Advanced Penetration Testing (APT)

The Advanced Penetration Testing (APT) course will teach you how to perform a professional security test as well as how to produce the next most important thing… the findings and the report!

The ranges progress in difficulty and reflect an enterprise-level architecture. There will be defenses to defeat and challenges to overcome. This is not your typical FLAT network! As the range levels increase you will encounter the top defenses of today and learn the latest evasion techniques.

Quote a Price
  • Why APT?

    This program is meticulously designed to demonstrate the advanced concepts including that of scanning against defenses, pivoting between networks, deploying proxy chains, and using web shells.

    The “virtual cyber ranges” bring 100% practicality into the training sessions and are designed to provide professional skills that demonstrate how professional pentesters determine the attack surface of targets within required time frames and complexities and gain access to the machines and escalate privileges.

    The practical environment ranges progress in difficulty and reflects enterprise network architectures. This environment includes defenses and challenges which candidates of the LPT program must defeat and overcome. This is not done through a typical FLAT network! As candidates progress through the various range levels, each encounter will present the top defenses of today and they will learn the latest best practices, tips and tricks, and even evasion techniques.

    This training format will help build thousands of penetration testers globally and will prove to be effective!

    Who is it For?

    This new program is built for ECSA credentialed members who require advanced pentesting skills and a professional level certification to attest their skills to employers.

      • Penetration Testers
      • Network Administrators
      • IT Auditors
      • Information Security Engineers
      • Security Consultants


      Course Outline


      Introduction to Vulnerability Assessment and Penetration Testing

      Review of vulnerability assessment

      • Types of vulnerability scanners
      • Challenges faced by vulnerability scanners
      • Creating a Security Testing Plan
      • Explaining the Hacking Methodology
      • Concepts of Evasion

      Information Gathering Methodology

      • Information Gathering with NSLOOKUP and Dig
      • DNS Enumeration with dnsenum and dnsrecon
      • Enumeration with fierce
      • Creating a Security Testing Plan
      • Registrars and Whois
      • Google Hacking Database
      • Enumeration with Metagoofil
      • Cloud Scanning with Shodan

      Scanning and Enumeration

      • Scanning with Nmap
      • Scanning with the Tool Dmitry
      • Scanning with the Tool Netdiscover
      • Scanning with the Tool sslscan
      • Scanning and Scripting with the Tool hping3
      • Scanning the Internet
      • Using Metasploit Databases and Workspaces
      • Enumeration of Targets
      • Mastering the Nmap Scripting Engine

      Identify Vulnerabilities

      • Vulnerability Sites
      • Vulnerability Analysis with OpenVAS
      • Web Application Vulnerability Scanners
      • Customizing and Optimizing Scan Policies
      • Web Vulnerability Scanning within Metasploit
      • Analysis of Vulnerability Findings
      • Custom Script Design

      Exploitation

      • Exploit Sites
      • Manual Exploitation
      • Exploitation with Metasploit
      • Searching for Exploits
      • Remote Exploitations with SMB, RDP and SSH
      • Web Application Exploitation
      • Customization of Shells
      • Staged and Stageless Payloads
      • Custom Exploits

      Post Exploitation

      • Disabling protections
      • Local Assessment
      • Harvesting Information
      • Scripts for pilfering
      • Leveraging backdoors
      • Mangling log files
      • Escalation of privileges
      • Data search and extraction techniques
      • Achieving an advanced shell
      • File transfers

      Advanced Tips and Techniques

      • Scanning with Nmap against Defenses
      • Session routing
      • Performing pivoting
      • Executing a double pivot
      • Custom payloads for network traversal
      • Using proxies
      • Leveraging web shells
      • Custom web shells to avoid detection

      Preparing a Report

      • Importance of a report
      • Avoiding the common mistakes
      • Compiling data in Magic Tree
      • Designing the report structure
      • Essential report components

      Practice Ranges

      • Practice Ranges

    Course Highlights

    • Penetration Testers
    • Network Administrators
    • IT Auditors
    • Information Security Engineers
    • Security Consultants

    Get Quote