Discover the All Access Pass

eLearnSecurity

PTP v3

Penetration Testing Professional

Curious about this course?

Enroll now and get access to all our material and laboratories!

Extremely Hands-on

Practice Penetration Testing against a number of real world networks. PTP includes the most sophisitcated virtual lab on Pentesting: Hera Lab

Discover Labs

Become Certified

Obtain the eCPPT certification and prove your practical skills with the only 100% practical certification on Penetration Testing

Discover eCPPT

Course at a glance

  • Based on techniques professional pentesters use
  • Covers anything a modern Pentester needs to know
  • Network Pentesting
  • Web Application Pentesting
  • Wifi Pentesting
  • Buffer overflow & Shellcoding
  • Malware & Rootkit coding
  • Proven Post-Exploitation methodology
  • Includes Ruby for Pentesters course
  • Learn how to create your own Metasploit modules
  • Includes a professional guide on Pentest Reporting
  • Extremely Hands-on with dozens of labs and exercises
  • Qualifies you for 40 CPE

Course material

  • 14 hours of HQ video training material
  • 4500+ slides
  • 18 labs in Hera Lab

Course delivery

  • Self-paced / HTML5, PDF, MP4
  • Off-line access available
  • Access from PC, Tablet and Smartphone

Syllabus

Section: System Security

  • Module 1 : Introduction

    In this module, you will learn basics of C++, ASM and x86 Architecture. Sample source codes of C++ and Assembly language are provided in order to get the student familiar with these languages. Advanced buffer overflow exploitation, shellcoding and rootkit coding will require compilers and assemblers that you will get familiar with in this module.

  • Module 2 : Cryptography and Password Cracking

    Almost all penetration test engagements require the understanding of cryptographic topics. This module will ensure that you are current with the most common cryptographic technologies, algorithms and tools. You will also learn how to perform advanced password cracking using the best tools available. A thorough review of the most modern tools used to steal and crack Windows password hashes is provided.

  • Module 3 : Buffer Overflow

    Finding and exploiting buffer overflows in real world applications is what you will learn during this incredibly hands-on module. A hard topic made easy through examples explained step by step -starting from the very basics of stack manipulation. Armed with assemblers, compilers and debuggers, the students will learn how to hijack the execution of applications. At the end of the module, the student is exposed to the most modern techniques used to prevent Buffer overflows and the main methods to bypass them.

  • Module 4 : Shellcoding

    The art of Shellcoding is made available to anyone through easy to understand samples and real world complex scenarios. A small part of theoretical aspects will introduce the practical examples where you will actually create your own shellcode through the use of compilers and assemblers. Different techniques are shown in order to let you create your own shellcode. Three source code examples are explained line by line.

  • Module 5 : Malware

    A thorough and detailed classification of types of malware is the introduction to a module featuring the most advanced and obscure techniques used by modern malwares. The module is enriched as three malware source codes are dissected and explained: a Keylogger, a Trojan and a Virus.

  • Module 6 : Rootkit coding

    From the creators of the first Windows 7 BIOS Rootkit, this module will cover the basics and the most important aspects of rootkit coding. A brief classification will introduce you to 3 rootkit source code snippets uncovering the most used techniques used by rootkits. You will be able to understand and code a rootkit yourself using the Windows Driver Development Kit and perform advanced covert penetration testing.

Section: Network Security

  • Module 1 : Information Gathering

    The Information Gathering module is the most important phase of the overall engagement. A Penetration tester will use the information collected during this phase to map the attack surface and increase his chances to breach the organization in the same way criminals do. eLearnSecurity proposes an extremely thorough investigation methodology that takes into account the Business and the Infrastructure of the client. Students will learn how to get access to valuable, sensitive and sometimes secret documents by means of free services, databases and specialized search engines. Infrastructure Information gathering will deal with the enumeration of DNS, Domains, netblocks and other web assets belonging to the organization.

  • Module 2 : Scanning

    As one of the most important steps in the penetration test of a network, this module will first teach you the theory behind port scanning and service reconnaissance. If you are not a network expert, the first chapters of this module will introduce you to the basics of TCP and other network protocols. We will then show you how to use the best tools to detect live hosts, open ports and services running on them. Through Nmap and Hping2, you will learn how to find zombies to mount completely stealth port scans against a target. Passive and Active OS fingerprinting techniques will also be covered in depth.

  • Module 3 : Enumeration

    Scope of this module is to provide you with the techniques professional penetration testers employ to enumerate resources on target. You will be able to explore, enumerate and map the remote network and its available services through a number of different Windows and Unix tools. NetBIOS is the subject of the first part of this module: real world examples will be explained to show most important techniques and tools to enumerate remote Windows shares and printers. You will also learn how to test for NetBIOS Null Sessions that still affect old Windows versions. SNMP basics will be explained. The student will then be introduced to attacks against the protocols through a number of common tools.

  • Module 4 : Sniffing & MITM

    Studying ARP, how it works and how it can be manipulated to mount sophisticated attacks is made extremely easy to understand. Sniffing is a technique that you will be able to fully grasp in its most practical aspects. We will make sure you have enough basics of network theory before we cover actual attack scenarios using the best tools available. Man in the middle attacks are one of the most used penetration testing techniques today; you will be able to mount man in the middle attacks within local networks and over the Internet.

  • Module 5 : Vulnerability Assessment & Exploitation

    This module will teach the student how to master Nessus in order to perform thorough and targeted Vulnerability scans with Nessus. Windows authentication protocols are dissected to demonstrate weaknesses and related attacks from Metasploit. The student is then immersed in common exploitation techniques used by today’s Penetration testers, to exploit client side and remote vulnerabilities in Workstations and Servers.The module is video and lab intensive.

  • Module 6 : Post Exploitation

    eLearnSecurity experienced instructors have come up with a proven methodology to conduct thorough Exploitation of remote internal networks through advanced Post exploitation techniques. Once the student is comfortable with most recent exploitation techniques, he will be exposed to the cyclic steps of a successful Post exploitation phase. This is the phase where criminals ensure stable high privileged access to the remote network in order to steal and ex-filtrate documents and credentials from the organization. Penetration testers must possess the same skill-set and tools in order to test not only the perimeter security but also any kind of internal weakness that affects the organization security.

  • Module 7 : Anonymity

    Penetration testers rarely need to cover their tracks. However there are times when testing the efficiency of the target organization incident response team is within the scope of a Penetration tester’s engagement. This module will teach techniques to perform your tests while covering your tracks.

  • Module 8 : Social Engineering

    Social engineering module will guide you through the most modern social engineering attack techniques. Real world attacks will be illustrated by exploiting the potential of social networks such as Facebook, Spokeo or Twitter. Almost one hour of video lessons will teach you everything you need to know to master the most important tool in the field: Social Engineering Toolkit.

Section: Web Application Security

  • Module 1 : Introduction

    This module will introduce you to the web application security field and its basic terminology. If you are new to this field, you will gather all the skills you need to move to more advanced modules. If you are already an advanced web application security tester, you will get introduced to the methodology and tools followed throughout the course.

  • Module 2 : Information Gathering

    Web application information gathering is a long and complex process. It takes insight and perseverance. You will learn the best methodologies to collect and store information about your target web assets. This information will be used at later steps in the exploitation process. At the end of this module, you will have so much information on your target that exploiting it will be easy and fun.

  • Module 3 : Vulnerability Assessment

    Vulnerability Assessment is the process through which you will uncover all the vulnerabilities in the remote system. This step is absolutely necessary when the remote web server is in the scope of the tests or when the target uses third party web applications. At the end of this module, you will master the two most used open source tools, Nessus and Nikto, to perform Vulnerability Assessment against web applications. You will also be capable of customizing Nikto to make it current with the latest vulnerabilities.

  • Module 4 : Cross site scripting

    The most widespread web application vulnerability will be dissected and studied thoroughly. At first, you will be provided with theoretical explanation. This understanding will help you in the exploitation and remediation process. Later, you will master all the techniques to find XSS vulnerabilities through black box testing and within PHP code. Real world exploitation examples will conclude the module; you will finally steal session cookies, modify website DOM and perform advanced phishing attacks. This is a hands-on intensive module.

  • Module 5 : SQL Injection

    This module will contain the most advanced techniques to find and exploit SQL Injections. From the explanation of the most basic SQL injection to the most advanced. Advanced methods will be taught with real world examples and the best tools will be demonstrated on real targets. You will not be able to just dump remote databases but also get root on the remote machine through advanced SQL Injection techniques. Tools will be covered in depth and a taxonomy will help the student to pick the right tool according to the environment and scenario he will face in real engagements. This is a video and hands-on intensive module.

  • Module 6 : Advanced Web Attacks

    Sophisticated attacks against web applications are the subject of this module. Session Fixation and CSRF are often underestimated and overlooked vulnerabilities. They will be covered in depth. A working exploit will be created step by step to demonstrate a CSRF vulnerability found in a famous CMS. Last but not least, you will learn how to audit web 2.0 applications by dissecting Ajax API’s, frameworks and exposed functionalities.

Section: Ruby for Pentesters and Metasploit

  • Module 1 : Ruby Basic: Installation and Fundamentals

    In this first module of the Ruby section, the student will see how to install and configure the environment in order to work with Ruby. Once the environment is configured, the student will learn the very basic concepts of Ruby such as running and writing scripts, using the interpreter, installing gems and much more. The student will also learn the basic concept of Ruby such as data types, variables declarations and more.

  • Module 2 : Ruby Basic: Control structures

    One of the most important program structures that a programmer has to master is the ‘flow control structure’. In this module, the student will learn how to write and define different types of Ruby control structures. This will allow the student to create scripts and programs that are not limited to a linear sequence of statements.

  • Module 3 : Ruby Basic: Methods, Variables and Scope

    Every program must be clean and have reusable structures. In this module, the student will learn how to define and use Ruby methods, blocks, aliases and more. This is useful for creating very powerful tools and scripts. With the introduction of methods and blocks, a very important topic needs to be covered: the scope.

  • Module 4 : Ruby Advanced: Classes, Modules and Exceptions

    Ruby is an Object Oriented Programming language. With that said, an OO program involves classes and objects. In this module, we will start covering more advanced topics and we will see how to define and use classes, functions, modules, mixin, namespaces and much more. Along with these topics, we will also see how to handle exceptions; exceptions are a very useful topic that needs to be mastered in order to take control of the program behavior.

  • Module 5 : Ruby Advanced: Pentester prerequisites

    Ruby is a very powerful programming language and thanks to its many features, it can be used for many different purposes. From this module on, we will focus on how to use Ruby for penetration testing purposes. One of the first topics we will cover is ‘Regular Expression’. Regex is widely used in the security field; it is used to find and locate important information stored in files, web pages, network communication and so on. A good knowledge of how to use and define regex is a ‘must’ for a penetration tester! During the study of this module, the student will also learn how to use date and time classes as well as manage and interact with files and directories: read, delete, create and so on.

  • Module 6 : Ruby for Pentesters: Input / Output

    In this module, the student will learn how to use different input and output mechanisms and techniques in order to find (read) or store (write) information to and from files. We will see several examples and scripts that can be used in conjunction with other tools (i.e. nmap) in order to gather, filter and store important information.

  • Module 7 : Ruby for Pentesters: Network and OS interaction

    Another very important topic that a penetration tester should master is ‘network communication’. In this module, the student will learn how to use the power of Ruby in order to create, forge, intercept network communications. Thanks to many useful examples and scripts, the student will learn how to create raw sockets, forge packets, create TCP/UDP scanners and much more. In the following module, we will also see how to interact with local and remote Operating Systems. This, in conjunction with the network communication skills, may be useful to create powerful tools (i.e. backdoors that are able to retrieve information from remote systems, as well as send and run specific commands).

  • Module 8 : Ruby for Pentesters: The Web

    In the previous module, the student will study network communications and local interactions with the OS. Now it is time to focus on Web Applications. We will see how to create and intercept HTTP and HTTPS requests and responses, as well as how to send/read GET and POST parameters and much more. Along with these topics, the student will be also presented with some useful scripts and use cases useful to run attacks against web application or identify vulnerabilities such as XSS.

  • Module 9 : Ruby for Pentesters: Exploitation with Ruby

    During the study of previous modules, the student should have acquired many Ruby programming skills. It is time to take advantage of these skills and use Ruby in order to write and exploit vulnerable services and software. In this module, we will present a vulnerable application that the student can use to learn how to write a full working exploit.

  • Module 10 : Ruby for Pentesters: Metasploit

    Now that the student has mastered Ruby and its features, it is time to start working with one of the most powerful Ruby tools: Metasploit. In this module, the student will study the Metasploit architecture and the framework, and will learn how to create, add or edit custom Metasploit modules. Thanks to our virtual labs, the student will also have the chance to practice against real vulnerable machines.

Section: WiFi Security

  • Module 1 : Prerequisites

    In the first module of the Wi-Fi section, we will see which are the hardware/software prerequisites of the course.

  • Module 2 : Environment setup

    In this module, the student will learn how to properly configure the test environment in order to obtain the best outcome from the successive modules.

  • Module 3 : Wireless Standards and Networks

    In the following module, the student will learn the basic concepts at the base of the Wi-Fi infrastructures. We will see which types of Wi-Fi configurations exist, how they work and which are the security features and mechanisms implemented. We will also present an overview of the most important flaws that affect different types of Wireless infrastructures and protocols.

  • Module 4 : Discover Wi-Fi Networks

    The first step when we run a penetration tests against Wi-Fi networks is to discover and identify our target. In this module, we will see how to do this through a series of tools available for different platforms.

  • Module 5 : Traffic Analysis

    After the target network has been identified, the next step is to configure our tools in order to sniff and intercept the traffic. This is a very important step for all the attacks that come here after.

  • Module 6 : Attacking Wi-Fi Networks

    The following module focuses on the attacks that can be executed on Wi-Fi networks. The student will learn how to attack and access remote Wi-Fi networks, obtain keys, password and much more, according to their configuration and security mechanism. We will first start exploring the attacks against WEP and then focus our tests on more secure networks: WPA, WPA2 and WPS.

  • Module 7 : Wi-Fi as an attack vector

    In the last module, of the Wi-Fi section, the student will learn how to use Wi-Fi as an attack vector. This means that we will not attack Wi-Fi networks, instead we will use Wi-Fi in order to create fake networks, obtain credentials, run MitM attacks and much more.

Download PDF Syllabus

Pre-requisites

  • Basic understanding of networking: TCP/IP, Routing, Forwarding.
  • Reading and understanding C, ASM, Python, PHP code will help although not mandatory.
  • No development skills required.
  • Basic understanding of HTTP protocol, Cookies, Sessions
  • Understanding of IT Security matters and basics of Penetration Testing
  • A wireless NIC with injection capabilities (Alfa AWUS036h recommended)
  • A spare WiFi Access point
  • All the above recommended skills are provided within the <a href="/course/penetration_testing_student">PTS course</a>

This training course is for...

  • Penetration testers
  • IT Security Professionals
  • IT Personnel
  • Developers
  • CERT's
  • Government cyber defense

Labs

Penetration Testing Professional (PTP) is the most practical training course on the Penetration testing. Being integrated with Hera Lab, the most sophisticated virtual lab on IT Security, it offers an unmatched practical learning experience.

Hera is the only virtual lab that provides fully isolated per-student access to each of the real world network scenarios available on the platform.

Students can access Hera Lab from anywhere through VPN.

Lab IDDescriptionCategory
Lab 1 System Security section exercises System Security
Lab 2 Information Gathering Network Pentesting
Lab 3 Port/Service Scanning Network Pentesting
Lab 4 Vulnerability Scanning &amp; Exploitation Network Pentesting
Lab 5 Post Exploitation Network Pentesting
Lab 6 Blind Penetration Test Challenge
Lab 7 Nessus Network Pentesting
Lab 8 Cain n Abel Network Pentesting
Lab 9 NetBIOS Hacking Network Pentesting
Lab 10 Poisoning and Sniffing Network Pentesting
Lab 11 Cient-side Exploitation Network Pentesting
Lab 12 DNS and SMB Relay attacks Network Pentesting
Lab 13 SNMP Analysis Network Pentesting
Lab 14 Privilege Escalation Network Pentesting
Lab 15 Privilege Escalation via Services Network Pentesting
Lab 16 Bypassing Antiviruses Network Pentesting
Lab 17 Ruby for Pentester labs Network Pentesting
Lab 18 Exploitation with Ruby Network Pentesting

Certification

Get the eCPPT Certification

eLearnSecurity's eCPPT (Certified Professional Penetration Tester) certification is the most practical and professionally oriented certification you can obtain in penetration testing.

Instead of putting you through a series of multiple-choice questions, you are expected to perform an actual penetration test on a corporate network. This penetration test is modeled after a real-world scenario.

Learn more

Instructors

  • Armando Romeo
    Armando Romeo

    Armando Romeo is the founder and CEO of eLearnSecurity. Prior to founding eLearnSecurity he has spent 5 years in web application security research with hundreds of vulnerability advisories released. Armando currently leads the R&D team and inspires new projects and new training activities.

  • Brett D. Arion
    Brett D. Arion

    Brett D. Arion has two decades of experience in the IT industry, with over half dealing with IT Security, including serving as Director, ICT Security Information Manager for BlueCross BlueShield of South Carolina. He has extensive experience in the areas of IT Operational Security processes, procedures, and methodologies. Brett has also been involved with a number of key regulatory requirements such as Payment Card Industry (PCI), Federal Information Systems Management Act (FISMA), and DoD Information Assurance Certification and Accreditation Process (DIACAP). Brett is Author of the Network Security section of the Penetration testing course - Professional

  • Vipin Kumar / Nitin Kumar

    Nitin and Vipin Kumar are two of the brightest talents in IT Security research. As independent researchers they are deeply involved in the System Security field. They apply their extensive hands on experience to creating practical coursework and virtual labs. Nitin and Vipin are co-authors of the Windows Vista Bootkit - Attacking Vista from Boot Sectors (Black Hat 2007) and Windows 7 Bootkit (Hack in the Box 2009)

  • Francesco Stillavato
    Francesco Stillavato

    Francesco Stillavato is Senior IT Security researcher and instructor at eLearnSecurity with 6 years of experience in different aspects of Information Security. His experience spans from web application secure coding to secure network design. He has contributed to the Joomla project as a Developer and has conducted a number of assessments as a freelance. Francesco Stillavato's research is now focused on Mobile Application Penetration Testing on Android and iOS. Publications: Francesco is the co-author of the Penetration testing course Professional, Mobile Application Security and Penetration Testing, Penetration Testing Student and author of all Hera Lab scenarios. Education: Francesco Stillavato holds a Master's Degree in Information Security from Università di Pisa

  • Stefano Angaran
    Stefano Angaran

    Stefano Angaran is Senior Developer and IT Security researcher at eLearnSecurity. He has over 7 years experience in Web development with a strong focus on writing secure code. As an indipendent security researcher he has published several advisories unveiling vulnerabilities in popular open-source software. In his Master thesis, Stefano developed a fraud detection system based on machine learning for applications in online banking security. Stefano is Author of the WiFi Security section of the Penetration testing course - Professional. Education: Stefano holds a Master's Degree in Computer Engineering from University of Padua

  • Andrea Tarquini
    Andrea Tarquini

    Andrea Tarquini is an IT Security researcher and software analyst/developer at eLearnSecurity. Andrea is a cryptography protocol enthusiast and his researches led to the development of the JustCryptIt (for which he is the main developer). He is the author of 'Ruby for Penetration testing and Metasploit' section of Penetration Testing Course Professional. Education: Andrea holds a bachelor degree in Computer Science and a Master (Post Laurea Course) in Internet Technology. He is currently enrolled in Master Degree in Computer Science (Università di Pisa).

Enroll now and get access to all our material and laboratories!

Frequently Asked Questions

  • What software/hardware requirements are there?

    Any web browser (for IE version 8+ is required) is supported. If you run Kali Linux/Backtrack as a virtual machine you will need at least 2GB of RAM. Minimum internet speed of 512 Kbit/s recommended for video streaming

  • How do you provide support?

    As soon as you enroll in one of our courses you are provided with access to private forums (subject to the plan selected) where you will find instructors and community managers available to help you 24/7. Support for billing, technical and exam-related questions is also provided by email.

  • How can I pay for the training course fees?

    All major credit cards, Paypal and bank transfer are supported. Installment plans available.

  • What happens when there's a new update to the contents?

    Minor updates such as bug fixes or additional labs are provided for free. Major releases (e.g. upgrade from 2.0 to 3.0) require an upgrade fee. <br>We reserve the right to issue minor or major updates when we see the need.

  • Can I request a refund if contents are too difficult for me?

    We only process refunds/chargebacks for fraudulent transactions.

  • What is the difference between installment and one-off payment plans?

    Subscriptions let you split the enrollment fees in 3 or 4 months. You will receive new contents upon every billing cycle. If we don't receive the payment within 14 days from the due date the account will be frozen until payment is cleared.

  • Can I cancel an installment plan?

    You can cancel your subscription at any time, however you will lose access to the material you purchased in the meantime.

  • Are there any hidden fees?

    There are no hidden fees. If you are from a country where VAT is required (most EU countries), you have to add VAT to our ticket price. We are legally obligated to collect VAT on your purchases.

Reviews

This is what the CEH/LPT should have been, and I am delighted to say that if students can master the topics and techniques in eLearnSecurity's Penetration Testing Pro, they should be well on their way to being an accomplished pentester

Jason Haddix
Director of PenTesting HP Fortify

The mix of Video Tutorials, exercises and support from fellow students on the forum was fantastic. Anyone who wants to specialize in Web Penetration Testing, this course is a must to get you started. Thanks for your efforts in making this happen

Denis Hancock
Manager Consulting Pty Ltd

I think if you are looking for Penetration Testing Training this is a great choice, even if you have no desire to take the certification you can learn a lot just by studying the modules and applying yourself. If you are just starting out (still studying or a fresh grad) I think the course and the certification will definitely have a positive effect on your career... and certainly makes economic sense when comparing to attending real life 5-day courses. It goes into a lot more depth than other courses and can really benefit your skills. I wish there was something like this in 1999 when I was starting out. The way in which the material is presented is a lot more interactive and interesting than many other courses out there with a good mix of words, images and videos plus a good theory/practical mix too. This makes it a lot easier as many of the topics within info sec can get very dry very fast.

Gareth Davies
Founder Darknet.org.uk

Having been in the security field for over 5 years I assumed this would be a quick and easy certification. After getting into the training course I was pleased to find that I was learning new things and that the course was certainly more challenging than I had anticipated. I found that it filled in several knowledge gaps when it comes to pentesting, and I would recommend this course to both veterans and newcomers to the security field.

Steven Collins

eLearnSecurity's training really dives deep into the underlying concepts beneath pentesting tools.

Timothy E. Everson
Novell inc

The learning experiences was amazing! I have learned so much in such a short time. Would recommend to any one (even the more experienced of us) to take that course. You wouldn't believe how much you can still learn!

Oded Brilon
StrikeForce Engineer CSC

Go to top of page