CSX Penetration Test Certificate Series Course and Exam Bundle

Members save over 40% compared to non-members buying unbundled.

Difficulty: Multilevel CSF Domain: All domains

$1,499.00

Price represents the non member rate.

Buy Now
or pay later by invoice

Summary

Build technical cybersecurity skills and gain a whole new perspective on evaluating vulnerabilities and defending your organization when an attack surfaces. Experience cybersecurity from the point-of-view of both a hacker and a defender with the Cybersecurity Nexus™ (CSX)® Penetration Test Certificate Series Course & Exam Bundle, featuring three hands-on penetration-testing certificate courses:

  1. CSX Penetration Testing Overview
  2. CSX Vulnerability and Exploitation
  3. CSX Advanced Exploitation

Learn through guided labs that teach the technical and tactical aspects of performing all phases of a penetration test from initial reconnaissance through backdoor implementation to trace obfuscation.

Certificate exams related to each of the three courses allow you to demonstrate your understanding and ability to conduct a penetration test from beginning to end.

Take a closer look at what you will experience:

Courses

Each 16-hour course offers detailed instruction and guidance, along with hands-on lab work conducted in a virtual, live and dynamic network environment. Learn at your own pace and track your progress as you go with performance-based scoring of every effort. Earn up to 66 CPE credit hours.

Courses are presented in the suggested order in which they should be taken.

The Cybersecurity Nexus (CSX) Penetration Testing Overview (CPTO) course provides students an introductory understanding of penetration testing and ethical hacking. Students will work with real systems in real environments and will leverage real vulnerability analysis and exploitation tools in a live environment. Upon completion, students will understand the overall concepts guiding penetration testing from a practical, hands-on vantage point.

20

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Introduction to Penetration Testing

In this lab, students will:

  • Understand an ethical hacking overview
  • Learn the methodology
  • Note the essential hacking tools
  • Learn basic Linux commands

Lab/Instructional Linux Shell and Commands

The Unix bourne-again shell, also known as Bash, is a command processor that runs in the Kali Linux terminal. Bash scripting and command execution is the foundation of penetration testing. In this lab, students will:

  • Use Kali Linux in order to begin their penetration testing journey
  • Execute commands in order to create a foundation for this two-day series

Lesson TCP/IP Basics

In this lab, students will:

  • Learn both network vulnerabilities and network based attacks
  • Understand basics of TCP/IP Protocol
  • Understand basic commands to get network and process information
  • Learn network-based commands

Lab/Instructional TCP/IP Basics

In Linux, viewing and configuring network connections is not only a fundamental aspect of computer and network security, but it is also an essential piece of the penetration testing infrastructure. In this lab, students will:

  • Use Kali Linux in order to continue their penetration testing journey
  • Execute commands in order to understand the networking side of not just penetration testing, but also Linux as a whole

Lesson Reconnaissance

In this lab, students will:

  • Learn information gathering techniques
  • Learn about reconnaissance tools
    • Maltego
    • Shodan
    • Google Hacks
    • Recon-NG
  • Identify and map networks
  • Use packet analysis tools

Lab/Instructional Packet Inquiry

Wireshark is a free and open source network protocol analyzer that is both efficient and effective. In Kali Linux, packets are captured in Wireshark by penetration testers and cybersecurity professionals on a daily basis. In this lab, students will:

  • Use Kali Linux to ping an Ubuntu server
  • Use Kali Linux to connect to an Ubuntu server via FTP
  • Use Wireshark to analyze the ICMP and FTP packets that they generated

Lab/Instructional Network Discovery

Again, Wireshark is a free and open source network protocol analyzer that is both efficient and effective. It is necessary for penetration testers to understand the packets that are traversing through a network segment while discovering network hosts and navigating to websites. In this lab, students will:

  • Use Kali Linux to navigate to nexus.isaca.org
  • Use Kali Linux to conduct a ping sweep in order to find the default gateway
  • Use Wireshark to analyze the TCP packets outlining a three-way handshake

Lesson Enumeration

In this lab, students will:

  • Use the Network Mapper and its associated GUI version, Zenmap
  • Learn basic TCP/IP services and version in relation ports and their states
  • Understand the relation between traffic and packets
  • Get a hands-on learning experience of the TCP three-way handshake

Lab/Instructional Service Enumeration

The CLI tool, nmap, and its GUI counterpart, Zenmap, are both extremely important when it comes to identifying and enumerating network hosts, ports and services, and more. In this lab, students will:

  • Use Kali Linux to conduct a few different nmap scans of the LAN network
  • Use Kali Linux to conduct a Zenmap intense (plus UDP) scan of the LAN network
  • Use Wireshark to analyze the UDP packets generated

Lesson Vulnerability Identification

In this lab, students will:

  • Identify vulnerabilities
  • Check out the National Vulnerability Database (nvd.nist.gov)
  • Check our an example exploit repository (exploit-db.com)
  • Use vulnerability assessment tools
  • Be introduced to the Metasploit Framework
  • Use Metasploit auxiliary modules to identify credentials allowing access to TCP/IP Services

Lab/Instructional Network Vulnerability Identification

Metasploit is a software project that is arranged for penetration testing. Metasploit provides essential information about computer and network security vulnerabilities and helps users exploit machines. In this lab, students will:

  • Use Kali Linux to start the database''s essential services
  • Use the Metasploit Framework console to fetch MySQL and Tomcat usernames and passwords from a remote system

Lab/Instructional Vulnerability Exploitation

Using the results of an exploit to enable another exploit is something penetration testers do on a daily basis. Once their exploits take them deep enough into a remote system, using MySQL syntax to navigate a MySQL database can be a crucial skill when they''re in search of information. In this lab, students will:

  • Use information from the previous lab to enable deeper MySQL and Tomcat exploits
  • Navigate a MySQL database and become familiar with MySQL syntax

Lesson Reporting

In this lab, students will:

  • Verify findings via TCP/IP analysis
  • Review configurations
  • Analyze root cause
    • Configuration Management
    • Hardening Process
    • Build/Deployment Process
    • Patch Management
    • Vulnerability Management (Assessment/Remediation)

Lesson Security Controls

In this lab, students will:

  • Analyze network security assessment areas
  • Learn security architecture & design
  • View firewall technologies
  • Note switch, VPN, and VLAN security
  • Analyze IDS and IPS
  • Assess wireless security

Lesson Evidence Removal

Removing evidence, also known as covering your tracks, is the last step in penetration testing. Although it is the last step, it is by far not the least important. In this lab, students will:

  • Use Kali Linux to remotely remove logs and bash history from a Metasploitable machine
  • Use Kali Linux to remove command history from a Metasploit Framework console session

Lab/Challenge Challenge 01

This challenge is based on the first four labs of this series. This lab reflects the Identify domain of penetration testing. In this lab, students will:

  • Execute commands to understand local settings in Kali Linux
  • Use Kali Linux to ping an Ubuntu server
  • Use Kali Linux to conduct a LAN ping sweep
  • Use Wireshark to analyze the traffic captured in the above steps

Lab/Challenge Challenge 02

This challenge is based on the last four labs of this series. This lab reflects the Identify, Detect, and Recover domains of penetration testing. In this lab, students will:

  • Use Kali Linux to run a LAN nmap version scan
  • Use the Metasploit Framework console to identify credentials to a remote machine''s service
  • Use the Metasploit Framework console to exploit a remote machine
  • Cover tracks by erasing logs

The Cybersecurity Nexus (CSX) Vulnerability and Exploitation Course (CVEC) provides students, who possess a basic understanding of penetration testing, a deeper understanding of vulnerability identification and exploitation capabilities. Students will work with real systems in real environments and will leverage real vulnerability analysis and exploitation tools in a live environment. Upon completion, students will understand the how to successfully exploit and maintain a presence within information systems.

18

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Open Source Research

In this lab, students will:

  • Gain an insight into terminology
  • Understand the process of Footprinting
  • Be able to conduct open source research on a target
  • Become familiar with Google "Hacks"
  • Learn the syntax for commonly used open source tools in Kali Linux

Lab/Instructional Footprinting

This lab instructs students on the basics of open source researching a target domain. In this lab, students will:

  • Conduct Google Hacks queries on a target domain.
  • Discover hidden pages within a domain
  • Record results into a document

Lesson Initial Vulnerability Scan

In this lab, students will:

  • Discover the techniques used to identify a known vulnerability
  • Learn what Vulnerability Scanning is
  • Become familiar with the installation and setup process of OpenVAS
  • Prepare for the Vulnerability Scanner setup lab

Lab/Instructional Initial Vulnerability Scan Setup

OpenVAS is a popular open-source vulnerability scanner and management tool. One of the tools included with OpenVAS is the Greenbone Security Assistant (GSA), a web application which connects to the OpenVAS manager daemon to provide a GUI for vulnerability management. In this lab, you''ll become familiar with how these tools work and how to use them. In this lab, students will:

  • Verify OpenVAS was installed correctly
  • Use the Greenbone Security Assistant to create Targets and Tasks
  • Perform a vulnerability scan on the Metasploitable VM

Lesson Vulnerability Identification

In this lab, students will:

  • Learn to research vulnerabilities
  • Identify the severity of vulnerabilities
  • Find the patch levels of various operating systems:​
    • Linux
    • OSX
    • Windows

Lab/Instructional Vulnerability Analysis

Conducting a vulnerability scan is important. In this lab, students will learn how to interpret the results from the vulnerability scans. In this lab, students will:

  • Analyze Past Vulnerability Reports
  • Conduct Research using Exploit-DB
  • Conduct Research using the Metasploit Framework

Lesson Basic Exploitation

In this lab, students will:

  • Discover the details of the VSFTP backdoor vulnerability
  • Learn the Metasploit Options of this exploit
  • Run this exploit against a target to gain unauthorized access

Lab/Instructional Initial Exploitation

It''s important to realize not all exploits require scripted code and payloads. Sometimes a simple Nmap scan - coupled with a Telnet connection and a clever username - is all you need! In this lab, students will:

  • Use banner grabbing to footprint a system.
  • Access the Metasploitable VM via a backdoor
  • Generate a report on the target using information discovered through backdoor access

Lesson Privilege Escalation

In this lab, students will:

  • Learn about privileges on a system
  • Remote copy and compile local exploit
  • Utilize local exploits to escalate privileges on a system
  • Create Netcat listeners to receive connections from exploit

Lab/Instructional Privilege Escalation

Privilege escalation exploits are one of the most common exploit types. By exploiting flaws in the OS, this type of exploit allows a user to elevate their level of system access. Once elevated, a user can make permanent changes and gain control of the vulnerable system. In this lab, students will:

  • Create a Netcat port listener for the privilege exploit backdoor callback
  • Compile the exploit C code and make the compiled code executable
  • Gain backdoor access to Metasploitable and confirm privilege escalation

Lesson Backdoor Implants

In this lab, students will:

  • Learn about backdoor access to a system
  • Create backdoors using netcat​

Lab/Instructional Backdoor Implementation

This lab will take students through creating backdoors in systems as well as implementing inadvertent backdoors and exploitations. In this lab, students will:

  • Create listening ports for backdoor access
  • Utilize exploits and inadvertent backdoors

Lesson Covering Tracks

In this lab, students will:

  • Learn about covering tracks from a system intrusion
  • Use system commands to modify date/time stamps on files
  • Search log files for evidence
  • Delete evidence from log files

Lab/Instructional Covering Tracks

When a system is accessed, either by normal or clandestine operations, evidence is left behind in log files. Sanitation of those log files is important to cover up any activity that had taken place. In this lab, students will:

  • Change timestamps of files
  • Sanitize log files
  • Utilize Armitage

Lesson System Exploration

In this lab, students will:

  • Learn about possible valuable information a system.
  • Find the locations of password files on a system.
  • Crack passwords.
  • Discover open network file shares.

Lab/Instructional Deeper Exploration

Once a system has been compromised with administrator level access all sensitive system information is available to the attacker. In this lab, we''ll take you through obtaining that system information. In this lab, students will:

  • Exfil and crack password files
  • Exfil system configuration files
  • Exfil other sensitive system information

Lab/Challenge Challenge

This is a challenge lab for the CVEC series which is based on the materials covered in the previous 8 labs. In this lab, students will:

  • Scan the Metasploitable VM with GSA
  • Identify a backdoor in Metasploitable
  • Access the backdoor using Netcat

The Cybersecurity Nexus (CSX) Advanced Exploitation Course (CAEC) provides students, who possess an in-depth understanding of penetration testing, a deeper understanding of traversing complex networks. Students will work with real systems in real environments and will leverage real exploitation and pivoting tools in a live environment. Upon completion, students will understand the how to successfully exploit and move through a number of hosts on a network.

16

Continuing Professional Education (CPE) Credits

Course Content and Labs

Lesson Pivoting and Tunneling

In this lesson, students will:

  • Learn about data redirection basics
  • Gain an understanding of different pivoting techniques

Lesson SSH Tunneling

In this lesson, students will:

  • Learn about SSH port forwarding
  • Pivot through an SSH tunnel
  • Exploit through an SSH tunnel
  • Pivot through multiple devices using SSH

Lab/Instructional SSH Tunnel Implementation

In this lab, students will:

  • Use Kali Linux to create SSH tunnels in order for a LAN machine to communicate with a DMZ server
  • Enumerate Services via an SSH tunnel
  • Exploit a device via an SSH tunnel

Lab/Instructional Multiple SSH Tunnel Exploitation Implementation

In this lab, students will:

  • Pivot through multiple devices using SSH tunnels
  • Enumerate services through multiple devices
  • Utilize Metasploit to exploit a remote system via multiple tunnels.

Lesson Metasploit PortProxy

In this lesson, students will:

  • Learn about the PortProxy Metasploit module
  • Interact with Meterpreter
  • Pivot through Windows hosts
  • Run exploits through PortProxy

Lab/Instructional Metasploit PortProxy Implementation

In this lab, students will:

  • Use PortProxy to establish multiple pivot points.
  • Redirect port scans to a target machine
  • Establish a backdoor on the target machine via pivot points

Lesson Meterpreter Autoroute Implementation

In this lesson, students will:

  • Learn about Meterpreters AutoRoute function.
  • Pivot using AutoRoute
  • Run exploits through AutoRoute

Lab/Instructional Autoroute Implementation

In this lab, students will:

  • Use metasploit to gain perimeter access.
  • Use AutoRoute to pivot through network.
  • Exploit through AutoRoute.

Lab/Instructional Interesting Searches

Students will learn how to conduct packet analysis to identify the types of searches which devices are executing on their network.

Lab/Challenge Network Assessment

Based on what students have learned, thus far, they are challenged to enumerate and pivot through multiple devices and networks in order to capture a flag from the target machine.

Certificate Exams

Affirm your skills and prove your abilities to conduct a thorough penetration test as a certified full-range penetration tester. Take the exam after each course to obtain all three of ISACA’s penetration testing certificates:

  1. CSX Penetration Testing Overview Certificate
  2. CSX Vulnerability and Exploitation Certificate
  3. CSX Advanced Exploitation Certificate