Overview
In this online, instructor led training course students will get a hands-on feel for penetration testing. The instructor goes through many of the tools available through demonstrations allowing you to better understand how exploits work and what exploits you and others can utilize. This course will be useful for any students who are wanting to do penetration testing in the real world.
Course Instructor: Alex Achs
Course Outline
What is MITRE
Drive-by compromise
- What is it?
- Watering hole attacks
- SETookit – Clone websites
- Malicious advertisements
- SSLStrip
Exploit public-facing application
- Use of software, data, or commands to take advantages of weaknesses
- Buffer overflows
- FuzzDB
- Web exploits
- Enumeration – Nikto
- Enumeration – OWASP ZAP
- Enumeration – Burp
- WPSploit
- FIMap
- Kadabra
- Liffy
- SQL injection
- SQLmap
- SQLninja
Hardware additions
- Computer accessories, computers, or networking hardware may be introduced into a system as a vector to gain exexution
- Wifi Pineapple
- MiTM
- Responder
- DNSChef
- MiTMProxy
- Morpheus
- SSH MiTM
- Ettercap
- Bettercap
- MiTM wireless
- Aircrack-ng
- Wifiti
- MANA Toolkit
Replication through removable media
- Rubber ducky
Spearfishing attachment
- Unicorn
Spearfishing Link
- GoPhish, Phishing Frenzy, SET
- Domain monitoring
Skills Learned
After completing this online training course, students will be able to:
- Introduction to MITRE
- Watering hole attacks
- SSL Strip
- Buffer overflows
- Web exploits
- SQL injection
- MiTM
- Spearphishing