Course Description

This course prepares you to be a professional ethical hacker and penetration tester who is able to conduct comprehensive and complete penetration testing either for your own organizations or for your clients. The course covers in depth techniques and methodologies, along with state-of-the-art tools, for a high-quality ethical hacking engagement. The course starts with pre-engagement preparatory works, then, it dives into reconnaissance, where you will learn to build an information profile of your target. After that, you will learn advanced network scanning and vulnerability assessment methods. Then, you will be taught how you can effectively exploit vulnerable systems and maintain access. Furthermore, you will learn all the technical details of password cracking. Finally, and in addition to all the previous skills, you will learn how to break wireless networks and penetrate web applications.

Who Should Attend

This course is suitable for network security engineers, information security officers, network administrators, system analysts, and all those who are interested in technically advancing their network penetration testing skills.

Duration

  • 30 hours

What You Will Learn

MODULE 01: INTRODUCTION TO PENETRATION TESTING

  • Definitions
  • Purpose and Value
  • Information Security
  • Paradigm of IT Security
  • Types of Penetration Testing:
  • Black-Box, White-Box, and Grey-Box
  • External Testing vs. Internal Testing

 

MODULE 02: PENETRATION TESTING METHODOLOGIES & STANDARDS

  • Open Source Security Testing Methodology Manual (OSSTMM)
  • Penetration Testing Execution Standard (PTES)
  • Technical Guide to Information Security Testing and Assessment by NIST
  • Penetration Testing Framework
  • Open Web Application Security Project (OWASP) Testing Guide

 

MODULE 03: PRE-ENGAGEMENT PREPARATION

  • Importance of the preparation
  • Scoping and questionnaire
  • Success Criteria
  • Rules of Engagement

 

MODULE 04: INTELLIGENCE GATHERING

  • Definitions and Concepts
  • Google Hacking
  • WHOIS Information
  • Web Site Reports and Searches
  • Document Metadata Analysis
  • DNS Records & Zone Transfer
  • Tools: Maltego, and Recon-ng

 

MODULE 05: NETWORK TRAFFIC SNIFFING & INTERCEPTION

  • Network Traffic Sniffing; Tool: Wireshark
  • Network Traffic Interception
  • ARP Poisoning Technique; Tool: Cain
  • Cyber Security Training

 

MODULE 06: SCANNING & ENUMERATION

  • Host Discovery

ICMP-Based Techniques

TCP-Based Techniques

UDP-Based Techniques

  • Port Scanning

TCP vs. UDP Scanning

Windows vs. Unix/Linux Scanning

Full/Connect Scan

Half/SYN Scan

FIN, NULL, and XMAS Scans

ACK Scan

Idle Scan

Port Range Optimization

  • IPv6 Considerations

Service Identification

OS Fingerprinting

Tracing Targets

Tools: nmap, tcpdump, amap, scapy, netcat, and hping.

Email Harvesting

 

MODULE 07: VULNERABILITY ANALYSIS

  • What Vulnerabilities are and How they are Discovered
  • Categories of Vulnerabilities

Input Validation Vulnerabilities

Cryptographic Vulnerabilities

Configuration Vulnerabilities

Session Management Vulnerabilities

Authentication Vulnerabilities

Authorization Vulnerabilities

Availability Vulnerabilities

Protocol Error

  • Vulnerability Databases and Scoring

Common Vulnerabilities and Exposure (CVE)

Common Vulnerability Scoring System (CVSS)

  • Finding Vulnerabilities

Manual Process

Automated Process

Tools: Nessus, and OpenVAS

 

MODULE 08: EXPLOITATION

  • The Purpose of Exploitation
  • Exploits and their Categories

Remote Exploits: client-side vs. server-side.

Local Exploits

  • Privilege Escalation
  • Overview of Shellcode/Payload
  • Types of Shell:

Direct Shell

Bind Shell

Reverse Shell

  • The Metasploit Tool:

Metasploit’s Exploits

Metasploit’s Payloads

Metasploit’s Encoders

Metasploit Auxiliar Modules

  • Understanding Metasploit’s Sessions
  • Metasploit Database Integration

 

MODULE 09: POST-EXPLOITATION

  • Overview of Meterpreter
  • Meterpreter Libraries & Commands
  • Enumerating the Victim
  • Dumping Password Hashes
  • Downloading and Uploading Files
  • Maintaining Access through RDP, SSH & VNC
  • Installing Backdoors and Rootkits
  • Deleting Event Logs and Covering Tracks
  • Pivoting and Penetrating Further into the Network

 

MODULE 10: PASSWORD CRACKING

  • Default Passwords
  • Password Guessing
  • Dictionary Attacks
  • Brute Force Attacks
  • Account Lockout
  • Windows and Linux Password Hashes

Tool 1: THC-Hydra

Tool 2: John the Ripper

Tool 3: Cain

 

MODULE 11: HACKING WIRELESS NETWORK

  • Overview of Wireless Technologies
  • Wireless Vulnerabilities
  • Discovering Wireless Networks
  • Sniffing Wireless Traffic
  • WEP Attacks
  • WPA Attacks
  • Tools: aircrack-ng, netSumbler, InSSIDer.

 

MODULE 12: HACKING WEB APPLICATION

  • Overview of Web Applications
  • Web Server Vulnerability Scanning
  • Tool: Nikto
  • SQL Injection (SQLi)
  • Tool: SQLmap
  • Cross-Site Scripting (XSS)
  • Cross-Site Request Forgery (CSRF)
  • Web Traffic Analysis with ZAP Proxy

*** *** ***