Advanced Penetration Testing With BackTrack Linux

This course has been designed for developing skills to proactively penetrate target systems for identifying existings vulnerabilities. Penetration testing helps in identifying gaps in defensive posture of the existing system and technical validation of current security state in target system.

Prerequisites: Knowledge of network, operating system and application deployment environment.

Below is the detailed courseware syllabus

ModuleTopicsSubtopics
1.Introduction to KaliInstalling kali with VM ware player, Updating kali, Installing Vmware tools for Linux, Installing Metasploitable 2, windows virtual machines,
2.Penetration Testing StandardOpen Source Security Testing Methodology Manual (OSSTMM), Information Systems Security Assessment Framework (ISSAF), Open Web Application Security Project (OWASP), licensee Penetration Testing (LPT)
3.Penetration Testing ClassificationWhite Box,Grey Box and Black Box, Penetration Testing vs Vulnerability Assessment
4.Advance Penetration MethodologyTarget Framework and Scope, Gathering client requirements, Test plan checklist, Profiling test boundaries, Information Discovery, Document Information, Search Engine, DNS Information Gathering, Whois Information Gathering, Route and Network information Gathering. Scanning Target Advance Network Scanning, Port Scanning, Udp and port Scanning, Nmap Scanning and Plug-ins, Banner Identification and OS Identification, Active and passive, Enumerating Banners, System OS and Vulnerability Assessment Tools Nessus and Open Vas, Enumerating Target and Exploitation with Metasploit, Working with Meterpreter Session, VNC Exploitation, Privileges Escalation and Breaking Password, john and hydra and some other online and offline tool, Metasploit with Database, Maintaining Access, Protocol tunneling, Proxy, Installing Backdoor, Document Management and Reporting, Documentation and results verification and Dradis Framework, Magic Tree and Maltego
5.Advance SniffingARP Poisoning, DNS Poisoning redirecting user to fake website, SSL Striping, Packet Capturing and Analysis and Gathering information
6.DOS AttackSyn Attack and Application Service Flood Attack
7.Introduction to Metasploit Metasploit overview, Picking and exploit, setting exploit options, Multiple target types, Getting remote shell on Windows XP machine, picking a payload, setting payload options, running the exploit, connecting to a remote session
8.Meterpreter shellBasic Meterpreter commands, core commands, File system commands, Network commands, System commands, capturing webcam video, screenshots and sounds, running scripts, playing with modules , recovering deleted files from remote system
9.Recon toolsRecon-NG, using Recon-NG, Dmitry, Net discover, Zenmap
10.SHODANWhy scan your network with SHODAN, Filter guide, Filter commands, combined searches, SHODAN searches with metasploit
11.Metasploitable Tutorial (1)Installing and using Metasploitable, scanning for targets, exploiting the unreal IRC service
12.Metasploitable Tutorial (2) - ScannersUsing a scanner, additional scanners, scanning a range of addresses, exploiting the SAMBA service
13.Windows AV bypass with VeilInstalling Veil, using veil, getting a remote shell
14.Windows privilege escalationUAC bypass
15.Packet capture and MITM attacksCreating MITM attack with ARPspoof, viewing URL information with URLsnarf, viewing captured packets with driftnet, remote packet capture in Metasploit with Wireshark and Xplico
16.Web Penetration TestingIntroduction to Web Application Vulnerabilities, Using browser exploitation framework BeEF
17.Cracking Simple LM hashesCracking LM passwords online, looking up hashes in Kali
18.Pass the hashPassing the hash with PsExec, passing the hash toolkit, defending against passing the hash attacks
19.Mimikatz plain text passwordsLoading the module, recovering hashes and plain text passwords
20.Mimikatz and UtilmanUtilman Login bypass, recovering password form a locked workstation
21.Keyscan and lockout keyloggerKeylogging with Meterpreter, automated key scanning with Lockout keylogger
22.HashcatCracking NTLM passwords, cracking harder passwords, using a large dictionary file, more advanced cracking
23.WordlistsWordlists included in kali, wordlist generator, Crunch, Download wordlists from web
24.Cracking Linux passwordsAutomated password attacks with hydra
25.Router attacksRouter passwords, router pwn
26.Wi-Fi Protected Setup(WPS)Attacking WPS with Reaver, FERN Wi-Fi cracker, cracking WPS with WiFite
27.Wireless Network AttacksWireless security protocols, viewing wireless networks with Airmon-NG, viewing Wi-Fi packets and Access Points in Wireshark, Turning a wireless card into an access point, using MAC changer to change the address of W-Fi card
28.Fern Wi-Fi CrackerUsing Fern
29.Wi-Fi testing with WifiteUsing Wifite more advanced attacks with Wifite
30.KismetScanning with Kismet, analyzing the data
31.Easy CredsInstalling Easy creds, creating a fake AP with SSL tsrip capability, recovering passwords from secure sessions
32.Wireless Penetration TestingIntroduction to Wireless Security, Breaking Wireless Network and Configure Fake Access Point
33.Exploits and Client Side AttackBuffer overflows—A refresher, Introduction to fuzzing, Fuzzing tools included in Kali,Fast-Track and Social Engineering Toolkit
34.Firewall TestingIntroduction to Firewall, Testing Firewall, Firewall Rules and Ports
35.Evidence Management and ReportingType of Report, Presentation Report and Post Testing Procedure
36.Live Penetration testing project