Course Syllabus

Advanced Penetration Testing

Instructor Name​: Georgia Weidman ​ eorgia-weidman

Instructor Website​: G

Instructor Contact​: ​Linkedin.com/georgiaweidman Course Creation Date​: 09/04/2014

Course Description and Goals

Course Description: ​This course covers how to attack from the web using cross-site scripting,
SQL injection attacks, remote and local file inclusion and how to understand the defender of the
network you're breaking into to. You will also learn tricks for exploiting a network.

Prerequisites:

❏ Firm understanding of the Windows Operating System

❏ Exposure to the Linux Operating System or other Unix-based OS
❏ Solid understanding of the TCP/IP protocols and networking concepts.
❏ Exposure to network reconnaissance and associated tools (nmap, nessus, netcat)
❏ Programming knowledge is NOT required but highly recommended.
❏ Desire to learn

Study Resources:
Slides
Notes

Course Goals: ​By the end of this course, students should be able to:

❏ Become familiar with Linux shell commands

❏ Understand basic programming concepts and gain exposure on bash scripting and
Python
❏ Understand the Metasploit framework and comfortably use the MSF console
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
1 
 
 
 

❏ Gain a solid understanding of information gathering techniques using built-in tools in Kali
❏ Assess and discover vulnerabilities using automated and manual methods
❏ Capture and analyze network traffic using a variety of tools
❏ Launch different password attacks on your targets
❏ User social engineering and client-side attacks.
❏ Be familiar with post exploitation techniques
❏ Understand perform web application penetration testing techniques like SQL injection,
file inclusion, and XSS
❏ Gain a background on the exciting world of exploit development
❏ Use the Smartphone Pentest Framework to hack mobile devices

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
2 
 
 
 

Course Outline

Module 1​ | Linux
Lesson 1.1: Linux (part 1) (00:49)
Lesson 1.2: Linux (part 2) Kali Linux Commands (13:58)
Lesson 1.3: Linux (part 3) - Directories, myfile and Nano (13:10)
Lesson 1.4: Linux (part 4) chmod, manipulation and packages (14:40)
Lesson 1.5: Linux (part 5) IP Addressing and netcat (15:40)
Lesson 1.6: Linux (part 6) Copy Commands and crontab (05:26)

Module 2​ | Programming
Lesson 2.1: Programming (part 1) Fundamentals for Pen Testers (00:51)
Lesson 2.2: Programming (part 2) Bash Scripting and If/Then Command (10:02)
Lesson 2.3: Programming (part 3) Network Pings (09:26)
Lesson 2.4: Programming (part 4) Python for Port Scanning (13:16)
Lesson 2.5: Programming (part 5) Python Import Command (11:10)

Module 3​ | Metasploit
Lesson 3.1: Metasploit (part 1) Introduction (00:59)
Lesson 3.2: Metasploit (part 2) Fundamentals (14:47)
Lesson 3.3: Metasploit (part 3) Operation (24:17)
Lesson 3.4: Metasploit (part 4) Auxiliary Module (05:27)
Lesson 3.5: Metasploit (part 5) msfcli (09:40)
Lesson 3.6: Metasploit (part 6) msfvenom (14:40)

Module 4​ | Information Gathering

Lesson 4.1: Information Gathering Intro (part 1) (00:47)
Lesson 4.2: Information Gathering (part 2) Domain Name Services (15:03)
Lesson 4.3: Information Gathering (part 3) Targeting Email and Maltego (17:58)
Lesson 4.4: Information Gathering (part 4) recon-ng and google operators (06:00)
Lesson 4.5: Information Gathering (part 5) NMAP and PortScanning (29:53)

Module 5​ | Vulnerability Discovery/Scanning

Lesson 5.1: Vulnerability Scanning Intro (part 1) (00:27)

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
3 
 
 
 

Lesson 5.2: Vulnerability Scanning (part 2) Nessus (17:03)

Lesson 5.3: Vulnerability Scanning (part 3) Nmap Scripting Engine (11:33)
Lesson 5.4: Vulnerability Scanning (part 4) Metasploit (09:31)
Lesson 5.5: Vulnerability Scanning (part 5) WebApp, XAMPP, WEBDAV, nikto (14:19)
Lesson 5.6: Vulnerability Scanning (part 6) Directory Transversals (08:00)

Module 6​ | Traffic Capture

Lesson 6.1: Traffic Capture Introduction (part 1) (00:43)
Lesson 6.2: Traffic Capture (part 2) Analyzing Network Protocol with Wireshark (07:52)
Lesson 6.3: Traffic Capture (part 3) Address Resolution Protocol ARP (11:54)
Lesson 6.4: Traffic Capture (part 4) DNS (05:11)
Lesson 6.5: Traffic Capture (part 5) ettercap (11:12)
Lesson 6.6: Traffic Capture (part 6) SSL Stripping (09:37)

Module 7​ | Exploitation
Lesson 7.1: Exploitation (part 1) Direct Exploitation (16:34)
Lesson 7.2: Exploitation (part 2) SQL Commands (14:26)
Lesson 7.3: Exploitation (part 3) Directory Traversal (06:49)
Lesson 7.4: Exploitation (part 4) Open Source Vulnerability (06:30)
Lesson 7.5: Exploitation (part 5) Using Backdoor to Access an FTP Server (06:18)
Lesson 7.6: Exploitation (part 6) Attaching to an IP Address (06:07)

Module 8​ | Passwords
Lesson 8.1: Passwords (part 1) Password Attacks (12:11)
Lesson 8.2: Passwords (part 2) Online Password Cracking (05:28)
Lesson 8.3: Passwords (part 3) Offline Password Attacks (12:25)
Lesson 8.4: Passwords (part 4) Using oclhashcat (17:28)

Module 9​ | Advanced Exploitation

Lesson 9.1: Advanced Exploitation (part 1) Introduction (00:42)
Lesson 9.2: Advanced Exploitation (part 2) Client Side Attacks (11:09)
Lesson 9.3: Advanced Exploitation (part 3) Exploiting Java (06:59)
Lesson 9.4: Advanced Exploitation (part 4) Social Engineering (23:08)

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
4 
 
 
 

Lesson 9.5: Advanced Exploitation (part 5) Bypassing Antivirus Software (18:56)

Module 10​ | Post Exploitation

Lesson 10.1: Post Exploitation (part 1) File Transfer without and Interactive Shell (20:36)
Lesson 10.2: Post Exploitation (part 2) Exploit Development (17:16)
Lesson 10.3: Post Exploitation (part 3) Pivoting (08:24)
Lesson 10.4: Post Exploitation (part 4) Setting Up a Domain Controller (13:13)

Module 11​ | WebApps

Lesson 11.1: WebApp Introduction (part 1) Web App Testing (01:03)
Lesson 11.2: WebApp (part 2) Vulnerable Web Applications (11:41)
Lesson 11.3: WebApp (part 3) SQL Injection (14:31)
Lesson 11.4: WebApp (part 4) File Inclusion (07:19)
Lesson11.5: WebApp (part 5) Cross Site Scripting XSS (08:22)

Module 12​ | Exploit Development

Lesson 12.1: Exploit Development Introduction (part 1) (00:52)
Lesson 12.2: Exploit Development (part 2) A Program in Memory (10:42)
Lesson 12.3: Exploit Development (part 3) Stack Frame for Function (05:55)
Lesson 12.4: Exploit Development (part 4) GNU Compilers (19:35)
Lesson 12.5: Exploit Development (part 5) Python (08:21)
Lesson 12.6: Exploit Development (part 6) Executing Unintended Code (14:10)
Lesson 12.7: Exploit Development (part 7) Network Based Exploits and Debuggers
(15:13)
Lesson 12.8: Exploit Development (part 8) Creating a Cyclic Pattern (17:02)
Lesson 12.9: Exploit Development (part 9) Verifying Offsets (17:22)
Lesson 12.10: Exploit Development (part 10) Creating Shell Code in Kali Linux (16:25)
Lesson 12.11: Exploit Development (part 11) Fuzzing (17:43)
Lesson 12.12: Exploit Development (part 12) Public Exploits and Perl (12:51)
Lesson 12.13: Exploit Development (part 13) Turning a 3Com Exploit into a Metasploit
Module (16:17)
Lesson 12.14: Exploit Development (part 14) Structured Exception Handler Over-Write
(34:02)

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
5 
 
 
 

Module 13​ | SmartPhone PenTest Framework

Lesson 13.1: SPF Introduction (part 1) (01:09)
Lesson 13.2: SPF (part 2) Attach to Smartphone Based Apps (03:58)
Lesson 13.3: SPF (part 3) Turning an Android App into a SPF Agent (08:22)
Lesson 13.4: SPF (part 4) Functionality for Agents (08:57)
Lesson 13.5: Pentesting Mobile Devices (14:23)

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 
6