PenTest Advanced Training (W26) - Pentestmag

During this course you will learn: Reconnaissance and information gathering, network scanning, SQL Injection, Cross-Site Scripting.


 The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription

Course syllabus

Module 1: Reconnaissance and Information Gathering

At the moment, it is impossible to imagine of a company that works entirely without the use of information technology. And some of the corporate information is confidential and the company would not want it revealed to the public. In this module, we’ll talk about the methods that can be used to get as much information as possible about a company using widespread tools and services.

In this module, we will discuss and develop innovative ways for information gathering approaches (Active and passive), how to collect confidential information using DNS, search engines and more.

Module 2: Network Scanning: The Basics Module

Today’s Internet is based on a protocol stack called TCP / IP and UDP-diagrams. This architecture allows you to interact with remote services by forwarding a special package containing various kinds of data.

But what if we want to know what services are running remotely from the Internet on a specific host or hosts which contain specific open ports? For these purposes, there are quite a number of utilities that can be used to scan networks and individual remote hosts.

In this module, we will discuss the major scanning utilities such as SYN scanning, TCP scanning, UDP scanning, ACK scanning, Null scanning and etc in addition to the major networking scanning tools provided with the practical usages commands.

Module 3: Exploitation Module

The Metasploit Framework, MSF, is a collection of programs and tools for network penetration testing. Metasploit has a collection of exploits, payloads, libraries and interfaces that can be used to exploit computers.

In this module, we will develop exploits in msfconsole, discuss the general database commands and Using Meterpreter for research purpose compromised. All in all, we will present How to detect the presence of still meterpreter and to get valuable information's from victim and more.

Module 4: Post exploitation Module 

Today, it isn’t so difficult to find vulnerable services during pentesting as was about 7 years ago. For any medium-sized company, IT services have turned into one big zoo. Every year, they become more and more, on pleasure to researchers of safety and a headache for system administrators together with programmers.

But, to find vulnerability and to operate it is only a half pentest, since after all it depends on possibilities of post-operation. In this module, we will discuss what is the Post exploitation means and how we can increase our privileges after a successful exploit.

Module 5: Basics of SQL Injection for different databases 

SQLi is one of the most critical and common attacks that hackers always employ to take advantage of the user inputs in the database applications. In this module, we will introduce the basics of SQL Injection for different databases.

Module 6: The Concept of Vulnerability Type SQLi

Type of vulnerabilities known as SQL injection continues to be extremely high risk in the current network threats. Exploitation of these vulnerabilities have been involved in many high-profile hacking worldwide.

Module 7: Cross-site Scripting

The Cross-site Scripting (XSS) attacks are the type of injection, where the attacker supplied code is injected into a user’s browser instance. XSS flows occur due to incorrect validation or escaping untrusted data.

XSS attacks are usually classified according to the following criteria:

  1. By the way of influence;

  2. By the vector;

  3. By the place, where untrusted data is used.

Questions? Reach out to us at [email protected] 

Course Reviews


5 ratings
  • 5 stars0
  • 4 stars4
  • 3 stars0
  • 2 stars0
  • 1 stars1
  1. How is this advance


    Using metasploit only covers what 2000 automated attacks ? What about searchsploit, other tools that map out sql injection, nessus or other tools. No videos ? the knowledge is good to a degree, I would hate to see what is the beginner couse.

  2. Case study


    Add one real case (example) regarding Cross-site Scripting (XSS) topic.

  3. Goog summary


    Very precise, well explained and current material .

  4. Good refresher


    This course is a good refresher to remind ones self of some of the more salient points, i found the XSS particularly helpful.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013