Penetration Testing
BT212
Table of Contents
Description
Penetration testers face a combination of intrusion detection systems, host-based protection, hardened systems, and analysts that pour over data collected by their security information management systems.
Penetration tests help find flaws in the system to take appropriate security measures to protect the data and maintain functionality.
This training will provide the participant with a steppingstone on how to use penetration testing in practice and take on the complex and task of effectively measuring the entire attack surface of a traditionally secured environment.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
- Self-work at home between lessons
- Repetition of materials, self-learning, performing tasks, etc…
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
A personal computer suitable for running virtual machines, with an Internet connection
Transition of the scenarios in the Cyberium Arena.
Target audience
- Security Analysts
- Risk Managers
- Security Officers
- System Managers
- Architects
- Penetration Testers
Objectives
- Becoming familiar with Penetration
- Testing existing security weaknesses
- Gathering information
- Bypass security and attack the network
Pre-requisites
Syllabus
Description
Before the penetration testing team could start to analyze and conduct a series of tests and attacks, the team needs to gather data to construct a better plan of action. In this module, the participant will go through the basics of information gathering and reconnaissance.
Technical content
- Passive Information Gathering
o The OSINT Framework
o Monitoring Personal and Corporate Blogs
▪ Collecting Employee Personal Information
▪ Harvesting Organization Emails
o Google-Dorks - Finding Web directories and files
o Using Brute-Forcing Techniques
o Brute-Forcing Tools
▪ Dirbuster
▪ Dirb
o Identifying Admin Pages
o XSS and SQL Injections
o Dictionary Attacks
o Hybrid Attacks
Description
After gaining the basic information about the network and employees, testers can move on to scanning and gathering further intelligence on their target machines and systems. In this module, the participants will learn the process of identifying possible exploits and making up an assessment of potential risks.
Technical content
- Active Information Gathering
o NMAP Ports Scanning
Port Identification Scanning for OS Version Uncovering Services Versions Aggressive Scanning
o DNS Enumeration Dig and Host for Basic Queries DNSrecon DNS Zone Transfer
• Identifying vulnerability and exploits
o NSE Scripting
o Banner-Grabbing Methods
o Vulnerabilities Detection Methods
o Shodan Search Engine
o Finding Exploits Common Vulnerabilities and Exposures (CVE) MITRE Database Searchsploit Exploit-Suggested
o Github Tools
o Automating the Scanning
Description
In this module, the participants will learn to use the knowledge they gained in the first two phases to gain access, either using an existing exploit or by brute-forcing the way into the network. After gaining control of the target, the participants will learn to abuse existing services to elevate their permissions.
Technical content
- Finding a way in
o Introduction to Metasploit Framework
▪ Auxiliaries and Scanners
▪ Exploit and Post-Exploitation
▪ Privesc and Shell-Escapes
o Social Engineering
▪ Social Fish
▪ SET Toolkit
o Brute-forcing services
▪ CUP and Crunch
▪ Hydra Attacks
▪ Crowbar - Gaining access through Wi-Fi
o Wi-Fi Basics
▪ Four-Way Handshakes
▪ Initializing Devices
o Management and Monitor Modes
o Gaining Access to the Network
▪ Deauthing Targets
▪ Capturing the Handshake
▪ Handshake Brute-Force Techniques
o Karma Attack (Evil-Twin) - Post Exploitation and Evidence gathering
o Basic Privilege Escalation
o Using the Meterpreter Modules
▪ Extracting User Credentials
▪ Enumerating the Machine
o Windows and Linux Privesc Basics
▪ Enumeration of Services and Process
▪ Understanding Permissions
▪ Common Techniques
o Network Pivoting
Description
While gaining access to a system could be quite easy, maintaining control on the target without being noticed by the System Administrators would be hard. In this module, the participants will learn how to use existing components on the network to maintain their control of the network. Also, the participants will learn the basics of removing all semblance of detection.
Technical content
- Maintaining-Access
o Backdooring
▪ Bind-Shell vs. Reverse-Shell
▪ Backdoor-Factory
▪ Metasploit Built-in Persistence and Metsvc
o Advanced Netcat Usage
▪ File Transferring
▪ Spawning a Shell
o Abusing Crontab and Bashrc - Covering Tracks
o Camouflaging the Backdoors
o Detecting Log Collectors
▪ Log Tampering
▪ AuditPol
▪ Elsave
▪ Tracks Eraser Pro
o Restoring the System to Order - Researching Security Solutions
o Creating Research Labs
▪ Constructing the Environment
▪ Crafting Trojans
▪ Understanding AV Mechanism
▪ AV Evasion Technics
▪ Bypassing Security
Description
At last, the participants will learn to conduct their reports based on their team findings; the participants will present the evidence they have gathered through the previous stages; furthermore, this module will also teach possible fixes to some of the security flaws.
Technical content
- Writing Penetration Reports
o Describing the Information Gathering Process
o Being Technical and Contextualized
o Potential Impacts of Existing Vulnerabilities
o Breaking Down the Risk
o An Assessment of Potential Data Loss
o Possible Remediation Options
Labs
- Lab 1 Passive Information Gathering
- Lab 2 Finding Web directories and Files
- Lab 3 Active Information Gathering
- Lab 4 Identifying Vulnerability and Exploits
- Lab 5 Finding a Way
- Lab 6 Post Exploitation and Evidence Gathering
- Lab 7 Post Exploitation and Evidence Gathering
- Lab 8 Maintaining Access
- Lab 9 Analyzing Captured Images
- Lab 10 Researching Security Solutions
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group:
Defense
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- CEH (EC|Council)
- PenTest+ (CompTIA)
- GPEN (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
