Penetration Testing Essential Training

Penetration testing is one of the best ways to find out if your security will hold. Learn how to identify vulnerabilities in your network, computers, and applications.

Introduction

• Build a foundation in penetration testing
• What you need to know
• Disclaimer

1. What Is Pen Testing?

• Pen testing overview
• The cyber kill chain
• The MITRE ATT&CK repository

2. Pen Testing Tools

• Scan networks with Nmap
• A Netcat refresher
• Capture packets with tcpdump
• Work with netstat, nbtstat, and arp
• Script with PowerShell
• Extend PowerShell with Nishang

3. Bash Scripting

• Refresh your Bash skills
• Control the flow in a script
• Use functions in Bash

4. Python Scripting

• Refresh your Python skills
• Use the system functions
• Use networking functions
• Work with websites
• Drive Metasploit through Python
• Access SQLite databases
• Use Scapy to work with packets

5. Kali and Metasploit

• A Kali refresher
• Fuzzing with Spike
• Information gathering with Legion
• Using Metasploit
• Exploit with Armitage
• Scan targets with GVM
• Managing GVM problems

6. Web Testing

• Approach web testing
• Test websites with Burp Suite
• Check web servers with Nikto
• Fingerprint web servers
• Web server penetration using sqlmap

7. Understanding Exploit Code

• Exploit a target
• Understand code injection
• Understand buffer overflows
• Find exploit code

Conclusion

• Next steps