Training & Certifications

FCPT (Foresec Certified Penetration Tester)

This program provides participants with knowledge and skills that are essential for carrying out penetration tester responsibilities in their organization.

Program Objectives

At the end of the program, the participants will be able to :

  1. Conduct a thorough security testing through FORESEC proven methodology
  2. Analyse security loophole in operating systems , application and network environment
  3. Conduct a black box , white box and grey box test

Target Audience

Network Administrator, Systems Administrator, Network Engineer, Systems Engineer.

Duration

This program is 5 days of intensive training class.

Requirement

Participants are required to have knowledge of Fundamental ICT, Networking Essentials, Computer Networking Technology or related subjects.

Assessment

At the end of the program, the participants will be assessed with Foresec Certified Penetration Tester Exam.

Award

Foresec Certified Penetration Tester Certification will be awarded upon successfully passing the exam from Foresec, through an independent online exam engine, PXmatics.

Program Modules

Module 1 : Introduction to Penetration Testing
  1. Business and Technical Requirement for Penetration Testing
  2. Linux Basic Understanding
  3. Introducing Kali Linux Penetration Testing Distro
  4. Legal and Privacy Issues

Module 2 : Information Gathering VS Intelligence Gathering
  1. Information Gathering Passively
  2. Active Information Gathering with using Social Media
  3. Mapping Corporate Network and Hosts
  4. Detecting Domain Information

Module 3 : Service Information Gathering
  1. Port Scanning Basics
  2. Enumerating Services and version detection
  3. Understanding Service Versions and Vulnerabilities
  4. Fingerprinting System Services

Module 4 : Identification of Vulnerabilities
  1. Open Source VS Commercial Vulnerability Assessment Tool
  2. Advanced Nessus Usage
  3. Vulnerability Detection using Nmap and other open source tool
  4. Vulnerability Testing and Confirmation

Module 5 : Exploiting Network Devices
  1. Exploiting Routers using SNMP
  2. Exploiting Switches and Traffic Diddling
  3. SNMP Service and OID Vulnerability
  4. GRE Tunnel Exploits
  5. Router and Switches Password Cracking Methods
  6. Sniffing Router Traffic

Module 6 : Exploiting Windows Services
  1. Windows Client Side Exploits
  2. Internet Explorer Common Exploits
  3. Windows Client Side Java Exploits
  4. Windows File Sharing Protocol Exploits
  5. Malicious USB Attacks and Reverse Shell Attacks

Module 7 : Exploiting Linux/Unix Services
  1. Local Exploit Vulnerabilities
  2. File Permission and Environment Exploits
  3. Understanding Buffer Overflow Concepts
  4. Local Root Exploit vs Remote Root Exploits
  5. Exploiting Samba / NFS / CIFS services
  6. Common SSH Attacks

Module 8 : Exploiting Application Vulnerabilities
  1. Enumerating Applications ( Php / Asp / JSP )
  2. Enumerating Database Vulnerabilities ( Local and Remote Enumeration )
  3. Exploiting ( Php / Asp/ JSP ) Application
  4. Common Exploit Framework

Module 9 : Man in the Middle Attacks
  1. Setting up Phishing Attack Servers
  2. Traffic Redirection and Traffic Manipulation
  3. SSL Man in The Middle Attacks
  4. Spoofing Attacks
  5. Injecting Protocols

Module 10 : Writing Your Own Exploit
  1. Assembler Language at Glance
  2. Introduction to Fuzzing and Egg hunting
  3. Building your own Exploit from Scratch ( win32/64 & x86/x686 )
  4. ShellCode and Python Programming
  5. Testing and Improving Exploits
Scroll to Top