MS-300:Deploying Microsoft 365 Teamwork

The vendor neutral Certified Healthcare Information Systems Security Practitioner certification course covers the skills and knowledge to implement the best IT Healthcare Practices, as well as, regulatory compliance and standards in the healthcare industry.

Duration:  4 days

Language: English

Class Format Options: Instructor-led classroom/Live Online Training

Prerequisites:  A minimum of 1 year of Healthcare Information Systems

Student Materials: Student Workbook, Key Security Concepts & Definitions Book

Certification Exams: Mile2 C)HISSP, Covers ISC2 HCISSP

CPEs: 32 Hours

All Prices Are in Candian Dollars

Days : 5
Price :


course is guaranteed to run


Course Overview

The Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on, Penetration Testing methodologies utilized by our international group of vulnerability consultants.

The C)PTE presents information based on the 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. The latest vulnerabilities will be discovered using these tried and true techniques.

This course also enhances the business skills needed to identify protection opportunities, justify testing activities and optimize security controls to reduce risk associated to working with the internet.

Mile2 goes far beyond simply teaching you to “Hack” – besides utilizing ethical hacking methodologies, be prepared to learn penetration testing using advanced persistent threat techniques.

The C)PTE was developed around principles and behaviors used to combat malicious hackers and focuses on professional penetration testing rather than “ethical hacking”.

With this in mind, the CPTE certification course is an up-grade to the EC-Council CEH!


  • A minimum of 12 months’ experience in networking technologies
  • Sound knowledge of TCP/IP
  • Knowledge of Microsoft packages
  • Network+, Microsoft, Security+
  • Basic Knowledge of Linux is essential

Student Materials:

  • Student Workbook
  • Student Lab Guide
  • Prep Guide

Certification Exam:

CPTE – Certified Pen Testing Engineer™ (taken through mile2’s MACS online testing system)

CPEs: 40

Who Should Attend:

  • Pen Testers
  • Ethical Hackers
  • Network Auditors
  • Cyber Security Professionals
  • Vulnerability Assessors
  • Cyber Security Managers
  • IS Managers


Upon completion, Certified Penetration Testing Engineer students will be able to establish industry acceptable auditing standards with current best practices and policies. Students will also be prepared to competently take the C)PTE exam.



The Certified Penetration Testing Engineer exam is taken online through Mile2’s Assessment and Certification System (“MACS”), which is accessible on your account. The exam will take 2 hours and consist of 100 multiple choice questions.


Module 0: Course Overview

Module 1: Business and Technical Logistics of Pen Testing

Module 2: Linux Fundamentals

Module 3: Information Gathering

Module 4: Detecting Live Systems

Module 5: Enumeration

Module 6: Vulnerability Assessments

Module 7: Malware Goes Undercover

Module 8: Windows Hacking

Module 9: Hacking UNIX/Linux

Module 10: Advanced Exploitation Techniques

Module 11: Pen Testing Wireless Networks

Module 12: Networks, Sniffing and IDS

Module 13: Injecting the Database

Module 14: Attacking Web Technologies

Module 15: Project Documentation




Module 1 Lab – Getting Set Up

Exercise 1 – Naming and subnet assignments

Exercise 2 – Discovering your class share

Exercise 3 – VM Image Preparation

Exercise 4 – Discovering the Student Materials

Exercise 5 – PDF Penetration Testing Methodology’s review


Module 2 Lab – Linux Fundamentals

Exercise 1 – ifconfig

Exercise 2 – Mounting a USB Thumb Drive

Exercise 3 – Mount a Windows partition

Exercise 4 – VNC Server

Exercise 5 – Preinstalled tools in BackTrack 5


Module 3 Lab – Information Gathering

Exercise 1 – Google Queries

Exercise 2 – Footprinting Tools

Exercise 3 – Getting everything you need with Maltego

Exercise 4 – Using Firefox for Pen Testing

Exercise 5 – Documentation of the assigned tasks


Module 4 Lab – Detecting Live Systems

Exercise 1 – Look@LAN

Exercise 2 – Zenmap

Exercise 3 – Zenmap in BackTrack 5

Exercise 4 – NMAP Command Line

Exercise 5 – Hping2

Exercise 6 – Unicornscan

Exercise 7 – Documentation of the assigned tasks


Module 5 Lab – Reconnaissance

Exercise 1 – Banner Grabbing

Exercise 2 – Zone Transfers

Exercise 3 – SNMP Enumeration

Exercise 4 – LDAP Enumeration

Exercise 5 – Null Sessions

Exercise 6 – SMB Enumeration

Exercise 7 – SMTP Enumeration

Exercise 8 – Documentation of the assigned tasks


Module 6 Lab – Vulnerability Assessment

Exercise 1 – Run Nessus for Windows

Exercise 2 –Run Saint

Exercise 3 – Documentation of the assigned tasks


Module 7 Lab – Malware

Exercise 1 – Netcat (Basics of Backdoor Tools)

Exercise 2 – Exploiting and Pivoting our Attack

Exercise 3 – Creating a Trojan

Exercise 4 – Documentation of the assigned tasks


Module 8 Lab – Windows Hacking

Exercise 1 – Cracking a Windows Password with Linux

Exercise 2 – Cracking a Windows Password with Cain

Exercise 3 – Covering your tracks via Audit Logs

Exercise 4 – Alternate Data Streams

Exercise 5 – Stegonagraphy

Exercise 6 – Understanding Rootkits

Exercise 7- Windows 7 Client Side Exploit (Browser)

Exercise 8- Windows 2008 SMBv2 Exploit

Exercise 9 – Documentation of the assigned tasks


Module 9 Lab – Hacking UNIX/Linux

Exercise 1 – Setup and Recon – Do you remember how?

Exercise 2 – Making use of a poorly configured service

Exercise 3 – Cracking a Linux password

Exercise 4 – Creating a backdoor and covering our tracks

Exercise 5 – Documentation of the assigned tasks


Module 10 Lab – Advanced Vulnerability and Exploitation Techniques

Exercise 1 – Metasploit Command Line

Exercise 2 – Metasploit Web Interface

Exercise 3 –

Exercise 4 – Saint

Exercise 5 – Documentation


Module 11 Lab – Attacking Wireless Networks

Exercise 1 – War Driving Lab

Exercise 2 – WEP Cracking Lab (classroom only)

Exercise 3 – Documentation


Module 12 Lab – Networks, Sniffing and IDS

Exercise 1 – Capture FTP Traffic

Exercise 2 – ARP Cache Poisoning Basics

Exercise 3 – ARP Cache Poisoning – RDP

Exercise 4 – Documentation


Module 13 Lab – Database Hacking

Exercise 1 – Hacme Bank – Login Bypass

Exercise 2 – Hacme Bank – Verbose Table Modification

Exercise 3 – Hacme Books – Denial of Service

Exercise 4 – Hacme Books – Data Tampering

Exercise 5 – Documentation of the assigned tasks


Module 14 Lab – Hacking Web Applications

Exercise 1 – Input Manipulation

Exercise 2 – Shoveling a Shell

Exercise 3 – Hacme Bank – Horizontal Privilege Escalation

Exercise 4 – Hacme Bank – Vertical Privilege Escalation

Exercise 5 – Hacme Bank – Cross Site Scripting

Exercise 6 – Documentation of the assigned tasks


Module 15 Lab – Cryptography

Exercise 1 – Caesar Encryption

Exercise 2 – RC4 Encryption

Exercise 3 – IPSec Deployment

Post-Class Lab – CORE IMPACT

Exercise 1 – CORE IMPACT




Module 0: Course Introduction

Courseware Materials

Course Overview

Course Objectives

CPTE Exam Information

Learning Aids


Class Prerequisites

Student Facilities



Module 1: Business and Technical Logistics of Penetration Testing


What is a Penetration Test?

Benefits of a Penetration Test

Data Breach Insurance

CSI Computer Crime Survey

Recent Attacks & Security Breaches

What does a Hack cost you?

Internet Crime Complaint Center

The Evolving Threat

Security Vulnerability Life Cycle

Exploit Timeline

Zombie Definition

What is a Botnet?

How is a Botnet Formed?

Botnet Statistics

How are Botnet’s Growing?

Types of Penetration Testing

Hacking Methodology

Methodology for Penetration Testing

Penetration Testing Methodologies

Hacker vs. Penetration Tester

Not Just Tools

Website Review

Tool: SecurityNOW! SX

Seven Management Errors



Module 2: Linux Fundamentals


Linux History: Linus + Minix = Linux

The GNU Operating System

Linux Introduction

Linux GUI Desktops

Linux Shell

Linux Bash Shell

Recommended Linux Book

Password & Shadow File Formats

User Account Management

Instructor Demonstration

Changing a user account password

Configuring Network Interfaces with Linux

Mounting Drives with Linux

Tarballs and Zips

Compiling Programs in Linux

Why Use Live Linux Boot CDs

Typical Linux Operating Systems


Module 3: Information Gathering


What Information is gathered by the Hacker?

Organizing Collected Information

Leo meta-text editor

Free Mind: Mind mapping

IHMC CmapTools

Methods of Obtaining Information

Physical Access

Social Access

Social Engineering Techniques

Social Networks

Instant Messengers and Chats

Digital Access

Passive vs. Active Reconnaissance

Footprinting defined


Maltego GUI


Footprinting tools

Google Hacking

Google and Query Operators


Job Postings

Blogs & Forums

Google Groups / USENET

Internet Archive: The WayBack Machine

Domain Name Registration


WHOIS Output

DNS Databases

Using Nslookup

Dig for Unix / Linux

Traceroute Operation

Traceroute (cont.)

3D Traceroute

Opus online traceroute

People Search Engines

Intelius info and Background Check Tool

EDGAR For USA Company Info

Company House For British Company Info

Client Email Reputation

Web Server Info Tool:   Netcraft

Footprinting Countermeasures




Module 4: Detecting Live System


Introduction to Port Scanning

Port Scan Tips

Expected Results

Popular Port Scanning Tools

Stealth Online Ping

NMAP: Is the Host online

ICMP Disabled?

NMAP TCP Connect Scan

TCP Connect Port Scan

Tool Practice : TCP half-open & Ping Scan

Half-open Scan

Firewalled Ports

NMAP Service Version Detection

Additional NMAP Scans

Saving NMAP results


UDP Port Scan

Advanced Technique

Tool: Superscan

Tool: Look@LAN

Tool: Hping2

Tool: Hping2

More Hping2

Tool: Auto Scan

OS Fingerprinting: Xprobe2

Xprobe2 Options

Xprobe2 –v –T21-500 192.168.XXX.XXX

Tool: P0f

Tool Practice: Amap

Tool: Fragrouter: Fragmenting Probe Packets

Countermeasures: Scanning



Module 5: Enumeration

Enumeration Overview

Web Server Banners

Practice: Banner Grabbing with Telnet

SuperScan 4 Tool: Banner Grabbing



SMTP Server Banner

DNS Enumeration

Zone Transfers from Windows 2000 DNS

Backtrack DNS Enumeration

Countermeasure: DNS Zone Transfers

SNMP Insecurity

SNMP Enumeration Tools

SNMP Enumeration Countermeasures

Active Directory Enumeration


AD Enumeration countermeasures

Null sessions

Syntax for a Null Session

Viewing Shares

Tool: DumpSec

Tool: Enumeration with Cain and Abel

NAT Dictionary Attack Tool


Injecting Abel Service

Null Session Countermeasures



Module 6: Vulnerability Assessments


Vulnerabilities in Network Services

Vulnerabilities in Networks

Vulnerability Assessment Def

Vulnerability Assessment Intro

Testing Overview

Staying Abreast: Security Alerts

Vulnerability Research Sites

Vulnerability Scanners


Nessus Report

SAINT – Sample Report

Tool: Retina

Qualys Guard

Tool: LANguard

Microsoft Baseline Analyzer

MBSA Scan Report

Dealing with Assessment Results

Patch Management

Other Patch Management Options


Module 7: Malware Goes Undercover


Distributing Malware

Malware Capabilities

Countermeasure: Monitoring Autostart Methods

Tool: Netcat

Netcat Switches

Netcat as a Listener

Executable Wrappers

Benign EXE’s Historically Wrapped with Trojans

Tool: Restorator

Tool: Exe Icon

The Infectious CD-Rom Technique

Trojan: Backdoor.Zombam.B

Trojan: JPEG GDI+

All in One Remote Exploit

Advanced Trojans: Avoiding Detection


Malware Countermeasures

Gargoyle Investigator

Spy Sweeper Enterprise

CM Tool: Port Monitoring Software

CM Tools:  File Protection Software

CM Tool: Windows File Protection

CM Tool: Windows Software

Restriction Policies

CM Tool: Hardware Malware Detectors

Countermeasure: User Education


Module 8: Windows Hacking


Password Guessing

Password Cracking LM/NTLM Hashes

LM Hash Encryption

NT Hash Generation

Syskey Encryption

Cracking Techniques

Precomputation Detail

Creating Rainbow Tables

Free Rainbow Tables

NTPASSWD:Hash Insertion Attack

Password Sniffing

Windows Authentication Protocols

Hacking Tool: Kerbsniff & KerbCrack

Countermeasure: Monitoring Logs

Hard Disk Security

Breaking HD Encryption

Tokens & Smart Cards

USB Tokens

Covering Tracks Overview

Disabling Auditing

Clearing and Event log

Hiding Files with NTFS Alternate Data Stream

NTFS Streams countermeasures

What is Steganography?

Steganography Tools

Shedding Files Left Behind

Leaving No Local Trace

Tor:  Anonymous Internet Access

How Tor Works

TOR + OpenVPN= Janus VM

Encrypted Tunnel Notes:

Hacking Tool: RootKit

Windows RootKit Countermeasures


Module 9: Hacking UNIX/Linux



File System Structure



Starting and Stopping Processes

Interacting with Processes

Command Assistance

Interacting with Processes

Accounts and Groups

Password & Shadow File Formats

Accounts and Groups

Linux and UNIX Permissions

Set UID Programs

Trust Relationships

Logs and Auditing

Common Network Services

Remote Access Attacks

Brute-Force Attacks

Brute-Force Countermeasures

X Window System

X Insecurities Countermeasures

Network File System (NFS)

NFS Countermeasures

Passwords and Encryption

Password Cracking Tools


Symbolic Link

Symlink Countermeasure

Core File Manipulation

Shared Libraries

Kernel Flaws

File and Directory Permissions

SUID Files Countermeasure

File and Directory Permissions

World-Writable Files Countermeasure

Clearing the Log Files


Rootkit Countermeasures



Module 10: Advanced Exploitation Techniques


How Do Exploits Work?

Format String

Race Conditions

Memory Organization

Buffer OverFlows

Buffer Overflow Definition

Overflow Illustration

How Buffers and Stacks Are

Supposed to Work

Stack Function

How a Buffer Overflow Works

Buffer Overflows

Heap Overflows

Heap Spraying


Security Code Reviews

Stages of Exploit Development

Shellcode Development

The Metasploit Project

The Metasploit Framework



SaintExploit at a Glance

SaintExploit Interface

Core Impact Overview



Module 11: Pen Testing Wireless Networks


Standards Comparison

SSID (Service Set Identity)

MAC Filtering

Wired Equivalent Privacy

Weak IV Packets

WEP Weaknesses

XOR – Encryption Basics

How WPA improves on WEP


The WPA MIC Vulnerability

802.11i – WPA2

WPA and WPA2 Mode Types

WPA-PSK Encryption


LEAP Weaknesses


Tool: Kismet

Tool: Aircrack-ng Suite

Tool: Airodump-ng

Tool: Aireplay

DOS: Deauth/disassociate attack

Tool: Aircrack-ng

Attacking WEP

Attacking WPA


Exploiting Cisco LEAP




Typical Wired/Wireless Network

802.1X: EAP Types

EAP Advantages/Disadvantages

EAP/TLS Deployment

New Age Protection

Aruba – Wireless Intrusion Detection and Prevention

RAPIDS Rogue AP Detection Module



Module 12: Networks, Sniffing, IDS


Example Packet Sniffers

Tool: Pcap & WinPcap

Tool: Wireshark

TCP Stream Re-assembling

Tool: Packetyzer

tcpdump & windump

Tool: OmniPeek

Sniffer Detection Using Cain & Abel

Active Sniffing Methods

Switch Table Flooding

ARP Cache Poisoning

ARP Normal Operation

ARP Cache Poisoning Tool


Tool: Cain and Abel


Linux Tool Set: Dsniff Suite

Dsniff Operation

MailSnarf, MsgSnarf, FileSnarf

What is DNS spoofing?

Tools: DNS Spoofing

Session Hijacking

Breaking SSL Traffic

Tool: Breaking SSL Traffic

Tool: Cain and Abel

Voice over IP (VoIP)

Intercepting VoIP

Intercepting RDP

Cracking RDP Encryption

Routing Protocols Analysis

Countermeasures for Sniffing

Countermeasures for Sniffing

Evading The Firewall and IDS

Evasive Techniques

Firewall – Normal Operation

Evasive Technique -Example

Evading With Encrypted Tunnels

Newer Firewall Capabilities

‘New Age’ Protection

Networking Device – Bastion Host

Spyware Prevention System (SPS)

Intrusion ‘SecureHost’ Overview

Intrusion Prevention Overview



Module 13: Injecting the Database


Vulnerabilities & Common Attacks

SQL Injection

Impacts of SQL Injection

Why SQL “Injection”?

SQL Injection: Enumeration

SQL Extended Stored Procedures

Direct Attacks

SQL Connection Properties

Attacking Database Servers

Obtaining Sensitive Information

Hacking Tool: SQLScan

Hacking Tool: osql.exe

Hacking Tool: Query Analyzers

Hacking Tool: SQLExec

Hacking Tool: Metasploit

Finding & Fixing SQL Injection

Hardening Databases



Module 14: Attacking Web Technologies


Web Server Market Share

Common Web Application Threats

Progression of a Professional Hacker

Anatomy of a Web Application Attack

Web Applications Components

Web Application Penetration Methodologies

URL Mappings to Web Applications

Query String

Changing URL Login Parameters

Cross-Site Scripting (XSS)

Injection Flaws

Unvalidated Input

Unvalidated Input Illustrated

Impacts of Unvalidated Input

Finding & Fixing Un-validated Input

Attacks against IIS


IIS Directory Traversal

IIS Logs

Other Unicode Exploitations

N-Stalker Scanner 2009


HTTrack Website Copier

Wikto Web Assessment Tool

SiteDigger v3.0

Paros Proxy

Burp Proxy


Dictionary Maker


Acunetix Web Scanner

Samurai Web Testing Framework


Module 15: Project Documentation


Additional Items

The Report

Report Criteria:

Supporting Documentation

Analyzing Risk

Report Results Matrix

Findings Matrix

Delivering the Report

Stating Fact


Executive Summary

Technical Report

Report Table Of Contents

Summary Of Security Weaknesses Identified

Scope of Testing

Summary Recommendations

Summary Observation

Detailed Findings

Strategic and Tactical Directives

Statement of Responsibility / Appendices