Penetration Testing

Level
Advanced
Duration
120 hours
Course Fee
₹15000
*Inclusive of GST

The Penetration Testing training is targeted to engineers and technical personnel involved in performing an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, Penetration Testing course’s live practice range will teach you to take your skills to the next level by teaching you how to pen test enterprise networks infrastructure, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network. The Penetration Testing covers a breadth of topics like enumeration, vulnerability assessment & penetration testing and reporting. Penetration Testing is a lab-intensive course and objectives are accomplished mainly through hands on learning.

Training Type
Classroom Online Corporate
Batch Timings

For the latest training schedule, please check the Schedules.

Weekdays
  • Early Morning
  • Morning
  • Afternoon
  • Evening
  • Fastrack
Weekdays
  • Morning
  • Afternoon
  • Evening
  • Sat / Sun
  • Sunday Only

Training is available in small groups as well as on one-to-one basis. Get in touch.

Penetration Testing

Level
Advanced
Duration
120 hrs.
Course Fee
₹15000

The Penetration Testing training is targeted to engineers and technical personnel involved in performing an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, Penetration Testing course’s live practice range will teach you to take your skills to the next level by teaching you how to pen test enterprise networks infrastructure, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network. The Penetration Testing covers a breadth of topics like enumeration, vulnerability assessment & penetration testing and reporting. Penetration Testing is a lab-intensive course and objectives are accomplished mainly through hands on learning.

Training Type
Classroom Online Corporate
Batch Timings

For the latest training schedule, please check the Schedules.

Weekdays
  • Early Morning
  • Morning
  • Afternoon
  • Evening
  • Fastrack
Weekdays
  • Morning
  • Afternoon
  • Evening
  • Sat / Sun
  • Sunday Only

Training is available in small groups as well as on one-to-one basis. Get in touch.

Course Introduction

This 120 hours of (Lectures + hands-on Lab) Penetration Testing training is targeted to engineers and technical personnel involved in performing an effective penetration test in an enterprise network environment that must be attacked, exploited, evaded, and defended. If you have only been working in flat networks, Penetration Testing course’s live practice range will teach you to take your skills to the next level by teaching you how to pen test enterprise networks infrastructure, how to write your own exploits, build your own tools, conduct advanced binaries exploitation, double pivot to access hidden networks, and also customize scripts/exploits to get into the innermost segments of the network. The Penetration Testing covers a breadth of topics like enumeration, vulnerability assessment & exploitation and reporting. Penetration Testing is a lab-intensive course and objectives are accomplished mainly through hands-on learning.

The Penetration Testing course gives you a broad range of fundamental knowledge for a career in VAPT. Through a combination of lecture, hands-on labs, and self-study, you will learn how to enumerate, analyze, configure, and verify basic server-side and web-application attacks. The course covers configuring hacking tools and frameworks; binary exploitation; and identifying advanced web application vulnerabilities. The course also gives you a foundation in exploit development, privilege escalation and lateral movement. This course is created for candidates to prepare for real world scenarios in Red Team Operations and will create a solid foundation for candidates to prepare for EC-COUNCIL CPENT and OSCP certifications.

Course Highlights
  • Project manager can be assigned to track candidates’ performance
  • Curriculum based on course outlines defined by EC-Council & Offensive Security
  • This Instructor-led classroom course is designed with an aim to build theoretical knowledge supplemented by ample hands-on lab exercises
  • Facility of Lab on cloud available (based on booking)
  • Courseware includes reference material to maximize learning.
  • Assignments and test to ensure concept absorption.
  • Courseware includes reference material to maximize learning.
  • Assignments and test to ensure concept absorption.
  • Repeating of lectures allowed (based on seat availability)
Course Objectives

Students going through APT training can:

  • Demonstrate a repeatable and measurable approach to Penetration Testing
  • Perform advanced techniques and attacks to identify SQL Injection, Cross Site Scripting (XSS), LFI, RFI vulnerabilities in web applications
  • Get access to proprietary EC-Council Penetration testing Methodologies
  • Exploit vulnerabilities in Operating Systems such as Windows, Linux
  • Perform privilege escalation to gain root access to a system. Demonstrate ‘Out-of-Box’ and ‘lateral Thinking’
    • Identify and bypass perimeter protections
    • Advanced post exploitation and persistence
    • Extending Metasploit with custom modules and exploits
    • Pivoting from external into internal networks
    • Avoiding the most common mistakes when drafting a professional penetration testing report
Course Topics
  • Introduction to Penetration Testing

Understand and build the hacker mindset, infrastructure security, policies and standards and other case studies to recognize the importance of Cyber Security in today’s world and understand concepts such as:

    1. Cyber Kill Chain
    2. Hacking Concepts
    3. Ethics
    4. Information Security Controls
    5. Information Laws and Standards
  • Kali Linux based Operating System Architecture Basics
  1. Kali Linux Basics
    1. The Kali Linux Filesystem
    2. Basic Kali Linux Commands
    3. Finding Files in Kali Linux
    4. Managing Kali Services – SSH HTTP
    5. Searching, Installing and Removing Tools
    6. Bash Environment
    7. Piping and Redirection
    8. Text Searching and Manipulation – grep, sed, awk, cut
    9. Comparing Files – comm, diff, vimdiff.
    10. Managing Processes
    11. File and Command Monitoring
    12. Downloading Files
    13. Bash History Customize
    14. Persistent Bash Customization
  • Bypassing Filtered Networks
    1. Scanning for Defensive devices
    2. Assessing filtering devices
    3. Bypassing filtration
    • Web Application Penetration Testing
    1. Inspecting URLs
    2. Page content
    3. Response Headers
    4. Sitemaps
    5. Locate Admin consoles 
    6. Exploiting Admin Consoles
    7. Cross Site Scripting
    8. LFI/RFI
    9. SQL Injection
    10. HTTP Based attacks
  • Server-Side Attacks
    1. Windows Server Attacks
      1. Eternal Blue Manual Exploit 
      2. Print Nightmare Manual Exploitation
      3. Keylogger Software Development
    2. Linux Server Attacks
      1. Apache Tomcat Exploitation
      2. Struts Framework Exploitation
      3. Jenkins Groovy Script Exploitation
      4. SSH Brute Force
  • Client-Side Attacks
    • HTA based Windows Client-Side Attack
      1. Office Macro-Virus Development
  • Privilege Escalation
    1. Windows
      1. Understanding UAC
      2. UAC Bypass – fodhelper.exe
      3. Insecure File Permissions
      4. Unquoted Service Paths
      5. Kernel 
    2. Linux
      1. Insecure File Permissions
      2. Kernel
      3. Backdoor Access
  • File Transfers & Data Exfiltration
    1. Netcat
    2. Socat
    3. PowerShell
    4. Powercat
  • Buffer Overflow & Binary Exploitation
    1. Introduction to x86 architecture
    2. Introduction to x64 architecture
    3. Buffer Overflow Procedure & Concept
    4. Introduction to Debuggers
    5. Using customized Debuggers
    6. Windows Buffer Overflows (Stack)
    7. Linux Buffer Overflows 
      1. Network programming Vulnerabilities
      2. Stack overflows
      3. Format string Vulnerabilities
      4. Heap overflows
    8. DEP, ASLR, Canaries 
    9. Shellcode Development
    10. Shellcode Injection Windows
    11. Shellcode Injection Linux
  • Hacking Wireless Networks (Demonstration Only)
    1. Evil-Twin Attack
    2. Sniffing Attack
Lab Topics

  • Windows Exploitation contains a complete forest that you first have to gain access to and then use PowerShell and any other means to execute Silver and Gold Ticket and Kerberoasting. The machines will be configured with defenses in place, meaning you must use PowerShell bypass techniques and other advanced methods to score points within the network to complete the CTF challenges.
  • Learn Binary exploitation to find flawed binaries and reverse engineer them to write exploits to take control of the program execution. The task is complicated as you must first penetrate the perimeter to gain access, then discover the binaries. Once that is done, you will need to reverse engineer the code. This includes 64-bit code challenges and some of the code will be compiled with basic protections of non-executable stacks. Learn to write a driver program to exploit these binaries, then discover a method to escalate privileges. This will require advanced skills in binary exploitation to include the latest debugging concepts and egg hunting techniques. You are required to first craft an input code to take control of program execution, and second, map an area in memory to get your shellcode to work and bypass system protections.
  • Identify the filtering mechanisms of the architecture, then leverage this knowledge to gain access to web applications. The next challenge is to compromise and then extract the required data from the web apps. identify the filtering rules then penetrate the direct network. From there, you will have to attempt pivots into hidden networks using single pivoting methods, but through a filter to accomplish the requirement to penetrate and move out of a filtering device.
  • Enumeration techniques and enumeration countermeasures
  • Learn Penetration testing with Ruby, Python, PowerShell, Java, Perl, BASH, Fuzzing, and Metasploit.
  • Learn the latest methods of privilege escalation reverse engineering code must be implemented to take control of the execution, then break out of the limited shell are required to gain root/admin.
  • Learn penetration on wireless devices using automated tools.
  • Experience how a pen tester can mitigate risks and validate the report presented to the client to really make an impact. Great pen testing doesn’t mean much to clients without a clearly written report!
  • Various types of penetration testing, security audit, vulnerability assessment roadmaps and procedures
  • Packet sniffing techniques and how to defend against sniffing
  • Different types of webserver attacks, attack methodology, and countermeasures
  • Different types of web application attacks, web application hacking methodology, and countermeasures
  • Learn how to hack into different Operating systems such as Windows and Linux
Virtual Classroom
  • Instructor led online training is an ideal vehicle for delivering training to individuals anywhere in the world at any time.
  • This innovative approach presents live content with instructor delivering the training online.
  • Candidates will be performing labs remotely on our labs on cloud in presence of an online instructor.
  • Rstforum uses microsoft lync engine to deliver instructor led online training.
  • Advances in computer network technology, improvements in bandwidth, interactions, chat and conferencing, and realtime audio and video offers unparalleled training opportunities.
  • Instructor led online training can helps today’s busy professionals to perform their jobs and upgrade knowledge by integrating self-paced instructor led online training in their daily routines.
Miscellaneous
  • Minimum batch size required for batch is 10 participants in the this course.
  • The RST Forum reserves the right to cancel/postpone the class.
  • Course schedule will be provided before commencement of the course.
  • Certificate of participation will be awarded to participants with a minimum 90% attendance.
  • All attendees are to observe the Copyright Law on intellectual properties such as software and courseware from respective vendors.
  • The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
  • The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.