EC Council Security Analyst (ECSA)

In this course, Security Professionals learn about advanced methodologies, tools and techniques required to perform comprehensive information security tests and how to design, secure and test networks to protect organizations from threats hackers pose.

Lesson 1: Penetration Testing Methodologies

• Understand how to structure and organize security tests
• Understand the five stages of a common penetration test attack methodology
• Analyze the tactical application of each phase
• The Open Source Security Testing Methodology Manual (OSSTMM)
• The NIST Methodology
• Learn about the course methodology
• Learn about malicious hackers methodologies

Lesson 2: Test Planning and Scheduling

• Estimation of Resources for the Test
• Defining the test scope
• Technical Preparation
• Rules of Engagement
• Defined Roles of the Involved Personnel
• Reporting

Lesson 3: Information Gathering

• Demonstrate understanding of the field of Competitive Intelligence
• Develop skills involved in competitive intelligence gathering
• Demonstrate understanding of Informational Vulnerabilities in depth
• Engage in Passive network discovery techniques
• Information vulnerability and source of information
• Information gathering types
• Information gathering applications
• Controls to protect information

Lesson 4: Advanced Vulnerability Analysis Penetration Testing and Security Analysis

• Understand the three most common present vulnerability types
• TCP overview
• Traceroute and TCPTraceroute
• LFT
• Tools to probe protocols
• Identifying targets through sweeping
• Evaluating services through scanning
• Nmap
• Nessus
• Other scanners and tools overview
• Advanced OS fingerprinting techniques
• Proxy Servers
• Sniffing
• Windows Tools
• SNMP
• Phone Phreakers
• Countermeasures

Lesson 5: Advanced Denial of Service (DoS) Penetration Testing and Security Analysis

• Describe the components of a DoS attack
• Identify the harm caused to the target system
• Analyze the potential vulnerabilities in a system that could be exploited by a DoS attack
• Outline the necessary steps to test a system’s strength against a DoS attack
• Gathering and documenting the results

Lesson 6: Advanced Password Cracking Penetration Testing and Security Analysis

• Demonstrate understanding how passwords work in common operating systems
• Demonstrate knowledge of Linux/Unix authentication mechanisms
• Demonstrate knowledge of how distributed password cracking works
• Demonstrate ability to test strength of authentication mechanisms using password cracking
• Use common tools to crack Windows Passwords
• Use several free tools to crack Linux and common Unix passwords

Lesson 7: Advanced Social Engineering Penetration Testing and Security Analysis

• Describe what Social Engineering is
• Define the techniques used to execute Social Engineering
• Social Engineering Goals
• Social Engineering Rules of engagement
• Recognize the threat of Social Engineering
• Outline the methods by which Social Engineering is performed
• Security Policies
• Gather and document the test results

Lesson 8: Advanced Internal Penetration Testing and Security Analysis

• Review the most common platforms
• Appraise a typical network environment
• Outline the steps of the assessment
• Describe the tools used for internal testing
• Viruses and Containment Testing
• Define impact and points of consideration of Viruses on security testing and analysis
• Explain how vulnerabilities are discovered
• Demonstrate knowledge of tools and techniques for enumerating specific hosts and services
• Learn operating system specific tools and techniques
• Employ Automated Vulnerability Scanners
• Overview of common vulnerability scanners
• Employing Exploitation for verification of Vulnerabilities: Owning the Box
• Understand the specifics of common classes of System Vulnerabilities
• Demonstrate understanding of aspects of an exploit, in terms of threat agents and methods of countering such threats
• Demonstrate ability to employ Shellcode within exploits
• Gather and document the test results

Lesson 9: Advanced External Penetration Testing and Security Analysis

• Describe the goals of external testing
• Network Categories
• Understand the challenges facing a tester in an external penetration test
• Evaluate the potential attacks from outside of a security perimeter
• Web Security Challenges
• Current situation
• Understand the impact of web applications on Perimeter Security
• Anatomy of a remote exploit
• Common Attacks
• Examine the methodology of external penetration testing
• Demonstrate the tools used for external penetration testing
• Gather and document the results

Lesson 10: Advanced Router Penetration Testing and Security Analysis

• Overview of routing technologies
• Demonstrate knowledge of vulnerabilities in Routers
• Demonstrate knowledge of vulnerabilities in various network devices
• The potential for router exploitation
• Analysis of router vulnerabilities and attacks
• Tools used for testing
• Gathering and documenting the results

Lesson 11: Advanced Firewall Penetration Testing and Security Analysis

• Introduction to firewalls
• Technical overview of firewall systems
• Vulnerability analysis of firewalls
• Penetration testing steps
• Tools used for testing firewalls
• Gathering and documenting the results

Lesson 12: Advanced Intrusion Detection Systems (IDS) Penetration Testing and Security Analysis

• What is Intrusion Detection?
• IDS overview
• IDS analysis challenges
• Penetration testing techniques
• Tools used for IDS testing and countermeasures
• Gathering and documenting test results

Lesson 13: Advanced Wireless Penetration Testing and Security Analysis

• Present an overview of Wireless Security
• Learn about Wireless Technologies
• Understand the problems with WLAN security
• Examine the tools used for Wireless Networks Testing
• Examine Countermeasures

Lesson 14: Advanced Application Penetration Testing and Security Analysis

• Identify types of common applications
• Outline the technology of the applications
• Detect the vulnerabilities in the applications
• Examine the techniques of penetration testing
• Describe the tools employed in testing the applications
• Discover and analyze Web Application System Vulnerabilities
• Document the results of the testing

Lesson 15: Advanced Physical Security Penetration Testing and Security Analysis

• Identify the goal of physical security
• Recognize the potential vulnerabilities of an organization with poor physical security
• Analyze the potential attacks against the physical environment
• Intrusion Detection systems
• Types of locks and their features
• Point out recommended safeguards to these attacks
• Document the test results

Lesson 16: Reporting and Documentation

• Learn the basics of report writing
• Understand the requirements of the report
• Review different report writing options
• Outline reporting tips
• Describe the reporting consultation

• San Antonio, TX - June 11, 2012