Must have basics for a Penetration Tester
- Introduction to the course
- What is pentesting and why it is important
- Average earnings of pentesters
- White hat, black box and vulnerabilities
- Proxy, virtual box and OS
- Grabbing the tools
Installation and configuration of lab for pentesting
- Installation of Virtual Box
- Installation of attacker - Kali
- windows Update - Installation for windows users
- Tour to Virtual Box and installing advance settings
- Tools required for labs
- Installing Metasploitable on Virtual Box
- Windows XP installation in Virtual Box
- Tour to our attacker machine
- Tour to Pentesting tools and updating the machine
UPDATE - optional linux section. Just basics yet important part of all linux
- Bash shell and navigation in linux
- Files and files permission in linux
- Case study, directories and files with VIM and NANO
- Manipulation of file data
- Grep, piping and sudo in linux
Gathering information to perform pentesting
- Up and running with TOR and dark net
- Anonymity using proxychains
- Changing your MAC for tests
- DNSEnum Information Gathering
- Zone Transfer Vulnerability
- Dumping information with dig
- DnsTracer and quick look to wireshark
- Is Dimitry still a good option
- Finding emails, subdomain and generating reports
- Assignment and recon-ng
Learning about Nmap, Nikto, OpenVas and report genrating
- Tweaking our labs for future labs
- Nmap study and assignments to evaluate
- Solution to assignment and port scans
- Taking advantage of known Vulnerability and metasploit
- Scanning with Nikto
- OpenVas Installation and configuration
- Generating and analyzing pentesting reports
Performing a Penetration Testing on a client
- Getting NDA signed, permissions and scope of testing
- Information gathering about client machine
- Attacking the machine with msfconsole
- Exploiting another vulnerability
- Sniffing the traffic with wireshark and get the password
- Nmap scripting engine and distcc
Web Application Penetration Testing
- Getting started with Web Application Pentesting
- Installing test bed for web application pentesting
- Installing Vega, firefox addons and Brute force attacks
- Exploring the command injection Vulnerability
- Reflected and Stored XSS ie Cross Site scripting
- DOM based XSS and learning resource
- Google Reward Program that gives 7500 dollars for XSS
- Cross site request forgery Vulnerability
- Reference to further 6 hour free sql injection course, shells and defacing
Automation of Web Application pentesting
- Web application Pentesting automation with Vega
- Automation of SQL Injection Attack with SQLMAP
- Automation with OWASP-ZAP
- Scanning Wordpress sites for Vulnerabilities
- Paid options for Automation of Web App Pentesting
Wep App Pentesting Challenge
- A pentesting challenge that will help in getting Bug Bounties
- Hint for solving the challenge
Getting started with metasploit Framework
- Introduction to metasploit and it's architecture
- Msfconsole and Exploits type
- Setting up msf database and meterpreter
- Armitage and meterpreter
- Social Engineering toolkit and Client side exploits
Wireless Pentesting
- Before we even get started into wireless pentesting
- Understanding our wireless card
- Cracking WEP and WPA 2 with fern
- Airmon-ng with wireshark and airodump-ng in action
- EvilTwin with Airbase-ng and deauth attack with aireplay-ng
Thanks for taking the course and future updates
- Thanks and other free resources to learn
UPDATE - Password attacks
- Basics of Password attacks and Crunch password generators
- Cracking linux password with john
