For more information about CSM-ACE 2019, please contact: 
  • secretariat@csm-ace.my |
  • +603 8800 7999

Certified Penetration Tester (CPT)

Date 23 – 27 September 2019
Time 8.30 am - 5.00 pm
Venue Royale Chulan, Kuala Lumpur, Malaysia
Fee Training: RM6,650.00 | Exam: RM800.00 (Fees exclude 6% SST)
Level Certification

Certified Penetration Tester is 5 days hands-on training and certification programmes that enable the participants handle the vulnerability assessment and penetration test for their customers.

  1. To understand different attacks used by hackers
  2. To learn how to conduct a vulnerability assessment on the network and systems
  3. To learn ways to harden the network and systems thus securing the corporate network and systems.
  4. To prepare and submit Vulnerability Assessment & Pentest Reports
  1. Network administrators
  2. Network executives
  3. Security professionals who insterested in conducting vulnerability assessment and penetration test for their customers.

The CPT examination is certified by the Global ACE Scheme. The examination framework is designed to align with a set of relevant Knowledge, Skills and Attitudes (KSA) that are necessary for an Information Security Awareness Manager. Candidates will be tested via a combination of either continual assessment (CA), multiple choice (MC), theory/underpinning knowledge assessment (UK), practical assessment (PA), assignments (AS) and case studies (CS) as required.

Candidates can take the examination at authorized examination centres in participating scheme member countries. Candidates who have successfully passed the CPT examination will be eligible to apply as an associate or professional member by fulfilling the membership criteria defined under the Global ACE Scheme.

Introduction to Vulnerability Assessment & Penetration Testing

  1. Vulnerability Exploit, Payload, Listener
  2. Vulnerability Assessment Vs. Penetration Testing
  3. Types of Vulnerabilities Vulnerability Research Sources for Penetration Testers, Exploits and
  4. Tools sources for Penetration Testers, Commercial Tools for Penetration Testers, Penetration Testing Methodologies and Penetration Test Report Template
  5. Latest Attacks – Demos

 

Information Intelligence Techniques

  1. Passive Information Gathering
  2. Information intelligence and Map the Customer organization
  3. Information intelligence and Map the infrastructure of the Target organization

 

Scanning & Vulnerability Assessment

  1. Scanning Types & Scan Options
  2. NMap Scanning
    • Ninja & Non-Ninja Scan types
    • Multiple IP Addresses scanning
    • Host Discovery
    • Ping & Port Scanning
    • OS Fingerprinting & Service Enumerations
    • NMap Scripts
    • Host Scanning : Bypassing Firewalls
    • Decoys
  3. ZenMap
  4. Netcat Fingerprinting
  5. Nessus : Vulnerability Scanning & Reporting
  6. NeXpose : Vulnerability Scanning & Reporting
  7. OpenVAS

 

Cracking & Social Engineering

  1. MiTM Concepts & Attacks
  2. Password Cracking
    • Brute Force Tools : Hydra, Medusa
    • Crunch Password generator
    • FTP Credential cracking
    • Telnet Brute Force
    • SSH Login Brute Force Attack
    • Password cracking with John the Ripper
  3. Social  Engineering  Attacks  :  Java  Applet  Attack  Vectors,  Infectious  Media  Generator, Credential Harvester Attack Method, Spear-Phishing Attack Method and many more

 

Exploitation & Pentest

  1. Metasploit Framework Concepts
  2. Metasploit Community & Armitage
  3. Metasploit Exploitations : Dump Password Hash, Capture Screenshots, Capture Keystrokes,
  4. Privilege Escalation, Pivoting, ARP Scan, Stdapi and Priv, Persistence and Backdoors
  5. (Maintaining Access), Cover Tracks, Post Exploitations.
  6. Anti-Virus Evasion Frameworks and Methods
  7. Netcat Exploitations
  8. Backdoor using msfvenom & Netcat
  9. Advanced Exploitations using PowerShell
  10. USB Based exploitation on Win 7 & Win 10
  11. Pentest Reporting

 

PowerShell Exploitation

  1. PowerShell Basics
  2. PowerShell Log Analysis
  3. PowerShell Malwares to evade Defenses

 

Web Pentest

  1. Web Application Basics
  2. Web Application Fingerprinting
  3. Payment Gateway & Order Tampering
  4. Labs on OWASP TOP 10 Vulnerabilities and its sub categories using Mutillidae, DVWA [SQL Injection, Cross Site Scripting, Cross Site Request Forgery, LDAP Injection, Command Injection, Parameter/Form Tampering, Payment Gateway hacking, Improper Error Handling, Directory Traversal, Insecure storage, Information Leakage, Broken Account Management, Denial of Service, Buffer Overflow, Broken Session Management, Session Fixation, Security Misconfiguration, File Upload and Download and many more ]
  5. Pentest Reporting

 

Wireless Pentest

  1. Introduction on WEP, WPA, WPA2
  2. Wireless cracking with Reaver
  3. Uncovering hidden SSIDs
  4. WiFi Twining Attacks
  5. Wifi Pineapple based attacks
  • 2 x tea break and 1 lunch for 5 days training
  • Exam Voucher worth RM1,196