Course package
BASPEN
Basic Penetration Tester («BASPEN»)
OPST
Course facts
- Understanding the rudimentary techniques and procedures of hackers
- Explaining the principles of ethical hacking
- Understanding the security problems of servers and client systems
- Recognising and preventing the most important threats from the Internet
- Using the most important hacking tools and assessing the dangers they pose
- Checking your own security in test environments (hacking labs) thanks to your ethical hacking skills
- Incorporating offensive findings into cyber security strategies
- Understanding the various attacks on web applications (incl. underlying databases and backends), which are then carried out yourself
- Understanding the basics of secure software development
- Familiarising yourself with various potential threat scenarios
Our complete «Penetration Testing» training series consists of 12 days and is divided into two competence levels: «Basic Penetration Tester» and «Advanced Penetration Tester».
Upon completing both levels, you will receive the Digicomp «Professional Penetration Tester» role certificate. This will enable you to support business and IT management in identifying vulnerabilities within the corporate environment, as well as recognising potential threats and attacks on private and business networks, systems, and sensitive business information at an early stage.
This two-stage course is the perfect introduction to penetration testing, providing a solid foundation for effective defence strategies.
- Introduction to security issues and the hacking LAB
- Hacker working methods, techniques and tools
- Process of a targeted hacker attack
- Open source intelligence & social engineering
- Network sniffing, scanning and spoofing
- Intercepting passwords and cracking passwords
- Using camouflaged malware and targeted exploits
- Securing access using a backdoor
- General defence measures for the scenarios shown in the hacking LAB
- Basics and setting up your own hacking lab
- Useful bash commands in Linux
- Targeted reconnaissance / footprinting / banner grabbing
- Network sniffing techniques (incl. passive WLAN scanning)
- Targeted use of network scanning techniques (active and passive)
- Performing vulnerability scanning
- Performing various man-in-the-middle attacks (ARP poisoning, SSLStrip, etc.)
- Performing wireless attacks (WEP, WPA2, WPS, DoS, etc.)
- Dangers of Evil Twin WLAN attacks (WEP, WPA2, WPS, DoS, etc.) )
- Understanding the dangers of Evil Twin WLAN attacks
- Introduction to the MetasploitTM framework (msfconsole, modules, payloads, auxiliary)
- Exploit selection for various client-side attacks
- Performing post-exploitation (additional modules, rights escalation, pivoting, fixing, etc.)
- Understanding the dangers of antivirus and firewall evasion techniques
- Advanced Threats live demo (HID and Bad USB attacks)
- A01:2021-Broken Access Control
- A02:2021-Cryptographic Failures
- A03:2021-Injection
- A04:2021-Insecure Design
- A05:2021-Security Misconfiguration
- A06:2021-Vulnerable and Outdated Components
- A07:2021-Identification and Authentication Failures
- A08:2021-Software and Data Integrity Failures
- A09:2021-Security Logging and Monitoring Failures
- A10:2021-Server-Side Request Forgery
This training unit includes active teaching discussions with the participants, reflection and exchange of experiences from their own practice in the context of theory as well as guided exercises in a hands-on laboratory environment.
Future penetration testers, IT specialists, managers, IT security consultants and officers, system and network administrators, software developers and webmasters as well as system engineers and network planners.
Basic knowledge of information security and data protection as well as IT security and hacking. Secure operation of operating systems (basic level).
Mandatory final exam
You will complete the Basic Penetration Tester course series with a one-hour final exam, in which you will be required to demonstrate your understanding of, and ability to implement, the course content. Please note that the examination fee of CHF 200 is not included in the course price. You can take the exam at any time from Monday to Friday at one of our test centres in Zurich, Bern or Basel. You will pass the exam if you answer 60% of the questions correctly. You will receive your result within a week. To register for the exam, please email our customer advisors at info@digicomp.ch.
Repetition
You can retake the exam once. The exam fee is waived for the retake. Contact our customer advisors at info@digicomp.ch.
Certificate:
Once you have passed the exam, you can proceed directly to the final «Advanced Penetration Tester» course series. This brings you one step closer to the Digicomp «Professional Penetration Tester» role certificate.
Exam preparation options
(The exam fees are not included in the course price.)
Certified Ethical Hacker – EXIN
This series of introductory courses prepares you for the international Certified Ethical Hacker – EXIN certification. It certifies your anti-hacking skills. We recommend allowing two weeks for administrative preparation and going through the following exam questions for optimal preparation.
This series of courses prepares you for the international CompTIA Pentest+ certification. This certificate complies with ISO 17024 standards and is unique. We recommend an administrative preparation period of two weeks, as well as working through the following exam questions.
A CompTIA Security+ certification is also recommended.