Ethical Hacking &

Penetration Testing.

 

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

 

Penetration Testing with Kali Linux. Kali Linux is a Linux distribution created for digital forensics and penetration testing. Penetration testing with Kali Linux provides an advanced platform for ethical hacking, security analysis, bug bounty hunt, and much more.

This instructor-led, live training (online or onsite) is aimed at IT professionals who wish to learn more about performing penetration testing and other security management with Kali Linux.

By the end of this training, participants will be able to:

  • Understand the internals of Kali Linux.
  • Perform vulnerability scan and analysis.
  • Manage file permissions and directories structure.
  • Work with commands and shortcuts in hacker style.

Format of the Course

  • Interactive lecture and discussion.
  • Lots of exercises and practice.
  • Hands-on implementation in a live-lab environment.

    The purpose of the Ethical Hacking Training is to:

    • Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
    • Inform the public that credentialed individuals meet or exceed the minimum standards.
    • Reinforce ethical hacking as a unique and self-regulating profession.

      Audience:

      The Course is ideal for those working in positions such as, but not limited to:

      • Security Engineers
      • Security Consultants
      • Security Managers
      • IT Director/Managers
      • Security Auditors
      • IT Systems Administrators
      • IT Network Administrators
      • Network Architects
      • Developers
      • Ethical hackers
      • Penetration testers
      • Security engineers

      Duration

      48 hours (usually 5 days including breaks)

      Requirements

      • Basic understanding of ethical hacking
      • Basic knowledge of Kali Linux penetration testing

       

      Course Outlines

      01. Introduction to Ethical Hacking
      02. Footprinting and Reconnaissance
      03. Scanning Networks & Systems
      04. Windows Hacking
      05. Linux Hacking
      06. Viruses, Worms, Trojans and Malware
      07. Sniffing and MITM
      08. Social Engineering
      09. Denial-of-Service and DDOS
      10. Web Hacking
      11. Hacking Web Applications
      12. SQL Injection and Cross Site Scripts
      13. Hacking Wireless Networks
      14. Android Hacking
      15. Cryptography

       

      Introduction

      • Overview of Kali Linux
      • Installing and configuring Kali Linux
      • Using and updating Kali Linux

      Kali Linux Files Directories and Permissions

      • Customizing workspace and panel
      • Creating directories and files
      • Finding and locating files and directories
      • Commands and man page
      • Linux files permissions and hidden files
      • Managing and killing the Linux process

      Advanced Commands

      • HTOP and ATOP extended commands
      • Searching lines head-and-tails-wc-history
      • Persistent aliases and real-world cases
      • Command-line web downloader
      • Scripting in bash shell
      • Sorting results using grep and cut

      Pre-engagement and Information Gathering

      • Rules of engagement
      • Standards of penetration testing execution
      • DNS and route analysis
      • Network and port scanning
      • SMB and OSINT analysis

      Vulnerability Scanning and Analysis

      • Web application vulnerability scanning
      • CMS and framework identification
      • Force browsing DIRs and files using ZAP
      • Web crawling and directory listing
      • Vulnerability analysis using Nmap NSE and Nikto
      • Vulnerability analysis using legion and Unix-privesc-check
      • Firewall and IDS evasion with Nmap

      Exploitation

      • Exploiting SQL injection
      • Blind SQL injection attack in-action
      • Outdated web application to server takeout

      Reporting

      • Penetration testing reports
      • Engagement details

      Summary and Next Steps