Penetration Testing with Metasploit Hands-On 1 Day Online Class
Class Abstract: In this 1 day class we will study penetration testing with a focus on using the Metasploit Framework. We will begin by becoming proficient at using Metasploit. Then we will work through the phases of penetration testing using Linux and Windows victims. Students will be introduced to finding and exploiting many different kinds of vulnerabilities as well as post exploitation strategies. In addition to Metasploit, students will gain experience with additional pentesting tools such as Maltego, Nmap, and Nikto.
What You Get:
- One full day of online instruction.
- Fully configured victim virtual machine downloads (Windows trials and Linux) for use in the class.
- 2 weeks of access to a VPN with several additional victim machines. The lab victims will all be custom built so you can fully test your skills. This will not be a host for pre-built victims you can download for free online. These systems will be unique and will simulate real scenarios from penetration tests.
- Access to the instructor to answer questions about the material and labs during the course and the 2 week lab access period
- Slides and other course material
When: currently not scheduled
Note: Time zones are lousy for everyone. For this iteration of the class I’m doing my best to make it accessible for everyone in the Americas. There will be future classes that will be at times better suited to other regions given enough interest. I tried running this class in Europe and didn’t have many signups, and a lot of people wrote and said they wanted American times. That said if you are a night owl you are welcome to join the class from anywhere in the world.
Where: Online! The class will be held using GoToMeeting. There is a free client download for Windows and Mac. Like most useful things it isn’t supported on Linux unfortunately. You will able to see me, hear me, and see my screen as I demonstrate the hands-on material.
How it Works: A week before the class I will upload 2 victim virtual machines for students to download. These will be compressed to make the download as small as possible but you can still expect about 500MB-1GB total. So if you have a slow connection you might not want to wait till the night before. You will host these victims and a Backtrack 5 R3 attack virtual machine on your own machine using Vmware or Virtual Box. You will be able to follow along with everything covered in class on your virtual machines. Additionally there will be independent exercises during the course using your virtual machines. You will also receive a meeting invite to join the live portion of the class. The day of class you choose to attend, log in to Gotomeeting. You will also receive credentials and instructions for the VPN to use the online practice lab. Your account will be active for 2 weeks after the end of the class.
- Backtrack 5 R3 virtual machine. It can be downloaded here: http://www.backtrack-linux.org
- About 10 gigs of free space for victim virtual machines that will be provided by the instructor
- Vmware or Virtual Box (free and/or trial versions are available)
About the Instructor:
Georgia Weidman is a penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally. She has presented her research at top conferences around the world including Shmoocon, Blackhat, Hacker Halted, and Bsides. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Building on her experience, Georgia founded Bulb Security LLC (http://www.bulbsecurity.com), a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security, culminating in the release of the Smartphone Pentest Framework (SPF) which allows pentesters to assess the security of mobile devices in an environment.
Be sure to put in your correct email address when you purchase the class. That is the email I will use to communicate class details with you.