PTBC: Ultimate PenTest Bootcamp

Curriculum

Ultimate PenTest Boot Camp 

Duration: 5 days

About the Course

The boot camp offers a deep dive into ethical hacking. This 5-day intensive boot camp is not just about theory — it’s about hands-on examples of penetration testing, the methodologies needed to perform them, and the cutting-edge tools required to get the job done.

This training is comprised of the following courses designed to prepare for you to earn security certifications.

  • CSP – Certified Security Principles
  • CPEH – Certified Professional Ethical Hacker 
  • CPTE – Certified Penetration Testing Engineer 
  • CPTC – Certified Penetration Testing Consultant 

Audience Profile

  • Pen Testers
  • Ethical Hackers
  • Network Auditors
  • Cybersecurity Professionals
  • Vulnerability Assessors
  • Cybersecurity Managers / Administrators
  • IS Security Officers / Managers

What’s included?

  • Authorized Courseware
  • Intensive Hands on Skills Development with an Experienced Subject Matter Expert
  • Hands-on practice on real Servers and extended lab support 1.800.482.3172
  • Examination Vouchers & Onsite Certification Testing- (excluding Adobe and PMP Boot Camps)
  • Academy Code of Honor: Test Pass Guarantee
  • Optional: Package for Hotel Accommodations, Lunch and Transportation

With several convenient training delivery methods offered, The Academy makes getting the training you need easy. Whether you prefer to learn in a classroom or an online live learning virtual environment, training videos hosted online, and private group classes hosted at your site. We offer expert instruction to individuals, government agencies, non-profits, and corporations. Our live classes, on-sites, and online training videos all feature certified instructors who teach a detailed curriculum and share their expertise and insights with trainees. No matter how you prefer to receive the training, you can count on The Academy for an engaging and effective learning experience.

Methods

  • Instructor-Led (the best training format we offer)
  • Live Online Classroom – Online Instructor-Led
  • Self-Paced Video

Speak to an Admissions Representative for complete details

StartFinishPublic PricePublic Enroll Private PricePrivate Enroll
12/25/202312/29/2023
1/15/20241/19/2024
2/5/20242/9/2024
2/26/20243/1/2024
3/18/20243/22/2024
4/8/20244/12/2024
4/29/20245/3/2024
5/20/20245/24/2024
6/10/20246/14/2024
7/1/20247/5/2024
7/22/20247/26/2024
8/12/20248/16/2024
9/2/20249/6/2024
9/23/20249/27/2024
10/14/202410/18/2024
11/4/202411/8/2024
11/25/202411/29/2024
12/16/202412/20/2024
1/6/20251/10/2025

Curriculum

CSP – Certified Security Principles Outline:

 Module 1 – Introduction to IT Security

  • Understanding Security
  • Responsibilities
  • Building a Security Program
  • CIA Triad
  • Governance, Risk, Compliance
  • State of Security Today

Module 2 – Risk Management

  • Risk Management
  • Risk Assessment
  • Types of Risk, Threats and Vulnerabilities
  • Mitigating Attacks
  • Discovering Vulnerabilities and Threats
  • Responding to Risk

Module 3 – Understanding of Cryptography

  • Understanding Cryptography
  • Symmetric Encryption
  • Asymmetric Encryption
  • Hashing
  • PKI
  • Cryptography in Use

Module 4 – Understanding Identity and Access Management

  • Identity Management
  • Authentication Techniques
  • Single Sign-on
  • Access Control Monitoring

Module 5 – Managing Data Security

  • Virtualization Principles
  • Key Components Mapped to Cloud Layer
  • Key Security Concerns
  • Other Technologies Used in the Cloud
  • The Layers
  • Relevant CCM Controls

Module 6 – Data Security

  • Different Types of Storage
  • Encryption Options
  • Data Management

Module 7 – Managing Server/Host Security

  • The Operating Systems
  • Hardening the OS
  • Physical security
  • Virtualization and Cloud Technologies

Module 8 – Application Security for Non-Developers

  • Application Security Principle
  • Software Development Life Cycle
  • OWASP Top 10
  • Hardening Web Applications
  • Patch/Update/Configuration Management

Module 9 – Understanding Mobile Device Security (IoT)

  • What Devices are we talking about?
  • What is the risk?
  • Hardening Mobile/IoT Devices
  • Corporate Management

Module 10 – Managing Day to Day Security

  • Company Responsibilities
  • Product Management
  • Business Continuity Basics
  • Incident Response
  • Why Train?

Module 11 – Understating Compliance and Auditing

  • Benefits of Compliance
  • Assurance Frameworks
  • What is Auditing

CPEH – Certified Professional Ethical Hacker Outline:

Lesson 1: Security Fundamentals

Lesson 2: Access Controls

Lesson 3: Protocols

Lesson 4: Cryptography

Lesson 5: Why Vulnerability Assessments

Lesson 6: Vulnerability Tools of the Trade

Lesson 7: Output Analysis and Reports

Lesson 8: Reconnaissance, Enumeration & Scanning

Lesson 9: Gaining Access

Lesson 10: Maintaining Access

Lesson 11: Covering Tracks

Lesson 12: Malware

Lesson 13: Buffer Overflows

Lesson 14: Password Cracking

 

CPTE – Certified Penetration Testing Engineer Outline

Lesson 1: Business & Technical Logistics of Pen Testing

Lesson 2: Linux Fundamentals

Lesson 3: Information Gathering

Lesson 4: Detecting Live Systems

Lesson 5: Enumeration

Lesson 6: Vulnerability Assessments

Lesson 7: Malware Goes Undercover

Lesson 8: Windows hacking

Lesson 9: Hacking UNIX/Linux

Lesson 10: Advanced Exploitation Techniques

Lesson 11: Pen Testing Wireless Networks

Lesson 12: Networks, Sniffing, and IDS

Lesson 13: Injecting the Database

Lesson 14: Attacking Web Technologies

Lesson 15: Project Documentation

Lesson 16: Securing Windows s/ Powershell

Lesson 17: Pen Testing w/Powershell

 

CPTC – Certified Penetration Testing Consultant Outline

Module 1 – Pentesting Team Formation

  • Section 1 – Project Management
  • Section 2 – Pentesting Metrics
  • Section 3 – Team Roles, Responsibilities and Benefits
  • Lab Exercise – Skills Assessment

Module 2 – NMAP Automation

  • Section 1– NMAP Basics
  • Section 2 – NMAP Automation
  • Section 3 – NMAP Report Documentation
  • Lab Exercise – Automation Breakdown

Module 3 – Exploitation Process

  • Section 1 – Purpose
  • Section 2 – Countermeasures
  • Section 3 – Evasion
  • Section 4 – Precision Strike
  • Section 5 – Customized Exploitation
  • Section 6 – Tailored Exploits
  • Section 7 – Zero Day Angle
  • Section 8 – Example Avenues of Attack
  • Section 9 – Overall Objective of Exploitation

Module 4 – Fuzzing with Spike

  • Section 1 – Vulnserver
  • Section 2 – Spike Fuzzing Setup
  • Section 3 – Fuzzing a TCP Application
  • Section 4 – Custom Fuzzing Script
  • Lab Exercise – Fuzzing with Spike

Module 5 – Simple Buffer Overflow

  • Section 1 – Exploit-DB
  • Section 2 – Immunity Debugger
  • Section 3 – Python
  • Section 4 – Shellcode
  • Lab Exercise – Let’s Crash and Callback

Module 6 – Stack Based Windows Buffer Overflow

  • Section 1 – Debugger
  • Section 2 – Vulnerability Research
  • Section 3 – Control EIP, Control the Crash
  • Section 4 – JMP ESP Instruction
  • Section 5 – Finding the Offset
  • Section 6 – Code Execution and Shellcode
  • Section 7 – Does the Exploit Work?
  • Lab Exercise – MiniShare for the Win

Module 7 – Web Application Security and Exploitation

  • Section 1 – Web Applications
  • Section 2 – OWASP Top 10 – 2017
  • Section 3 – Zap
  • Section 4 – Scapy

Module 8 – Linux Stack Smashing

  • Section 1 – Exploiting the Stack on Linux
  • Lab Exercise – Stack Overflow. Did we get root?

Module 9 – Linux Address Space Layout Randomization

  • Section 1 – Stack Smashing to the Extreme
  • Lab Exercise – Defeat Me and Lookout ASLR
  • Section 1 – Introduction to Windows Exploit Protection
  • Section 2 – Structured Exception Handling
  • Section 3 – Data Execution Prevention (DEP)
  • Section 4 – SafeSEH/SEHOP

Module 11 – Getting Around SEH and ASLR (Windows)

  • Section 1 – Vulnerable Server Setup
  • Section 2 – Time to Test it Out
  • Section 3 – “Vulnserver” meets Immunity
  • Section 4 – VulnServer Demo
  • Lab Exercise – Time to overwrite SEH and ASLR

Module 12 – Penetration Testing Report Writing

  • Section 1 – Reporting