Ethical Hacking &
Penetration Testing.
This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.
Penetration Testing with Kali Linux. Kali Linux is a Linux distribution created for digital forensics and penetration testing. Penetration testing with Kali Linux provides an advanced platform for ethical hacking, security analysis, bug bounty hunt, and much more.
This instructor-led, live training (online or onsite) is aimed at IT professionals who wish to learn more about performing penetration testing and other security management with Kali Linux.
By the end of this training, participants will be able to:
- Understand the internals of Kali Linux.
- Perform vulnerability scan and analysis.
- Manage file permissions and directories structure.
- Work with commands and shortcuts in hacker style.
Format of the Course
- Interactive lecture and discussion.
- Lots of exercises and practice.
- Hands-on implementation in a live-lab environment.
The purpose of the Ethical Hacking Training is to:
- Establish and govern minimum standards for credentialing professional information security specialists in ethical hacking measures.
- Inform the public that credentialed individuals meet or exceed the minimum standards.
- Reinforce ethical hacking as a unique and self-regulating profession.
Audience:
The Course is ideal for those working in positions such as, but not limited to:
- Security Engineers
- Security Consultants
- Security Managers
- IT Director/Managers
- Security Auditors
- IT Systems Administrators
- IT Network Administrators
- Network Architects
- Developers
- Ethical hackers
- Penetration testers
- Security engineers
Duration
48 hours (usually 5 days including breaks)
Requirements
- Basic understanding of ethical hacking
- Basic knowledge of Kali Linux penetration testing
Course Outlines
01. Introduction to Ethical Hacking
02. Footprinting and Reconnaissance
03. Scanning Networks & Systems
04. Windows Hacking
05. Linux Hacking
06. Viruses, Worms, Trojans and Malware
07. Sniffing and MITM
08. Social Engineering
09. Denial-of-Service and DDOS
10. Web Hacking
11. Hacking Web Applications
12. SQL Injection and Cross Site Scripts
13. Hacking Wireless Networks
14. Android Hacking
15. Cryptography
Introduction
- Overview of Kali Linux
- Installing and configuring Kali Linux
- Using and updating Kali Linux
Kali Linux Files Directories and Permissions
- Customizing workspace and panel
- Creating directories and files
- Finding and locating files and directories
- Commands and man page
- Linux files permissions and hidden files
- Managing and killing the Linux process
Advanced Commands
- HTOP and ATOP extended commands
- Searching lines head-and-tails-wc-history
- Persistent aliases and real-world cases
- Command-line web downloader
- Scripting in bash shell
- Sorting results using grep and cut
Pre-engagement and Information Gathering
- Rules of engagement
- Standards of penetration testing execution
- DNS and route analysis
- Network and port scanning
- SMB and OSINT analysis
Vulnerability Scanning and Analysis
- Web application vulnerability scanning
- CMS and framework identification
- Force browsing DIRs and files using ZAP
- Web crawling and directory listing
- Vulnerability analysis using Nmap NSE and Nikto
- Vulnerability analysis using legion and Unix-privesc-check
- Firewall and IDS evasion with Nmap
Exploitation
- Exploiting SQL injection
- Blind SQL injection attack in-action
- Outdated web application to server takeout
Reporting
- Penetration testing reports
- Engagement details