Penetration testing with kali Linux هذه الدورة تدرس باللغة الإنجليزية

تفاصيل الدورة

Introduction to Kali:

Overview of Linux OS
Brief history and overview of Kali Linux
Overview of Kali tools and utilities
Managing Kali Linux Services: Default root password, SSH, HTTP
Bash Introduction
Hands-on exercise - Basic Linux usage: working with terminal (command line), using utilities for file and process viewing/manipulation
Hands-on exercise – Manipulating text files on Linux command line
Python Introduction
Hands-on-exercise - Python Introduction

Essential Tools:
Netcat
Connecting to a TCP/UDP Port
Listening on a TCP/UDP Port
Hands-on exercise – Dealing with Netcat the TCP/IP Swiss Army Knife
Wireshark
Wireshark Basics, Making Sense of Network Dumps, Capture and Display Filters, Following TCP Streams
Hands-on exercise - Examine the traffic and capture password spray attack

Passive Information Gathering:
Open Web Information Gathering using Google Hacks
Email Harvesting
Additional resources like Netcraft, Whois Enumeration
Hands-on exercise - Collecting information about your target using publicly available information

Information Gathering
DNS analysis
Interacting with a DNS Server, Automating Lookups, Forward Lookup Brute Force, Reverse Lookup Brute Force, DNS Zone Transfers
Hands-on exercise – Abusing DNS: dig, and dnsrecon to query DNS servers and performing reverse lookups
Port Scanning
Port scanning techniques
Service identification
Using Nmap efficiently
Hands-on exercise - Port Scanning with Nmap: performing basic TCP, UDP, ping, and OS fingerprinting scans with Nmap
Hands-on exercise – Stealthy Scanning: using Nmap timing options, SYN, and idle scanning techniques
Hands-on exercise – Service Identification: using telnet, netcat, and Nmap –sV scans to identify running services
SNMP analysis
Hands-on exercise – Abusing SNMP: cracking SNMP community strings and enumerating information via SNMP
SMTP Analysis
Hands-on exercise - be familiar with mail server
SMB Analysis
Hands on exercise - Scanning for the NetBIOS Service, Null Session Enumeration
Hands-on exercise – Nmap Scripting Engine (NSE): using NSE to gather detailed information about network hosts

Vulnerability Scanning:
Vulnerability Scanning with Nmap
The OpenVAS Vulnerability Scanner, Nessus
Hands-on exercise – Starting Investigation

Buffer Overflows:
Fuzzing
Win32 Buffer Overflow Exploitation
Replicating the Crash
Controlling EIP: Binary Tree Analysis or Sending a Unique String
Locating Space for Your Shellcode, Checking for Bad Characters
Redirecting the Execution Flow, Finding a Return Address
Generating Shellcode with Metasploit, getting a Shell, Improving the Exploit
Hands-on exercise – Exploiting SLMail and get shell over the system

Working with Exploits:
Searching for Exploits in Kali Linux and from the Web
Customizing and Fixing Exploits using a Development Environment and Dealing with Various Exploit Code Languages
Hands-on exercise – Fix and compile to exploit your SLMail

File Transfers:
Evading Antivirus Software
File Transfer Methods using FTP, Python, nc
Hands-on exercise – Creating in Windows

Privilege Escalation:
Privilege Escalation Exploits
Configuration Issues as Incorrect File and Service Permissions
Hands-on exercise – Bypassing UAC on Windows
Hands-on exercise – Udev Privilege Escalation on Linux

Client-Side Attacks:
Browser Exploitation
PDF Exploitation
Hands-on exercise – MS12-037 Internet Explorer 8 Fixed Col Span ID

Web Application Attacks:
Common Web Application Vulnerabilities and Attacks like XSS, File Inclusion, SQL Injection
Overview of Kali Web Applications Tools
Dealing with Proxy: Burp Suite
Hands-on exercise – Unvalidated Parameters: using Burp Suite to intercept and modify HTTP POST requests
Hands-on exercise – Cross-Site Scripting (XSS): performing a stored XSS attack
Hands-on exercise – Basic SQL Injection: performing a SQL injection attack using common techniques

Password Attacks:
Types of Password Attacks
Overview of Kali Password Attacks Tools like Hydra, Medusa, Ncrack
Password Profiling and Mutating
Hands-on exercise - Using Cewl and Crunch to get effective password list
Hands-on exercise – Post-exploit Password Cracking: dumping password hashes from a compromised system and cracking hashed passwords with John the Ripper

Port Redirection and Tunneling:
Port Forwarding/Redirection
SSH Tunneling using Local Port Forwarding, Remote Port Forwarding, Dynamic Port Forwarding
Proxychains
Hands-on exercise – Efficient Pivoting and moving between machines

Exploit Framework/Metasploit:
Metasploit Overview
Metasploit Auxiliary, Modules and Payloads
Hands-on exercise - Exploiting Vulnerable Services: using a Metasploit exploit module to gain access to a remote system
Hands-on exercise – Additional Payloads: using Metasploit and Meterpreter payloads on a compromised system
Hands-on exercise – Revisiting Client-side Attacks
  تحديث بتاريخ 20 July, 2020