PEN550 - Advanced Pentest Bootcamp
PEN550 Advanced Pentest Bootcamp is and advanced level course designed for pentesters who want to develop competency in scripting and building your own tools. This course provides students a strong foundation in the Python scripting language at the intermediate level while taking the student much deeper into advanced techniques for Penetration testing.
Students who take this course learn how to look at a variety of technical situations and build specialized tools to solve problems. During the course, students create a variety of scripts and tools, to include scanners, exploits, web application attack tools, and more.
This course is designed for students who have completed PEN500 Penetration Testing and Network Exploitation. It is recommended that students have exposure and or working experience (preferred) to scripting languages like Python.
Students will gain access to unprivileged accounts and escalate privilege to exploit and maintain persistence. They will write exploits to leverage against Windows and Linux-based applications and/or systems. Hide sensitive data exfiltration using encryption and test applications via fuzzing to exploit discovered vulnerabilities.
- Intro to Pentesting and Scanning Lecture
- Students will begin the day by looking at web recon tools. They will use SQL injection to evaluate paths for access and remote execution.
- Students will look at Cross Site Scripting and Cross Site Request Forgery. They will look at other methods of exploiting mis-configurations and Cross Site Execution.
- Students will learn about scripting and Python tools to automate Pentesting. They will look at x86 architecture and other ways to take advantage of the system using software to evaluate large parts of code.
- On the final day of class, students will complete a capstone on web exploitation followed by a capture the flag event.