CERTIFIED PENETRATION TESTER

What is Penetration testing?

A penetration test is a test evaluating the strengths of all security

controls on the computer system. Penetration tests evaluate
procedural and operational controls as well as technological
controls.

The CPT is a security credential that focuses on core Penetration

Testing concepts and skills. The CPT course provides you with a
real-world hands-on penetration testing experience and is a
nationally accepted hacking and penetration testing class available
that covers the testing of modern infrastructures, operating
systems, and application environments while training the students
on how to document and write a penetration testing report.
.
Certified Penetration Testing Journey
 Module 1
Networks and Cybersecurity Essentials
 Module 2

Linux for Hackers

 Module 3

Anonymity and VPN

 Module 4

Open Source Intelligence

 Module 5

Art of Scanning and Protocol Enumerations

 Module 6

Vulnerability Assessment
 Module 7

Password Cracking
 Module 8

System Hacking and Post Exploitations

 Module 9

Deep Packet Inspection and Active Sniffing

.

 Module 10
IDS, IPS and Firewall Evasions
 Module 11
Malware and Metasploit
 Module 12
Denial of Service Attacks and Defences
 Module 13
Social Engineering Attacks
 Module 14
Web Application Penetration Testing
 Module 15
Buffer Overflow attacks
 Module 16
Wireless Penetration Testing
 Module 17
Penetration Testing Standards and Methodologies
 Module 18
Penetration Testing Project
Penetration Testing Viewpoints
 External vs. Internal
 Penetration Testing can be performed from the
viewpoint of an external attacker or a
malicious employee.
 Overt vs. Covert

Penetration Testing can be performed with or without

the knowledge of the IT department of the company
being tested.
Phases of Penetration Testing
Reconnaissance and Information Gathering
To discover as much information about a target (individual or
organization) as possible without actually making network
contact with said target.

Methods:

 Organization info discovery via WHOIS

 Google search
 Website browsing
Network Enumeration and Scanning
To discover existing networks owned by a target as well
as live hosts and services running on those hosts.

Methods:
 Scanning programs that identify live hosts, open ports,
services, and other info (Nmap, autoscan)
  DNS Querying
 Route analysis (traceroute)
Vulnerability Testing and Exploitation
To check hosts for known vulnerabilities and to see if they are
exploitable, as well as to assess the potential severity of said
vulnerabilities. 

Methods:
 Remote vulnerability scanning (Nessus, OpenVAS)
 Active exploitation testing

* Login checking and bruteforcing

o * Vulnerability exploitation (Metasploit, Core Impact)
o * 0day and exploit discovery (Fuzzing, program analysis)
o * Post exploitation techniques to assess severity
(permission levels, backdoors, rootkits, etc)
Reporting

To organize and document information found during the

reconnaissance, network scanning, and vulnerability
testing phases of a pentest. 

Methods:
 Documentation tools (Dradis)
o *Organizes information by hosts, services,
identified hazards and risks, recommendations to
fix problems
What Will You Learn in CPT ?
 Understanding the essentials of computer networks and
architecture
 Leveraging Linux for ethical hacking practices
 Understanding privacy and anonymity
 Understanding Open Source Intelligence (OSINT)
 Advanced protocol enumerations and scanning
 Identifying and assessing vulnerabilities
 Cracking passwords and secure access
 Hacking organizational systems, networks, and applications
 Evaluating post-exploitations
 Inspecting packets precisely
 Performing active sniffing attacks
Who needs Penetration Testing?
 Banks/Financial Institutions, Government Organizations,
Online Vendors, or any organization processing and
storing private information 
 Most certifications require or recommend that
penetration tests be performed on a regular basis to ensure
the security of the system. 
 PCI Data Security Standard's Section 11.3 requires
organizations to  perform application and penetration tests
at least once a year.
 HIPAA Security Rule's section 8 of the Administrative
Safeguards requires security process audits,
periodic vulnerability analysis and penetration testing.
.

THANKYOU
THANK YOU