Loren Data's SAM Daily™

FBO DAILY ISSUE OF MAY 23, 2008 FBO #2370
SOLICITATION NOTICE

U -- Certified Ethical Hacker Training

Notice Date

5/21/2008
 

Notice Type

Combined Synopsis/Solicitation
 

NAICS

611420 — Computer Training
 

Contracting Office

Department of the Army, National Guard Bureau, 141 ARW/LGC, WASHINGTON AIR NATIONAL GUARD CONTRACTING OFFICE, 141 ARW/LGC, Washington Air National guard Contracting Office, 2 South Olympia Avenue, Fairchild AFB, WA 99011-9439
 

ZIP Code

99011-9439
 

Solicitation Number

W912K3-08-T-2005
 

Response Due

5/28/2008
 

Point of Contact

Sheila Patterson, 509-247-7224
 

Small Business Set-Aside

Total Small Business
 

Description

This is a combined synopsis/solicitation for commercial items prepared in accordance with the format in Subpart 12.6, as supplemented with additional information included in this notice. This announcement constitutes the only solicitation; proposals are being requested and a written solicitation will not be issued. Certified Ethical Hacker Training, 5 Day Class Consisting of Penetration Testing and Network Reconnaissance, Remote Exploitation and Attacking Password Authentication, Extending Access and Deep Target Penetration, Attacking Network Infrastructure, Wireless Attacks, and malicious evidence removal, Web Application Hacking. See attached requirements for more specifications of this class. 20-25 STUDENTS The 262 IWASs CNO Team Member certification process requires each member complete the Certified Ethical Hacking as a base requirement to be considered mission ready. In order to efficiently complete this requirement, minimize inconvenience to the Guard member and reduce the training cycle time, the 262 IWAS has decided use the July Annual Training to bring in a vendor to conduct the training and obtain certification for our members. Requirements: See attached syllabus for detailed daily training requirements & plan. 262 IWAS will require the vendor to conduct the training on site and be responsible to providing all necessary courseware materials (to include but no limited to servers or computers with necessary operating systems), teaching software and books 262 IWAS will required that the class meets the requirements for the CEH exam 312-50 and is accredited to proctor the exam 262 IWAS will require that the certification test be offered at the end of the class 262 IWAS will require the vendor is approved by the DOD. 262 IWAS will require the vendor to conduct daily 'capture the flag' exercises at the end of each training session to reinforce concepts & techniques taught each day Duration: 5 days Class Dates 262 IWAS Annual Training July 14-18 Class Size: 20 - 25 students Course Description: This class will immerse a student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student completes the 5 day class they will have hands on understanding and experience in Ethical Hacking. The class will prepare a student for the EC-Council Certified Ethical Hacker exam 312-50. Certification: The Certified Ethical Hacker exam 312-50 will be taken on the last day of the training. 5 Day Certified Ethical Hacking Training Syllabus Penetration Testing and Network Reconnaissance Security testing methodologies The Ethical Hacking Profession Passive Intelligence Gathering 2007 Version Network Sweeps Stealthily Network Recon Passive traffic identification Identifying system vulnerabilities Abusing Domain Name System (DNS) Abusing Simple Network Management Protocol(SNMP) Network Sweeping Scanning from spoofed IP addresses Stealthy Recon Injecting p0f for passive OS fingerprinting Scanning through firewalls IPv6 Scanning Discover all subdomains owned by an organization Inspect changes to whois record over last 3 years Windows 2003 Server & Vista DNS Cache Poisoning Attacks Pumping SNMP for data OID Dissection Attacking SNMP Remote Exploitation and Attacking Password Authentication Introduction to Remote Exploits Engineering remote exploits Running shellcode in RAM vs. on disk Heap Buffer Overflows Compromising Windows 2003 Server Systems Compromising Solaris Unix and Linux Systems Attacking RDP (Remote Desktop Protocol) in Windows XP, 2003 & Vista Windows password weaknesses & Rainbow Tables Unix password weaknesses Attacking Ciscos IOS password weaknesse Instructor led hands on lab: Remote buffer overflow exploit lab Custom compiling Shellcode Running payloads in RAM Hiding exploit payloads in jpeg and gif image files Attacking email vectors (Lotus Notes and Microsoft Exchange, and Outlook Web Access) Registry manipulation Client side IE & Firefox exploits Using custom Trojans to circumvent Antivirus Remote kernel overflows RDP (Remote Desktop Protocol) Exploitation Cracking Windows Passwords Building Rainbow Tables Cracking Windows 2003 native mode passwords Brute forcing salted Unix passwords Attacking Kerberos Pre-Auth Hashes Cracking IOS and PIX passwords Extending Access and Deep Target Penetration Trojan genres Windows, Unix and Linux Trojans Kernel Mode Windows Rootkits System Call Hijacking and Direct Kernel Object Modification Kernel Mode Linux Rootkits Covert communication channels Spoofing endpoints of communication tunnels Tunneling through IPSec VPNs by abusing ESP Steganographic Tunnels Remote command execution Sniffing and hijacking SSL encrypted sessions Installing sniffers on low privilege account in Windows 2003 Server Stealthy Remote keylogger installation Circumventing Antivirus Compromise a DMZ setting with port redirection Circumvent firewall IP access list (ACL) Customizing Trojans to avoid Antivirus Deploying kernel mode rootkits on Windows 2003 & Vista Installing LKM rootkits on Linux servers Hijacking MSN messenger traffic Running commands remotely Breaking wireless encryption WEP, WPA, WPA2 Installing sniffers in low privilege user accounts Sniffing remotely and retrieving results Remote keylogging Tunneling with cover channels through IPSec VPNs Hijack and capture SSL traffic Attacking Network Infrastructure, Wireless Attacks, and malicious evidence removal Modifying syslog entries Raw binary editing to prevent forensic investigations Editing the Windows Event Log Abusing Windows Named Pipes for Domain Impersonation Impersonation of other Users- Hijacking kernel tokens Disguising network connections Attacking Cisco IOS Attacking STP & BGP protocols Wireless Insecurity Breaking Wireless Security WEP, WPA, WPA2 Blinding IDS & IPS Attacking IDS & IPS Review for CEH 5.0 Exam. Web Application Hacking Abusing Web Applications Attacking Java Applets Breaking web app authentication SQL Injection techniques Modifying form data Attacking session IDs Cookie stealing Cross Site Scripting Cross Site Request Forgery (CSRF) Attacks CEH examination given onsite at the training location. Class Dates 262 IWAS Annual Training July 14-18
 

Web Link

FedBizOpps Complete View
(https://www.fbo.gov/?s=opportunity&mode=form&id=69f3434ac42d6750c7e8f0ff185a834b&tab=core&_cview=1)
 

Place of Performance

Address: 262 IWAS Washington Air National Guard 307 Pitsenbarger Blvd McChord AFB WA

Zip Code: 98438
 

Record

SN01578291-W 20080523/080521220555-69f3434ac42d6750c7e8f0ff185a834b (fbodaily.com)
 

Source

FedBizOpps Link to This Notice
(may not be valid after Archive Date)

---

| FSG Index  |  This Issue's Index  |  Today's FBO Daily Index Page |