Key Sessions

This program will be delivered across 5 days from November 11 to 15 2024, 9am to 5pm with breaks for morning tea, lunch and afternoon tea.

Planning and Scoping

• Understand legal and regulatory implications to ensure compliance during penetration testing.
• Define the scope and objectives of penetration tests, including identifying key stakeholders and establishing communication protocols.
• Evaluate governance, risk, and compliance (GRC) concepts relevant to penetration testing and organisational security.
• Demonstrate an ethical hacking mindset with a focus on integrity, confidentiality, and availability of data.
• Prepare engagement contracts that define the boundaries and limitations of the penetration test.

Information Gathering and Vulnerability Scanning

• Perform passive and active reconnaissance to gather information on targets without being detected.
• Utilise various vulnerability scanning tools and techniques to identify vulnerabilities within systems and networks.
• Analyse the output from reconnaissance and vulnerability scans to prioritise targets for further exploitation.
• Understand the role of vulnerability management programs in identifying and mitigating vulnerabilities.
• Conduct social engineering tests to gather additional information or gain access to systems.

Attacks and Exploits

• Execute network-based attacks, including exploiting misconfigurations and vulnerabilities in network services.
• Conduct wireless and application-based attacks to penetrate Wi-Fi networks and web applications.
• Utilise social engineering techniques for manipulation and gaining unauthorised access.
• Perform post-exploitation techniques to maintain access, escalate privileges, and gather more sensitive information.
• Explore vulnerabilities in cloud technologies and execute attacks tailored to cloud-based environments.

Reporting and Communication

• Analyse penetration testing findings to identify critical vulnerabilities and their impact on the organisation.
• Develop comprehensive penetration testing reports that detail the findings, methodologies, and outcomes of the test.
• Communicate effectively with stakeholders, including technical staff and senior management, to explain the risks and necessary remediations.
• Recommend remediation strategies for identified vulnerabilities to improve the organisation’s security posture.
• Address legal and compliance issues in reports to ensure the organisation understands its regulatory obligations.

Tools and Code Analysis

• Identify and use various tools and technologies throughout the phases of a penetration test, including reconnaissance, scanning, exploitation, and post-exploitation.
• Analyse scripts and code samples for malicious content or vulnerabilities that could be exploited.
• Understand the applications and limitations of penetration testing tools to select the most effective ones for each phase of the test.
• Explain the use cases for scripting in the automation of tasks during a penetration test.
• Evaluate the security of scripts and coded applications as part of the overall security assessment of an organisation.