Pentestmag

Successful Vulnerability Assessment using Nessus: how to discover the weakness points in your system

Through these live classes you will learn how to carry out a successful vulnerabilities assessment and discover your system weakness points before the attackers do.

When it comes to your system security you should have a hacker mind and a security professional actions.

We will test our skills through virtual labs which contain different operating systems, different softwares and different configuration to make sure that we gained the skills required to carry out a professional assessment

Mohamed Magdy, Instructor:

Certified Information Systems Security Professional (CISSP)

EC-Council Certified Security Analyst (ECSA)

Certified Penetration Testing Engineer (CPTE)

Cisco certified network associate (CCNA)

Offensive Security Certified Professional (OSCP)

Certified Ethical Hacker V8 (C|EH V8)

Licensed Penetration Tester V8 (LPTV8)

Advanced Network Defense (EC-Council CAST 614)

Offensive Security Wireless Professional (OSWP)

GIAC Security Essentials Certified (GSEC)

Certified White Hat Hacker (CWHH)

Symantec Endpoint Protection 12.1 Technical Specialist (STS)

Red Hat Certified System Administrator (RHCSA)

Information technology infrastructure library (ITIL)

Open Source Intelligence (OSINT)



Day #1: Windows, Windows XP and Linux advanced scanning using Nessus

3 hours:

Windows XP advanced scanning using Nessus

Hack into windows XP using the discovered vulnerabilities

Escalate the privilege to domain administrator

Showing the recommendations to fix the vulnerabilities

Windows 7 advanced scanning using Nessus

Escalate the privilege to local administrator

Showing the recommendations to fix the vulnerabilities

Windows 8 advanced scanning using Nessus

3 hours:

Linux advanced scanning using Nessus

Hack into Linux using the discovered vulnerabilities

Escalate the privilege to Root

Showing the recommendations to fix the vulnerabilities

Vulnerability Assessment for SQL Database

Hack into Database using the discovered vulnerabilities

Adding local administrator to the SQL server and fully compromise it

Assessment:

  • Download a vulnerable machine
  • Run advanced scan against this machine
  • Exploit the machine
  • Escalate the privilege to root

Day #2: PCI DSS vulnerability scan and Network devices configuration auditing using Nessus

3 hours:

Internal PCI DSS vulnerability scan

Customizing the scan to check if the internal servers comply with PCI DSS standard

Scan the servers against different security standard and discover the flaws

Network devices configuration auditing using Nessus

Pull the devices configuration files and upload them to Nessus to show the

misconfiguration that may lead to exploiting the devices

 

3 hours:

Missing updates and patches scan using Nessus (we will discover the missing patches that may put or system into high risk)

Installing Web application on one of our servers

Showing the recommendations to fix the discovered vulnerabilities

Vulnerability Assessment for the web applications using Acunetix

Exploit the discovered vulnerabilities

Showing the recommendations to fix the discovered vulnerabilities

Assessment:

  • Run web application vulnerabilities scan using Nessus
  • Run web application vulnerabilities scan using Acunetix
  • Exploit the web flaws and get access to the database

DAY #3: OpenVAS and Nmap

2 hours:

Generating Professional Vulnerabilities Assessment Report using Nessus

Uploading Reports to Nessus scanner

Import Nessus report into metasploit to make it easy for exploiting the discovered

vulnerabilities

- // - 

2 hours:

Windows XP vulnerability assessment using OpenVAS

Windows 7 vulnerability assessment using OpenVAS

Linux vulnerability assessment using OpenVAS

- // -

2 hours:

Nmap for port scanning and services enumeration

Nmap Script for automatic vulnerabilities discovery

Hack into the system using the discovered vulnerabilities

Assessment:

  • Exploit the vulnerable machine
  • Escalate the privilege to root
  • Professional Vulnerabilities Assessment Report 
  • Windows XP, Windows 7 and Linux vulnerability assessment using OpenVAS


CAUTION!

You can attend live classes online, in real-time. The number of seats is limited. This LCs are not available with the current subscription.

More info: milena.bobrowska@pentestmag.com

Hacking modern web technologies Live Class

HTML5, AJAX, Node.JS, Websockets, RESTful service, Apache ModSecurity, PHP page, XSS, PHP website

During this live classes you will learn how to use modern web development technologies in your applications and minimize security impact. You will be guided through practical exercises where you can test your knowledge and learn new things. All exercises will be viewed from both developer and hacker points of view. In every exercise you will be asked to find a security flaw and then we will discuss how to mitigate it and what is the best solution.

Every module in workshop contains a practice part. It is usually a task for testing yourself on how well you understood material or to check your applications for errors and flaws. For completing practical part you need a basic programming knowledge. A clear installation of Apache with PHP5 and Python would be enough to do all exercises in workshop.


Vladimir Korennoy
Software development.
Penetration testing.
Information security researching, developing intrusion prevention systems.
SIEM systems.
Digital Forensics/Anti-forensics tools and methods.
Head of Security Systems Development

PENTESTIT
i-AGE
TNK-BP


Day#1: HTML5, AJAX, Node.JS, Websockets, RESTful services

On this class we will focus on new trending technologies including HTML5, AJAX in general, Node.JS, WebSockets and RESTful services.
Students will have to solve several tasks on that topic.
On each technology I will provide a little web application using it, and they have to identify vulnerability in it and try to exploit (for proof of concept). Typically it will be a single page application.

3 hours:

Exercise 1 - HTML5. Find vulnerability in given HTML5 simple application. Given page contains several vulnerabilities which lead to information disclosure, XSS and may be something else interesting. Try to exploit any. What can we do to protect it? Offer a way to patch this application.

Exercise 2 - AJAX. Understand how the page and backend are communicating. Try to find flaw in their communications. This flaw can lead to one of the most common type of injection. Can you gain administrator password hash? What you'll offer to avoid such scenarios?

3 hours:

Exercise 3 - Node.JS. Look at given Express.JS application. It contain a flaw which allow you to get in private zone.
Next, try to look closer at communicating with MongoDB.

Exercise 4 - Websockets. Try to understand communication in this application and bypass authentication page. How to mitigate this type of vulnerabilities?

Exercise 5 - RESTful services. You have a simple RESTful service. Let test its security? What can attackers do with it? How? Try to make a little pentest of this service to find weak entry points. There are at least 2 there. Vulnerabilities there are listed in OWASP TOP-10 and lead to sensitive information disclosure.. Suggest measures to mitigate it.


 

Day#2: Web Application Firewall - Apache ModSecurity

On this class we will try to move from validating to control web application security globally.
For that I will offer students to use Web Application Firewall - Apache ModSecurity.
Exercises will show flaws in validations (client-side, server-side).

3 hours:

Exercise 1 - Try to find flaw in client-side validation on PHP page.
Exercise 2 - After that, check server-side validation - is it safe? if not - why? how to avoid validation?

3 hours:

Exercise 3 - ModSecurity. Try to write filter for basic XSS attacks on basic PHP website.
Exercise 4 - ModSecurity. How to avoid Path Traversal vulnerabilities with modsecurity filters?


 

Day#3: Web application with some security flaws in HTTP headers

Students will have a web application with some security flaws in HTTP headers.
Some of headers will be missing.
Their goal will be to identify what headers are missing? what can attacker do in this situation?

6 hours:

ACCESS-CONTROL-ALLOW-ORIGIN
CONTENT-SECURITY-POLICY
X-CONTENT-TYPE-OPTION
X-FRAME-OPTIONS
X-XSS-PROTECTION


CAUTION!

You can attend live classes online, in real-time. The number of seats is limited. This LCs are not available with the current subscription.

More info: 
milena.bobrowska@pentestmag.com

Latest Workshops

Popular Issues

Recent Posts

Apply for Instructor

Testimonials

Partners with

 
 

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013