eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2


Introduction

It’s been a while since we’ve mentioned this course, of course since we mentioned it back in May 2010 – eLearnSecurity – Online Penetration Testing Training – eLearnSecurity has been making continuous improvements to the course-ware and the subject matter.

But now in 2012, it’s time for them to release their major facelift – Penetration Testing Professional Version 2.

eLearnSecurity

The crew over at eLearnSecurity has drastically improved the overall course material, and if you are familiar with the first iteration you can see they’ve put a lot of effort into it.

Whats New With v2

There’s a lot of new stuff 4 hours of new up to date videos, 800 new slides and even completely new modules – with a makeover on all material.

PTP V2

All new material is now based on Backtrack 5 and Metasploit 4.2/4.3 – so you don’t have to worry about learning to use outdated tools and techniques. Some of the changes/additions are below:

  • The first two sections of the course (Network & System Security) have seen the most changes. Whilst the Web Application security section has undergone a content review but has had no new additions in terms of contents.
  • The use and the samples within the course have been updated to match the new features of the most important tools: Metasploit, Maltego, SET, Nmap and others.
  • Many new tools like FOCA, ShodanHQ, ncrack, Immunity Debugger, HPing2 have been added and covered in-depth within the new videos.
  • The slide deck has been completely redone and significant improvements have been made in readability and usability. You will now find immediate access to videos contained in each module and also references for further reading about each topic.
  • Hera Lab is the new virtual lab that our students can access through VPN to practice all the techniques related to system security and network testing.
  • A very detailed and in-depth analysis of Windows authentication protocols such as LM, NTLMv1 and NTLMv2 is provided through videos and real world examples that the student can test against the Hera Lab machines (This is a completely new chapter).

A lot of feedback has been gathered from the students and users of the course-ware and those have been implemented in this new version to enable faster, more efficient learning.

The Course – Details About The New Stuff!

The training course is still divided in three main knowledge domains:

  1. System Security
  2. Network Security
  3. Web Application Security

System Security (& Exploit Development)

This section covers:

  • Module 1: Introduction
  • Module 2: Cryptography and Password Cracking
  • Module 3: Buffer Overflow
  • Module 4: Shellcoding
  • Module 5: Malware
  • Module 6: Rootkit coding

This section included some of the simplest explanations of Exploit development and shell-coding available today, however it has been further improved with more samples, videos and tools that aid in the process of exploitation.

The videos are really clear, move at a good pace and have a very easy to follow voice-over – you can see the video demo running Metasploit on BackTrack 5.

PTP V2

More C++ and ASM basics are covered in the Introductory model and this should lower the entrance barrier for someone without these kinds of skills. The contents in this section are a lot better organized now and much easier to understand in practice thanks to a Virtual Machine pre-built with C++ compilers, Assemblers, Debuggers, Disassemblers and all the samples included throughout the section.

The Virtual Machine is available within Hera Lab and accessible in VPN/RDP. This drastically minimize the time required to the student to configure the environment. The good part is that the student is also taught how to configure the environment on his own machine for use even after the Lab time expires.

Network Security testing

This section covers:

  • Module 1: Information Gathering
  • Module 2: Scanning
  • Module 3: Enumeration
  • Module 4: Sniffing and MITM attacks
  • Module 5: Exploitation
  • Module 6: Post-exploitation
  • Module 7: Anonymity
  • Module 8: Social Engineering

4 out of 8 modules in this section have undergone major changes, the Information Gathering module in v1 had some overlapping information with Information Gathering module in Web Application security so it really required a re-work.

The Information Gathering module has been completely redone from scratch and has been created systematically along side a methodology which will allow you to thoroughly investigate a target organization from a business and technical perspective.

At the end of the module students can practice all the business related investigation techniques against a fictitious company created by eLearnSecurity with an actual web presence and documents available online. This real world exercise and the Information Gathering lab included in Hera Lab, makes this module a very hands on module.

The Port Scanning module now includes techniques to evade IDS’s and Firewalls as well as an in depth study of the Idle Scan technique that most of the times goes unused even by experienced pentesters. The author decided to use HPing2 to first demonstrate the technique at low level and then Nmap.

Exploitation module is now not just an introduction to the use of Metasploit but offers some great coverage of:

  • Low hanging fruits – Weak or non-existent authentication in network services like RDP or SSH
  • Windows Authentication Protocols Weaknesses
  • More advanced Client side and Remote exploitation

The exploitation module also contains a thorough review of the Java Rhino client side exploit with two videos on how to use it against Windows and Linux by modifying SET and mount a fairly complex attack.

But the part that shines the most in v2 of this training course is the Post Exploitation module that provides a clear cyclic process in 4 steps to escalate privileges, maintain access, harvest internal documents or credentials and exploit and infiltrate further internal networks through pivoting.

The depth of the information in section and the logical flow with which it has been assembled shows the stark difference between free stuff you can find online and a course you need to pay for.

Conclusion

It’s a great update to an already very strong course, I honestly can’t wait to see where they take it next. I want to clear some time to check out Hera Lab properly and get a hands on feel of what they are doing with that.

Remember if you are looking for something more basic/entry level – there is also the Penetration Testing – Student Course/Training by eLearnSecurity.

eLearnSecurity crew has confirmed to me that they are going to add new labs and scenarios every month to cover new parts of the training material and new tools that will be released in the future.

The feedback they’ve gotten on the first version is testament enough, over 2,000 professionals from 81 different countries worldwide have taken the first version of the training course.

Total price of the Penetration Testing Professional Training v2 + eCPPT Certification Exam + 30 days access or 30 hours usage time of Hera Lab is $699.

Find out more here: http://www.elearnsecurity.com/

Posted in: Advertorial, Hacking News

, , , , , , , , , , , , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


5 Responses to eLearnSecurity Launches Newly Updated & Refreshed Penetration Testing Professional Training v2

  1. Hannibal March 22, 2012 at 2:37 pm #

    Hello!

    Do you know by chance if the Student – Beginner Course is also something that’s worth taking? Up to date and things like that? So like, I won’t have to work with tools that were built in 1800 or something. :D

    Thank you very much!!

    • Darknet March 26, 2012 at 7:23 am #

      As far as I know it’s well updated and a very good introduction to pen testing. I’ll check with the guys from eLearnSecurity though and get them to verify.

      • Hannibal March 26, 2012 at 8:53 am #

        Thank you very much man! I’m trying to get my boss to finance it. But even if he is not going to be… I will buy it if you give me the go. :)

        Thanks!!!

  2. Armando March 26, 2012 at 12:01 pm #

    Hello,
    Armando from eLearnSecurity here.
    The Student course is not from 1800 :)
    It’s from 2011 so it is pretty much up to date although not as much as Professional that was launched few days ago.

    You can take a demo module that will show you how it is structured and a sample of its contents.

    Let me know if you need more clarifications.

    • Hannibal March 26, 2012 at 2:26 pm #

      Hello Armando!

      Thanks very much mate!! :)

      I’m going to try and convince my boss first. :D

      If that fails, I’m going to buy it. I want to extend my reach and my testing capabilities. Right now I’m a Software Engineer in Test. But I want to be a Pen tester too. :) This will help me get started a LOT!

      Thanks again for the answer. I’ll be back for more :)