We've noticed this is not your region.
Redirect me to my region
SpeedyCourse Logo
Events Providers
SpeedyCourse Logo or
What do you want to learn today?
  Back to Courses

Penetration testing with kali Linux

ENDED
Training by  CLS Learning
Inquire Now
On-Site / Training
Inquire for Price
Inquire Book Now Add to Wishlist
CLS Learning's Logo
RESPONSE RATE
Book Now
Inquire

Details

  • This course will show IT professionals how to use the ethical hacking techniques and how to conduct a professional penetration test workflow using the Swiss Army Knife operating system Kali Linux.
  • This course will prepare students for the Penetration Testing with Kali Linux (PWK) Offensive Security Certified Professional (OSCP) exam.
  • Guiding you from the basics of automation of standard security tasks all the way to discovering, fuzzing and writing your own buffer overflow, this course provides you with not just more ""tool usage"" instruction. Instead, it details the underlying concepts of what you need to know to for a successful career in penetration testing.
  • Students will be provided with virtual machines for use in class. Additionally, the Penetration Testing with Kali Linux lab guide will be provided.

Outline

Introduction to Kali:
  • Overview of Linux OS
  • Brief history and overview of Kali Linux
  • Overview of Kali tools and utilities
  • Managing Kali Linux Services: Default root password, SSH, HTTP
  • Bash Introduction
  • Hands-on exercise - Basic Linux usage: working with terminal (command line), using utilities for file and process viewing/manipulation
  • Hands-on exercise - Manipulating text files on Linux command line
  • Python Introduction
  • Hands-on-exercise - Python Introduction

Essential Tools:
  • Netcat
  • Connecting to a TCP/UDP Port
  • Listening on a TCP/UDP Port
  • Hands-on exercise - Dealing with Netcat the TCP/IP Swiss Army Knife
  • Wireshark
  • Wireshark Basics, Making Sense of Network Dumps, Capture and Display Filters, Following TCP Streams
  • Hands-on exercise - Examine the traffic and capture password spray attack

Passive Information Gathering:
  • Open Web Information Gathering using Google Hacks
  • Email Harvesting
  • Additional resources like Netcraft, Whois Enumeration
  • Hands-on exercise - Collecting information about your target using publicly available information

Information Gathering
  • DNS analysis
  • Interacting with a DNS Server, Automating Lookups, Forward Lookup Brute Force, Reverse Lookup Brute Force, DNS Zone Transfers
  • Hands-on exercise - Abusing DNS: dig, and dnsrecon to query DNS servers and performing reverse lookups
  • Port Scanning
  • Port scanning techniques
  • Service identification
  • Using Nmap efficiently
  • Hands-on exercise - Port Scanning with Nmap: performing basic TCP, UDP, ping, and OS fingerprinting scans with Nmap
  • Hands-on exercise - Stealthy Scanning: using Nmap timing options, SYN, and idle scanning techniques
  • Hands-on exercise - Service Identification: using telnet, netcat, and Nmap -sV scans to identify running services
  • SNMP analysis
  • Hands-on exercise - Abusing SNMP: cracking SNMP community strings and enumerating information via SNMP
  • SMTP Analysis
  • Hands-on exercise - be familiar with mail server
  • SMB Analysis
  • Hands on exercise - Scanning for the NetBIOS Service, Null Session Enumeration
  • Hands-on exercise - Nmap Scripting Engine (NSE): using NSE to gather detailed information about network hosts

Vulnerability Scanning:
  • Vulnerability Scanning with Nmap
  • The OpenVAS Vulnerability Scanner, Nessus
  • Hands-on exercise - Starting Investigation

Buffer Overflows:
  • Fuzzing
  • Win32 Buffer Overflow Exploitation
  • Replicating the Crash
  • Controlling EIP: Binary Tree Analysis or Sending a Unique String
  • Locating Space for Your Shellcode, Checking for Bad Characters
  • Redirecting the Execution Flow, Finding a Return Address
  • Generating Shellcode with Metasploit, getting a Shell, Improving the Exploit
  • Hands-on exercise - Exploiting SLMail and get shell over the system

Working with Exploits:
  • Searching for Exploits in Kali Linux and from the Web
  • Customizing and Fixing Exploits using a Development Environment and Dealing with Various Exploit Code Languages
  • Hands-on exercise - Fix and compile to exploit your SLMail

File Transfers:
  • Evading Antivirus Software
  • File Transfer Methods using FTP, Python, nc
  • Hands-on exercise - Creating in Windows

Privilege Escalation:
  • Privilege Escalation Exploits
  • Configuration Issues as Incorrect File and Service Permissions
  • Hands-on exercise - Bypassing UAC on Windows
  • Hands-on exercise - Udev Privilege Escalation on Linux

Client-Side Attacks:
  • Browser Exploitation
  • PDF Exploitation
  • Hands-on exercise - MS12-037 Internet Explorer 8 Fixed Col Span ID

Web Application Attacks:
  • Common Web Application Vulnerabilities and Attacks like XSS, File Inclusion, SQL Injection
  • Overview of Kali Web Applications Tools
  • Dealing with Proxy: Burp Suite
  • Hands-on exercise - Unvalidated Parameters: using Burp Suite to intercept and modify HTTP POST requests
  • Hands-on exercise - Cross-Site Scripting (XSS): performing a stored XSS attack
  • Hands-on exercise - Basic SQL Injection: performing a SQL injection attack using common techniques

Password Attacks:
  • Types of Password Attacks
  • Overview of Kali Password Attacks Tools like Hydra, Medusa, Ncrack
  • Password Profiling and Mutating
  • Hands-on exercise - Using Cewl and Crunch to get effective password list
  • Hands-on exercise - Post-exploit Password Cracking: dumping password hashes from a compromised system and cracking hashed passwords with John the Ripper

Port Redirection and Tunneling:
  • Port Forwarding/Redirection
  • SSH Tunneling using Local Port Forwarding, Remote Port Forwarding, Dynamic Port Forwarding
  • Proxychains
  • Hands-on exercise - Efficient Pivoting and moving between machines

Exploit Framework/Metasploit:
  • Metasploit Overview
  • Metasploit Auxiliary, Modules and Payloads
  • Hands-on exercise - Exploiting Vulnerable Services: using a Metasploit exploit module to gain access to a remote system
  • Hands-on exercise - Additional Payloads: using Metasploit and Meterpreter payloads on a compromised system
  • Hands-on exercise - Revisiting Client-side Attacks
Reviews
Be the first to write a review about this course.
Write a Review

Since 1995, CLS Learning solutions is leading the technology learning market in Egypt, the Middle East, and Africa. With our wide network of international partners, trainers, instructors, and technology leaders; we are able to deliver top notch training programs to our students and technology professionals.

25 Years in the market.

We delivered over 4,200 courses to 63,500 professionals in our centers.

We delivered 1,200 courses to 18,240 corporate employees on Site.

 
View Complete Profile
Inquire for Price
On-Site
Training
#Information Technology
Network & Security
SHARE THIS COURSE

Location/Venue Map

Sending Message
Please wait...
Added to Calendar
This course was added to your SpeedyCourse calendar.
You can manage your calendar by clicking on the button below.
View my Calendar
Added to Calendar Failed
You have to be logged in before you can add this course to your SpeedyCourse calendar.

Or if you don't have an account you can sign up
as a Provider or as a Learner
Login
Select Schedule
Please select at least one (1) schedule to add.
Cancel
Select Schedule
Please select at least one (1) schedule to export.
Cancel
** To add the schedule/s, download and export the .ics file to your calendar. **
× × Speedycourse.com uses cookies to deliver our services. By continuing to use the site, you are agreeing to our use of cookies, Privacy Policy, and our Terms & Conditions.
Copyright © 2024 All Rights Reserved. SpeedyCourse.com is owned and operated by Optimum Innovatus, Corp.