Certcube Junior pentester training is a real-world certification program for beginners Who wants to understand the Cybersecurity ecosystem. Cybersecurity is a multi-layered domain, For beginners, it’s very much difficult to choose the right domain of cybersecurity as per their interest ,to solve this issue we have designed this Junior Pentester training.
Many of the high-profile businesses need Infosec professionals to scale up the business and defending information technology. Some of the top fortune 500 Companies like Apple, Google, and others are hiring certified ethical hackers to pentest their security measures to help them find loopholes and to make their products more trustworthy. They often offer many funds to anyone who can find a weakness.
The candidate will start learning with the layered approach like the training Starts from the basics of networking, Cybersecurity standards, and global frameworks to understand the working flaw of the cybersecurity teams. We have heavily focused on different areas of Pentesting like Internal Network & External Network Security, Web application critical threats, Cloud Computing & attacks and at the end we have added an special defensive security module to understand the attacks and detecting the attacks in real time.
We will start by building up your basics and take your skills to an intermediate level with this real-world focused approach. Many Case Studies and use- cases will be coverup as per the specific domain in the curriculum.
The end Goal of this training is make individuals comfortable with tools and techniques to perform the Attacks/Defense with an holistic approach.
REAL LIFE CASE STUDIES
INDUSTRY DRIVEN CERTIFICATION
STUDENT LEARNING KIT
- What is Information Security?
- Role of Information Security in Today’s Era
- The ‘AIC’ Triad
- The ‘AAA’
- The DIKW model
- Types of cybersecurity Teams and Responsibilities
- Corporate VAPT Phases
- RoE and Scope of the project Concepts
- Scope and Limitations of Pentester
- Skills measurement of certified professionals
- Understanding basic IT security Terminologies
- Vulnerability Assessment
- What is VA?
- Types of VA
- Vulnerability Scoring Systems
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- VA Reports & Analysis of Reports
- Penetration Testing Terminologies
- Why Penetration Testing is important ?
- Types of Penetration Testing in IT security Industry
- Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
- Concept of Red Teaming ,Blue and Purple Teaming
- Role of AI/ML in Cyber Security
- Information Security Policies
- Information Security Laws & Standards
- Subnetting and NAT networks
- TCP/IP based stack models
- Hands-on lab – Windows OS basics and CLI usage
- Hands-on-lab – Kali Linux Essentials
- Hands-on lab – Pentesting Lab Setup
- Techniques in Social Engineering
- Hands-on lab – Social Engineering Toolkit and Gophish customizations
- Hands on lab – Spear phishing assessment scenarios
- Reconnaissance and OSINT techniques
- What is Reconnaissance?
- Concept of Footprinting
- Footprinting Goal
- Ways to Footprint
- Google Dorks
- Google Hacking Database
- Gathering Information via People Services
- Gathering Information via Job Sites
- Gathering Information via Financial Services, e.g. Google Finances
- Gathering Information via Alerts, e.g., Google Alerts
- Gathering Information via blogs & other public websites
- Gathering Information via Social Media Platforms
- Website Footprinting
- Email Footprinting
- Competitive Intelligence
- WHOIS Footprinting
- DNS Footprinting
- Network Footprinting
- Hands-on Lab – OSINT Framework
- Hands-on Lab – Mapping social security of an enterprise.
- What is Reconnaissance?
- Enumerating various enterprise TCP and UDP services
- Network packet sniffing & customization with Scapy
- Packet analysis with Wireshark
- NMAP enumeration basics
- Different Scanning Techniques in NMAP
- Advance NMAP Scanning Techniques to evade detections
- Port Scanning Countermeasures
- Hands on lab – Enumeration and Scanning of various services in an Lab Environment.
- Hands-on lab – VA Tools for Network Scanning
- Qualys Vulnerability Management
- Nessus Professional
- Retina CS
- Exploitation & Post-Exploitation attacks
- Basics of Command and Control frameworks
- Metasploit and Covenant for pentesters
- Shellcode generation for gaining initial access
- Hands-on lab – Generating the malicious Documents for initial access
- Hands-on labs – Infrastructure pentesting with Metasploit and Covenant framework
- Understanding 802.11 based Networks and Designs
- Attacking Open Wireless Network
- Hands on Lab – Wi-Fi phishing
- Hands-on Lab – WPA/WPA2 Cracking
- Understanding PSK, TKIP, EAP, PEAP
- Hands-on Lab – EvilTwin Attack
- Understating the Bluetooth Low Energy and Protocols
- Hands-on Lab – BLE attacks
- Global Standards/Frameworks
- Introduction to web fuzzing and fuzzing web technologies
- Understanding the web proxies and tools
- Hands-on Lab – Burpsuite – 101
- Hands-on lab – Web Application Scanners
- IBM AppSec Scan
- Open source Tools and Testing Methodologies
- OWASP OWTF
- OWASP ZAP
- Attacking web applications as per OWASP testing guidelines
- Hands-on Lab – Critical web application attacks
- Hands-on Lab – Pentesting CMS frameworks
- Introduction to Cloud Computing
- Cloud Deployment Models
- NIST Cloud Deployment Reference Architecture
- Cloud Computing Benefits
- Separation of Responsibilities in Cloud
- Hands-on Lab – Building Instances and VPC Networks
- Hands-on lab – Building an cloud pentesting lab
- Hands-on Lab – Attacking misconfigured storage units
- Introduction to SOC
- SIEM basics
- Logs and correlation
- Splunk Fundamentals
- Hands on lab – Splunk Deployment
- Network Monitoring
- enterprise event management
- Final Attack – Defense workshop
- Day 1 – Attacking and Investigating Network in Splunk
- Day 2 – Attacking and Investigating Web in Splunk
who should attend this training?
- Absolute Beginners
- Collage Students
- Anyone who willing to learn cyber security
what is duration of this training
The duration of windows security and administration is 50 hours.
How many days classes with be organized in a week ?
The instructor-led sessions are based on 3 days a week with 2 hours of duration.
Weekend Sessions are also available for working professionals.
Can i take a demo before the training ??
yes, you can take a free demo and complimentary assistance for your career with our specialist trainers.
Any prerequisite for Windows security and active automation training ?
The person should familiar with basic windows operations
How to register for this training ?
Please drop your inquiry at [email protected] or call +919999508202 for more assistance .
Can i take training in fast-track mode ?
Yes, we have 7 days of sessions for fast track mode learners.
Whats Next ?
IF you want to upgrade your skills after certified ethical hacker then please Checkout the advanced training modules .
together Let’s Create the future