Penetration testing with kali Linux

Course details

• Learn how to conduct a practical penetration test using Kali Linux.
• Penetration Testing with Kali Linux (PWK) is the industry standard for practical, hands-on, information security ;

• This course will show IT professionals how to use the ethical hacking techniques and how to conduct a professional penetration test workflow using the Swiss Army Knife operating system Kali Linux.
• This course will prepare students for the Penetration Testing with Kali Linux (PWK) Offensive Security Certified Professional (OSCP) exam.
• Guiding you from the basics of automation of standard security tasks all the way to discovering, fuzzing and writing your own buffer overflow, this course provides you with not just more ""tool usage"" instruction. Instead, it details the underlying concepts of what you need to know to for a successful career in penetration testing.
• Students will be provided with virtual machines for use in class. Additionally, the Penetration Testing with Kali Linux lab guide will be provided.

• Overview of Linux OS
• Brief history and overview of Kali Linux
• Overview of Kali tools and utilities
• Managing Kali Linux Services: Default root password, SSH, HTTP
• Bash Introduction
• Hands-on exercise - Basic Linux usage: working with terminal (command line), using utilities for file and process viewing/manipulation
• Hands-on exercise - Manipulating text files on Linux command line
• Python Introduction
• Hands-on-exercise - Python Introduction

• Netcat
• Connecting to a TCP/UDP Port
• Listening on a TCP/UDP Port
• Hands-on exercise - Dealing with Netcat the TCP/IP Swiss Army Knife
• Wireshark
• Wireshark Basics, Making Sense of Network Dumps, Capture and Display Filters, Following TCP Streams
• Hands-on exercise - Examine the traffic and capture password spray attack

• Open Web Information Gathering using Google Hacks
• Email Harvesting
• Additional resources like Netcraft, Whois Enumeration
• Hands-on exercise - Collecting information about your target using publicly available information

• DNS analysis
• Interacting with a DNS Server, Automating Lookups, Forward Lookup Brute Force, Reverse Lookup Brute Force, DNS Zone Transfers
• Hands-on exercise - Abusing DNS: dig, and dnsrecon to query DNS servers and performing reverse lookups
• Port Scanning
• Port scanning techniques
• Service identification
• Using Nmap efficiently
• Hands-on exercise - Port Scanning with Nmap: performing basic TCP, UDP, ping, and OS fingerprinting scans with Nmap
• Hands-on exercise - Stealthy Scanning: using Nmap timing options, SYN, and idle scanning techniques
• Hands-on exercise - Service Identification: using telnet, netcat, and Nmap -sV scans to identify running services
• SNMP analysis
• Hands-on exercise - Abusing SNMP: cracking SNMP community strings and enumerating information via SNMP
• SMTP Analysis
• Hands-on exercise - be familiar with mail server
• SMB Analysis
• Hands on exercise - Scanning for the NetBIOS Service, Null Session Enumeration
• Hands-on exercise - Nmap Scripting Engine (NSE): using NSE to gather detailed information about network hosts

• Vulnerability Scanning with Nmap
• The OpenVAS Vulnerability Scanner, Nessus
• Hands-on exercise - Starting Investigation

• Fuzzing
• Win32 Buffer Overflow Exploitation
• Replicating the Crash
• Controlling EIP: Binary Tree Analysis or Sending a Unique String
• Locating Space for Your Shellcode, Checking for Bad Characters
• Redirecting the Execution Flow, Finding a Return Address
• Generating Shellcode with Metasploit, getting a Shell, Improving the Exploit
• Hands-on exercise - Exploiting SLMail and get shell over the system

• Searching for Exploits in Kali Linux and from the Web
• Customizing and Fixing Exploits using a Development Environment and Dealing with Various Exploit Code Languages
• Hands-on exercise - Fix and compile to exploit your SLMail

• Evading Antivirus Software
• File Transfer Methods using FTP, Python, nc
• Hands-on exercise - Creating in Windows

• Privilege Escalation Exploits
• Configuration Issues as Incorrect File and Service Permissions
• Hands-on exercise - Bypassing UAC on Windows
• Hands-on exercise - Udev Privilege Escalation on Linux

• Browser Exploitation
• PDF Exploitation
• Hands-on exercise - MS12-037 Internet Explorer 8 Fixed Col Span ID

• Common Web Application Vulnerabilities and Attacks like XSS, File Inclusion, SQL Injection
• Overview of Kali Web Applications Tools
• Dealing with Proxy: Burp Suite
• Hands-on exercise - Unvalidated Parameters: using Burp Suite to intercept and modify HTTP POST requests
• Hands-on exercise - Cross-Site Scripting (XSS): performing a stored XSS attack
• Hands-on exercise - Basic SQL Injection: performing a SQL injection attack using common techniques

• Types of Password Attacks
• Overview of Kali Password Attacks Tools like Hydra, Medusa, Ncrack
• Password Profiling and Mutating
• Hands-on exercise - Using Cewl and Crunch to get effective password list
• Hands-on exercise - Post-exploit Password Cracking: dumping password hashes from a compromised system and cracking hashed passwords with John the Ripper

• Port Forwarding/Redirection
• SSH Tunneling using Local Port Forwarding, Remote Port Forwarding, Dynamic Port Forwarding
• Proxychains
• Hands-on exercise - Efficient Pivoting and moving between machines

• Metasploit Overview
• Metasploit Auxiliary, Modules and Payloads
• Hands-on exercise - Exploiting Vulnerable Services: using a Metasploit exploit module to gain access to a remote system
• Hands-on exercise - Additional Payloads: using Metasploit and Meterpreter payloads on a compromised system
• Hands-on exercise - Revisiting Client-side Attacks