Students going through APT training can:

• Demonstrate a repeatable and measurable approach to Penetration Testing
• Perform advanced techniques and attacks to identify SQL Injection, Cross Site Scripting (XSS), LFI, RFI vulnerabilities in web applications
• Get access to proprietary EC-Council Penetration testing Methodologies
• Exploit vulnerabilities in Operating Systems such as Windows, Linux
• Perform privilege escalation to gain root access to a system. Demonstrate ‘Out-of-Box’ and ‘lateral Thinking’
  • Identify and bypass perimeter protections
  • Advanced post exploitation and persistence
  • Extending Metasploit with custom modules and exploits
  • Pivoting from external into internal networks
  • Avoiding the most common mistakes when drafting a professional penetration testing report

• Introduction to Penetration Testing

Understand and build the hacker mindset, infrastructure security, policies and standards and other case studies to recognize the importance of Cyber Security in today’s world and understand concepts such as:

1. 1. Cyber Kill Chain
   2. Hacking Concepts
   3. Ethics
   4. Information Security Controls
   5. Information Laws and Standards

• Kali Linux based Operating System Architecture Basics

1. Kali Linux Basics

1. 1. The Kali Linux Filesystem
   2. Basic Kali Linux Commands
   3. Finding Files in Kali Linux
   4. Managing Kali Services – SSH HTTP
   5. Searching, Installing and Removing Tools
   6. Bash Environment
   7. Piping and Redirection
   8. Text Searching and Manipulation – grep, sed, awk, cut
   9. Comparing Files – comm, diff, vimdiff.
   10. Managing Processes
   11. File and Command Monitoring
   12. Downloading Files
   13. Bash History Customize
   14. Persistent Bash Customization

• Bypassing Filtered Networks

1. 1. Scanning for Defensive devices
   2. Assessing filtering devices
   3. Bypassing filtration

• • Web Application Penetration Testing

1. 1. Inspecting URLs
   2. Page content
   3. Response Headers
   4. Sitemaps
   5. Locate Admin consoles 
   6. Exploiting Admin Consoles
   7. Cross Site Scripting
   8. LFI/RFI
   9. SQL Injection
   10. HTTP Based attacks

• Server-Side Attacks

1. 1. Windows Server Attacks
      1. Eternal Blue Manual Exploit 
      2. Print Nightmare Manual Exploitation
      3. Keylogger Software Development
   2. Linux Server Attacks
      1. Apache Tomcat Exploitation
      2. Struts Framework Exploitation
      3. Jenkins Groovy Script Exploitation
      4. SSH Brute Force

• Client-Side Attacks

• • HTA based Windows Client-Side Attack

1. 1. 1. Office Macro-Virus Development

• Privilege Escalation

1. 1. Windows
      1. Understanding UAC
      2. UAC Bypass – fodhelper.exe
      3. Insecure File Permissions
      4. Unquoted Service Paths
      5. Kernel 
   2. Linux
      1. Insecure File Permissions
      2. Kernel
      3. Backdoor Access

• File Transfers & Data Exfiltration

1. 1. Netcat
   2. Socat
   3. PowerShell
   4. Powercat

• Buffer Overflow & Binary Exploitation

1. 1. Introduction to x86 architecture
   2. Introduction to x64 architecture
   3. Buffer Overflow Procedure & Concept
   4. Introduction to Debuggers
   5. Using customized Debuggers
   6. Windows Buffer Overflows (Stack)
   7. Linux Buffer Overflows 
      1. Network programming Vulnerabilities
      2. Stack overflows
      3. Format string Vulnerabilities
      4. Heap overflows
   8. DEP, ASLR, Canaries 
   9. Shellcode Development
   10. Shellcode Injection Windows
   11. Shellcode Injection Linux

• Hacking Wireless Networks (Demonstration Only)

1. 1. Evil-Twin Attack
   2. Sniffing Attack

• Windows Exploitation contains a complete forest that you first have to gain access to and then use PowerShell and any other means to execute Silver and Gold Ticket and Kerberoasting. The machines will be configured with defenses in place, meaning you must use PowerShell bypass techniques and other advanced methods to score points within the network to complete the CTF challenges.
• Learn Binary exploitation to find flawed binaries and reverse engineer them to write exploits to take control of the program execution. The task is complicated as you must first penetrate the perimeter to gain access, then discover the binaries. Once that is done, you will need to reverse engineer the code. This includes 64-bit code challenges and some of the code will be compiled with basic protections of non-executable stacks. Learn to write a driver program to exploit these binaries, then discover a method to escalate privileges. This will require advanced skills in binary exploitation to include the latest debugging concepts and egg hunting techniques. You are required to first craft an input code to take control of program execution, and second, map an area in memory to get your shellcode to work and bypass system protections.
• Identify the filtering mechanisms of the architecture, then leverage this knowledge to gain access to web applications. The next challenge is to compromise and then extract the required data from the web apps. identify the filtering rules then penetrate the direct network. From there, you will have to attempt pivots into hidden networks using single pivoting methods, but through a filter to accomplish the requirement to penetrate and move out of a filtering device.
• Enumeration techniques and enumeration countermeasures
• Learn Penetration testing with Ruby, Python, PowerShell, Java, Perl, BASH, Fuzzing, and Metasploit.
• Learn the latest methods of privilege escalation reverse engineering code must be implemented to take control of the execution, then break out of the limited shell are required to gain root/admin.
• Learn penetration on wireless devices using automated tools.
• Experience how a pen tester can mitigate risks and validate the report presented to the client to really make an impact. Great pen testing doesn’t mean much to clients without a clearly written report!
• Various types of penetration testing, security audit, vulnerability assessment roadmaps and procedures
• Packet sniffing techniques and how to defend against sniffing
• Different types of webserver attacks, attack methodology, and countermeasures
• Different types of web application attacks, web application hacking methodology, and countermeasures
• Learn how to hack into different Operating systems such as Windows and Linux

• Minimum batch size required for batch is 10 participants in the this course.
• The RST Forum reserves the right to cancel/postpone the class.
• Course schedule will be provided before commencement of the course.
• Certificate of participation will be awarded to participants with a minimum 90% attendance.
• All attendees are to observe the Copyright Law on intellectual properties such as software and courseware from respective vendors.
• The RST Forum reserves the right to include external participants in the program either for the entire course or individual courses.
• The RST Forum reserves the right to change/alter the sequence of courses. RST FORUM published Book would be given at 50% discounted rate to the forum students.