SEC560.1: Comprehensive Pen Test Planning, Scoping, and Recon
Overview
In this section of the course, you will develop the skills needed to conduct a best-of-breed, high-value penetration test.
We will go in-depth on how to build penetration testing infrastructure that includes all the hardware, software, network infrastructure, and tools you will need to conduct great penetration tests, with specific low-cost recommendations for your arsenal. We will then cover formulating a pen test scope and rules of engagement that will set you up for success, including a role-play exercise. We’ll also dig deep into the reconnaissance portion of a penetration test, covering the latest tools and techniques, including hands-on document metadata analysis to pull sensitive information about a target environment, as well as a lab using Recon-ng to plunder a target’s DNS infrastructure for information such as the anti-virus tools the organization relies on.
Exercises
– A Tour of the SANS Slingshot Penetration Testing Virtual Machine
– Formulating an Effective Scope and Rules of Engagement
– Document Metadata Treasure Hunt
– Utilizing Recon-ng to Plunder DNS for Useful Information
CPE/CMU Credits: 7
Topics
– The Mindset of the Professional Pen Tester
– Building a World-Class Pen Test Infrastructure
– Creating Effective Pen Test Scopes and Rules of Engagement
– Detailed Recon Using the Latest Tools
– Effective Pen Test Reporting to Maximize Impact
– Mining Search Engine Results
– Document Metadata Extraction and Analysis
SEC560.2: In-Depth Scanning
Overview
We next focus on the vital task of mapping the target environment’s attack surface by creating a comprehensive inventory of machines, accounts, and potential vulnerabilities. We will look at some of the most useful scanning tools freely available today and run them in numerous hands-on labs to help hammer home the most effective way to use each tool. We will also conduct a deep dive into some of the most useful tools available to pen testers today for formulating packets: Scapy and Netcat. We finish the day covering vital techniques for false-positive reduction so you can focus your findings on meaningful results and avoid the sting of a false positive. And we will examine the best ways to conduct your scans safely and efficiently.
Exercises
– Getting the Most Out of Nmap
– OS Fingerprinting and Version Scanning In-Depth
– The Spectacular Scapy Packet Manipulation Suite
– The Nmap Scripting Engine
– The Nessus Vulnerability Scanner
– Enumerating User Accounts
– Netcat for the Pen Tester
CPE/CMU Credits: 6
Topics
– Tips for Awesome Scanning
– Tcpdump for the Pen Tester
– Nmap In-Depth: The Nmap Scripting Engine
– Version Scanning with Nmap
– Vulnerability Scanning with Nessus
– False-Positive Reduction
– Packet Manipulation with Scapy
– Enumerating Users
– Netcat for the Pen Tester
– Monitoring Services during a Scan
SEC560.3: Exploitation
Overview
In this section, we look at the many kinds of exploits that penetration testers use to compromise target machines, including client-side exploits, service-side exploits, and local privilege escalation. We’ll see how these exploits are packaged in frameworks like Metasploit and its mighty Meterpreter. You’ll learn in-depth how to leverage Metasploit and the Meterpreter to compromise target environments. We’ll also analyze the topic of anti-virus evasion to bypass the target organization’s security measures, as well as methods for pivoting through target environments, all with a focus on determining the true business risk of the target organization.
Exercises
– Client-Side Attacks with Metasploit
– Exploiting Network Services and Leveraging the Meterpreter
– Evading Anti-Virus Tools with the Veil Framework
– Metasploit Databases and Tool Integration
– The Dilemma of Shell versus Terminal Access Illustrated
– Bypassing the Dilemma with Pivoting Relays
CPE/CMU Credits: 6
Topics
– Comprehensive Metasploit Coverage with Exploits/Stagers/Stages
– Strategies and Tactics for Anti-Virus Evasion
– In-Depth Meterpreter Analysis, Hands-On
– Implementing Port Forwarding Relays for Merciless Pivots
– How to Leverage Shell Access of a Target Environment
SEC560.4: Post-Exploitation and Merciless Pivoting
Overview
Once you’ve successfully exploited a target environment, penetration testing gets extra exciting as you perform post-exploitation, gathering information from compromised machines and pivoting to other systems in your scope. This section of the course zooms in on pillaging target environments and building formidable hands-on command line skills. We’ll cover Windows command line skills in-depth, including PowerShell’s awesome abilities for post-exploitation. We’ll see how we can leverage malicious services and the incredible WMIC toolset to access and pivot through a target organization. We’ll then turn our attention to password guessing attacks, discussing how to avoid account lockout, as well as numerous options for plundering password hashes from target machines including the great Mimikatz Kiwi tool. Finally, we’ll look at Metasploit’s fantastic features for pivoting, including the msfconsole route command.
Exercises
– Windows Command Line Challenges
– Creating Malicious Services and Leveraging the Wonderful WMIC Toolset
– PowerShell for Post-Exploitation
– Password Guessing with THC-Hydra
– Metasploit Psexec and Hash Dumping
– Metasploit Pivoting and Mimikatz Kiwi for Credential Harvesting
CPE/CMU Credits: 6
Topics
– Windows Command Line Kung Fu for Penetration Testers
– PowerShell’s Amazing Post-Exploitation Capabilities
– Password Attack Tips
– Account Lockout and Strategies for Avoiding It
– Automated Password Guessing with THC-Hydra
– Retrieving and Manipulating Hashes from Windows, Linux, and Other Systems
– Pivoting through Target Environments
– Extracting Hashes and Passwords from Memory with Mimikatz Kiwi
SEC560.5: In-Depth Password Attacks and Web App Pen Testing
Overview
In this section of the course, we’ll go even deeper in exploiting one of the weakest aspects of most computing environments: passwords. You’ll custom-compile John the Ripper to optimize its performance in cracking passwords. You’ll look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. We’ll see how Rainbow Tables really work to make password cracking much more efficient, all hands-on. And we’ll cover powerful “pass-the-hash” attacks, leveraging Metasploit, the Meterpreter, and more. We then turn our attention to web application pen testing, covering the most powerful and common web app attack techniques with hands-on labs for every topic we address. We’ll cover finding and exploiting cross-site scripting (XSS), cross-site request forgery (XSRF), command injection, and SQL injection flaws in applications such as online banking, blog sites, and more.
Exercises
– Custom Compiling and Leveraging John the Ripper to Crack Passwords
– Sniffing Windows NTLM Authentication and Cracking It with Cain
– Rainbow Table Attacks with Ophcrack
– Pass-the-Hash Attacks with Metasploit and the Meterpreter
– Scanning Web Servers with Nikto
– Using the ZAP Proxy to Manipulate Custom Web Applications
– Exploiting Cross-Site Request Forgery Vulnerabilities
– Attacking Cross-Site Scripting Flaws
– Leveraging Command Injection Flaws
– Exploiting SQL Injection Flaws to Gain Shell Access of Web Targets
CPE/CMU Credits: 6
Topics
– Password Cracking with John the Ripper
– Sniffing and Cracking Windows Authentication Exchanges Using Cain
– Using Rainbow Tables to Maximum Effectiveness
– Pass-the-Hash Attacks with Metasploit and More
– Finding and Exploiting Cross-Site Scripting
– Cross-Site Request Forgery
– SQL Injection
– Leveraging SQL Injection to Perform Command Injection
– Maximizing Effectiveness of Command Injection Testing
SEC560.6: Penetration Test & Capture the Flag Workshop
Overview
This lively session represents the culmination of the network penetration testing and ethical hacking course. You’ll apply all of the skills mastered in the course so far in a full-day, hands-on workshop during which you’ll conduct an actual penetration test of a sample target environment. We’ll provide the scope and rules of engagement, and you’ll work with a team to achieve your goal of finding out whether the target organization’s Personally Identifiable Information (PII) is at risk. As a final step in preparing you for conducting penetration tests, you’ll make recommendations about remediating the risks you identify.
Exercises
– A Full-Day Exercise Applying What We’ve Learned Throughout the Course
– Modeling a Penetration Test Against a Target Environment
CPE/CMU Credits: 6
Topics
– Applying Penetration Testing and Ethical Hacking Practices End-to-End
– Scanning
– Exploitation
– Post-Exploitation
– Merciless Pivoting
– Analyzing Results
Reviews
There are no reviews yet.