Course titel: Penetration Testing (2): System Penetration and Exploit Payloads
Course type: Intensive course on our online learning platform, in a small group along with other participants
Course length: 2 weeks (every Monday to Friday, weekends optional for practical exercises)
Course objectives: You will learn and practice different methods to penetrate operating systems, applications and networks. You will learn how professional “Ethical” hackers work and which tools and methodologies they use to approach their targets. You will acquire the relevant knowledge about theory (threats, vulnerabilities, protocols, TCP/IP, system services etc.) and practice (preparation, tools, analysis and interpretation) as well. You will apply and test your gained skills in various lab exercises under the guidance of an experienced instructor. By deeper understanding of today’s attack- and defense methods, you’ll also be able to better protect networks against hacking attacks.
Penetration testing consists of several phases. Before we penetrate a system, we need to do Digital Reconnaissance. This is subject of another course, “Penetration Testing 1: Digital Reconnaissance – Target Identification and Analysis”.
In the present course we examine the phase that follows digital reconnaissance: system intrusion.
- Searching, scanning, penetrating: which activities are allowed, which need customer approval? Do we need a written contract? What happens if we attack systems in other countries?
- Analysis- and hacking tools: which tool for which task, installation, application, documentation and reporting functions
- Free tools or commercial products? Linux versus Windows
- Where to find known vulnerabilities or exploits for a given system or application; Product databases, NVD National Vulnerability Database, and other resources
- Microsoft Windows penetration
- Linux/Unix penetration
- Web application hacking: SQL injection, Cross site scripting, etc.
- WiFi hacking: using IEEE 802.11 protocol weaknesses; WEP, WPA, WPA2; WLAN router vulnerabilities; aircrack-ng, Kismet and other important wireless hacking tools
- Privilege escalation
- Exploit payloads
- Malware and Trojan building sets: how to build your own payload and implant it into a system
- Evading firewalls, virus scanners and intrusion detection systems: how to avoid getting caught
- How to log your own activities and document and report them to your customer
- Analysis and interpretation of penetration results, handling of auto-generated tool-reports
- Preparation of meaningful reports, management summaries and deliverables
- Presentation and discussion of practical exercises
Over the course, you will regularly work through small tasks and receive tips and feedback from the course leader. You will discuss the course contents together with other participants in internal discussion forums and are able to participate in expert exchanges. Finally, towards the end of the course, you will create a short text based on a self-selected question (task takes a half to whole day).
Certificate of completion: if you completed your homework and your participation was regular you will receive upon completing the course a certificate of completion. The small tests are exclusively for your personal self-assessment; no grade is given.
Advantages: intensive, daily support from course leaders, discussions and expert exchanges with other participants, regular self-assessment through multiple choice tests and quizzes, working through various tasks including feedback.
Who should attend: This course is aimed at consultants, companies and government employees with one of the following requirements:
- You are entrusted with the implementation or contracting of penetration and/or security testing
- You have to know appropriate requirements when formulating security projects or tendering
- You allow your colleagues to enjoy systematic further education in addition to ‘learning on the job’
- You are an experienced IT security professional and would like to see what working methods other colleagues make use of
- You are a security manager and work together with penetration testers
- You work in law enforcement and need to know how hackers operate
- Anyone who for work reasons wants to find out how to pentest systems and networks
Prerequisites: Our courses are directed at participants with a background in IT. Basic knowledge of systems and networks is recommended in order to make the most of our course.
Requirements for participation:
- You would need to plan in half a day (or a whole evening) daily for working through the course contents and practical exercises
- You will require a computer with connection to the Internet and a copy of the free penetration testing suite “Kali Linux” (easily installable in a virtual environment, e.g. Oracle Virtual Box or VMWare)
- Course date: currently in-house only
- Early Bird Discount: if you register up to one month before starting date: your course fee is 980 USD
- For late registrations (30 days or less before starting date): 1180 USD
- Payment is to be made after registration is confirmed. Places are limited, and as such early registration is recommended
Infos about the process and setup of our online courses are found >>here<<.
→ Registration: You can register here with our online registration form.