In this course, you'll learn to install VMware and create a virtual environment with both hacker and target labs. You'll master advanced information gathering and reconnaissance in both active and passive modes, and receive templates and guides for professionally storing data. Using this data:
- You'll conduct vulnerability assessments and leverage the Metasploit framework for easier exploitation, while also learning manual techniques.
- You'll tackle security on custom websites with vulnerabilities like SQL injection, XSS, unrestricted file uploads, command injection, and brute forcing.
- Post-exploitation methods with and without Metasploit, as well as manual privilege escalation techniques, will help you gain full root/admin access.
The final section focuses on writing professional penetration testing reports. By the end, you'll be ready for professional penetration testing.
This course is ideal for those curious about hacking, aspiring pentesters, and students exploring security testing. Basic Linux, networking, and hacking knowledge are advantageous.
Overview
Syllabus
- Introduction
- In this module, we will introduce the course and provide an overview of the key concepts and skills you will learn. This session sets the stage for your journey, outlining the objectives and the importance of each section in the realm of cybersecurity.
- Fundamentals
- In this module, we will walk you through setting up the VMware Player essential for lab exercises and discuss theoretical basics crucial for understanding cybersecurity principles. This foundation will enable you to effectively engage with hands-on demonstrations in the course.
- Information Gathering
- In this module, we will explore the techniques of passive and active reconnaissance. You will learn how to gather information covertly and actively, using various tools to identify technologies and vulnerabilities in target systems. This knowledge is crucial for any penetration testing process.
- Vulnerability Analysis
- In this module, we will dive into vulnerability analysis, both manual and automated. You'll learn how to identify and evaluate system vulnerabilities using industry-standard tools, enhancing your ability to prioritize and address security risks effectively.
- Exploitation
- In this module, we will focus on the exploitation phase of penetration testing. Through hands-on labs, you will learn to exploit vulnerabilities using the Metasploit framework and manual techniques, gaining practical experience in compromising systems.
- Web Penetration Test
- In this module, we will cover web penetration testing in depth. You will learn to gather information, scan for vulnerabilities, and exploit web applications. Special focus will be given to common web vulnerabilities such as SQL injection and cross-site scripting (XSS).
- Network Pentesting
- In this module, we will explore network penetration testing. You'll gain practical insights into core testing methodologies, post-exploitation processes, and privilege escalation techniques, equipping you with the skills to perform comprehensive network security assessments.
- Security Control Evasion
- In this module, we will focus on evading security controls, specifically antivirus systems. You will learn to create payloads and apply techniques to bypass antivirus software, enhancing your ability to navigate and exploit protected environments.
- Writing Great Reports
- In this module, we will emphasize the importance of documentation in penetration testing. You will learn to create clear, comprehensive reports that effectively communicate your findings and recommendations, ensuring your work meets professional and industry standards.
Taught by
Packt - Course Instructors