eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

Outsmart Malicious Hackers


Introduction

It’s been a while since we’ve mentioned this course, of course since we mentioned it back in May 2010 – eLearnSecurity – Online Penetration Testing Training – eLearnSecurity has been making continuous improvements to the course-ware and the subject matter.

But now in 2012, it’s time for them to release their major facelift – Penetration Testing Professional Version 2.

eLearnSecurity

The crew over at eLearnSecurity has drastically improved the overall course material, and if you are familiar with the first iteration you can see they’ve put a lot of effort into it.

Whats New With v2

There’s a lot of new stuff 4 hours of new up to date videos, 800 new slides and even completely new modules – with a makeover on all material.

PTP V2

All new material is now based on Backtrack 5 and Metasploit 4.2/4.3 – so you don’t have to worry about learning to use outdated tools and techniques. Some of the changes/additions are below:

  • The first two sections of the course (Network & System Security) have seen the most changes. Whilst the Web Application security section has undergone a content review but has had no new additions in terms of contents.
  • The use and the samples within the course have been updated to match the new features of the most important tools: Metasploit, Maltego, SET, Nmap and others.
  • Many new tools like FOCA, ShodanHQ, ncrack, Immunity Debugger, HPing2 have been added and covered in-depth within the new videos.
  • The slide deck has been completely redone and significant improvements have been made in readability and usability. You will now find immediate access to videos contained in each module and also references for further reading about each topic.
  • Hera Lab is the new virtual lab that our students can access through VPN to practice all the techniques related to system security and network testing.
  • A very detailed and in-depth analysis of Windows authentication protocols such as LM, NTLMv1 and NTLMv2 is provided through videos and real world examples that the student can test against the Hera Lab machines (This is a completely new chapter).

A lot of feedback has been gathered from the students and users of the course-ware and those have been implemented in this new version to enable faster, more efficient learning.

The Course – Details About The New Stuff!

The training course is still divided in three main knowledge domains:

  1. System Security
  2. Network Security
  3. Web Application Security

System Security (& Exploit Development)

This section covers:

  • Module 1: Introduction
  • Module 2: Cryptography and Password Cracking
  • Module 3: Buffer Overflow
  • Module 4: Shellcoding
  • Module 5: Malware
  • Module 6: Rootkit coding

This section included some of the simplest explanations of Exploit development and shell-coding available today, however it has been further improved with more samples, videos and tools that aid in the process of exploitation.

The videos are really clear, move at a good pace and have a very easy to follow voice-over – you can see the video demo running Metasploit on BackTrack 5.

PTP V2

More C++ and ASM basics are covered in the Introductory model and this should lower the entrance barrier for someone without these kinds of skills. The contents in this section are a lot better organized now and much easier to understand in practice thanks to a Virtual Machine pre-built with C++ compilers, Assemblers, Debuggers, Disassemblers and all the samples included throughout the section.

The Virtual Machine is available within Hera Lab and accessible in VPN/RDP. This drastically minimize the time required to the student to configure the environment. The good part is that the student is also taught how to configure the environment on his own machine for use even after the Lab time expires.

Network Security testing

This section covers:

  • Module 1: Information Gathering
  • Module 2: Scanning
  • Module 3: Enumeration
  • Module 4: Sniffing and MITM attacks
  • Module 5: Exploitation
  • Module 6: Post-exploitation
  • Module 7: Anonymity
  • Module 8: Social Engineering

4 out of 8 modules in this section have undergone major changes, the Information Gathering module in v1 had some overlapping information with Information Gathering module in Web Application security so it really required a re-work.

The Information Gathering module has been completely redone from scratch and has been created systematically along side a methodology which will allow you to thoroughly investigate a target organization from a business and technical perspective.

At the end of the module students can practice all the business related investigation techniques against a fictitious company created by eLearnSecurity with an actual web presence and documents available online. This real world exercise and the Information Gathering lab included in Hera Lab, makes this module a very hands on module.

The Port Scanning module now includes techniques to evade IDS’s and Firewalls as well as an in depth study of the Idle Scan technique that most of the times goes unused even by experienced pentesters. The author decided to use HPing2 to first demonstrate the technique at low level and then Nmap.

Exploitation module is now not just an introduction to the use of Metasploit but offers some great coverage of:

  • Low hanging fruits – Weak or non-existent authentication in network services like RDP or SSH
  • Windows Authentication Protocols Weaknesses
  • More advanced Client side and Remote exploitation

The exploitation module also contains a thorough review of the Java Rhino client side exploit with two videos on how to use it against Windows and Linux by modifying SET and mount a fairly complex attack.

But the part that shines the most in v2 of this training course is the Post Exploitation module that provides a clear cyclic process in 4 steps to escalate privileges, maintain access, harvest internal documents or credentials and exploit and infiltrate further internal networks through pivoting.

The depth of the information in section and the logical flow with which it has been assembled shows the stark difference between free stuff you can find online and a course you need to pay for.

Conclusion

It’s a great update to an already very strong course, I honestly can’t wait to see where they take it next. I want to clear some time to check out Hera Lab properly and get a hands on feel of what they are doing with that.

Remember if you are looking for something more basic/entry level – there is also the Penetration Testing – Student Course/Training by eLearnSecurity.

eLearnSecurity crew has confirmed to me that they are going to add new labs and scenarios every month to cover new parts of the training material and new tools that will be released in the future.

The feedback they’ve gotten on the first version is testament enough, over 2,000 professionals from 81 different countries worldwide have taken the first version of the training course.

Total price of the Penetration Testing Professional Training v2 + eCPPT Certification Exam + 30 days access or 30 hours usage time of Hera Lab is $699.

Find out more here: http://www.elearnsecurity.com/

Posted in: Advertorial, Hacking News

, , , , , , , , , , , , , ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


5 Responses to eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

  1. Hannibal March 22, 2012 at 2:37 pm #

    Hello!

    Do you know by chance if the Student – Beginner Course is also something that’s worth taking? Up to date and things like that? So like, I won’t have to work with tools that were built in 1800 or something. :D

    Thank you very much!!

    • Darknet March 26, 2012 at 7:23 am #

      As far as I know it’s well updated and a very good introduction to pen testing. I’ll check with the guys from eLearnSecurity though and get them to verify.

      • Hannibal March 26, 2012 at 8:53 am #

        Thank you very much man! I’m trying to get my boss to finance it. But even if he is not going to be… I will buy it if you give me the go. :)

        Thanks!!!

  2. Armando March 26, 2012 at 12:01 pm #

    Hello,
    Armando from eLearnSecurity here.
    The Student course is not from 1800 :)
    It’s from 2011 so it is pretty much up to date although not as much as Professional that was launched few days ago.

    You can take a demo module that will show you how it is structured and a sample of its contents.

    Let me know if you need more clarifications.

    • Hannibal March 26, 2012 at 2:26 pm #

      Hello Armando!

      Thanks very much mate!! :)

      I’m going to try and convince my boss first. :D

      If that fails, I’m going to buy it. I want to extend my reach and my testing capabilities. Right now I’m a Software Engineer in Test. But I want to be a Pen tester too. :) This will help me get started a LOT!

      Thanks again for the answer. I’ll be back for more :)