Course OutlineModule 1: Professional Penetration Testing
We begin the course by teaching you structured methodologies to deliver penetration testing engagements based on the OWASP Testing Guide, the Penetration Testing Execution Standard (PTES), the PCI Penetration Testing Guide, and the Information Systems Security Assessment Framework (ISSAF).
We will clarify the different types of penetration tests that exist (web application, web services, mobile application, network infrastructure, wireless infrastructure, and other types), and provide practical advice on how one may go about designing, proposing, and obtaining authorization to test and compromise critical IT assets.
Some other important points covered in this module include:
- How do we professionally setup our testing environment in the cloud?
- How are we going to demonstrate a return-on-investment (ROI) on the penetration test(s) we’ll run?
- How are do we identify IT risks that the penetration tests may trigger, and mitigate them ahead of the engagement?
- What can we do to increase the likelihood of the end-client fixing or mitigating the critical issues we’ll identify?
- How do we build a team of penetration testers?
They are hundreds, if not thousands, of free penetration testing tools available online. Mossé Security will also clarify why it selected the tools that it did for this Master Course.
Module 2: Metasploit Masterclass
Begin the course by teaching you about the most famous penetration testing framework: Metasploit.
Module 3: NMAP & OpenVAS Masterclass
- Installing, configuring and updating Metasploit
- Understanding the basic concepts in Metasploit (i.e. exploits, auxiliaries, modules, payloads, listeners, and Meterpreter)
- Using Metasploit to exploit known vulnerabilities and obtain a reverse-shell
- Selecting and generating payloads
- Guessing credentials and attacking user accounts
- Password dumping, lateral movement, and pivoting into segmented network zones
- Using Metasploit for Social Engineering attacks
- Navigating your way around Metasploit’s source code to understand its internal workings
In this module we teach you everything you need to know to discover and fingerprint network services using NMAP and identify whether they are vulnerable to known vulnerabilities using OpenVAS. Topics covered include:
Module 4: PowerShell Offensive Tools Masterclass
- Installing NMAP and OpenVAS
- Scanning for open ports and fingerprinting network services
- Generating and parsing NMAP XML outputs
- All the different types of scans that NMAP can perform, and how and when to use them
- Scanning for vulnerabilities using OpenVAS
- Cross-referencing results from OpenVAS and NMAP
We teach you top PowerShell tools for penetration testing:
Module 5: Burp Suite Masterclass
- PowerShell Empire, an alternative to Meterpreter
- PoshC2, another alternative to Meterpreter
- PowerSploit, a post-exploitation framework
- Bloodhood, a tool for Active Directory reconnaissance and exploitation
The final lecture is on Burp Suite – the leading web application penetration testing proxy:
Module 6: Penetration Test Simulation Exercise
- Installing and running Burp
- The differences between the Community and Professional Editions
- Introduction to the interface, and the different tools available
- Forwarding traffic through proxies and test machines located in the cloud
- Mastering the Proxy and Target tools
- Mastering the Intruder tool
- Using the Repeater, the Decoder and the Comparer tools
- Structured penetration testing approaches when using Burp Suite
We end the class with a penetration testing simulation against a procedurally generated network in the cloud using Dragon-Net. This simulation is like a capture-the-flag competition, but more realistic. Students will have to compromise machines using the techniques they’ve learnt during the class to win points and try to win our friendly competition!