Overview

In this online, instructor led training course students will get a hands-on feel for penetration testing. The instructor goes through many of the tools available through demonstrations allowing you to better understand how exploits work and what exploits you and others can utilize. This course will be useful for any students who are wanting to do penetration testing in the real world.

Course Instructor: Alex Achs

Course Outline

What is MITRE

Drive-by compromise

  • What is it?
  • Watering hole attacks
  1. SETookit – Clone websites
  • Malicious advertisements
  • SSLStrip

Exploit public-facing application

  • Use of software, data, or commands to take advantages of weaknesses
  • Buffer overflows
  1. FuzzDB
  • Web exploits
  1. Enumeration – Nikto
  2. Enumeration – OWASP ZAP
  3. Enumeration – Burp
  4. WPSploit
  5. FIMap
  6. Kadabra
  7. Liffy
  • SQL injection
  1. SQLmap
  2. SQLninja

Hardware additions

  • Computer accessories, computers, or networking hardware may be introduced into a system as a vector to gain exexution
  • Wifi Pineapple
  • MiTM
  1. Responder
  2. DNSChef
  3. MiTMProxy
  4. Morpheus
  5. SSH MiTM
  6. Ettercap
  7. Bettercap
  • MiTM wireless
  1. Aircrack-ng
  2. Wifiti
  3. MANA Toolkit

Replication through removable media

  • Rubber ducky

Spearfishing attachment

  • Unicorn

Spearfishing Link

  • GoPhish, Phishing Frenzy, SET
  • Domain monitoring

Skills Learned

After completing this online training course, students will be able to:

  • Introduction to MITRE
  • Watering hole attacks
  • SSL Strip
  • Buffer overflows
  • Web exploits
  • SQL injection
  • MiTM
  • Spearphishing