Penetration Testing using The “Kill Chain” Methodology is an online course in which you will learn how to perform Penetration Test step by step using the “Kill Chain” Methodology. This course is intended for technical astute audience and this is a 98% hands on course.
You can buy this course only until March 7th. Later it will be available only for premium subscribers.
18 CPE CREDITS
Information Gathering – Passive Reconnaissance
- Whois Lookup
- Linux Dig Command
- Linux Traceroute and Mtr
- Social Engineering ToolKit
- And More …
Sniffers – Passive sniffing
- Advanced MitM Framework
Scanners Active scanning
- Nmap and Zenmap
- And More …
- The Metasploit Framework
- And More …
- Client-side Exploitation
- Exploiting targets with Armitage
What will you learn in this course:
This course is intended for a technically astute audience. The participant should have some general knowledge of the systems that we’ll be testing. After covering some tools and techniques, you will have a good fundamental understanding of penetration testing and assessments.
What will you need (course requirements – software):
- “K” Linux – Free Download
Virtual Machine Applications:
- VMWare Player – Free
- VirtualBox – Free Download for Linux, Windows, and OSx
- Parallels – Costs Money; For OS X
Other miscellaneous tools:
- TeamViewer – Free; For remote live demos; Not required
- Your Brain – Free
Virtual Machine Images: LAMPSecurity Is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach Linux, Apache, Php, Mysql security.
What skills you should have before you join:
We will use some of the most “popular” tools used in pen-testing. Some experience in IT Security, solid basic knowledge of TCP/IP networks. Comfortable at the command line under Linux and Windows.
Module 1 – Test Preparation Phase
Topic 1: Netcraft.com Topic 2: Linux commands Topic 3: Social Engineering ToolKit Exercise.
- a) Use Linux commands to do passive Reconnaissance
- b) Use Wireshark for passive sniffing the LAN
- c) Use SET to set up fake clone website to steal user credentials.
- d) Use SET to craft fake email and a malicious pdf document.
Module 2 – Vulnerability Analysis
Topic 1: OpenVas Topic 2: Nikto Topic 3: W3af Topic 4: Exploitdb.com Exercise
- a) Use tools learned in topic 1 thru 4 to perform a vulnerability assessment against LAMPSecurity.
- b) Discuss vulnerabilities and remediation.
Module 3 – Scanners – Active scanning
Topic 1: Nmap Topic 2: Zenmap Topic 3: Advanced MitM Framework Exercise.
- a) Perform active scans against LAMPSecurity (target) in your pen-tesing lab environment.
- b) Perform an man-in-the-middle attack against chosen target.
Module 4 – Vulnerability Exploits And Test Analysis
Topic 1: Veil-Evasion Topic 2: The Metasploit Framework Topic 3: And More … Exercise.
- a) Craft malicious payload to bypass anti-virus.
- b) Set up local web server to host the malicious payload.
- c) Set up command and control server (C2 Server) with Metasploit Framework.
- a) Client side Exploitation
- b) Exploiting targets with Armitage
Final Exam: Good Luck ;)
Your instructor: Rupert Edwards
I’m a Linux professional possessing LPIC-3 Linux Professional Institute certification and CompTIA Cloud Essentials. I also have over 15 years of computer security experience, over 15 years of systems engineering as a security expert, 15 years as a lecturer and trainer, and 35 years of industry experience. Programming: PHP, Perl, Python, Ruby, Shell, and Penetration tester extraordinaire.
You can find me on G+ https://plus.google.com/u/0/+RupertEdwards You can read an interview with our instructor here: https://pentestmag.com/the-kill-chain-methodology-interview-with-rupert-edwards/