Certified Virtualization Security Expert, Part 4 of 6: PenTest Tools and DMZ
Interactive

Certified Virtualization Security Expert, Part 4 of 6: PenTest Tools and DMZ

Biz Library
Updated Jan 21, 2020
Book a demoGet it for free

What are the tools of a penetration test? This course will answer that as well as cover vulnerability assessment, password cracking, how to disable auditing, rootkits and alternate data streams. Then it progress to 3 configurations of DMZs, hardening and isolating, layer 2 security options and separation of duties. Finally threats like SSL renegotiation and web access vulnerabilities will round out the course. This course contains the following lessons:

Lesson 1:

  • BackTrack4
  • Vulnerability Scanners
  • Nessus
  • Nessus Report
  • Saint
  • Saint Sample Report
  • OpenVAS
  • OpenVAS Infrastructure and Client
  • Demo: OpenVAS
  • Demo: Connecting to the Server
  • Demo: New Connections
  • Demo: Perform a Scan
  • Demo: Scan Continued
  • Demo: Scan Report.

Lesson 2:

  • Windows Password Cracking
  • SysKey and Cracking Techniques
  • Rainbow Tables
  • Disabling Auditing
  • Clearing the Event Log
  • NTFS Alternate Data Stream
  • Stream Explorer
  • Encrypted Tunnels
  • Port Monitoring Software
  • Rootkits
  • Utilizing Tools
  • Defense in Depth
  • Meterpreter
  • VASTO.

Lesson 3:

  • VASTO Modules
  • Fuzzers
  • Saint
  • Core Impact Overview
  • Core Impact
  • Tool Exploits from NVD
  • Wireshark and TCP Stream Reassembling
  • ARP Cache Poisoning
  • ARP Cache Poisoning in Linux
  • Cain and Abel
  • Ettercap.

Lesson 4:

  • Virtualized DMZ Networks
  • Three Typical Virtualized DMZ Configurations
  • Partially-Collapsed DMZ with Virtual Separation
  • Fully-Collapsed DMZ
  • Best Practices
  • Network Labeling
  • Layer 2 Security Options on Virtual Switches
  • Enforce Separation of Duties
  • ESX Management Capabilities.

Lesson 5:

  • Common Attack Vectors
  • How Fake Certificate Injection Works
  • Generic TLS Renegotiation Prefix Injection
  • Test Vulnerabilities
  • Vulnerability Requirements
  • Generic Example
  • Patched Server with Disabled Recognition
  • Keeping Up to Speed
  • SchmooCon 2010: Timeline
  • SchmooCon 2010: Identification
  • SchmooCon 2010: Server Log In
  • SchmooCon 2010: Vulnerability
  • SchmooCon 2010: Redirection Proxy
  • SchmooCon 2010: Vulnerable Versions
  • SchmooCon 2010: Gueststealer.
Related learning
CompTIA Security+ SY0-501: Application and Service AttacksInteractive ⋅ 55 mins
Certified Virtualization Security Expert, Part 4 of 6: PenTest Tools and DMZInteractive ⋅ 173 mins
Certified Virtualization Security Expert, Part 3 of 6: Penetration Testing 101Interactive ⋅ 187 mins
Cisco IP Switched Networks (CCNP Switch), Part 7 of 7: SecurityInteractive ⋅ 99 mins

Explore more technology skills

IT Software
IT Software
Web Design and Development
Web Design and Development
Data & Analytics
Data & Analytics
Design and Animation
Design and Animation
Gaming and Games Development
Gaming and Games Development
Devops, Networking and Security
Devops, Networking and Security
Programming and Web Development
Programming and Web Development
Computer Science and Engineering
Computer Science and Engineering