ML0-320 Exam Information and Guideline
Certified Penetration Testing Professional (CPTE) - 2024
Below are complete topics detail with latest syllabus and course outline, that will help you good knowledge about exam objectives and topics that you have to prepare. These contents are covered in questions and answers pool of exam.
Based on techniques professional pentesters use Covers everything a modern Pentester needs to know Network Pentesting,Web Application Pentesting,Wifi Pentesting,System Security Section Architecture fundamentals, Buffer overflow and Shellcoding Covers both Windows and Linux exploitation Post-Exploitation and Pillaging methodology Includes Ruby & PowerShell for Pentesters sections Learn how to create your own Metasploit modules Learn how to leverage the PowerShell Empire toolkit Includes a professional guide on Pentest Reporting Extremely Hands-on with dozens of labs and exercises Obtaining the eCPPTv2 certification qualifies you for 40 CPE
Section: System Security
Module 1 : Architecture Fundamentals
Module 2 : Assemblers, Debuggers and Tools Arsenal
Module 3 : Buffer Overflow
Module 4 : Shellcoding
Module 5 : Cryptography and Password Cracking
Module 6 : Malware
Section: Network Security
Module 1 : Information Gathering
Module 2 : Scanning
Module 3 : Enumeration
Module 4 : Sniffing & MITM
Module 5 : Vulnerability Assessment & Exploitation
Module 6 : Post Exploitation
Module 7 : Anonymity
Module 8 : Social Engineering
Section: PowerShell for Pentesters
Module 1 : Introduction
Module 2 : PowerShell Fundamentals
Module 3 : Offensive PowerShell
Section: Linux Exploitation
Module 1 : Introduction
Module 2 : Information Gathering
Module 3 : Exploitation Over the Network
Module 4 : Post Exploitation
Section: Web Application Security
Module 1 : Introduction
Module 2 : Information Gathering
Module 3 : Cross site scripting
Module 4 : SQL Injection
Module 5 : Other Common Web Attacks
Section: WiFi Security
Module 1 : Prerequisites
Module 2 : Environment setup
Module 3 : Wireless Standards and Networks
Module 4 : Discover Wi-Fi Networks
Module 5 : Traffic Analysis
Module 6 : Attacking Wi-Fi Networks
Module 7 : Wi-Fi as an attack vector
Section: Ruby for Pentesters and Metasploit
Module 1 : Ruby Basic: Installation and Fundamentals
Module 2 : Ruby Basic: Control structures
Module 3 : Ruby Basic: Methods, Variables and Scope
Module 4 : Ruby Advanced: Classes, Modules and Exceptions
Module 5 : Ruby Advanced: Pentester prerequisites
Module 6 : Ruby for Pentesters: Input / Output
Module 7 : Ruby for Pentesters: Network and OS interaction
Module 8 : Ruby for Pentesters: The Web
Module 9 : Ruby for Pentesters: Exploitation with Ruby
Module 10 : Ruby for Pentesters: Metasploit
The vendor-neutral Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of Penetration Testing Consultants.
The C)PTE presents information based on the 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation, and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.
The vendor neutral Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of Penetration Testing consultants.
The C)PTE presents information based on the 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.
This course also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls to reduce risk associated to working with the internet. The student will be using the latest tools, such as Saint, Metasploit through Kali Linux and Microsoft PowerShell.
Mile2 goes far beyond simply teaching you to “Hack”. The C)PTE was developed around principles and behaviors used to combat malicious hackers and focuses on professional penetration testing rather than “ethical hacking”.
Besides utilizing ethical hacking methodologies, the student should be prepared to learn penetration testing methodologies using advanced persistent threat techniques. In this course, you will go through a complete penetration test from A-Z! Youll learn to create your own assessment report and apply your knowledge immediately in the work force.
With this in mind, the CPTE certification course is a complete up-grade to the EC-Council CEH! The C)PTE exam is taken any time/anywhere on-line through mile2s MACS system, making the exam experience easy and mobile. Student does not need to take the C)PTE course to attempt the C)PTE exam.
Module 0: Course Introduction
Module 1: Business & Technical Logistics of Pen Testing
Module 2: Information Gathering Reconnaissance- Passive (External Only)
Module 3: Detecting Live Systems – Reconnaissance (Active)
Module 4: Banner Grabbing and Enumeration
Module 5: Automated Vulnerability Assessment
Module 6: Hacking Operating Systems
Module 7: Advanced Assessment and Exploitation Techniques
Module 8: Evasion Techniques
Module 9: Hacking with PowerShell
Module 10: Networks and Sniffing
Module 11: Accessing and Hacking Web Techniques
Module 12: Mobile and IoT Hacking
Module 13: Report Writing Basics
Appendix: Linux Fundamentals
Lab 1 – Introduction to Pen Testing Setup
Section 1 – Recording IPs and Logging into the VMs
Section 2 – Research
Lab 2 – Linux Fundamentals
Section 1 – Command Line Tips & Tricks
Section 2 - Linux Networking for Beginners
Section 3 – Using FTP during a pentest
Lab 3 – Using tools for reporting
Section 1 – Setting up and using magictree
Lab 4 – Information Gathering
Section 1 – Google Queries
Section 2 – Searching Pastebin
Section 3 – Maltego
Section 4 – People Search Using the Spokeo Online Tool
Section 5 – Recon with Firefox
Section 6 – Documentation
Lab 5 – Detecting Live Systems - Scanning Techniques
Section 1 – Finding a target using Ping utility
Section 2 – Footprinting a Target Using nslookup Tool
Section 3 – Scanning a Target Using nmap Tools
Section 4 – Scanning a Target Using Zenmap Tools
Section 5 – Scanning a Target Using hping3 Utility
Section 6 – Make use of the telnet utility to perform banner grabbing
Section 7 – Documentation
Lab 6 – Enumeration
Section 1 – OS Detection with Zenmap
Section 2 – Enumerating a local system with Hyena
Section 3 – Enumerating services with nmap
Section 4 – DNS Zone Transfer
Section 5 – LDAP Enumeration
Lab 7 – Vulnerability Assessments
Section 1 – Vulnerability Assessment with SAINT
Section 2 – Vulnerability Assessment with OpenVAS
Lab 8 – Software Goes Undercover
Section 1 – Creating a Virus
Lab 9 – System Hacking – Windows Hacking
Section 1 – System Monitoring and Surveillance
Section 2 – Hiding Files using NTFS Streams
Section 3 – Find Hidden ADS Files
Section 4 – Hiding Files with Stealth Tools
Section 5 – Extracting SAM Hashes for Password cracking
Section 6 – Creating Rainbow Tables
Section 7 – Password Cracking
Section 8 – Mimikatz
Lab 10 – System Hacking – Linux/Unix Hacking
Section 1 – Taking Advantage of Misconfigured Services
Section 2 – Cracking a Linux Password
Section 3 – Setting up a Backdoor
Lab 11 – Advanced Vulnerability and Exploitation Techniques
Section 1 – Metasploitable Fundamentals
Section 2 – Metasploit port and vulnerability scanning
Section 3 – Client-side attack with Metasploit
Section 4 – Armitage
Lab 12 – Network Sniffing/IDS
Section 1 – Sniffing Passwords with Wireshark
Section 2 – Performing MitM with Cain
Section 3 – Performing MitM with sslstrip
Lab 13 – Attacking Databases
Section 1 – Attacking MySQL Database
Section 2 – Manual SQL Injection
Lab 14 – Attacking Web Applications
Section 1 – Attacking with XSS
Section 2 – Attacking with CSRF
Module 0 – Course Introduction
Module 1 – Business and Technical Logistics of Pen Testing
• Section 1 – What is Penetration Testing?
• Section 2 – Todays Threats
• Section 3 – Staying up to Date
• Section 4 – Pen Testing Methodology
• Section 5 – Pre-Engagement Activities
Module 2 – Information Gathering Reconnaissance- Passive (External Only)
• Section 1 – What are we looking for?
• Section 2 – Keeping Track of what we find!
• Section 3 – Where/How do we find this Information?
• Section 4 – Are there tools to help?
• Section 5 - Countermeasures
Module 3 – Detecting Live Systems – Reconnaissance (Active)
• Section 1 – What are we looking for?
• Section 2 – Reaching Out!
• Section 3 – Port Scanning
• Section 4 – Are there tools to help?
• Section 5 - Countermeasure
Module 4 – Banner Grabbing and Enumeration
• Section 1 – Banner Grabbing
• Section 2 - Enumeration
Module 5 – Automated Vulnerability Assessment
• Section 1 – What is a Vulnerability Assessment?
• Section 2 – Tools of the Trade
• Section 3 – Testing Internal/External Systems
• Section 4 – Dealing with the Results
Module 6 – Hacking Operating Systems
• Section 1 – Key Loggers
• Section 2 - Password Attacks
• Section 3 – Rootkits & Their Friends
• Section 4 – Clearing Tracks
Module 7 – Advanced Assessment and Exploitation Techniques
• Section 1 – Buffer Overflow
• Section 2 - Exploits
• Section 3 – Exploit Framework
Module 8 – Evasion Techniques
• Section 1 – Evading Firewall
• Section 2 - Evading Honeypots
• Section 3 – Evading IDS
Module 9 – Hacking with PowerShell
• Section 1 – PowerShell – A Few Interesting Items
• Section 2 – Finding Passwords with PowerShell
Module 10 – Networks and Sniffing
• Section 1 - Sniffing Techniques
Module 11 – Accessing and Hacking Web Techniques
• Section 1 - OWASP Top 10
• Section 2 – SQL Injection
• Section 3 - XSS
Module 12 – Mobile and IoT Hacking
• Section 1 – What devices are we talking about?
• Section 2 – What is the risk?
• Section 3 – Potential Avenues to Attack
• Section 4 – Hardening Mobile/IoT Devices
Module 13 – Report Writing Basics
• Section 1 – Report Components
• Section 2 – Report Results Matrix
• Section 3 - Recommendations
Appendix – Linux Fundamentals
• Section 1 – Core Concepts
• Section 2 – The Shell and other items you need to know
• Section 3 – Managing Users
• Section 4 – Basic Commands