2024 ISACA North Texas Spring Seminar: Penetration and Vulnerability Testing for Auditors

Starts:  Apr 30, 2024 09:00 (CT)
Ends:  May 2, 2024 17:00 (CT)
Associated with  North Texas Chapter

***Last Day to Register: April 25th***

Dates: April 30, 2024 - May 2, 2024
Time: 9:00am to 5:00pm Central Time (1 Hour Break for Lunch)
Location: 14555 Dallas Pkwy, Dallas, TX 75254, First Floor Conference Room
CPE: 21 (3 days)
Format: In Person
ISACA Non-Member Pricing:
ISACA Member Pricing: $750
Note: Registration includes breakfast, coffee, and lunch.

FEE Notes: 

  • All non-members of ISACA must create a free account and log in during registration.
  • You can create an ISACA account here if you do not already have one.


Course Overview:
This 3-day course teaches students how to detect, assess and exploit multiple vulnerabilities that can exist in our systems. We also look at the controls that could prevent exploitation. Coding errors, software misconfigurations and weak patching processes can lead to vulnerabilities that can be exploited by an attacker to take advantage of an organization’s network. Throughout the course, students look at the most common errors that are made by vendors, administrators and users which can lead to compromise. By using vulnerability assessments and penetration testing, weaknesses can be identified and mitigated. Detection and response are critical to ensure the protection of data and intellectual property.

Course Agenda

    I. Introduction and Background
        • Differentiating between vulnerability testing and penetration testing
        • Resources for vulnerability notification
        • Rules of Engagement
        • Creating a vulnerability and penetration testing methodology
        • Cloud-based vulnerability testing tools

    II. Reconnaissance
        • Sources for gathering information
        • Using Whois lookups, ARIN, RIPE and APNIC
        • Using DNS to gather information
        • Recon-ng
        • Pushpin
        • Maltego
        • FOCA for metadata analysis

    III. Scanning
        • Identifying wireless LANs
        • War dialing
        • Locating network hosts
        • Port scanning
        • SNMP probes
        • Active and passive Operating System fingerprinting
        • Determining firewall filtering rules
        • Configuring, running, and interpreting the results of vulnerability scanners including Nikto, ZAP, NSE and others

    IV. Network Attacks
        • Session hijacking
        • Man-in-the-middle attacks
        • Passive sniffing
        • ARP cache poisoning
        • DNS attacks
        • Denial-of-Service Attacks
        • Leveraging Netcat

    V. OS and Application Attacks
        • Buffer overflows in-depth
        • Format string attacks
        • Using Metasploit

    VI. Password Cracking
        • Password cracking
        • Rainbow Tables
        • Password spraying
        • Tools including John, Cain and Hydra

    VII. Web Application Attacks
        • Account harvesting
        • Session Hijacking
        • Injection Vulnerabilities
        • Cross-Site Scripting

    VIII. Maintaining Access
        • Backdoors
        • Rootkits
        • System camouflage
        • Covert channels

    Laptop Required:

    Students are required to have a laptop in order to complete the hands-on exercises. The laptop should meet the following specifications for the student to get the most from the exercises:
         • USB Port
         • 8 GB RAM or higher
         • 25 GB available hard drive space
         • Windows 7 professional or later (Home or similar editions will not have some of the features needed.)
         • Administrator privileges including the capability to install and run tools, as well as disable anti-virus
         • VMWare Player should be installed


    Tanya Baccam, Consultant, Senior SANS Instructor, CISSP, CPA, CITP, CISA, CISM, GPPA, GCIH, OCP DBA
    Tanya Baccam has extensive experience performing audits and assessments including application reviews, system audits, vulnerability and penetration tests, as well as providing training around application and software development risks. She is skilled in reviewing the security architecture for clients including assessing firewalls, applications, web sites, network infrastructure, operating systems, routers, and databases. She has conducted multiple network penetration engagements, vulnerability assessments and risk assessments using an arsenal of tools including commercially available and open-source tools. She has developed and reviewed policies and procedures, as well as developing and providing security awareness training. Tanya has been responsible for conducting, scheduling and managing numerous security assessment engagements. Additionally, she has provided advice and guidance to multiple companies on how to build successful auditing practices. During her career in Information Technology, Tanya has become an expert in network and application security services. She has functioned in management, training and consulting roles. She has vast experience including support of Novell, UNIX, Windows, and Oracle platforms. Tanya is a Senior Certified Instructor and courseware author for SANS (Sysadmin, Audit, Network, Security) where she has developed and delivered training in security auditing, incident handling, hacker exploits, database security and perimeter protection, as well as being an authorized grader for some of the GIAC certifications. She is also a member of ISACA (Information Systems Audit and Control Association).


    First Floor Conference Room
    14555 Dallas Pkwy
    Dallas, TX 75254

    Pricing Information

    Registration Price
    Member $750.00
    Non-member $780.00


    ISACA North Texas Education