Certified Penetration Testing Consultant – C)PTC

The Certified Penetration Testing Consultant, C)PTC , course is designed for IT Security Professionals and IT Network Administrators who are interested in taking an in-depth look into specific penetration testing and techniques used against operating systems. This course will teach you the necessary skills to work with a penetration testing team, the exploitation process, and how to create a buffer overflow against programs running on Windows and Linux while subverting features such as DEP and ASLR.

Certified Penetration Testing Consultant (C)PTC) course is a prestigious, expert-level certification that provides cybersecurity professionals with the knowledge and skills needed to conduct, manage, and lead advanced penetration testing engagements.

Learning Outcomes

Upon completion of this course, participants will be able to:
✅ Plan and execute comprehensive penetration testing engagements
✅ Perform network, web, wireless, and cloud security assessments
✅ Utilize red teaming strategies to simulate advanced cyber attacks
✅ Develop and modify custom exploits and attack payloads
✅ Bypass modern security defenses, including IDS/IPS, firewalls, and endpoint security
✅ Generate detailed penetration testing reports and risk assessments for organizations

Detailed Outline:

Module 1 – Pen testing Team Foundation

1. Project Management
2. Pen testing Metrics
3. Team Roles, Responsibilities and Benefits

Lab Exercise – Skills Assessment

Module 2 – NMAP Automation

1. NMAP Basics
2. NMAP Automation
3. NMAP Report Documentation

Lab Exercise – Automation Breakdown

Module 3 – Exploitation Processes

1. Purpose
2. Countermeasures
3. Evasion
4. Precision Strike
5. Customized Exploitation
6. Tailored Exploits
7. Zero Day Angle
8. Example Avenues of Attack
9. Overall Objective of Exploitation

Module 4 – Fuzzing with Spike

1. Vuln server
2. Spike Fuzzing Setup
3. Fuzzing a TCP Application
4. Custom Fuzzing Script

Lab Exercise – Fuzzing with Spike

 Module 5 – Privilege Escalation

1. Exploit-DB
2. Immunity Debugger
3. Python
4. Shellcode

Lab Exercise – Let’s Crash and Callback

Module 6 – Stack Based Windows Buffer Overflow

1. Debugger
2. Vulnerability Research
3. Control EIP, Control the Crash
4. JMP ESP Instruction
5. Finding the Offset
6. Code Execution and Shellcode
7. Does the Exploit Work?

Lab Exercise – MiniShare for the Win

Module 7 – Web Application Security and Exploitation

1. Web Applications
2. OWASP Top 10 – 2017
3. Zap
4. Scapy

Module 8 – Linux Stack Smashing

1. Exploiting the Stack on Linux

Lab Exercise – Stack Overflow. Did we get root?

Module 9 – Linux Address Space Layout Randomization

1. Stack Smashing to the Extreme

Lab Exercise – Defeat Me and Lookout ASLR

Module 10 – Windows Exploit Protection

1. Introduction to Windows Exploit Protection
2. Structured Exception Handling
3. Data Execution Prevention (DEP)
4. Safe SEH/SEHOP

Module 11 – Getting Around SEH and ASLR (Windows)

1. Vulnerable Server Setup
2. Time to Test it Out
3. “Vulnserver” meets Immunity
4. VulnServer Demo

Lab Exercise – Time to overwrite SEH and ASLR

Module 12 – Penetration Testing Report Writing