This course explores the foundational concepts, methods and techniques in preparing and conducting penetration tests. Throughout the course students are introduced to various tools as well as unravel complex methods for exploiting client-side, service side and privilege escalation attacks. Most importantly students learn how to construct a final report outlining discovered vulnerabilities, make suggested recommendations to remediate and/or mitigate those vulnerabilities. Students also learn how to describe the findings wherein non-technical personnel understand the ramifications of these vulnerabilities in a business sense.
- Identify the differences between security assessments, vulnerability assessments, security auditing, penetration testing, and other types of testing/assessments.
- Discuss the difference in conducting a black, gray and crystal box testing with respect to the tester’s knowledge of the testing environment and the targets knowledge of the testing event.
- Gather reconnaissance data on a specified target using various open source tools.
- Determine various types of vulnerabilities and determine its risk level
- Prepare a risk assessment report generated from raw penetration test data
- Prepare a “Rules of Engagement” document for a penetration testing event.
- Identify key cyber & computer crime laws that are important to penetration testers.
- Extract metadata from various types of documents for usable information.
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.