PEN450 - Hacking and Web Exploitation Bootcamp
Offensive Cyber Security tools and techniques are necessary to understand if you are either engaging in offensive activities or defending against them. It is also important to understand the basics of defense as well, either to employ them or to know their limitations and shortcomings.
This course will introduce the student to these tools and techniques, with 2 days spent on basic penetration testing techniques, 1 day on basic web application attacks, 1 day on defensive measures and cryptographic techniques, and the last day spent on a live Attack and Defend exercise, in which the students will team up in a shared environment and go head to head with the other students, attacking the shared machines, and when successful, defending them from the other students.
At the conclusion of this course, students will understand the basic tools of offensive Cyber Security and which situations each tool is appropriate for. They will also understand basic defense measures and will obtain some practice in counteracting them.
Learn how to use the basic tools of pentesting and web application security testing. Learn how to find vulnerabilities in applications and exploit them. Learn how to deploy basic defenses and what defenders may do to track down an attacker.
- DAY 1: Scanning with Nmap • Hping3 • Vulnerability Scanning with OpenVAS • Core Impact Vulnerability Scan • Metasploit • Post Exploitation and Pivoting • Snapd Privilege Escalation Exploit
- DAY 2: Evasive Maneuvers and Post Exploitation • Linux Routing and SSH Tunnels • Client-Side Exploitation with Social Engineering • Windows Exploitation • Linux Exploitation • Password Cracking • Web Recon Tools
- DAY 3: Injection • Broken Authentication • Sensitive Data Exposure • Local File Inclusion and Client-side Access Control • Security Misconfiguration • Cross Site Scripting • Insecure Deserialization • XML External Entities • Using Components with Known Vulnerabilities • Insufficient Logging and Monitoring • Web Challenge
- DAY 4: Linux Firewalls • Advanced IP Tables • Linux Logs • Intrusion Detection Systems • Basic Network Forensics • Attacking Classic Ciphers • Breaking Repeated Key XOR Cipher • Breaking Weak RSA Keys • Steganography • Using the OpenSSL CLI Tool • Using GPG for Encryption and Key Management
- DAY 5: Attack and Defend