With comprehensive coverage of security tools, techniques, and methodologies for network exploitation, HG225 truly prepares you to perform high-value pen-testing step by step. Every business requires skilled cyber security personnel who can discover vulnerabilities and mitigate them, and this entire training course is specially designed to get you ready for that role. The course starts with proper planning, scoping, and reconnaissance, then dives deep into network and vulnerability scanning, target exploitation, password attacks, Windows Domain attacks, and Azure Active Directory, with over 30+ hands-on labs. This training course is full of practical, real-world tips from some of the world's best pen-testers to help you do your job safely, efficiently, and skilfully.
20
This Course Includes
Items in Curriculum
Course Badge
Created by
You Will Be Able To
- Develop scoping and rules of engagement for penetration testing projects to ensure that the work is focused, well defined, and conducted in a safe manner.
- Conduct in-depth reconnaissance using document metadata, search engines, and other publicly available information sources to build a technical and organizational understanding of the target environment.
- Utilize the Nmap scanning tool to conduct in-depth network scans, port scans, OS fingerprinting, and version detection to develop a map of target environments.
- Choose and properly execute Nmap Scripting Engine (NSE) scripts to extract detailed information from target systems.
- Analyze the output of scanning tools to manually verify results and perform false positive reduction using Netcat and the Scapy packet crafting tools.
- Utilize the Windows and Linux command lines to plunder target systems for critical information that can further overall penetration test progress, establish pivots for deeper exploitation, and help determine business risks.
- Configure the Metasploit framework to scan, exploit, and then pivot through a target environment.
- Execute Kerberos attacks such as Kerberoasting, Golden Ticket, and Silver Ticket attacks.
- Use Mimikatz to execute domain domination attacks, such as golden ticket abuse, DCSync, etc.
- From an unauthenticated network position to authenticated domain access and mapping the attack path throughout domain.
- Attack Active Directory and use your domain domination to target the on-premise integration.
Hands-on Labs
- Linux for Penetration Testers
- Formulating Scope of Work and Rules of Engagement
- Organizational Recon
- Infrastructure Recon
- User Recon
- Automated Recon with Spiderfoot
- Network Scanning with Nmap
- Faster Scanning with Masscan
- OS Fingerprinting and Version Gathering
- Nmap Scripting Engine
- GhostPack Seatbelt
- Netcat for the Pen Tester
- Initial Access and Password Guessing with Hydra
- Client-Side Attacks using Metasploit
- Exploiting Network Services and Meterpreter
- Port Pivoting Relays
- PowerShell Empire for Post-Exploitation
- Bypassing Application Controls Using Built-in Windows Features
- Creating Malicious Services using WMIC Toolset
- Metasploit Psexec, Hash Dumping
- Pivoting with Metasploit and SSH
- Password Cracking Using Hashcat and John the Ripper
- Sniffing and Cracking Windows Authentication Exchanges
- Credential Harvesting using Metasploit Pivoting and Mimikatz Kiwi
- PowerShell for Pen Testers
- Kerberos Attacks
- Domain Dominance
- Silver Tickets
- Attacking Nearby Clients with Responder
- Domain Mapping and Exploitation
- Effective Domain Privilege Escalation
Course Currilcum
-
- 01: Introduction 00:00:00
- 02: Key Definitions 00:00:00
- 03: Types of Pentests 00:00:00
- 04: Penetration Test Methodologies 00:00:00
-
- 05: Lab – Building Pentest Environment 00:00:00
- 06: Pentest Process 00:00:00
- 07: Scope of Work 00:00:00
- 08: Rules of Engagement 00:00:00
- 09: Pentest Report Writing 00:00:00
- 11: Intro to Recon 00:00:00
- 12: Document Metadata Analysis 00:00:00
- 13: Whois Lookups 00:00:00
- 14: Web Searches 00:00:00
- 15: DNS Lookup 00:00:00
- 16: Search Engine Vulnerability Findings 00:00:00
- 17: Recon-ng 00:00:00
- 18: Lab – Recon-ng for DNS Analysis 00:00:00
- 25: Scanning Goals 00:00:00
- 26: Scanning Types & Tips 00:00:00
- 27: Packet Sniffing with tcpdump 00:00:00
- 28: Port Scanning 00:00:00
- 29: Lab – Nmap 00:00:00
- 30: OS Fingerprinting & Version Gathering 00:00:00
- 35: NetCat for Pentesters 00:00:00
- 36: Lab – NetCat 00:00:00
- 39: Why Exploitation ? 00:00:00
- 40: Exploit Categories 00:00:00
- 41: Metasploit 00:00:00
- 42: Lab – Metasploit 00:00:00
- 43: Meterpreter 00:00:00
- 44: Lab – Meterpreter 00:00:00
- 45: AV Evasion with Veil 00:00:00
- 51: Windows CMD 00:00:00
- 52: Running Commands Remotely 00:00:00
- 55: Password Attacks 00:00:00
- 56: Password Guessing with Hydra 00:00:00
- 57: Lab – Hydra 00:00:00
- 58: Password Representation Formats 00:00:00
- 59: Obtaining Hashes & Dumping 00:00:00
- 60: Lab – MSF psexec, hashdump, and kiwi 00:00:00
- 66: Lab – Sniffing & Cracking 00:00:00
- 67: Pass The Hash Attack 00:00:00
- 68: Lab – Pass The Hash 00:00:00