A&A Process, Vulnerability Scanning & Pentesting -$2000
If you ever wanted to become a Security Control Assessor, ISSO Support Analyst, vulnerability Assessor, Penetration Tester (Pentester) or if you want to learn offensive techniques to improve your defensive skill set then this course is for you. Whether you are new to cybersecurity or penetration testing or have zero knowledge this is ideal skills for you to have. Our Robust training course will guide you on the right path on what it takes to become a successful IT Security Analyst.
Regulations require that Federal agencies undergo a detailed and systematic security assessment process to demonstrate compliance with standards. This is known as the Assessment and Authorization (A&A) formerly called Certification and Accreditation (C&A). Due to increased incidence of cyber-attacks, private organizations are leveraging the cybersecurity standards set forth by the government to protect their assets as well as to be eligible to do business with the government institutions.
Imo-Tech Training will provide you with the needed training and exposure to prepare you for a role in this growing and demanding cybersecurity field. You will be trained on the process of Security Control Assessments (SCA), ISSO support processes, Vulnerability Scanning and Penetration Testing.
This course is focused on the practical side of the control testing, the vulnerability scanning and the penetration testing without neglecting the theory behind each section. You will first learn how to set up a lab (Kali Linux, Ubuntu, Metasploitable and Windows Operating Systems) and install needed software and applications (nmap, Nessus, Maltego, Metasploit and so on) to practice vulnerability scanning and penetration testing on your own machine.
Although challenging, you can still get through if you are new to cybersecurity. Along with working with classmates we also provide student handouts. The only hardware you will need is a laptop.
Our topics include:
- NIST Assessment and Authorization Processes (A&A)
- Hack Lab Setup & Familiarization
- Basic Unix Commands
- Information Gathering (Reconnaissance)
- Vulnerability Scanning & Enumeration
- The Metasploit Framework
- Shellcode Manipulation
- Post-Exploitation and Maintaining Access with Backdoors
All students receive:
- Certificate of Training
- 50% discount of course retakes.
Who can take this course?
- Network Administrators
- Network Security Administrators
- Network Security Engineers
- Network Defense Technicians
- Network/Security Analysts
- Anyone concerned with network infrastructure
Training – Week 1
- Introduction to National Institute of Standard and Technology (NIST) 6-Step Risk Management Framework (RMF) as Mandated by Federal Information
- Security Modernization Act and the Assessment and Authorization Process.
- Information System Categorization process
- Information System Control Selection process
- Information System Control Implementation process
Training – Week 2
- Assessment and Authorization Process Cont.
- Information System Control Assessment
- Information System Authorization
- Continuous Monitoring
Training – Week 3
- Vulnerability Scanning and Pentesting Overview & Methodologies
– Ethics and Legalities (Black Hat vs White Hat Hacking)
- Hack Lab Environment Creation
– Installations of Kali Linux as virtual Machine
– Installations of Metasploitable as a virtual Machine
– Installations of Ubuntu as a virtual Machine
– Installations of Windows as a Virtual Machine
– Creating our Nat Network
- The Linux Terminal and Basic Linux Commands Overview
Training – Week 4
- Information Gathering (Reconnaissance)
Training – Week 5
- Vulnerability Scanning, Analysis and Enumeration
– Network Mapping techniques (nmap)
– 3-Way Handshake (SYN, SYN/ACK, ACK)
– TCP/IP , OSI Models
– Nessus installations on Kali Linux (Community Edition)
Training – Week 6
– Gaining Access to Remote System with Backdoors
– Metasploit Framework (Exploit Database)
– Privilege Escalations
Training – Week 7
– Wireshark (Sniffing Network Traffic)
– Password Attacks
– Antivirus Evasion using Nodistribute
– Email Spoofing
PentestStandard.org – The Penetration Testing Execution Standard
Ed Skoutis – How to Give the Best Pentest
Offensive Security – Metasploit Unleashed
Packet Life – Common Ports
Packet Life – Wireshark Display Filters
SANS – NMAP Cheat Sheet