Gedetailleerde cursusinhoud
Course Introduction
- Module 1 – Pentesting Team Foundation a. Project Management b. Pentesting Metrics c. Team Roles, Responsibilities and Benefits Lab Exercise – Skills Assessment
- Module 2 – NMAP Automation a. NMAP Basics b. NMAP Automation c. NMAP Report Documentation Lab Exercise – Automation Breakdown
- Module 3 – Exploitation Processes a. Purpose b. Countermeasures c. Evasion d. Precision Strike e. Customized Exploitation f. Tailored Exploits g. Zero Day Angle h. Example Avenues of Attack i. Overall Objective of Exploitation
- Module 4 – Fuzzing with Spike a. Vulnserver b. Spike Fuzzing Setup c. Fuzzing a TCP Application d. Custom Fuzzing Script Lab Exercise – Fuzzing with Spike
- Module 5 – Privilege Escalation a. Exploit-DB b. Immunity Debugger c. Python d. Shellcode Lab Exercise – Let’s Crash and Callback \
- Module 6 – Stack Based Windows Buffer Overflow a. Debugger b. Vulnerability Research c. Control EIP, Control the Crash d. JMP ESP Instruction e. Finding the Offset f. Code Execution and Shellcode g. Does the Exploit Work? Lab Exercise – MiniShare for the Win
- Module 7 – Web Application Security and Exploitation a. Web Applications b. OWASP Top 10 - 2017 c. Zap d. Scapy
- Module 8 – Linux Stack Smashing a. Exploiting the Stack on Linux Lab Exercise – Stack Overflow. Did we get root?
- Module 9 – Linux Address Space Layout Randomization b. Stack Smashing to the Extreme Lab Exercise – Defeat Me and Lookout ASLR
- Module 10 – Windows Exploit Protection c. Introduction to Windows Exploit Protection d. Structured Exception Handling e. Data Execution Prevention (DEP) f. SafeSEH/SEHOP
- Module 11 – Getting Around SEH and ASLR (Windows) a. Vulnerable Server Setup b. Time to Test it Out c. “Vulnserver” meets Immunity d. VulnServer Demo Lab Exercise – Time to overwrite SEH and ASLR
- Module 12 – Penetration Testing Report Writing "