CPT Engineer: Penetration Vulnerabilities Uncovered

Session 1

Section A: Vulnerability Assessments

 •  Network Service Vulnerabilities
 •  Network Hardware Vulnerabilities
 •  When to Apply Vulnerability Assessments
 •  Vulnerability Assessment Tools
 •  Security Alerts
 •  Secunia
 •  National Vulnerability Database
 •  Vulnerability Scanners

Section B: VA Tools and Results

 •  Nessus
 •  SAINT
 •  Retina
 •  QualysGuard
 •  GFI LANguard
 •  Tool Comparisons
 •  Microsoft Security Assessment Tool
 •  Penetration vs. Vulnerability
 •  Patch Management

Section C: Vulnerability Assessments at Work

 •  Using Nessus
 •  Nessus 4
 •  Adding Networks/Policies
 •  Nessus Options
 •  Credentials
 •  Plugin Selection
 •  Network/Advanced
 •  Scans/Results
 •  Results Continued
 •  Other Reporting Templates/Files
 •  Exporting Reports
 •  SAINT Functions
 •  Sessions
 •  Scanning
 •  Data: Report/Analysis
 •  Produce Full Report
 •  SAINT Options
 •  GFI LANguard Basics
 •  Deploying Updates
 •  NULL Session

Section D: Malware and Its Many Uses

 •  Malware Distribution
 •  Malware Capabilities
 •  Auto Starting Malware
 •  Countermeasures
 •  HijackThis
 •  Netcat
 •  Generic Hash Demo
 •  Netcat as a Listener
 •  Netcat Demo

Section E: Historical Look at Malware

 •  Executable Wrappers
 •  eLiTeWrap
 •  Verify the Wrap
 •  Zenmap Scan
 •  Troubleshooting
 •  Fport
 •  Delivery Examples
 •  Restorator
 •  ExeIcon
 •  Infectious CD-ROM
 •  Trojan Horses
 •  Advanced Trojan Horses
 •  BPMTK

Section F: Malware Countermeasures

 •  Countermeasure Tools
 •  Gargoyle Investigator
 •  Spy Sweeper
 •  Port Monitoring Software
 •  File Protection Software
 •  Windows Software Restriction Policies
 •  Company Surveillance Software
 •  Hardware-Based Detectors
 •  User Education

Section G: Malware in Pen. Testing

 •  Pivot an Attack
 •  Additional Netcat Uses
 •  Banner Grabbing
 •  DCOM Exploit
 •  Uploading a File
 •  Testing the Connection
 •  Transferring Files via Netcat
 •  Verifying the Transfer