RÜCKRUF
Seminarübersicht

Junior Penetration Tester (IHK) - Online (English)

Kursnummer 5173

The certificate course "Junior Penetration Tester" imparts the craft of detecting and controlled exploitation of security vulnerabilities within a network. Such a penetration test forms the basis for fortifying an IT infrastructure against hacking attacks.

In addition to financially motivated black hat hackers, politically motivated individuals or groups are playing an increasingly significant role. The damages from a single attack can be immense.

The key is to be prepared for this scenario and prevent greater damages. A penetration test subjects the entire IT infrastructure of a client to a comprehensive examination of its security. This includes technical aspects as well as organisational, physical, and the human factor. The goal is to identify vulnerabilities, uncover sources of errors, and ultimately enhance security comprehensively.

  • Inhalte
    Graduates of the "Junior Penetration Tester" certificate course receive specialised training in the field of IT security: the practical ability to investigate IT infrastructural vulnerabilities within a company. A Junior Penetration Tester can take on supporting activities within a penetration test. This is achieved through practical instruction and the independent application of the learning content.

    The participant masters the standard procedures of a penetration test. They learn about legal foundations, standards, and a selection of different career paths, and can name and categorise them as needed. They are capable of independently conducting superficial reconnaissance and identifying obvious vulnerabilities. Additionally, the participant is taught the basics of exploiting vulnerabilities to gain a foothold. The participant is familiar with the differences between exploit frameworks and manual approaches, their advantages and disadvantages, as well as troubleshooting non-functional exploits. They learn various types of privilege escalation and lateral movement and can apply them under guidance. The participant can appropriately prepare and document discovered vulnerabilities in a target audience-oriented manner.

     

    Course content


    1. Foundations and Frameworks 

    • Security goals, pillars of IT security
    • Types of hackers
    • Laws and regulations, critical infrastructure (KRITIS)
    • Standards and methods
    • Career paths & IT security professions
    • Relevant certifications, further education opportunities, training labs
    • Project management (Waterfall vs. Agile)
    • Red Teaming vs. Pentesting vs. Vulnerability Analysis
    • CTF vs. Pentesting
    • Phases of an attack/Kill Chain, Lockheed Martin, PTES, MITRE, etc.


     2. Structure and Process of a Penetration Test 

    • Phases/Process of a penetration test
    • Objective and results of a penetration test
    • Documentation of vulnerabilities
    • Planning/Initiation of a penetration test
    • Risks and common mistakes (from practice to practice)
    • Scoping
    • Result presentations for IT & Management


     3. Conducting a Penetration Test 

    • KickOff
    • Information Gathering/ Active /Passive Reconnaissance
    • Fundamentals of countermeasures (FW, IDS, IPS, WAF, EPP, Logging, SIEM) & Security Operations (SOC, CERT, Blue Team, etc.)
    • Vulnerability Analysis and Vulnerability Classification (CVE, CVSS, Exploitability, and Criticality)
    • Dealing with 0-Days Disclosure Types (Responsible, Full)
    • Exploitation/Low Hanging Fruits (Common Attack Paths like SQL/Command Injection, Basic Buffer-Overflow, Misconfigurations, etc.)
    • Post Exploitation Basic Privilege Escalation Looting, Persistence, and Lateral Movement/ Low Hanging Fruits
    • Differences On-Premise vs. Cloud
    • Mobile & Web Application Pentesting Basics

     

    Participants have access to a specially developed virtual E-LAB during the event and the exam, through which the course contents are taught and tested. The practical implementation of various attack techniques takes centre stage.

     

    Video Introduction to the Course: https://youtu.be/VoEt4msIjC0

    The course is carried out in cooperation with the IT-Security Company ProSec GmbH. The company offers premium IT security services, penetration testing, as well as security consulting and actively conducts zero-day research.

  • Zielgruppe

    The course is aimed at trained IT personnel who want to establish themselves in the field of penetration testing as well as system administrators or people who deal with IT security in a company (e.g. CISO, ITSB) in order to apply the knowledge they have learned to their own IT infrastructure to apply.

  • Zulassungsvoraussetzungen
    It is recommended to have completed education or studies in the field of computer science and to have experience in the area of system administration. To apply the course contents, knowledge of Linux, understanding of networks, and the use of a system without a graphical interface (using Shell or CMD) are prerequisites.
  • Methodik

    The event takes place live online. You will receive dial-in details in good time before the start of the appointment.

     

    The course focuses on a high degree of self-directed learning. The participant is consistently introduced to and encouraged in this mindset. They are always urged to independently find solutions to emerging problems, not to give up, and to seek the mentor's help only as a last resort. Furthermore, the participant has the opportunity to give presentations before simulated expert committees and management bodies to strengthen their confident presentation skills.

     

  • Examination Process
    The examination is divided into two sections – the theory part and the practical part.
    In the theory part, a maximum of 79.5 points is possible, while in the practical part, 90 points are possible.
    To pass the exam, a total of 110 points is required.
    The weighting of the two exams is 1:1, making it impossible to pass solely on theoretical knowledge. 

     

    Structure – Theory Part

    Multiple-choice questions may have one or more correct answers. Open questions are to be answered with free text. The duration of this part of the exam is 90 minutes. No aids are allowed during the theory exam.

     

    Structure – Practical Part

    For the practical exam, participants receive a separate VPN access. Each participant has their own simulated company network.
    On each system, there are so-called flags, which are obtained by "hacking" individual services, entire systems, or similar.
    Each flag can be obtained in multiple ways. The scope is communicated before the start of the practical exam.
    The duration of this part of the exam is 180 minutes. All technical aids are allowed.

    The prerequisite for taking the final test is at least 80% attendance in the course.

    After successful completion, you will receive the IHK “Junior Penetration Tester (IHK)” certificate.

    If you are unable to take part in the scheduled final test and require an individual test appointment, an additional fee of EUR 295 will apply.

1 Termin 
Plätze frei
Wenige Plätze frei
Ausgebucht

Persönlich beraten lassen?

Gerne beraten wir Sie in einem persönlichen Gespräch:
Tanja Baur IHK-Bildungszentrum Bonn/Rhein-Sieg

Tanja Kuhn

+49 228 97574 33
kuhn@wbz.bonn.ihk.de

InHouse-Veranstaltung

Sie möchten diese Veranstaltung gerne exklusiv für Ihr Unternehmen buchen? Bei uns im Haus oder bei Ihnen vor Ort? Weitere Informationen finden Sie hier!
Weitere Infos

Fördermöglichkeiten

Fördermöglichkeiten zu diesem Kurs finden Sie hier!
Weitere Infos

Seminaranfrage Überschrift

Seminaranfrage Text
Ich akzeptiere die AGB/Teilnahmebedingungen und habe das Widerrufsrecht für Verbraucher zur Kenntnis genommen. Ich willige in die Verarbeitung und Nutzung meiner personenbezogenen Daten gemäß der Datenschutzerklärung ein.