Page 1

ECSA/LPT
Instructor Guide
http://www.eccouncil.org
http://www.eccouncil.org

EC-Council
EC-Council

R AT I

O
N

ET
N
E

Page 2

LICENSED

Fact Sheet
Title of the course: EC-Council Certified Security Analyst/ Licensed Penetration Tester
Exam Availability Locations
- Prometric Prime
- Prometric APTC
- VUE
Exam Code
The exam code varies when taken at different testing centers.
- Prometric Prime: 412-79
- Prometric APTC: EC0-479
- VUE: 412-79
Exam Title
EC-Council Certified Security Analyst
Exam costs USD 300/-

http://www.eccouncil.org

EC-Council

Number of questions
50
Page 3

Duration
2 hours
Passing score
70%

About this course

The ECSA/LPT is a very advanced security-training program. Proper preparation is required before
conducting the ECSA/LPT class.

Instructor pre-requisites
- You must have advanced knowledge of networking and system administration skills. MCSE and
CCNA certifications are preferred.
- You must have CEH certification
- You must have worked on Firewalls, IDS and Anti-virus systems
- Excellent presentation skills
- Knowledge on hacking tools and their usage
- The ability to handle students effectively in the class
- Manage lecture / labs time effectively

Things to do before you can teach the ECSA/LPT class

- Order ECSA/LPT student courseware kit
- Read the entire book
- Read the ECSA/LPT lab manual and practice the labs
- Navigate and become familiar with the tools in ECSA/LPT Labs CD-ROMS
- Become familiar with the CD-ROM contents of each CD in the courseware

How to approach this course?

This course is based on 100% methodologies. Students sitting in your class should have completed
the CEH program and they are quite aware of the tools and their usage. In this class you focus on the
steps in conducting penetration testing using those tools. Focus on the concepts and not the tools.
For example: students are familiar with nmap and how it works but you should cover nmap in how to

http://www.eccouncil.org

EC-Council

interpret the results in successful security assessment and how to document them. The LPT templates
give quite extensive reporting capabilities. Spend 80% on the Penetration Testing methodologies and
20% on labs.
This is heavy theory based course. Explain to the student about this approach before you start the class.

Page 4

What is ECSA/LPT program?

The ECSA/LPT training program prepares students to analyze the outcome from hacking tools and
technologies. Through groundbreaking penetration testing methods and techniques, ECSA/LPT class
helps students perform the intensive assessments required to effectively identify and mitigate risks
to the security of the infrastructure. This makes ECSA/LPT a relevant milestone towards achieving
EC-Councils Licensed penetration Tester, which also ingrains the learner in the business aspect of
penetration testing.

The audience
You will find different types of audience sitting in your ECSA/LPT class. They are:
- Network server administrators
- Firewall Administrators
- Security Testers
- System Administrators
- Risk Assessment professionals

Why is the student sitting in your ECSA/LPT class?

Students want to learn how to how to conduct penetration testing, where to start, what are the necessary
steps, how to document the results, how to prepare legal agreements etc. They want to learn about the
process and methodologies in penetration testing.

Showcase of tools
You will find that each module showcases various tools. Students are exposed to all the tools in that
category. You are demonstrating the concept of each tool and not necessarily recommending their usage.
The students are free to choose any tool that fits their task but they MUST know the complete showcase
of tools that are available to them.

http://www.eccouncil.org

EC-Council

ECSA/LPT Module Content

http://www.eccouncil.org

Page 5

The ECSA/LPT program contains 35 modules

1.
The Need for Security Analysis
2.
Advanced Googling
3.
TCP/IP Packet Analysis
4.
Advanced Sniffing Techniques
5.
Vulnerability Analysis with Nessus
6.
Advanced Wireless Testing
7.
Designing a DMZ
8.
Snort Analysis
9.
Log Analysis
10.
Advanced Exploits and Tools
11.
Penetration Testing Methodologies
12.
Customers and Legal Agreements
13.
Penetration Testing Planning and Scheduling
14.
Pre Penetration Testing Checklist
15.
Information Gathering
16.
Vulnerability Analysis
17.
External Penetration Testing
18.
Internal Network Penetration Testing
19.
Router Penetration Testing
20.
Firewall Penetration Testing
21.
IDS Penetration Testing
22.
Wireless Network Penetration Testing
23.
Denial of Service Penetration Testing
24.
Password Cracking Penetration Testing
25.
Social Engineering Penetration Testing
26.
Stolen Laptop Penetration Testing
27.
Application Penetration Testing
28.
Physical Security Penetration Testing
29.
Database Penetration testing
30.
VoIP Penetration Testing
31.
VPN Penetration Testing
32.
Penetration Testing Report Analysis
33.
Penetration Testing Report and Documentation Writing

EC-Council

34.
35.

Penetration Testing Deliverables and Conclusion

Ethics of a Licensed Penetration Tester

ECSA/LPT - classroom Timing

Page 6

5 days training 9:00 5:00

(Monday Friday)
Day 1
--------------------------------------------------------------------------------------------------------------------------Morning
Module 1: The Need for Security Analysis
Module 2: Advanced Googling
Module 3: TCP/IP Packet Analysis
Afternoon
Module 4: Advanced Sniffing Techniques
Module 5: Vulnerability Analysis with Nessus
Module 6: Advanced Wireless Testing
Day 2
--------------------------------------------------------------------------------------------------------------------------Morning
Module 7: Designing a DMZ
Module 8: Snort Analysis
Module 9: Log Analysis
Module 10: Advanced Exploits and Tools
Afternoon
Module 11: Penetration Testing Methodologies
Module 12: Customers and Legal Agreements
Module 13: Penetration Testing Planning and Scheduling
Module 14: Pre Penetration Testing Checklist

http://www.eccouncil.org

EC-Council

Page 7

Day 3
--------------------------------------------------------------------------------------------------------------------------Morning
Module 15: Information Gathering
Module 16: Vulnerability Analysis
Module 17: External Penetration Testing
Afternoon
Module 18: Internal Network Penetration Testing
Module 19: Router Penetration Testing
Module 20: Firewall Penetration Testing
Day 4
--------------------------------------------------------------------------------------------------------------------------Morning
Module 21: IDS Penetration Testing
Module 22: Wireless Network Penetration Testing
Module 23: Denial of Service Penetration Testing
Module 24: Password Cracking Penetration Testing
Afternoon
Module 25: Social Engineering Penetration Testing
Module 26: Stolen Laptop Penetration Testing
Module 27: Application Penetration Testing
Module 28: Physical Security Penetration Testing
Day 5
--------------------------------------------------------------------------------------------------------------------------Morning
Module 29: Database Penetration testing
Module 30: VoIP Penetration Testing
Module 31: VPN Penetration Testing
Afternoon
Module 32: Penetration Testing Report Analysis
Module 33: Penetration Testing Report and Documentation Writing
Module 34: Penetration Testing Deliverables and Conclusion
Module 35: Ethics of a Licensed Penetration Tester

http://www.eccouncil.org

EC-Council

Please adjust the time to suit your needs.

Student Courseware Contents

Page 8

The student courseware consists:

1.
The ECSA/LPT courseware books
2.
The ECSA/LPT Lab Manual
3.
CD-ROMS

Module 01 - How to Teach This Module

The Need for Security Analysis
Instructor notes:
Discuss the necessity for security analysis. Explain the risk and risk assessment process. Explain various
security policies that need to be deployed in the organization. Discuss various information security laws
around the world.
Read various whitepapers related to this module in Labs CD-ROM.
Additional Labs
o
Conduct Lab 1.1 Lab 1.8

Module 02 - How to Teach This Module

Advanced Googling
Instructor notes:
Discuss the various techniques for advanced googling. Show the search for directory listings using intitle:
index.of.
In google search, use various advanced search options such as intitle, login| logon, admin| administrator,
etc to search for login deatails, username, passwords, error messages, vulnerabilities, admin accounts, etc.
Show the students how to locate the vulnerable targets via demonstration pages, source code and CGI

http://www.eccouncil.org

EC-Council

scanning.
Page 9

Read various whitepapers related to this module in Labs CD-ROM.

Additional Labs
o
Conduct Lab 2.1 Lab 2.5

Module 03 - How to Teach This Module

TCP/IP Packet Analysis
Instructor notes:
Explain the TCP/IP model and discuss the functions and working of its layers.
Explain TCP/IP header, their operations and ports. Discuss windowing, synchronization and DoS
attacks.
Discuss Internet Control Message Protocol and format of an ICMP message.
Read various whitepapers related to this module in Labs CD-ROM.
Additional Labs
o
Conduct Lab 3.1 Lab 3.3

Module 04 - How to Teach This Module

Advanced Sniffing Techniques
Instructor notes:
Explain network protocol analyzer Wireshark, its features and working.
Demonstrate the tool Wireshark
Additional Labs
o
Conduct Lab 4.1

http://www.eccouncil.org

EC-Council

Module 05 - How to Teach This Module

Vulnerability Analysis with Nessus
Instructor notes:
Explain vulnerability scanner Nessus, its features and working.
Demonstrate the tool Nessus

Page 10

Additional Labs
o
Conduct Lab 5.1- Lab 5.2

Module 06 - How to Teach This Module

Advanced Wireless Testing
Instructor notes:
Explain the advanced techniques for wireless penetration testing. Discuss various wireless concepts such
as its components and standards.
Explain Wired Equivalent Privacy, its issues, flaws, and security. Discuss WPA, EAP, and TKIP.
Demonstrate the tools Netstumbler, Kismet, AirSnort, and WEPCrack
Additional Labs
o
Conduct Lab 6.1

Module 07 - How to Teach This Module

Designing a DMZ
Instructor notes:
Discuss how to design the DMZ.
Demonstrate the Reconnex system.
Additional Labs
o
Conduct Lab 7.1- Lab 7.4

http://www.eccouncil.org

EC-Council

Instructor notes:
Explain network intrusion prevention and detection system, Snort; its features, modes of operation,
configuration and working.
Tell students how to write snort rules
Demonstrate the tool Snort, IDS Policy Manager and Honeynet Security Console

Page 11

Module 08 - How to Teach This Module

Snort Analysis

Additional Labs
o
Conduct Lab 8.1- Lab 8.5

Module 09 - How to Teach This Module

Log Analysis
Instructor notes:
Explain to students how to analyze various logs such as Syslog, Web server logs, Router logs, Wireless
network devices logs, Windows logs, Linux logs, SQL server logs, VPN server logs, Firewall logs, IDS
logs, and DHCP logs.
Demonstrate various log analysis and log alert tools.
Additional Labs
o
Conduct Lab 9.1

Module 10 - How to Teach This Module

Advanced Exploits and Tools
Instructor notes:
Discuss the exploits and shellcodes.
Demonstrate the tools GDB, Metasploit, Canvas and CORE Impact

http://www.eccouncil.org

EC-Council

Additional Labs
o
Conduct Lab 10.1

Page 12

Module 11 - How to Teach This Module

Penetration Testing Methodologies
Instructor notes:
Discuss penetration testing methodology and various types of security assessments.
Explain EC-Councils LPT methodology.

Module 12 - How to Teach This Module

Customers and Legal Agreements
Instructor notes:
Explain to students about customer and legal agreements related to penetration testing.
Discuss about penetration testing contract and its rules.
Explain various laws and acts related to information security and privacy.

Module 13 - How to Teach This Module

Penetration Testing Planning and Scheduling
Instructor notes:
Discuss how to plan penetration testing.
Explain to students how to create Tiger team in their organization.
Demonstrate the various penetration testing project scheduling tools.
Discuss EC-Councils Vampire Box.

http://www.eccouncil.org

EC-Council

Module 14 - How to Teach This Module

Pre Penetration Testing Checklist
Page 13

Instructor notes:
Explain to students what steps needed to perform before penetration testing
Discuss things a tester needs to gather as a part of pre penetration testing such as Liability insurance
form, client organization requirements, tools listing, etc.

Module 15 - How to Teach This Module

Information Gathering
Instructor notes:
Explain what information gathering is and discuss the various steps involved in information gathering.
Demonstrate the various tools used for information gathering such as whois, email spider, Webcopier,
FTPCopy, etc.
Explain the websites which are used for information gathering such as WayBackMachine, www.
mydomainfriend.com, http://www.webinvestigator.org/, http://www.sec.gov/edgar/searchedgar/
companysearch.html, etc.

Module 16 - How to Teach This Module

Vulnerability Analysis
Instructor notes:
Discuss the types of assessment and explain how to conduct vulnerability assessment.
Explain to students how to choose vulnerability assessment tool.
Demonstrate various vulnerability assessment tools such as Qualys Vulnerability Scanner, eEye Retina
Network Security Scanner, Foundstone Professional Scanner, GFI LANguard Network Security Scanner,
ISS Internet Scanner, etc.

http://www.eccouncil.org

EC-Council

Module 17 - How to Teach This Module

External Penetration Testing

Page 14

Instructor notes:
Explain External Intrusion Test and how to analyze it.
Discuss the various steps to be carried out to conduct external penetration test.
Demonstrate the tools such as NeoTrace, SamSpade, NMap, Netcraft, IDA Pro, URLScan, etc.

Module 18 - How to Teach This Module

Internal Penetration Testing
Instructor notes:
Explain internal penetration testing.
Discuss the various steps to be carried out to conduct internal penetration testing.
Demonstrate the tools such as Angry IP, Winfingerprint, Wireshark, Password Sniffer, mailsnarf,
L0phtcrack, Arpspoof, ettercap, Image hide, Core Impact, Metasploit, Canvas, etc.

Module 19 - How to Teach This Module

Router Penetration Testing
Instructor notes:
Discuss Router Testing Issues and testing requirements.
Discuss various steps to be carried out to conduct router penetration testing.
Demonstrate tools such as nslookup, Router Auditing Tool, Ettercap, Arpspoof, etc.

Module 20 - How to Teach This Module

Firewall Penetration Testing
Instructor notes:
Explain what firewall is, its types and operations.
Discuss various steps to be carried out to conduct firewall penetration testing.
Demonstrate tools such as Hping, tracert, Nmap, datapipe, WWW Reverse Shell, HTTPORT,
HTTHOST, etc.

http://www.eccouncil.org

EC-Council

Instructor notes:
Explain what IDS is and its types.
Discuss various steps to be carried out to conduct IDS penetration testing.
Demonstrate IDS testing tools such as IDS Informer, Evasion Gateway, Firewall Informer, Traffic IQ
Professional, etc.

Page 15

Module 21 - How to Teach This Module

IDS Penetration Testing

Module 22 - How to Teach This Module

Wireless Network Penetration Testing
Instructor notes:
Explain wireless assessment.
Discuss various steps to be carried out to conduct wireless network penetration testing.
Try to attempt Man-in-the-Middle attack.
Demonstrate tools such as AiroPeek, AirSnort, Dstumbler, Ethereal, ISS Wireless Scanner, Kismet,
NetStumbler, Sniffer Wireless, TCPDump, WEPCrack, etc.

Module 23 - How to Teach This Module

Denial of Service Penetration Testing
Instructor notes:
Explain DoS and DDoS
Discuss various steps to be carried out to conduct Denial of Service attack penetration testing.
Demonstrate tools such as Web Application Stress (WAS), TestLOAD, GFI LANGuard, Nessus, Tribe
Flood, Utility Ping, Mail Bomber, Avalanche Analyzer, Proxy Sniffer, LoadManager, QTest, etc.

http://www.eccouncil.org

EC-Council

Module 24 - How to Teach This Module

Password Cracking Penetration Testing

Page 16

Instructor notes:
Explain importance of passwords.
Discuss various steps to be carried out to conduct Password cracking penetration testing.
Demonstrate tools such as SAMDUMP, PWDUMP, L0phtcrack, Dictionary maker, Pass list, Brutus,
Password Cracker, dsniff, etc.

Module 25 - How to Teach This Module

Social Engineering Penetration Testing
Instructor notes:
Explain what social engineering is.
Discuss various steps to be carried out to conduct social engineering penetration test.
Demonstrate tools such as Digital Video Recorder, Quick Screen Recorder, etc and devices such as Pro
Trak GPS, RF Scout GPS Tracking System, etc.

Module 26 - How to Teach This Module

Stolen Laptop, PDAs and Cell phones Penetration Testing
Instructor notes:
Explain the importance of Laptop, PDAs and Cell phones in business.
Discuss various steps to be carried out to conduct Stolen Laptop, PDAs and Cell phones penetration
test.

Module 27 - How to Teach This Module

Application Penetration Testing
Instructor notes:
Explain software and web application testing.
Discuss various steps to be carried out to conduct application penetration testing.
Demonstrate tools such as AtStake WebProxy, SPIKE Proxy, WebserverFP, KSES, Mieliekoek.pl, Sleuth,

http://www.eccouncil.org

EC-Council

Webgoat, AppScan, etc.

Page 17

Module 28 - How to Teach This Module

Physical Security Penetration Testing
Instructor notes:
Explain physical attacks.
Discuss various steps to be carried out to conduct Physical security penetration testing.

Module 29 - How to Teach This Module

Database Penetration Testing
Instructor notes:
Discuss various steps to be carried out to conduct database penetration testing. Discuss the steps for
Microsoft SQL Server, Oracle Server and MySQL Server database testing.
Demonstrate tools and utilities such as Orabf, osql, THC Hydra, Nmap, Oracle Password Guesser
(opwg), John the Ripper, AirSnort, SQLdict, etc.

Module 30 - How to Teach This Module

VoIP Penetration Testing
Instructor notes:
Explain VoIP vulnerability and penetration testing.
Demonstrate VoIP Sniffing Tools such as AuthTool, VoIPong, Vomit, PSIPDump, Netdude, etc.
Demonstrate VoIP Scanning & Enumeration Tools such as SNScan, Smap, SIPScan, VoIPaudit, etc.
Demonstrate VoIP Packet Creation and Flooding Tools such as Sipsak, SIPp, SIPNess Messenger, etc.

Module 31 - How to Teach This Module

VPN Penetration Testing
Instructor notes:
Discuss various steps to be carried out to conduct VPN penetration testing.
Demonstrate tools such as Nmap, IPSecScan, PSK Crack, etc.

http://www.eccouncil.org

EC-Council

Module 32- How to Teach This Module

Penetration Testing Report Analysis

Page 18

Instructor notes:
Discuss how to analyze the penetration testing report and findings.
Give various examples of pen test reports.

Module 33- How to Teach This Module

Penetration Testing Report and Documentation Writing
Instructor notes:
Discuss how to write penetration testing report and documentation.
Explain the importance of pen test report and its retention.

Module 34- How to Teach This Module

Penetration Testing Deliverables and Conclusion
Instructor notes:
Discuss all the post penetration testing deliverables.

Module 35- How to Teach This Module

Ethics of a Licensed Penetration Tester
Instructor notes:
Explain the qualities of Licensed Penetration Tester.
Discuss the dress code required for LPT.

Conduct the ECSA exam on the last day of the class.

http://www.eccouncil.org

EC-Council

Page 19

Enjoy your ECSA/LPT class!

If you have questions on delivering any of these modules, please contact Haja (haja@eccouncil.org )

http://www.eccouncil.org

EC-Council