Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Coursera

Pentesting Fundamentals for Beginners

Packt via Coursera

Overview

Ethical hacking fundamentals are consistent across exams, focusing on tools like Nmap, specific commands, pentesting frameworks, and the OWASP Top 10 vulnerabilities. Understanding scoping assessments, documentation purposes, and executive summaries is essential. This course covers these fundamentals, teaching cybersecurity tools, reverse shells, scripting basics, and command outputs. You'll learn to identify security tools, ethical hacking techniques, exploit web application vulnerabilities, and proper pentesting documentation and reporting. By the course end, you'll master pentesting basics, boosting your cybersecurity career. Designed for aspiring ethical hackers or pentesters, and those seeking Pentest+, CySA+, OSCP, or CeH certifications. This course is also ideal for those needing a refresher on ethical hacking fundamentals. Requirements include a PC or laptop, stable internet, virtualization-capable hardware, and a strong desire to learn.

Syllabus

  • Introduction to the Course
    • In this module, we will provide a comprehensive overview of what the course entails. You will learn about the key topics, objectives, and structure, setting the stage for the in-depth content to follow.
  • Virtual Lab Build
    • In this module, we will delve into setting up a virtual lab environment. You will learn to install and configure Kali Linux, Windows 10, Metasploitable2 and Metasploitable3, and OWASP virtual machines. Additionally, we'll cover how to take snapshots of your current configurations.
  • Documentation
    • In this module, we will explore the crucial aspect of documentation in penetration testing. You'll understand the importance of scoping engagements, creating Statements of Work, Rules of Engagement, Master Service Agreements, and NDAs, as well as compiling a comprehensive Pentesting Final Report.
  • Penetration Testing Frameworks
    • In this module, we will cover key penetration testing frameworks. You'll gain high-level insights into the MITRE ATT&CK, NIST, and PTES frameworks, learning how to apply their principles to real-world penetration testing activities.
  • Nmap - Network Discovery
    • In this module, we will focus on Nmap, a powerful tool for network discovery. You'll learn to conduct various scans, including service and version detection, OS detection, and host discovery. Additionally, we'll explore the Nmap Scripting Engine and how to analyze scan results.
  • OpenVAS - Vulnerability Scanning
    • In this module, we will introduce you to OpenVAS, a comprehensive vulnerability scanner. You will learn how to perform vulnerability scans, interpret the results, and understand the scanner's capabilities for various testing scenarios.
  • Information Gathering
    • In this module, we will cover techniques for information gathering. You'll learn about banner grabbing and using tools like WinPEAS for automated enumeration, aiding in the reconnaissance phase of penetration testing.
  • Reverse Shells and Persistent Connections
    • In this module, we will explore reverse shells and persistent connections. You will learn to create persistent backdoors, reverse shells using PowerShell, and launch graphical console windows using SSH and XTERM for remote system management.
  • Privilege Escalation
    • In this module, we will examine privilege escalation techniques. You'll learn to identify vulnerabilities like Unquoted Service Path and perform privilege escalation on Windows 7 and 10 using UAC bypass methods.
  • OWASP Top 10 Mitigations
    • In this module, we will cover the OWASP Top 10 web application vulnerabilities. You'll learn to mitigate these vulnerabilities using various tools and techniques, including assembling fake TCP/IP packets with Hping3 and conducting scans with OWASP ZAP.
  • Web Applications Testing
    • In this module, we will focus on testing web applications. You'll learn to configure BurpSuite, perform SQL injection attacks using SQLmap, detect web application firewalls with WAFW00F, and exploit vulnerabilities like HTTP PUT method and brute-forcing WordPress passwords.
  • Compiling Exploit Code
    • In this module, we will teach you how to compile exploit code for Linux and Windows. You will also learn to prepare a Windows OVA file for your virtual lab and cross-compile exploits using tools like Mingw-w64.
  • Scripting
    • In this module, we will cover scripting techniques for penetration testing. You'll learn to use Kali web shells, transfer files using HTTP and PowerShell's WebClient, and perform tasks like string slicing in Python and disabling Windows 10 UAC using PowerShell.

Taught by

Packt - Course Instructors

Reviews

Start your review of Pentesting Fundamentals for Beginners

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.