time of Day
- Identifying Personnel for Assistance
- Handling Legal Issues in Penetration Testing Engagement
- Preparing for the Test
- Handling Scope Creeping During Pen Testing
- OSINT through the WWW
- OSINT through Website Analysis
- OSINT through DNS Interrogation
- Automating the OSINT Process using Tools/Frameworks/Scripts
- Social Engineering Penetration Testing Concepts
- Social Engineering Penetration Testing Using E-mail Attack Vector
- Social Engineering Penetration Testing Using Telephone Attack Vector
- Social Engineering Penetration Testing Using Physical Attack Vector
- Reporting and Countermeasures/Recommendations
- Port Scanning
- OS and Service Fingerprinting
- Vulnerability Research
- Exploit Verification
- Footprinting
- Network Scanning
- OS and Service Fingerprinting
- Enumeration
- Vulnerability Assessment
- Windows Exploitation
- Unix/Linux Exploitation
- Other Internal Network Exploitation Techniques
- Automating Internal Network Penetration Test Effort
- Post Exploitation
- Advanced Tips and Techniques
- Assessing Firewall Security Implementation
- Assessing IDS Security Implementation
- Assessing Security of Routers
- Assessing Security of Switches
- Discover Web Application Default Content
- Discover Web Application Hidden Content
- Conduct Web Vulnerability Scanning
- Test for SQL Injection Vulnerabilities
- Test for XSS Vulnerabilities
- Test for Parameter Tampering
- Test for Weak Cryptography Vulnerabilities
- Tests for Security Misconfiguration Vulnerabilities
- Test for Client-Side Attack
- Tests for Broken Authentication and Authorization Vulnerabilities
- Tests for Broken Session Management Vulnerabilities
- Test for Web Services Security
- Test for Business Logic Flaws
- Test for Web Server Vulnerabilities
- Test for Thick Clients Vulnerabilities
- WordPress Testing
- Wireless Local Area Network (WLAN) Penetration Testing
- RFID Penetration Testing
- NFC Penetration Testing
- IoT Attacks and Threats
- IoT Penetration Testing
- OT/SCADA Concepts
- Modbus
- ICS and SCADA Pen Testing
- Cloud Penetration Testing
- AWS Specific Penetration Testing
- Azure Specific Penetration Testing
- Binary Coding Concepts
- Binary Analysis Methodology
- Penetration Testing Report: An Overview
- Phases of Report Development
- Report Components
- Penetration Testing Report Analysis
- Penetration Testing Report Delivery
- Post-Testing Actions for Organizations
- Computer Network Fundamentals
- TCP/IP Protocol Suite
- TCP/IP Protocol Suite: Application Layer Protocols
- TCP/IP Protocol Suite: Transport Layer Protocols
- TCP/IP Protocol Suite: Internet Layer Protocols
- TCP/IP Protocol Suite: Link Layer Protocols
- IP Addressing and Port Numbers
- Network Terminology
- Network Security Controls
- Network Security Devices
- Network File System (NFS)
- Windows Security
- Unix/Linux Security
- Virtualization
- Web Server
- Web Application
- Web Markup and Programming Languages
- Application Development Framework and their Vulnerabilities
- Web API’s
- Web Sub Components
- Web Application Security Mechanisms
- Working of Most Common Information Security Attacks
- Information Security Standards, Laws and Acts
- Information Reconnaissance
- Database Enumeration: Oracle
- Database Enumeration: MS SQL Server
- Database Enumeration: MySQL
- Vulnerability and Exploit Research
- Database Exploitation: Oracle
- Database Exploitation: MS SQL Server
- Database Exploitation: MySQL
- Communication Channel Penetration Testing
- Server-side Infrastructure Penetration Testing
- Application Penetration Testing
- Network Penetration Testing: External
- Network Penetration Testing: Internal
- Windows Exploitation
- Other Internal Network Exploitation Techniques
- Advanced Tips and Techniques
- Network Penetration Testing: Perimeter Devices
- Web Application Penetration Testing
- Wireless Penetration Testing
- Cloud Penetration Testing
Exam Facts
| Delivery | Online (Web based) |
| Format | Multiple choice |
| Proctoring | Live |
| Duration | 24 hours |
| # of questions | |
| Pass grade | 70% |
Related Certification
- Certified Penetration Testing Professional (CPE
