CSX Penetration & Vulnerability Tester Pathway
Learn, test, and earn three of ISACA’s most prestigious certificates in less than 6 months.
Difficulty: Multilevel CSF Domain: All domains
CSX Penetration & Vulnerability Tester Pathway
Career Objective: Penetration Tester | Application Security Architect | Application Security Analyst | Senior Penetration Tester | Security Analyst III
The CSX Penetration Testing training package provides individuals with the targeted skillset required to technically perform cybersecurity penetration and vulnerability tests within organizations worldwide. Course content is enhanced by live lab environments, wherein you are tasked to identify, scan, and exploit real targets through leveraging multiple hacking tools and techniques. Each lab sharpens your skillset and prepares them for a career in penetration testing.
Included in the training package are specific focuses in overall penetration testing methodologies, vulnerability identification and exploitation, and multi-hop system exploitations.
- A skills assessment will help you identify strengths, weaknesses and knowledge gaps, to focus your training.
- In the CSX Penetration Testing Overview Course, learn the comprehensive process of hacking, from beginning to end, by hunting organizational systemic weaknesses and cunningly exploiting vulnerabilities blindly overlooked by IT technicians.
- In the CSX Vulnerability and Exploitation Course, both the content and labs ratchet higher, increasing in difficulty, but providing more significant target skills.
- In the CSX Advanced Exploitation Course, you will learn to deftly perform multi-hop exploitation attacks, which create deeper points of presence within a targeted system.
- Each of the focus areas include highly tuned labs within a live environment wherein you learn through hands-on application and real-time scoring.
- Three certificate exams provide the opportunity to prove new skills and earn the following certificates: CSX Penetration Testing Overview (CPTO) Certificate, CSX Vulnerability and Exploitation (CVEC) Certificate, CSX Advanced Exploitation (CAEC) Certificate.
- Six-month access to train and test on your schedule, 24/7.
Continuing Professional Education (CPE) Credit Count: 86
This training is recommended for individuals with a fundamental knowledge of cybersecurity including the skills covered in CSX Fundamentals, CSX Technical Foundations, and CSX Cybersecurity Practitioner.
This Package Includes:
| COURSE LESSON | INSTRUCTIONAL LAB |
|---|---|
| Introduction to Penetration Testing | Linux Shell and Commands |
| TCP/IP Basics | TCP/IP Basics |
| Reconnaissance | Packet Inquiry Network Discovery |
| Enumeration | Service Enumeration |
| Vulnerability Identification | Network Vulnerability Identification Network Vulnerability Exploitation |
| Reporting Security Controls | Evidence Removal |
| FINAL CHALLENGE | CPTO Challenge 1 CPTO Challenge 2 |
EXAM
The CSX Penetration Testing Overview Certificate Exam assesses candidates understanding of network reconnaissance, footprinting, vulnerability scanning, and system exploitation. The two-hour exam is a real-time, hands-on exam which challenges students to demonstrate their skill set in a live environment. It contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available.
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:
- Perform system and network information gathering techniques
- Identify and map networks of interest
- Conduct Network Discovery and foot-printing techniques
- Identify and enumerate TCP/IP services
- Identify and exploit network vulnerabilities
- Analyze network security areas
- Understand and leverage firewall technologies
- Assess wireless security
Students must be comfortable leveraging Linux terminal tools and interfaces.
| COURSE LESSON | INSTRUCTIONAL LAB |
|---|---|
| Open Source Research | Footprinting |
| Initial Vulnerability Scanning | Initial Vulnerability Scanner Setup |
| Vulnerability Identification | Vulnerability Analysis |
| Basic Exploitation | Initial Exploitation |
| Privilege Escalation | Privilege Escalation |
| Backdoor Implants | Backdoor Implementation |
| Covering Tracks | Covering Tracks |
| System Exploration | Deeper Exploration |
| FINAL CHALLENGE | CVEC Challenge |
EXAM
The CSX Vulnerability and Exploitation Certificate Exam assesses candidates understanding of network and system vulnerability scanning, scanner implementation and usage, vulnerability analysis, exploitation, privilege escalation, backdoor implants, and track obfuscation. The two-hour exam is a real-time, hands-on exam which challenges students to demonstrate their skill set in a live environment. It contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available.
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:
- Scan and enumerate a network
- Conduct a vulnerability scan
- Conduct vulnerability analysis
- Exploit a designated system
- Escalate privileges on a system
- Implement a backdoor
- Cover the tracks of an exploitation
Students must be comfortable leveraging Linux terminal tools and interfaces.
| COURSE LESSON | INSTRUCTIONAL LAB |
|---|---|
| Pivoting and Tunneling SSH Tunneling | SSH Tunnel Implementation Multiple SSH Tunnel Exploitation Implementation |
| Metasploit PortProxy | Metasploit PortProxy Implementation |
| Meterpreter Autoroute Implementation | Autoroute Implementation |
| FINAL CHALLENGE | Network Assessment |
EXAM
The CSX Advanced Exploitation Certificate Exam assesses candidates understanding and implementation of exploiting a compromised system and gaining deeper access to a compromised network through leveraging additional exploits. The two-hour exam is a real-time, hands-on exam which challenges students to demonstrate their skill set in a live environment. It contains no multiple-choice questions or simulations and intentionally restricts access to the internet. Where applicable, man pages and help files are available.
Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:
- Conduct in-depth system and network information gathering techniques
- Identify and map networks of interest
- Conduct Network Discovery and foot-printing techniques
- Identify and enumerate vulnerable TCP/IP services
- Conduct multi-level internal and external exploitations of key systems
- Perform multi-hop exploitations
- Exploit and subvert firewall technologies
- Assess wireless security
Students must be comfortable leveraging Linux terminal tools and interfaces.
| LAB TITLE | LEVEL |
|---|---|
| Chrome Extension Testing Initializing Honeypots Man-in-the-Middle Detection Securing Web Browsers | Intermediate Intermediate Intermediate Intermediate |
| Applying Snort Rules and Classifying Processes Browser Attacks (Advanced) Harvesting DNS and Focusing Web Searches Session Hijacking SQL Injection SQL Injection Challenge Lab | Advanced Advanced Advanced Advanced Advanced Advanced |
The CSX Penetration & Vulnerability Tester training package hones skills in the five NIST domains of cybersecurity: Identify, Protect, Detect, Respond, and Recover.