Description

This training prepares you for the PECB Lead Ethical Hacker certification.

You acquire the knowledge and skills necessary to plan and carry out internal and external pentests, in compliance with different standards (PTES, OSSTMM) as well as the drafting of reports and countermeasure proposals.

Who is this training for ?

For whom ?

Managers, security architects.

System and network technicians and administrators.

Prerequisites

Training objectives

Understand and know the repositories linked to pentest

Become familiar with the monitoring tools and sources

Know how to carry out a vulnerability analysis on a Linux and Windows system

Understand the exploitation and post-exploitation of different environments

Prepare and pass the PECB “CLEH, Certified Lead Ethical Hacker” certification exam

Training program

• Introduction
  • - Panorama and highlights (WannaCry, NotPetya, Facebook)
  • - Security components (CID)
  • - Pentest types and repositories: BlackBox / GreyBox / White / RedBlue Team - PTES , OSSTM (OWASP)
  • - The attacker cycle
  • - The toolkit and environment: Kali (Kali site and system ), study of the environment, conservation of results (Use of keepnote or equivalent)
• Intelligence Gathering
  • - The principles of Internet/Passive research (OSINT): case example
  • - Organizational research: physics, logic, organization, electronics, infrastructure research, finance
  • - Research on the employee: social network, presence on the internet
  • - External recognition: passive recognition (DNS and BGP search), active recognition (service scan, version scan, OS scan, Advanced service search, AXFR, SMTP, DNS_BF etc...)
  • - Internal recognition: enumeration of the current network (ARP/ICMP), internal focus
• Vulnerability modeling and analysis
  • - Study and understanding of CVEs: types (Remote, Local, Web)
  • - Examination and review of manual vulnerabilities: NMAP → CVE DETAILS
  • - Examination and review of automatic vulnerabilities: Nessus, Openvas, NSE
  • - Assessment and mapping
• Exploitation

  - n'as pas encore du programme

• Post - Exploitation
  • - Privilege escalation: Windows (Linux)
  • - Persistence / Backdoor: setting up backdoors under Windows and Linux, Cron, Scheduled Task
  • - Pivoting and bouncing
  • - Data exfiltration
• Preparing for and passing the PECB Certified Lead Ethical Hacker certification exam
  • - Revision of concepts for certification
  • - Mock exam
  • - It is necessary to sign the PECB code of ethics in order to obtain certification
  • - In case of failure, candidates benefit from a second chance to take the exam within 12 months following the first attempt
  • - The exam covers the following areas of competence: Area 1: Fundamental principles and concepts of ethical hacking - Domain 2: Attack mechanisms - Domain 3: Penetration testing principles and frameworks - Domain 4: Plan and conduct penetration tests using various tools and techniques - Domain 5: Writing of penetration testing reports
  • - The exam consists of two parts. The first part is a paper-based exam, which consists of essay-type questions. The second part is more technical, in which the candidate. will be required to carry out computer penetration testing exercises and write an analysis report
  • - Participants are allowed to use their personal notes during the paper exam and during the practical part of the exam