Introduction to Pentesting - IPC

Beschreibung

This course serves as an introductory course for performing internal and web application penetration testing.
Our course has been developed around professional penetration testing and security awareness in the business and IT fields. During the course you will learn how to pick the right methodology for your project and acquire the skills on how to successfully perform target reconnaissance and get valuable data on the objective.

Later on, we will go through various aspects of Web Application Pentesting and review the key concepts of web app security. We will also familiarize ourselves with Web Application pentester’s best friend: the Burp Suite. Afterwards we will go through the OWASP Top 10 for 2021 to get a better understanding of top vulnerabilities to look for during our work.
During the final stage of the training, we will guide you through various methods of infrastructure penetration testing. We will learn how to determine the attacks scope, discover vulnerable services and configurations. After we have successfully prepared for the pen-test, the next steps will be to weaponize and in this chapter we will undergo the preparation of malicious payloads and reverse shells. As soon as we have gained the access to the target system, we will try various methods of privilege escalation and lateral movement.

To make sure that all participants gain the necessary security concepts and knowledge, our classes have an intensive hands-on labs format and we have prepared tons of exercises that you will be able to perform even after the course concludes, as we will grant you an extra 3-weeks of lab access.
The knowledge used to prepare the unique content of this amazing course has been gathered during tons of penetration testing projects done all around the world by CQURE Experts.
The training will allow you to understand the penetration tester’s perspective on security, and learn crucial tools and concepts needed for everyone considering developing their career in penetration testing or cybersecurity in general.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

Ideal candidate for this course:
  • Junior pen-testers and red teamers
  • Windows network administrators, security professionals, systems engineers, developers, IT professionals, security consultants and other people responsible for implementing infrastructure security

    expand_more chevron_right Vorkenntnisse

    You should have at least 2-3 years of experience in IT-related job or at least 1 year of experience in cybersecurity field to attend this training

    expand_more chevron_right Detail-Inhalte

    Module 1: Introduction to Penetration Testing
    • Functional issue or security issue?
    • What is Penetration Testing?
    • What skills should Pentester have?
    • The best operating system, web browser and other tools
    • Cyber Kill Chain

    Module 2: Performing security testing
    • Testing methodologies
    • Measuring severity of an issue
    • Risk matrix and CVSS score
    • Vulnerabilities and Risks
    • The role of automatization
    • What defines a test scope?
    • How to create good report?
    • Useful reporting tools

    Module 3: Reconnaissance
    • Why is recon needed?
    • Open-Source Intelligence (OSINT)
    • Google hacking and alternative search engines
    • DNS and WHOIS databases
    • Subdomain enumeration
    • Social Media Intelligence (SOCMINT)
    • Public services enumeration
    • Discovering hidden secrets

    Module 4: Web Applications
    • Introduction to HTTP
    • Modern web applications, frameworks and web programming languages
    • Client and server-side security
    • The hidden gems of web browsers
    • The role of web-proxy

    Module 5: Introduction to Burp Suite
    • Tool overview
    • Community and Pro features
    • Basic web attacks using Burp Suite
    • Work automatization
    • Useful extensions

    Module 6: Introduction to Web Attacks
    • OWASP TOP 10 project
    • OWASP TOP 10 for 2021
    • Discovering Access Control issues
    • Injections attacks
    • SQL Injection attacks
    • Insecure file inclusions
    • Web attacks and Remote Code Execution

    Module 7: Infrastructure penetration testing
    • Infrastructure as entry point
    • Modern architecture
    • Introduction to TCP and UDP
    • Nmap – powerful port scanner
    • Nmap scripts
    • Ncat – netcat for 21st century
    • Vulnerable default configurations

    Module 8: Using and creating offensive security tools
    • Programing languages for offensive tasks
    • Types of shells
    • Generating reverse shell
    • Generating web shell
    • Bypassing firewalls
    • Finding exploits
    • Reviewing and fixing public exploits

    Module 9: Security solutions
    • Security solutions on modern systems
    • Yara rules
    • Bypassing Anti-Virus and EDRs
    • Alternative file types
    • Living Off the Land Binaries

    Module 10: Privilege escalation
    • How Windows access control works?
    • Attacking services
    • Attacking file system
    • Accessing system secrets
    • Mimikatz

    Module 11: Lateral movement
    • Sniffing
    • Gathering network information
    • Bloodhound
    • Pass-The-Hash family attacks
    • Critical Active Directory issues

    Terminanfrage

      Durch Angabe Ihrer E-Mail-Adresse und Anklicken des Buttons „Newsletter abonnieren“ erklären Sie sich damit einverstanden, dass ETC Ihnen regelmäßig Informationen zu IT Seminaren und weiteren Trainings- und Weiterbildungsthemen zusendet. Die Einwilligung kann jederzeit bei ETC widerrufen werden.