NSD Certified Penetration Tester certification is a recognized empanelment program for information security professionals with hands-on proven experience in vulnerability analysis and penetration testing.
The program is a foundation for many other job roles including Security Information and Event Management (SIEM), Computer Forensics, Web Application Security, ISO 27001 Compliance, PCI-DSS, Internal IT Security Audit etc. The course includes:
01 Video sessions
You get access to pre-recorded video sessions with detailed explanation of tools and methods
02 Live sessions
In addition, you also get trainer led sessions to better understand and cement your learning
03 Virtual Labs
Practise your skills in a safe-environment with online virtual labs provided by Cyberange – Over 200+ Hands-on Labs!
04 Reading material
Get access to reading material, also in audio form for ease of learning and understanding
Select a plan which best suits you and earn your National Security Database Certification
If you are a beginner and would like to expand your knowledge of penetration testing, this plan is for you
If you have a sound knowledge of linux based systems and would like to take your skillset to the next level, this plan is for you
For all students who clear the Falcon level
Connect with the best minds in Infosec domain
Certification from NSD means faster job opportunities
Get support for job interviews on successfully clearing the lab exams
With 30 days of Virtual labs, you will have proven hands-on skills to handle your next big job
Get training on the Cyber-Physical Systems based Smart City simulator on IoT and SCADA security
Understanding the ethics and culture behind the motivation and behaviour of hackers and security researchers is essential to gain the right perspective in not only handling and anticipating security incidents but also respecting the effort of hackers in modernising and securing much of today’s technology. The domain tests a candidate’s knowledge on the current trend of hacker ethics and beliefs.
The candidate is expected to research on various hacker groups, their language, lingo used, broad activities etc. and understand their motivation. Depending on the exam paper, you may be asked to write a short essay of 300 words during the exam on this subject.
Running a business is not easy. With high capital costs, manpower costs and maintenance, most organizations focus on ensuring they are able to market and sell their services and products in a profitable manner. With thin profit margins, Information security and its associated costs is always the last aspect of investment.
Even as organizations do invest in Information security, there are multiple internal challenges of skilled manpower, limitations of resources, time consuming processes and funds. There is always an opportunity to make mistakes that can compromise the organization network and it’s sensitive information by a persistent attacker. The objective of this domain to make the candidate realise that it is always possible to hack any organization, no matter how big or small.
One of the most important skills for a penetration tester, detailed information gathering can often give insight and leads for hard-to-find deployed systems.
This domain, in the context of the examination focuses on candidate’s skill to plan and collect information about a target organization or its assets for effective use in further vulnerability analysis and penetration testing.
The candidate is tested on their knowledge for effectively using search engines such as BING, Google, Shodan etc and documenting their findings for further use.
From making a phone call to an unsuspecting employee for gathering sensitive information to sending a legitimate looking email to hack accounts, Social Engineering is one of the most successful techniques used by the attackers against their targets.
We look at how hackers exploit love, faith, belief, trust, anger, hatred, generosity etc. for their gains and advantage by social engineering.
Some of the questions expected in the lab exam include drafting an email to a target for gaining trust, crafting a phishing mail, approaches for using social media to gain credibility or proving their story to a possible victim etc.
Finding vulnerabilities in systems and compromising them is a key skill for a successful penetration tester. This can be done best by professionals who understand the systems and their workings in detail. The domain focusses on various offensive attacks to bypass systems security.
From the context examination, the candidate will be tested for technical competencies on using various offensive tools and their approach to compromise a system. Information Security professionals must constantly upgrade their knowledge in this domain.
Passwords are the basic form of protection used by network devices and systems for allowing access to resources. Each system or technology may employ a different approach for using and managing passwords for access control and hence a strong knowledge of various password hacking techniques is crucial for security professional conducting an assessment.
Some of the areas covered in this domain include use of steganography, rainbow tables, decrypting password hashes, using brute force techniques etc. The candidate may be assessed for their skills in using the right approach to gain passwords for a system in a limited time.
Malwares are the most prized weapons of attackers as they provide extraordinary capabilities in accessing infected systems and networks. With over a million new malware variants released every six months on the internet and a few dozen anti-virus companies to defend against them, the battle among the enterprise and the attackers is constantly increasing in complexity.
A good understanding of various malwares such as viruses, Trojans, worms, rootkits, botnets etc is essential to allow a professional in handling a compromised system. While use of malwares in a penetration testing assignment is unconventional, it should not be prohibited as it is the only way to test the effectiveness of deployed anti-measures.
The examination involves testing a candidate’s skill and knowledge of handling a malware and using them for effectively compromising systems.
Denial of service attack is the most common form of network attack used by attackers to voice their protest or take down an organization. As a penetration tester, it is important to test how vulnerable an asset or a network is from this attack. From the context of examination, a candidate may be tested for their knowledge of such attacks and countermeasures commonly used.
This domain also covers Web application security and the candidate is expected to be well versed with OWASP Top 10 attacks with hands-on experience. The examination includes detailed testing of skills in web application hacking and security.
This is the most advanced and important domain in examination. From using a remote exploit to a local exploit, the skill mostly allows the attacker to gain administrative access to the targeted system.
The examination includes testing of pivoting skills, using metasploit, compiling and running exploits, using zero days etc. The approach of the candidate in their choice of exploit and use is also ranked.
In this module, we focus on various methods of reporting and how to present the findings professionally to the senior management.
With over 100,000 plus jobs available in India alone, it is increasingly becoming difficult for companies to find good cybersecurity professionals. Organizations no longer want to trust professionals who become “ethical hackers” by simply passing an online objective-based exam, as they seldom have the real-world perspective and confidence to execute the job once given. Professionals with incomplete knowledge are not only putting their organization at risk, but also their Nation, as they handle sensitive projects impacting the economy of the country.
The National Security Database is the only not-for-profit program, well recognized and respected by various Corporate and Government organizations for its stringent process and hands-on lab exams for assessing the credibility of a professional.
Instantly get pre-configured vulnerable systems in a network along with kali Linux in a private cloud for hands-on practical of topics.
The online videos for both Standard and Expert plan are self-paced while the live sessions are conducted every month or alternate months
Standard program is meant for beginners with a basic knowledge of Linux while Expert is for people with sound knowledge of Kali Linux tools and theory
Yes, we have EMI options available for both Standard and Expert program. For more details, please write to support@isacindia.org
Standard
13, 14, 20, 21 and 27 March
Expert
TBA
Standard
10, 11, 17, 18 and 24 April
Expert
TBA
Standard
08, 09 , 15, 16 and 22 May
Expert
TBA
© 2020 All rights reserved
Made with ❤ in India.