Penetration Testing with Kali Linux

Size: px
Start display at page:

Download "Penetration Testing with Kali Linux"

Transcription

1 Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11

2 All rights reserved to Offensive Security No part of this publication, in whole or in part, may be reproduced, copied, transferred or any other right reserved to its copyright owner, including photocopying and all other copying, any transfer or transmission using any network or other means of communication, any broadcast for distant learning, in any form or by any means such as any information storage, transmission or retrieval system, without prior written permission from the author. PWK Copyright Offensive Security Ltd. All rights reserved. Page 2 of 11

3 0. - Penetration Testing: What You Should Know About Kali Linux About Penetration Testing Legal The megacorpone.com Domain Offensive Security Labs VPN Labs Overview Lab Control Panel Reporting 1. - Getting Comfortable with Kali Linux Finding Your Way Around Kali Booting Up Kali Linux The Kali Menu Find, Locate, and Which Exercises Managing Kali Linux Services Default root Password SSH Service HTTP Service Exercises The Bash Environment Intro to Bash Scripting Practical Bash Usage Example Practical Bash Usage Example Exercises 2. - The Essential Tools Netcat Connecting to a TCP/UDP Port Listening on a TCP/UDP Port PWK Copyright Offensive Security Ltd. All rights reserved. Page 3 of 11

4 Transferring Files with Netcat Remote Administration with Netcat Exercises Ncat Exercises Wireshark Wireshark Basics Making Sense of Network Dumps Capture and Display Filters Following TCP Streams Exercises Tcpdump Filtering Traffic Advanced Header Filtering Exercises 3. - Passive Information Gathering A Note From the Author Open Web Information Gathering Google Google Hacking Exercises Harvesting Exercise Additional Resources Netcraft Whois Enumeration Exercise Recon- ng 4. - Active Information Gathering DNS Enumeration PWK Copyright Offensive Security Ltd. All rights reserved. Page 4 of 11

5 Interacting with a DNS Server Automating Lookups Forward Lookup Brute Force Reverse Lookup Brute Force DNS Zone Transfers Relevant Tools in Kali Linux Exercises Port Scanning A Note From the Author TCP CONNECT / SYN Scanning UDP Scanning Common Port Scanning Pitfalls Port Scanning with Nmap OS Fingerprinting Banner Grabbing/Service Enumeration Nmap Scripting Engine (NSE) Exercises SMB Enumeration Scanning for the NetBIOS Service Null Session Enumeration Nmap SMB NSE Scripts Exercises SMTP Enumeration Exercise SNMP Enumeration A Note From the Author MIB Tree Scanning for SNMP Windows SNMP Enumeration Example Exercises 5. - Vulnerability Scanning PWK Copyright Offensive Security Ltd. All rights reserved. Page 5 of 11

6 5.1 - Vulnerability Scanning with Nmap The OpenVAS Vulnerability Scanner OpenVAS Initial Setup Exercises 6. - Buffer Overflows Fuzzing Vulnerability History A Word About DEP and ASLR Interacting with the POP3 Protocol Exercises 7. - Win32 Buffer Overflow Exploitation Replicating the Crash Controlling EIP Binary Tree Analysis Sending a Unique String Exercises Locating Space for Your Shellcode Checking for Bad Characters Exercises Redirecting the Execution Flow Finding a Return Address Exercises Generating Shellcode with Metasploit Getting a Shell Exercises Improving the Exploit Exercises 8. - Linux Buffer Overflow Exploitation Setting Up the Environment Crashing Crossfire PWK Copyright Offensive Security Ltd. All rights reserved. Page 6 of 11

7 Exercise Controlling EIP Finding Space for Our Shellcode Improving Exploit Reliability Discovering Bad Characters Exercises Finding a Return Address Getting a Shell Exercise 9. - Working with Exploits Searching for Exploits Finding Exploits in Kali Linux Finding Exploits on the Web Customizing and Fixing Exploits Setting Up a Development Environment Dealing with Various Exploit Code Languages Exercises File Transfers A Word About Anti Virus Software File Transfer Methods The Non- Interactive Shell Uploading Files Exercises Privilege Escalation Privilege Escalation Exploits Local Privilege Escalation Exploit in Linux Example Local Privilege Escalation Exploit in Windows Example Configuration Issues Incorrect File and Service Permissions Think Like a Network Administrator PWK Copyright Offensive Security Ltd. All rights reserved. Page 7 of 11

8 Exercises Client Side Attacks Know Your Target Passive Client Information Gathering Active Client Information Gathering Social Engineering and Client Side Attacks Exercises MS Internet Explorer 8 Fixed Col Span ID Setting up the Client Side Exploit Swapping Out the Shellcode Exercises Java Signed Applet Attack Exercises Web Application Attacks Essential Iceweasel Add- ons Cross Site Scripting (XSS) Browser Redirection and IFRAME Injection Stealing Cookies and Session Information Exercises File Inclusion Vulnerabilities Local File Inclusion Remote File Inclusion MySQL SQL Injection Authentication Bypass Enumerating the Database Column Number Enumeration Understanding the Layout of the Output Extracting Data from the Database Leveraging SQL Injection for Code Execution Web Application Proxies PWK Copyright Offensive Security Ltd. All rights reserved. Page 8 of 11

9 Exercises Automated SQL Injection Tools Exercises Password Attacks Preparing for Brute Force Dictionary Files Key- space Brute Force Pwdump and Fgdump Windows Credential Editor (WCE) Exercises Password Profiling Password Mutating Online Password Attacks Hydra, Medusa, and Ncrack Choosing the Right Protocol: Speed vs. Reward Exercises Password Hash Attacks Password Hashes Password Cracking John the Ripper Rainbow Tables Passing the Hash in Windows Exercises Port Redirection and Tunneling Port Forwarding/Redirection SSH Tunneling Local Port Forwarding Remote Port Forwarding Dynamic Port Forwarding Proxychains PWK Copyright Offensive Security Ltd. All rights reserved. Page 9 of 11

10 HTTP Tunneling Traffic Encapsulation Exercises The Metasploit Framework Metasploit User Interfaces Setting up Metasploit Framework on Kali Exploring the Metasploit Framework Auxiliary Modules Getting Familiar with MSF Syntax Metasploit Database Access Exercises Exploit Modules Exercises Metasploit Payloads Staged vs. Non- Staged Payloads Meterpreter Payloads Experimenting with Meterpreter Executable Payloads Reverse HTTPS Meterpreter Metasploit Exploit Multi Handler Revisiting Client Side Attacks Exercises Building Your Own MSF Module Exercise Post Exploitation with Metasploit Meterpreter Post Exploitation Features Post Exploitation Modules Bypassing Antivirus Software Encoding Payloads with Metasploit Crypting Known Malware with Software Protectors PWK Copyright Offensive Security Ltd. All rights reserved. Page 10 of 11

11 Using Custom/Uncommon Tools and Payloads Exercise Assembling the Pieces: Penetration Test Breakdown Phase 0 Scenario Description Phase 1 Information Gathering Phase 2 Vulnerability Identification and Prioritization Password Cracking Phase 3 Research and Development Phase 4 Exploitation Linux Local Privilege Escalation Phase 5 Post- Exploitation Expanding Influence Client Side Attack Against Internal Network Privilege Escalation Through AD Misconfigurations Port Tunneling SSH Tunneling with HTTP Encapsulation Looking for High Value Targets Domain Privilege Escalation Going for the Kill PWK Copyright Offensive Security Ltd. All rights reserved. Page 11 of 11

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7

CONTENTS IN DETAIL. FOREWORD by HD Moore ACKNOWLEDGMENTS INTRODUCTION 1 THE ABSOLUTE BASICS OF PENETRATION TESTING 1 2 METASPLOIT BASICS 7 CONTENTS IN DETAIL FOREWORD by HD Moore xiii PREFACE xvii ACKNOWLEDGMENTS xix Special Thanks... xx INTRODUCTION xxi Why Do A Penetration Test?... xxii Why Metasploit?... xxii A Brief History of Metasploit...

More information

Contents in Detail. Foreword by Peter Van Eeckhoutte

Contents in Detail. Foreword by Peter Van Eeckhoutte Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................

More information

McAfee Certified Assessment Specialist Network

McAfee Certified Assessment Specialist Network McAfee MA0-150 McAfee Certified Assessment Specialist Network Version: 4.0 Topic 1, Volume A QUESTION NO: 1 An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"

More information

Hackveda Training - Ethical Hacking, Networking & Security

Hackveda Training - Ethical Hacking, Networking & Security Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass

More information

Coding for Penetration

Coding for Penetration Coding for Penetration Testers Building Better Tools Jason Andress Ryan Linn ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is

More information

PENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco

PENETRATION TESTING. A HattdA-Oti Introduction. to Hacking. by Georgia Weidman. <e> no starch. press. San Francisco PENETRATION TESTING A HattdA-Oti Introduction to Hacking by Georgia Weidman no starch press San Francisco CONTENTS IN DETAIL FOREWORD by Peter Van Eeckhoutte xix ACKNOWLEDGMENTS xxiii INTRODUCTION

More information

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:

More information

Curso: Ethical Hacking and Countermeasures

Curso: Ethical Hacking and Countermeasures Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security

More information

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ETHICAL HACKING & COMPUTER FORENSIC SECURITY ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,

More information

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity

More information

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This

More information

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1 Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network

More information

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support. Sniffers - Wireshark: The most popular packet sniffer with cross platform support. - Tcpdump: A popular CLI sniffer available for both the Unix and Linux platforms. - Windump: Windows version of tcpdump.

More information

Advanced Diploma on Information Security

Advanced Diploma on Information Security Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic

More information

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational

More information

CSC 5930/9010 Offensive Security: OSINT

CSC 5930/9010 Offensive Security: OSINT CSC 5930/9010 Offensive Security: OSINT Professor Henry Carter Spring 2019 Recap Designing shellcode requires intimate knowledge of assembly, system calls, and creative combinations of operations But allows

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

Exam4Free. Free valid exam questions and answers for certification exam prep

Exam4Free.  Free valid exam questions and answers for certification exam prep Exam4Free http://www.exam4free.com Free valid exam questions and answers for certification exam prep Exam : MA0-150 Title : McAfee Certified Assessment Specialist- UH Vendors : McAfee Version : DEMO Get

More information

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

Lecture Overview. INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Where are we in the process of ethical hacking?

Lecture Overview. INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Where are we in the process of ethical hacking? Lecture Overview INF5290 Ethical Hacking Lecture 4: Get in touch with services Trying out default credentials Brute-forcing techniques and mitigations What are the exploits and how to use them Using open-relay

More information

INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Universitetet i Oslo Laszlo Erdödi

INF5290 Ethical Hacking. Lecture 4: Get in touch with services. Universitetet i Oslo Laszlo Erdödi INF5290 Ethical Hacking Lecture 4: Get in touch with services Universitetet i Oslo Laszlo Erdödi Lecture Overview Trying out default credentials Brute-forcing techniques and mitigations What are the exploits

More information

CHCSS. Certified Hands-on Cyber Security Specialist (510)

CHCSS. Certified Hands-on Cyber Security Specialist (510) CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking

More information

TexSaw Penetration Te st in g

TexSaw Penetration Te st in g TexSaw Penetration Te st in g What is penetration testing? The process of breaking something or using something for an unintended used case for the purpose of bettering the system or application. This

More information

Coding for Penetration Testers Building Better Tools

Coding for Penetration Testers Building Better Tools Coding for Penetration Testers Building Better Tools Second Edition Jason Andress Ryan Linn Clara Hartwell, Technical Editor ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO

More information

Exam Questions MA0-150

Exam Questions MA0-150 Exam Questions MA0-150 McAfee Certified Assessment Specialist- UH https://www.2passeasy.com/dumps/ma0-150/ 1.An attacker has compromised a Linux/Unix host and discovers a suspicious file called "password"

More information

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

CPTE: Certified Penetration Testing Engineer

CPTE: Certified Penetration Testing Engineer www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification

More information

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University Nmap & Metasploit Chun-Jen (James) Chung Nmap recap Nmap uses raw IP packets in novel ways to determine what hosts are available on the network What services (application name and version) those hosts

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

Basics of executing a penetration test

Basics of executing a penetration test Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance

More information

Practice Labs Ethical Hacker

Practice Labs Ethical Hacker Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your

More information

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9.

Pearson: Certified Ethical Hacker Version 9. Course Outline. Pearson: Certified Ethical Hacker Version 9. Course Outline Pearson: Certified Ethical Hacker Version 9 29 Sep 2018 Contents 1. Course Objective 2. Expert Instructor-Led Training 3. ADA Compliant & JAWS Compatible Platform 4. State of the Art Educator

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools

More information

ECCouncil Certified Ethical Hacker. Download Full Version :

ECCouncil Certified Ethical Hacker. Download Full Version : ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking

More information

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED 01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments

More information

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing. I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking

More information

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/

CompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo.   m/ Page No 1 https://www.dumpsplanet.com m/ CompTIA PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo For More Information: PT0-001-dumps Page No 2 Question: 1 During a penetration test, a tester

More information

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly

More information

A Taste of SANS SEC 560: Adventures in High-Value Pen Testing

A Taste of SANS SEC 560: Adventures in High-Value Pen Testing All Rights Reserved 1 Network Penetration Testing and Ethical Hacking A Taste of SANS SEC 560: Adventures in High-Value Pen Testing SANS Security 560 Copyright 2015, All Rights Reserved Version 2Q15 All

More information

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

BraindumpsIT.   BraindumpsIT - IT Certification Company provides Braindumps pdf! BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : GPEN Title : GIAC Certified Penetration Tester Vendor : GIAC Version : DEMO Get Latest &

More information

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications

More information

Certified Vulnerability Assessor

Certified Vulnerability Assessor Certified Vulnerability Assessor COURSE BENEFITS Course Title:Certified Vulnerability Assessor Duration: 3Day Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites:

More information

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013

Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive

More information

Evaluating Website Security with Penetration Testing Methodology

Evaluating Website Security with Penetration Testing Methodology Evaluating Website Security with Penetration Testing Methodology D. Menoski, P. Mitrevski and T. Dimovski St. Clement of Ohrid University in Bitola/Faculty of Technical Sciences, Bitola, Republic of Macedonia

More information

Port Mirroring in CounterACT. CounterACT Technical Note

Port Mirroring in CounterACT. CounterACT Technical Note Table of Contents About Port Mirroring and the Packet Engine... 3 Information Based on Specific Protocols... 4 ARP... 4 DHCP... 5 HTTP... 6 NetBIOS... 7 TCP/UDP... 7 Endpoint Lifecycle... 8 Active Endpoint

More information

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6

ETHICAL HACKING LAB SERIES. Lab 13: Exploitation with IPv6 ETHICAL HACKING LAB SERIES Lab 13: Exploitation with IPv6 Certified Ethical Hacking Domains: System Hacking, Penetration Testing Document Version: 2015-08-14 otherwise noted, is licensed under the Creative

More information

GAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit

GAUTAM SINGH STUDY MATERIAL SOFTWARE QUALITY Unit 17. Metasploit Unit 17. Metasploit Metasploit is one of the most powerful tools used for penetration testing. Most of its resources can be found at www.metasploit.com. It comes in two versions: commercial and free edition.

More information

LOCKHEED MARTIN CYBERQUEST COMPETITION

LOCKHEED MARTIN CYBERQUEST COMPETITION LOCKHEED MARTIN CYBERQUEST COMPETITION 2018 CHALLENGES & SKILLS OVERVIEW LOCKHEED MARTIN PROPRIETARY INFORMATION WHAT MAY YOU ENCOUNTER? Challenges may include: Web-based attacks Common vulnerabilities

More information

Your Turn to Hack the OWASP Top 10!

Your Turn to Hack the OWASP Top 10! OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application

More information

Sample Exam Ethical Hacking Foundation

Sample Exam Ethical Hacking Foundation Sample Exam Sample Exam Ethical Hacking Foundation SECO-Institute issues the official Ethical Hacking courseware to accredited training centres where students are trained by accredited instructors. Students

More information

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS

ETHICAL HACKING LAB SERIES. Lab 15: Abusing SYSTEMS ETHICAL HACKING LAB SERIES Lab 15: Abusing SYSTEMS Certified Ethical Hacking Domain: Denial of Service Document Version: 2015-08-14 otherwise noted, is licensed under the Creative Commons Attribution 3.0

More information

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud

CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud CS 410/510: Web Security X1: Labs Setup WFP1, WFP2, and Kali VMs on Google Cloud Go to Google Cloud Console => Compute Engine => VM instances => Create Instance For the Boot Disk, click "Change", then

More information

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling. SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'

More information

C o n t e n t S i n D e ta i l FOrewOrd by Matt Graeber xii PreFaCe xvii C# CraSH COurSe FuzzinG and exploiting xss and SQL injection

C o n t e n t S i n D e ta i l FOrewOrd by Matt Graeber xii PreFaCe xvii C# CraSH COurSe FuzzinG and exploiting xss and SQL injection Foreword by Matt Graeber xii Preface xvii Why Should I Trust Mono?... xviii Who Is This Book For?... xviii Organization of This Book... xix Acknowledgments... xxi A Final Note... xxi 1 C# Crash Course

More information

Lab 4: Scanning, Enumeration and Hashcat

Lab 4: Scanning, Enumeration and Hashcat Lab 4: Scanning, Enumeration and Hashcat Aim: The aim of this lab is to provide a foundation in enumerating Windows instances on a network in which usernames and infomation on groups, shares, and services

More information

Lab 3: Introduction to Metasploit

Lab 3: Introduction to Metasploit Lab 3: Introduction to Metasploit Aim: The airm of this lab is to develop and execute exploits against a remote machine and test its vulnerabilities using Metasploit. Quick tool introduction: Metasploit

More information

DIS10.1:Ethical Hacking and Countermeasures

DIS10.1:Ethical Hacking and Countermeasures 1 Data and Information security Council DIS10.1:Ethical Hacking and Countermeasures HACKERS ARE NOT BORN, THEY BECOME HACKER About DIS :Data and Internet Security Council DIS is the Globally trusted Brand

More information

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?

More information

Becoming the Adversary

Becoming the Adversary SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction

More information

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials

WAPT in pills: Self-paced, online, flexible access interactive slides. 4+ hours of video materials The most practical and comprehensive training course on Web App Penetration testing WAPT in pills: Self-paced, online, flexible access 1000+ interactive slides 4+ hours of video materials Learn the most

More information

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX

WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model

More information

DIS10.1 Ethical Hacking and Countermeasures

DIS10.1 Ethical Hacking and Countermeasures DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for

More information

Certified Professional Ethical Hacker

Certified Professional Ethical Hacker Certified Professional Ethical Hacker C)PEH; 5 days, Instructor-led Course Benefits The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to line of

More information

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Question No: 2 Which identifier is used to describe the application or process that submitted a log message? Volume: 65 Questions Question No: 1 Which definition of a fork in Linux is true? A. daemon to execute scheduled commands B. parent directory name of a file pathname C. macros for manipulating CPU sets

More information

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.

More information

Computer Network Vulnerabilities

Computer Network Vulnerabilities Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like

More information

SECURITY TESTING: WINDOWS OS

SECURITY TESTING: WINDOWS OS International Journal of Latest Research In Engineering and Computing (IJLREC) Volume 2, Issue 6, Page No. 1-11 www.ijlrec.com ISSN: 2347-6540 SECURITY TESTING: WINDOWS OS 1 Siddhanth Lathar, 2 Dr. Ashish

More information

Training for the cyber professionals of tomorrow

Training for the cyber professionals of tomorrow Hands-On Labs Training for the cyber professionals of tomorrow CYBRScore is a demonstrated leader in professional cyber security training. Our unique training approach utilizes immersive hands-on lab environments

More information

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by

More information

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov Course Outline Certified Ethical Hacker Version 9 05 Nov 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

A Model for Penetration Testing

A Model for Penetration Testing A Model for Penetration Testing Chuck Easttom Collin College Professional Development chuck@chuckeasttom.com Research Gate Publication Abstract Penetration testing is an increasingly integral part of cyber

More information

Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space

Metasploit Unleashed. Class 1: Metasploit Fundamentals. Georgia Weidman Director of Cyberwarface, Reverse Space Metasploit Unleashed Class 1: Metasploit Fundamentals Georgia Weidman Director of Cyberwarface, Reverse Space Acknowledgments Metasploit Team Offensive Security/Metasploit Unleashed Hackers for Charity

More information

3. Apache Server Vulnerability Identification and Analysis

3. Apache Server Vulnerability Identification and Analysis 1. Target Identification The pentester uses netdiscover to identify the target: root@kali:~# netdiscover -r 192.168.0.0/24 Target: 192.168.0.48 (Cadmus Computer Systems) Note: the victim IP address changes

More information

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network

More information

Web Penetration Testing

Web Penetration Testing Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and

More information

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper

Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Modern Day Penetration Testing Distribution Open Source Platform - Kali Linux - Study Paper Devanshu Bhatt Abstract: Penetration testing is extremely crucial method to discover weaknesses in systems and

More information

GCIH. GIAC Certified Incident Handler.

GCIH. GIAC Certified Incident Handler. GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also

More information

Lab 5: Web Attacks using Burp Suite

Lab 5: Web Attacks using Burp Suite Lab 5: Web Attacks using Burp Suite Aim The aim of this lab is to provide a foundation in performing security testing of web applications using Burp Suite and its various tools. Burp Suite and its tools

More information

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker.  12 May 2018 Course Outline CEH v8 - Certified Ethical Hacker 12 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

Snort Rules Classification and Interpretation

Snort Rules Classification and Interpretation Snort Rules Classification and Interpretation Pop2 Rules: Class Type Attempted Admin(SID: 1934, 284,285) GEN:SID 1:1934 Message POP2 FOLD overflow attempt Summary This event is generated when an attempt

More information

What action do you want to perform by issuing the above command?

What action do you want to perform by issuing the above command? 1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

More information

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker.  03 Feb 2018 Course Outline CEH v8 - Certified Ethical Hacker 03 Feb 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

A framework to 0wn the Web - part I -

A framework to 0wn the Web - part I - A framework to 0wn the Web - part I - Andrés Riancho andres@bonsai-sec.com SecTor Toronto, Canada - 2009 Copyright 2008 CYBSEC. All rights reserved. andres@bonsai-sec:~$ whoami Web Application Security

More information

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan

More information

Ethical Hacking Basics Course

Ethical Hacking Basics Course Ethical Hacking Basics Course By : Mohammad Askar @Mohammadaskar2 Module 3 Information Gathering. Definition of Information Gathering Information Gathering means the proccess to collecting data and information

More information

Building Payloads Tutorial

Building Payloads Tutorial Building Payloads Tutorial Last updated 06/23/2014-4.9 With Metasploit Pro, you can build payloads with the Payload Generator. The Payload Generator provides a guided interface that you can use to quickly

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

Certified Professional Ethical Hacker

Certified Professional Ethical Hacker Certified Professional Ethical Hacker KEY DATA Course Title: Certified Professional Ethical Hacker Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites: 12

More information

CyberP3i Hands-on Lab Series

CyberP3i Hands-on Lab Series CyberP3i Hands-on Lab Series Lab Series using NETLAB Designer: Dr. Lixin Wang, Associate Professor Hands-On Lab for Application Attacks The NDG Security+ Pod Topology Is Used 1. Introduction In this lab,

More information

Metasploit: The Penetration Tester's Guide PDF

Metasploit: The Penetration Tester's Guide PDF Metasploit: The Penetration Tester's Guide PDF "The best guide to the Metasploit Framework."—HD Moore, Founder of the Metasploit Project The Metasploit Framework makes discovering, exploiting, and

More information

ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University

ISA 564 SECURITY LAB. Introduction & Class Mechanics. Angelos Stavrou, George Mason University ISA 564 SECURITY LAB Introduction & Class Mechanics Angelos Stavrou, George Mason University Course Mechanics Course URL: http://cs.gmu.edu/~astavrou/isa564_f16.html Instructor Angelos Stavrou Email: astavrou@gmu.edu

More information

CNIT 129S: Securing Web Applications. Ch 4: Mapping the Application

CNIT 129S: Securing Web Applications. Ch 4: Mapping the Application CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect

More information

Advanced Penetration Testing

Advanced Penetration Testing Advanced Penetration Testing Additional Insights from Georgia Weidman More Guessable Credentials: Apache Tomcat In the course we looked at specific examples of vulnerabilities. My goal was to cover as

More information

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control

More information