The Offensive Security Certified Professional (OSCP) is the buddy certification for our Penetration Testing with Kali Linux training course and is the world’s first completely hands-on offensive information security certification. The OSCP challenges the students to prove they have a clear and practical understanding of the penetration testing process and life-cycle through an arduous twenty-four (24) hour certification exam.
An OSCP trained professional has demonstrated his ability to be presented with an unknown network, enumerate the targets within their scope, exploit them, and clearly document their results in a penetration test report.
Target Audience:» Network server administrators, Firewall Administrators, Information Security Testers, System Administrators and Risk Assessment professionals.
» Pen testers.
There are no prerequisites although it would be extremely valuable to know web application vulnerabilities, knowledge of attack techniques, lateral movement, continuous monitoring and penetration testing.
OSCP certified professionals will be able to:
1) Use multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
2) Write basic scripts and tools to aid in the penetration testing process.
3) Analyze, correct, modify, cross-compile, and port public exploit code.
4) Successfully conduct both remote and client-side attacks.
5) Identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications.
6) Deploy tunneling techniques to bypass firewalls.
7) Demonstrate creative problem solving and lateral thinking.
Course Outline:» Metasploitable 2 enumeration
» Metasploitable 2 vulnerability assessment
» Exploiting VSFTPD v2.3.4 on Metasploitable 2
» Hacking Unreal IRCd 3.2.8.1 on Metasploitable 2
» Hacking dRuby RMI Server 1.8
» Buffer overflow explained: The basics
» Hacking with Netcat part 2: Bind and reverse shells
» Mingw-w64: How to compile Windows exploits on Kali Linux
» Windows Privilege Escalation
» Linux Privilege Escalation
1) Indicators of Compromise :
Why is Security Important?
Security Policy
Threat Actor Types
The Kill Chain
Social Engineering
Phishing
Malware Types
Trojans and Spyware
Open Source Intelligence
Labs:
VM Orientation
Malware Types
2) Critical Security Controls :
Security Control Types
Defense in Depth
Frameworks and Compliance
Vulnerability Assessments and Pen tests
Security Assessment Techniques
Pen Testing Concepts
Vulnerability Scanning Concepts
Exploit Frameworks
Labs:
Using Vulnerability Assessment Tools
3) Security Posture Assessment Tools :
Topology Discovery
Service Discovery
Packet Capture & Packet Capture Tools
Remote Access Trojans
Honeypots and Honey nets
Labs:
Using Network Scanning Tools 1
Using Network Scanning Tools 2
Using Steganography Tools
4) Incident Response :
Incident Response Procedures
Preparation Phase
Identification Phase
Containment Phase
Eradication and Recovery Phases
Module 2 / Identity and Access Management1) Cryptography :
Uses of Cryptography
Cryptographic Terminology and Ciphers
Cryptographic Products
Hashing Algorithms
Symmetric Algorithms
Asymmetric Algorithms
Diffie-Hellman and Elliptic Curve
Transport Encryption
Cryptographic Attacks
Labs:
Implementing Public Key Infrastructure
2) Public Key Infrastructure :
PKI Standards
Digital Certificates
Certificate Authorities
Types of Certificate
Implementing PKI
Storing and Distributing Keys
Key Status and Revocation
PKI Trust Models
PGP / GPG
Labs:
Deploying Certificates and Implementing Key Recovery
3) Identification and Authentication :
Access Control Systems
Identification
Authentication
LAN Manager / NTL
Kerberos
PAP, CHAP, and MS-CHAP
Password Attacks
Token-based Authentication
Biometric Authentication
Common Access Card
Labs:
Using Password Cracking Tools
4) Identity and Access Services :
Authorization
Directory Services
RADIUS and TACACS+
Federation and Trusts
Federated Identity Protocols
5) Account Management :
Formal Access Control Models
Account Types
Windows Active Directory
Creating and Managing Accounts
Account Policy Enforcement
Credential Management Policies
Account Restrictions
Accounting and Auditing
Labs:
Using Account Management Tools
Module 3 / Architecture and Design (1)1) Secure Network Design :
Network Zones and Segments
Sub netting
Switching Infrastructure
Switching Attacks and Hardening
Endpoint Security
Network Access Control
Routing Infrastructure
Network Address Translation
Software Defined Networking
Labs:
Implementing a Secure Network Design
2) Firewalls and Load Balancers :
Basic Firewalls
Stateful Firewalls
Implementing a Firewall or Gateway
Web Application Firewalls
Proxies and Gateways
Denial of Service Attacks
Load Balancers
Labs:
Implementing a Firewall
3) IDS and SIEM :
Intrusion Detection Systems
Configuring IDS
Log Review and SIEM
Data Loss Prevention
Malware and Intrusion Response
Labs:
Using an Intrusion Detection System
4) Secure Wireless Access :
Wireless LANs
WEP and WPA
Wi-Fi Authentication
Extensible Authentication Protocol
Additional Wi-Fi Security Settings
Wi-Fi Site Security
Personal Area Networks
5) Physical Security Controls :
Site Layout and Access
Gateways and Locks
Alarm Systems
Surveillance
Hardware Security
Environmental Controls
Module 4 / Architecture and Design (2)1) Secure Protocols and Services :
DHCP Security
DNS Security
Network Management Protocols
HTTP and Web Servers
SSL / TSL and HTTPS
Web Security Gateways
Email Services
S/MIME
File Transfer
Voice and Video Services (VoIP and VTC)
Labs:
Implementing Secure Network Addressing Services
Configuring a Secure Email Service
2) Secure Remote Access :
Remote Access Architecture
Virtual Private Networks
IPSec
Remote Access Servers
Remote Administration Tools
Hardening Remote Access Infrastructure
Embedded Systems
Security for Embedded Systems
Labs:
Implementing a Virtual Private Network
3) Secure Systems Design :
Trusted Computing
Hardware / Firmware Security
Peripheral Device Security
Secure Configurations
OS Hardening
Patch Management
Embedded Systems
Security for Embedded Systems
4) Secure Mobile Device Services :
Mobile Device Deployments
Mobile Connection Methods
Mobile Access Control Systems
Enforcement and Monitoring
5) Secure Virtualization and Cloud Services :
Virtualization Technologies
Virtualization Security Best Practices
Cloud Computing
Cloud Security Best Practices
Module 5 / Risk Management:1) Forensic :
Forensic Procedures
Collecting Evidence
Capturing System Images
Handling and Analyzing Evidence
Labs:
Using Forensic Tools
2) Disaster Recovery and Resiliency :
Continuity of Operations Plans
Disaster Recovery Planning
Resiliency Strategies
Recovery Sites
Backup Plans and Policies
Resiliency and Automation Strategies
3) Risk Management :
Business Impact Analysis
Identification of Critical Systems
Risk Assessment
Risk Mitigation
4) Secure Application Development :
Application Vulnerabilities
Application Exploits
Web Browser Exploits
Secure Application Design
Secure Coding Concepts
Auditing Applications
Secure DevOps
Labs:
Identifying a Man-in-the-Browser Attack
5) Organizational Security :
Corporate Security Policy
Personnel Management Policies
Interoperability Agreements
Data Roles
Data Sensitivity Labeling and Handling
Data Wiping and Disposal
Privacy and Employee Conduct Policies
Security Policy Training
Delivery method: Classroom / Attend from Anywhere