PENETRATION TESTING LEVEL II HANDS-ON 1 DAY ONLINE CLASS

Class Abstract: In this 1 day class we will study more advanced penetration testing techniques, picking up where Penetration Testing with Metasploit left off. In the absence of low hanging fruit such as default passwords, vulnerable network service, and misconfigurations, how can we break into the environment? We will cover more advanced exploitation techniques such as client side attacks and social engineering. We will study techniques for bypassing anti-virus, firewalls, and intrusion detection systems with our attacks. This class will also cover post exploitation in depth. We will cover topics such as persistence, local privilege escalation, getting Windows domain administrative privileges, local information gathering, and using Powershell. This class will use the Metasploit framework as well as other tools as well as manual techniques.

When: TBA

Where: Online! The class will be held using GoToMeeting. There is a free client download for Windows and Mac. Like most useful things it isn’t supported on Linux unfortunately. You will able to see me, hear me, and see my screen as I demonstrate the hands-on material.

HOW IT WORKS

A week before the class I will upload victim virtual machines for students to download. These will be compressed to make the download as small as possible but you can still expect about 2 Gigs total. So if you have a slow connection you might not want to wait till the night before.  You will host these victims and a Kali Linux attack virtual machine on your own machine using Vmware or Virtual Box. You will be able to follow along with everything covered in class on your virtual machines. Additionally there will be independent exercises during the course using your virtual machines. You will also receive a meeting invite to join the live portion of the class. The day of class you choose to attend, log in to Gotomeeting. You will also receive credentials and instructions for the VPN to use the online practice lab. Your account will be active for 2 weeks after the end of the class.

Student Requirements:

  • Kali Linux virtual machine
  • About 10 GB of free space for victim virtual machines that will be provided by the instructor
  • Vmware or Virtual Box (free and/or trial versions are available)

Prerequisites:

This is not a beginner class. Students should be comfortable using pentesting tools such as Metasploit, Nmap, etc. Beginning pentesting skills such as those covered in Penetration Testing with Metasploit or equivalent course such as the Offensive Security Certified Professional course are expected.

WHAT YOU GET

  • One full day of online instruction
  • Fully configured victim virtual machine downloads for use in the class. This class will use modern operating systems like Windows 7
  • 2 weeks of access to a VPN with several additional victim machines. The lab victims will all be custom built so you can fully test your skills. This will not be a host for pre-built victims you can download for free online. These systems will be unique and will simulate real scenarios from penetration tests.
  • Access to the instructor to answer questions about the material and labs during the course and the 2 week lab access period
  • Slides & other course material
  • Video recording of the class

Topics Covered:

  • Client Side Exploitation
  • Social Engineering
  • Social Engineer Toolkit
  • Bypassing Anti-virus
  • Using Public Exploit Code
  • Local Privilege Escalation
  • Pivoting
  • Getting Domain Admin Access
  • Using Power Shell
  • Persistence
  • Local Information Gathering

Be sure to put in your correct email address when you purchase the class. That is the email I will use to communicate class details with you. I will communicate with you within 24 hours of your sign-up confirming your registration. One week before the class you receive meeting and virtual machine information. If you do not receive communication check your spam folder.