Advanced Penetration Testing

Attacking Hardened Defense Systems

Course Description

Advanced Penetration Testing provides penetration testers the training needed to perform advanced pen testing against known or unknown applications, services, and network systems which are patched and hardened with both Network and Host-based Intrusion Detection/Preventions systems (IDS/IPS) in place. The learning curve for this program is extremely steep, but the rewards are astronomical where students are presented with the opportunity of learning what it REALLY takes to hack into some of the most secure networks and applications in the world.

Views shared will include what it REALLY takes to hack and then defend some of the most secured networks and applications around today under the guidance and support of a world renowned expert in Advanced Pen Testing.

The Trainer

Joe McCray has over 10 years of experience in the security industry with a diverse background that includes network and web application penetration testing, forensics, training, and regulatory compliance.  Having performed hundreds of penetration tests assessing well over 250,000 hosts in the DoD, Federal, Financial, Gaming, Retail, and Hospitality industries – Joe’s specialty is pentesting high security environments, and bypassing high end security systems.

Joe is a US Air Force veteran with 5 years of US Army contracting experience in information assurance (specifically Information Assurance Network Engineering, Incident Response, Forensics, Vulnerability Assessments, and Penetration Testing). He is well versed in cyber war, cyber terrorism tactics having spent 2 years in Iraq and 1 year at US Army NetCom. He now gives advanced hacking and forensics training to the FBI, NSA, DHS, Royal Canadian Mounties, and several other entities. Joe is also a frequent trainer and presenter at security conferences such as Black Hat, Def Con, BruCON, Hacker Halted, Techno Security, Techno Forensics, and many others.
Joe was awarded the EC-Council Instructor of the Year award for 2010, and a Circle of Excellence (Instructor) recipient for 2009.

Who should attend

This course is intended for:
  • Information security professionals
  • Penetration Testers
  • IT managers
  • IT auditors
  • Government & Intelligence Agencies interested in real world attack and defense in today’s complex and highly secure IT environments

NOTE: This is NOT a course for the beginners. 80% of class is hands-on hacking labs. Participants should ideally be CEH or ECSA certified, or hold relevant industry certifications, or experience.


Upon completion of this program, student should be able to understand:
  • What it REALLY takes to break into a highly secured organization from the outside
  • How to move around the network without being detected by IDS/IPS
  • How to mitigate or circumvent common security implementations such as Locked
  • Down desktops, GPOs, IDSs/IPSs/WAFs, among others.
  • How to Pentest “High Security environments” such as government agencies, financial institutions, and other key installations.

Pre - requisites
  • Students must be familiar with IT Security best practices, and have a good understanding of TCP/IP and common web technologies.
  • Windows administration for servers and workstations
  • Linux/*NIX system administration skill
  • Intermediate command line proficiency on both Windows and *NIX systems

Students should be familiar with the following web technologies and languages:
  • HTTP
  • HTML
  • Javascript
  • ASP
  • PHP
  • SQL
Students should also be familiar with Metasploit, and VMWare.

Course Outline

Module 01: Advanced Scanning
Module 02: Attacking From the Web
Module 03: Client-Side Pentesting
Module 04: Attacking From the LAN

Module 05: Breaking out of Restricted Environments
Module 06: Bypassing Network-Based IDS/IPS
Module 07: Privilege Escalation
Module 08: Post-Exploitation

Joseph McCray

October 26 – 28, 2012

Register and pay by May 31, 2012: $2799
Register and pay by August 31, 2012: $3199
Register and pay after September 1, 2012: $3399

Class Capacity

You will get this:
  1. Official CAST Courseware
  2. Complimentary Pass to Hacker Halted conference (Inclusive of Party entrance pass).
  3. Lunch and coffee breaks throughout the duration of the training.
  4. Certificate of Attendance