Advanced penetration testing - Infosectrain
Transcript of Advanced penetration testing - Infosectrain
[email protected] | www.infosectrain.com
Introduction to LinuxIntelligence GatheringScanning and EnumerationWhat is hashing?Scripting ExploitationThe Metasploit FrameworkPost -ExploitationWireless Exploitation and Wireless auditingWeb Application Penetration Testing Data Collection ,Evidence Management and Reporting
Course Objectives
[email protected] | www.infosectrain.com
Installing Linux distribution for Pen testingConfiguring DistributionIntroduction to Bash Environment a. Intro to Bash Scripting Practical bash usage - Example 1 Practical bash usage - Example 2
Introduction to Linux
SMB EnumerationSMTP EnumerationSNMP EnumerationFTP EnumerationRetinaOpen-VasNessusNikto
Scanning and Enumeration
Hashing ConceptsKerberos AuthenticationWindows, Linux crackingReverse Hashing
What is hashing?
Online SourcesActive Information Gathering
Intelligence Gathering
[email protected] | www.infosectrain.com
System command Privilege EscalationConfiguration filesSudors priviledgeKernel exploitsBackdoorLinux post ExploitationWindows post Exploitation
a. Setting up Metasploit Exploring the Metasploit Framework Using Metasploit Auxiliaryb. Using Exploits Modulesc. Exercises
a. Staged and Non-staged Payloadsb. Working with Meterpreter Sessionc. Working with Multi Handlerd. Executable Payloadse. Exercises
Metasploit Payloads
The Metasploit Framework
Scripting
Windows and LinuxUsing Custom ExploitsBuffer Overflows
Exploitation
Post-Exploitation
[email protected] | www.infosectrain.com
Introduction to Wireless SecurityCracking Wireless EncryptionsCracking WEPCracking WPA and WPA2WIFI-PhishingHalting Wireless Network Through Dos AttackRestricting Wireless Access Through Wireless JammerSecuring Wireless Access Points Auditing and Reporting
Wireless Exploitation and Wireless auditing
Introduction to Web Application VulnerabilitiesIntroduction to BurpSuite ProxyCross Site Scripting (XSS)IFRAME InjectionCookie StealingSession HijackingCross Site Request Forgery (CSRF)LFI and RFIHacking database using SQL injectionEnumerating DatabaseSQL Injection with Automated ToolsWeb Application Assessment and Exploitation with Automated ToolsDOS Attack
Web Application Penetration Testing
Type of ReportPresentation ReportPost Testing Procedure
Data Collection ,Evidence Management and Reporting
[email protected] | www.infosectrain.com