This exam has one purpose: To Differentiate The Experts From The Novices In Penetration Testing! There are good penetration testers and then there are great penetration testers.
Unless you are bent on being nothing other than the best in penetration testing, don’t bother registering for this program, as you are probably not cut out for it.
We know that the only way to find out what you are made of is by testing you at the brink of exhaustion — which is why the LPT (Master) exam is 18 hours long!
Your pen testing skills will be challenged over three levels, each with three challenges, against a multi-layered network architecture with defense-in-depth controls. You will be required to make knowledgeable decisions under immense pressure at critical stages while selecting your approach and exploits.
The exam will require you to demonstrate mastery of deploying advanced pen testing techniques and tools including multi-level pivoting, OS vulnerabilities exploits, SSH tunnelling, host-based application exploits, privilege escalation, web server and web application exploitation such as arbitrary local and remote file upload, SQL injection and parameter manipulation, etc – all in a real life scenario on hardened machines, networks, and applications.
You will be facing the ticking clock and there’s no time to hesitate. There’s no time for second-guessing. Try either of these and be prepared to fail! And you must know that while you are racing against time, you will be under the watchful eyes of the EC-Council proctors who will be online and live! This added pressure will test your mental strength.
As you progress along these levels, you will need to maneuver web application, network, and host penetration testing tools and tricks in an internal and external context to ultimately pwn the hosts and exfiltrate data required for the completion of the challenges.
Objetivos do Curso
- Demonstrate a repeatable and measurable approach to Penetration Testing
- Perform advanced techniques and attacks to identify SQL injection, Cross site scripting (XSS),
- LFI, RFI vulnerabilities in web applications
- Get access to proprietary EC-Council Penetration Testing methodologies
- Exploit vulnerabilities in Operating systems such as Windows, Linux
- Perform privilege escalation to gain root access to a system Demonstrate ‘Out-of-the-box’
- and ‘lateral’ thinking
Conteúdo do curso
To earn the prestigious EC-Council LPT (Master) Credential, you must successfully pass our most challenging practical exam available. The LPT (Master) practical exam is the capstone to EC-Council’s entire information security track; from the Certified Ethical Hacker Program (CEH) to the EC-Council Certified Security Analyst (ECSA) Program. It all culminates with the ultimate test of your career as a penetration tester – the Licensed Penetration Tester practical exam.
You will need to demonstrate a mastery of the skills required to conduct a full blackbox penetration test of a network provided to you by EC-Council on our cyber range. You will follow the entire process taught to you through CEH and ECSA, taking you from reconnaissance, through scanning, enumeration, gaining access, maintaining access, then exploiting vulnerabilities that you will have to seek out in a network that only a true professional will be able to break. EC-Council will provide the entire cyber-range through its cloud based cyber range, iLabs. All toolsets are provided to you, you bring the skill.
To successfully pass the LPT (Master) practical, you must fully document your pen test in a complete, professional penetration test report. This report will follow formats learned in the ECSA program, following industry acceptable, penetration testing and reporting procedures used by only the top professionals in the industry. This report will be reviewed and scored based on a complex rubric by other penetration testing professionals dedicating to upholding the value of EC-Council’s LPT (Master) Credential, and enhancing the professionalization of cyber security as a field.
While the Certified Ethical Hacker course teaches threat agents that can compromise the security posture of an organization, and the EC-Council Security Analyst program provides a repeatable and documentable methodology for deep analysis of an organizations security posture, the Licensed Penetration Tester exam tests the mastery of the skill-sets required to be a true professional penetration tester – Technical Analysis and Report Writing.
To build on the technical skills taught in the CEH course, the ECSA course emphasizes application of a suitable methodology and report writing. The LPT (Master) practical exam thoroughly tests the application of this knowledge and the skills required in an examination that even our reviewers have called “extremely challenging”. The LPT (Master) Exam is the final step after the intense training and certification that you would have received in the Certified Ethical Hacker and the EC-Council Certified Security Analyst programs.
Many have described report writing as one of least preferred, yet arguably one of the most critical parts of any penetration testing engagement. While so many courses are offered globally to cover various subjects in the information security realm, hardly any are dedicated to this very important skill, especially almost half of all time spent at any penetration testing engagement can revolve around writing and reporting the core findings of the engagement to the client. Explaining a highly technical finding in an elaborate penetration test engagement to someone not technical like the CEO of a company, the senior management or even the board of directors can be very challenging and frustrating at times. Mastery of communication, research and report writing is required to make sense of technically complex topics like specific vulnerabilities and their resulting exploits in a meaningful manner than an organization can use to make educated decisions to improve their own security posture.