Kali Linux Training for Users (Kali Training)
Best Kali Linux Training for Users (Kali Training) training courses classes deliver by Nux software solutions in coimbatore. Nux software solutions in coimbatore has excellent and advanced training programs that will give you better performance & hands on experience. Our industry’s expert trainers offer a wide range of skills and experience in their graded areas.
The Training center environment is too good for professional, individual, corporate, live project training and industrial training. Labs infrastructure is advanced, well managed and you can access LAB 24X7 from anywhere. Training center has international expert trainers and they have excellent knowledge, real time industry experience.
Our Training programs combine with several innovative learning methods and delivery models. We understand your requirement and it will give you 100 percent growth for your career and provide the cost effective training programs and also work with flexibility for the trainees.
Kali Linux is an operating system based on the Debian distribution aimed at digital forensics and penetration testing use. Kali Linux provides users with easy access to a comprehensive and large collection of security-related tools ranging from port scanners to password crackers. Support for Live CD and Live USB functionality allows users to boot Kali Linux directly from portable media without requiring installation, though permanent installation to hard disk is also an option.
Course Syllabus
Module 1
Penetration Testing with Kali Linux:
1.0 General Course Information,
1.1 About The PWK Course,
1.1.1 PWK Course Materials,
1.1.2 Access to the Internal VPN Lab Network,
1.1.3 The Offensive Security Student Forum,
1.1.4 Live Support,
1.1.5 OSCP Exam Attempt,
1.2 Overall Strategies for Approaching the Course,
1.2.1 Welcome and Course Information Emails,
1.2.2 Course Materials,
1.2.3 Course Exercises,
1.2.4 PWK Labs,
1.3 Obtaining Support,
1.4 About Penetration Testing,
1.5 Legal,
1.6 The MegaCorpone.com and Sandbox.local Domains,
1.7 About the PWK VPN Labs,
1.7.1 Lab Warning,
1.7.2 Control Panel,
1.7.3 Reverts,
1.7.4 Client Machines,
1.7.5 Kali Virtual Machine,
1.7.6 Lab Behavior and Lab Restrictions,
1.8 Reporting,
1.8.1 Consider the Objective,
1.8.2 Consider the Audience,
1.8.3 Consider What to Include,
1.8.4 Consider the Presentation,
1.8.5 The PWK Report,
1.8.6 Note Taking,
1.9 About the OSCP Exam,
1.9.1 Metasploit Usage - Lab vs Exam,
1.10 Wrapping Up
1.0 General Course Information,
1.1 About The PWK Course,
1.1.1 PWK Course Materials,
1.1.2 Access to the Internal VPN Lab Network,
1.1.3 The Offensive Security Student Forum,
1.1.4 Live Support,
1.1.5 OSCP Exam Attempt,
1.2 Overall Strategies for Approaching the Course,
1.2.1 Welcome and Course Information Emails,
1.2.2 Course Materials,
1.2.3 Course Exercises,
1.2.4 PWK Labs,
1.3 Obtaining Support,
1.4 About Penetration Testing,
1.5 Legal,
1.6 The MegaCorpone.com and Sandbox.local Domains,
1.7 About the PWK VPN Labs,
1.7.1 Lab Warning,
1.7.2 Control Panel,
1.7.3 Reverts,
1.7.4 Client Machines,
1.7.5 Kali Virtual Machine,
1.7.6 Lab Behavior and Lab Restrictions,
1.8 Reporting,
1.8.1 Consider the Objective,
1.8.2 Consider the Audience,
1.8.3 Consider What to Include,
1.8.4 Consider the Presentation,
1.8.5 The PWK Report,
1.8.6 Note Taking,
1.9 About the OSCP Exam,
1.9.1 Metasploit Usage - Lab vs Exam,
1.10 Wrapping Up
Module 2
2.0 Getting Comfortable with Kali Linux
2.1 Booting Up Kali Linux, 2.2 The Kali Menu,
2.3 Kali Documentation, 2.3.1 The Kali Linux Official Documentation,
2.3.2 The Kali Linux Support Forum,
2.3.3 The Kali Linux Tools Site,
2.3.4 The Kali Linux Bug Tracker,
2.3.5 The Kali Training Site,
2.3.6 Exercises,
2.4 Finding Your Way Around Kali,
2.4.1 The Linux Filesystem,
2.4.2 Basic Linux Commands,
2.4.3 Finding Files in Kali Linux,
2.5 Managing Kali Linux Services,
2.5.1 SSH Service,
2.5.2 HTTP Service,
2.5.3 Exercises,
2.6 Searching, Installing, and Removing Tools,
2.6.1 apt update,
2.6.2 apt upgrade,
2.6.3 apt-cache search and apt show,
2.6.4 apt install,
2.6.5 apt remove - purge,
2.6.6 dpkg,
2.7 Wrapping Up
2.1 Booting Up Kali Linux, 2.2 The Kali Menu,
2.3 Kali Documentation, 2.3.1 The Kali Linux Official Documentation,
2.3.2 The Kali Linux Support Forum,
2.3.3 The Kali Linux Tools Site,
2.3.4 The Kali Linux Bug Tracker,
2.3.5 The Kali Training Site,
2.3.6 Exercises,
2.4 Finding Your Way Around Kali,
2.4.1 The Linux Filesystem,
2.4.2 Basic Linux Commands,
2.4.3 Finding Files in Kali Linux,
2.5 Managing Kali Linux Services,
2.5.1 SSH Service,
2.5.2 HTTP Service,
2.5.3 Exercises,
2.6 Searching, Installing, and Removing Tools,
2.6.1 apt update,
2.6.2 apt upgrade,
2.6.3 apt-cache search and apt show,
2.6.4 apt install,
2.6.5 apt remove - purge,
2.6.6 dpkg,
2.7 Wrapping Up
Module 3
3.0.0 Command Line
3.1 The Bash Environment,
3.1.1 Environment Variables,
3.1.2 Tab Completion,
3.1.3 Bash History Tricks,
3.2 Piping and Redirection,
3.2.1 Redirecting to a New File,
3.2.2 Redirecting to an Existing File,
3.2.3 Redirecting from a File,
3.2.4 Redirecting STDERR,
3.2.5 Piping,
3.3 Text Searching and Manipulation,
3.3.1 grep,
3.3.2 sed,
3.3.3 cut,
3.3.4 awk,
3.3.5 Practical Example,
3.4 Editing Files from the Command Line,
3.4.1 nano,
3.4.2 vi,
3.5 Comparing Files,
3.5.1 comm,
3.5.2 diff,
3.5.3 vimdiff,
3.6 Managing Processes,
3.6.1 Backgrounding Processes (bg),
3.6.2 Jobs Control: jobs and fg,
3.6.3 Process Control: ps and kill,
3.7 File and Command Monitoring,
3.7.1 tail,
3.7.2 watch,
3.8 Downloading Files,
3.8.1 wget,
3.8.2 curl,
3.8.3 axel,
3.9 Customizing the Bash Environment,
3.9.1 Bash History Customization,
3.9.2 Alias,
3.9.3 Persistent Bash Customization,
3.10 Wrapping Up
3.1 The Bash Environment,
3.1.1 Environment Variables,
3.1.2 Tab Completion,
3.1.3 Bash History Tricks,
3.2 Piping and Redirection,
3.2.1 Redirecting to a New File,
3.2.2 Redirecting to an Existing File,
3.2.3 Redirecting from a File,
3.2.4 Redirecting STDERR,
3.2.5 Piping,
3.3 Text Searching and Manipulation,
3.3.1 grep,
3.3.2 sed,
3.3.3 cut,
3.3.4 awk,
3.3.5 Practical Example,
3.4 Editing Files from the Command Line,
3.4.1 nano,
3.4.2 vi,
3.5 Comparing Files,
3.5.1 comm,
3.5.2 diff,
3.5.3 vimdiff,
3.6 Managing Processes,
3.6.1 Backgrounding Processes (bg),
3.6.2 Jobs Control: jobs and fg,
3.6.3 Process Control: ps and kill,
3.7 File and Command Monitoring,
3.7.1 tail,
3.7.2 watch,
3.8 Downloading Files,
3.8.1 wget,
3.8.2 curl,
3.8.3 axel,
3.9 Customizing the Bash Environment,
3.9.1 Bash History Customization,
3.9.2 Alias,
3.9.3 Persistent Bash Customization,
3.10 Wrapping Up
Module 4
4.0.0 Practical Tools
4.1 Netcat,
4.1.1 Connecting to a TCP/UDP Port,
4.1.2 Listening on a TCP/UDP Port,
4.1.3 Transferring Files with Netcat,
4.1.4 Remote Administration with Netcat,
4.2 Socat,
4.2.1 Netcat vs Socat,
4.2.2 Socat File Transfers,
4.2.3 Socat Reverse Shells,
4.2.4 Socat Encrypted Bind Shells,
4.3 PowerShell and Powercat,
4.3.1 PowerShell File Transfers,
4.3.2 PowerShell Reverse Shells,
4.3.3 PowerShell Bind Shells,
4.3.4 Powercat,
4.3.5 Powercat File Transfers,
4.3.6 Powercat Reverse Shells,
4.3.7 Powercat Bind Shells,
4.3.8 Powercat Stand-Alone Payloads,
4.4 Wireshark,
4.4.1 Wireshark Basics, 4.4.2 Launching Wireshark,
4.4.3 Capture Filters,
4.4.4 Display Filters,
4.4.5 Following TCP Streams,
4.5 Tcpdump,
4.5.2 Filtering Traffic,
4.5.3 Advanced Header Filtering,
4.6 Wrapping Up
4.1 Netcat,
4.1.1 Connecting to a TCP/UDP Port,
4.1.2 Listening on a TCP/UDP Port,
4.1.3 Transferring Files with Netcat,
4.1.4 Remote Administration with Netcat,
4.2 Socat,
4.2.1 Netcat vs Socat,
4.2.2 Socat File Transfers,
4.2.3 Socat Reverse Shells,
4.2.4 Socat Encrypted Bind Shells,
4.3 PowerShell and Powercat,
4.3.1 PowerShell File Transfers,
4.3.2 PowerShell Reverse Shells,
4.3.3 PowerShell Bind Shells,
4.3.4 Powercat,
4.3.5 Powercat File Transfers,
4.3.6 Powercat Reverse Shells,
4.3.7 Powercat Bind Shells,
4.3.8 Powercat Stand-Alone Payloads,
4.4 Wireshark,
4.4.1 Wireshark Basics, 4.4.2 Launching Wireshark,
4.4.3 Capture Filters,
4.4.4 Display Filters,
4.4.5 Following TCP Streams,
4.5 Tcpdump,
4.5.2 Filtering Traffic,
4.5.3 Advanced Header Filtering,
4.6 Wrapping Up
Module 5
5.0 Bash Scripting
5.1 Intro to Bash Scripting,
5.2 Variables,
5.2.1 Arguments,
5.2.2 Reading User Input,
5.3 If, Else, Elif Statements,
5.4 Boolean Logical Operations,
5.5 Loops,
5.5.1 For Loops,
5.5.2 While Loops,
5.6 Functions,
5.7 Practical Examples,
5.7.1 Practical Bash Usage - Example 1,
5.7.2 Practical Bash Usage - Example 2,
5.7.3 Practical Bash Usage - Example 3,
5.8 Wrapping Up
5.1 Intro to Bash Scripting,
5.2 Variables,
5.2.1 Arguments,
5.2.2 Reading User Input,
5.3 If, Else, Elif Statements,
5.4 Boolean Logical Operations,
5.5 Loops,
5.5.1 For Loops,
5.5.2 While Loops,
5.6 Functions,
5.7 Practical Examples,
5.7.1 Practical Bash Usage - Example 1,
5.7.2 Practical Bash Usage - Example 2,
5.7.3 Practical Bash Usage - Example 3,
5.8 Wrapping Up
Module 6
6.0 assive Information Gathering
6.1 Taking Notes, 6.2 Website Recon,
6.3 Whois Enumeration,
6.4 Google Hacking,
6.5 Netcraft,
6.6 Recon-ng,
6.7 Open-Source Code,
6.8 Shodan,
6.9 Security Headers Scanner,
6.10 SSL Server Test,
6.11 Pastebin,
6.12 User Information Gathering,
6.12.1 Email Harvesting,
6.12.2 Password Dumps,
6.13 Social Media Tools,
6.13.2 Site-Specific Tools,
6.14 Stack Overflow,
6.15 Information Gathering Frameworks,
6.15.1 OSINT Framework,
6.15.2 Maltego,
6.16 Wrapping Up
6.1 Taking Notes, 6.2 Website Recon,
6.3 Whois Enumeration,
6.4 Google Hacking,
6.5 Netcraft,
6.6 Recon-ng,
6.7 Open-Source Code,
6.8 Shodan,
6.9 Security Headers Scanner,
6.10 SSL Server Test,
6.11 Pastebin,
6.12 User Information Gathering,
6.12.1 Email Harvesting,
6.12.2 Password Dumps,
6.13 Social Media Tools,
6.13.2 Site-Specific Tools,
6.14 Stack Overflow,
6.15 Information Gathering Frameworks,
6.15.1 OSINT Framework,
6.15.2 Maltego,
6.16 Wrapping Up
Module 7
7.0 Active Information Gathering
7.1 DNS Enumeration,
7.1.1 Interacting with a DNS Server,
7.1.2 Automating Lookups,
7.1.3 Forward Lookup Brute Force,
7.1.4 Reverse Lookup Brute Force,
7.1.5 DNS Zone Transfers,
7.1.6 Relevant Tools in Kali Linux,
7.2 Port Scanning,
7.2.1 TCP / UDP Scanning,
7.2.2 Port Scanning with Nmap,
7.2.3 Masscan,
7.3 SMB Enumeration,
7.3.1 Scanning for the NetBIOS Service,
7.3.2 Nmap SMB NSE Scripts,
7.4 NFS Enumeration,
7.4.1 Scanning for NFS Shares,
7.4.2 Nmap NFS NSE Scripts,
7.5 SMTP Enumeration,
7.6 SNMP Enumeration,
7.6.1 The SNMP MIB Tree,
7.6.2 Scanning for SNMP,
7.6.3 Windows SNMP Enumeration Example,
7.7 Wrapping Up
7.1 DNS Enumeration,
7.1.1 Interacting with a DNS Server,
7.1.2 Automating Lookups,
7.1.3 Forward Lookup Brute Force,
7.1.4 Reverse Lookup Brute Force,
7.1.5 DNS Zone Transfers,
7.1.6 Relevant Tools in Kali Linux,
7.2 Port Scanning,
7.2.1 TCP / UDP Scanning,
7.2.2 Port Scanning with Nmap,
7.2.3 Masscan,
7.3 SMB Enumeration,
7.3.1 Scanning for the NetBIOS Service,
7.3.2 Nmap SMB NSE Scripts,
7.4 NFS Enumeration,
7.4.1 Scanning for NFS Shares,
7.4.2 Nmap NFS NSE Scripts,
7.5 SMTP Enumeration,
7.6 SNMP Enumeration,
7.6.1 The SNMP MIB Tree,
7.6.2 Scanning for SNMP,
7.6.3 Windows SNMP Enumeration Example,
7.7 Wrapping Up
Module 8
8.0 Vulnerability Scanning
8.1 Vulnerability Scanning Overview and Considerations,
8.1.1 How Vulnerability Scanners Work,
8.1.2 Manual vs. Automated Scanning,
8.1.3 Internet Scanning vs Internal Scanning,
8.1.4 Authenticated vs Unauthenticated Scanning,
8.2 Vulnerability Scanning with Nessus,
8.2.1 Installing Nessus,
8.2.2 Defining Targets,
8.2.3 Configuring Scan Definitions,
8.2.4 Unauthenticated Scanning With Nessus,
8.2.5 Authenticated Scanning With Nessus,
8.2.6 Scanning with Individual Nessus Plugins,
8.3 Vulnerability Scanning with Nmap,
8.4 Wrapping Up
8.1 Vulnerability Scanning Overview and Considerations,
8.1.1 How Vulnerability Scanners Work,
8.1.2 Manual vs. Automated Scanning,
8.1.3 Internet Scanning vs Internal Scanning,
8.1.4 Authenticated vs Unauthenticated Scanning,
8.2 Vulnerability Scanning with Nessus,
8.2.1 Installing Nessus,
8.2.2 Defining Targets,
8.2.3 Configuring Scan Definitions,
8.2.4 Unauthenticated Scanning With Nessus,
8.2.5 Authenticated Scanning With Nessus,
8.2.6 Scanning with Individual Nessus Plugins,
8.3 Vulnerability Scanning with Nmap,
8.4 Wrapping Up
Module 9
9.0 Web Application Attacks
9.1 Web Application Assessment Methodology,
9.2 Web Application Enumeration,
9.2.1 Inspecting URLs,
9.2.2 Inspecting Page Content,
9.2.3 Viewing Response Headers,
9.2.4 Inspecting Sitemaps,
9.2.5 Locating Administration Consoles,
9.3 Web Application Assessment Tools,
9.3.2 DIRB,
9.3.3 Burp Suite,
9.3.4 Nikto,
9.4 Exploiting Web-based Vulnerabilities,
9.4.1 Exploiting Admin Consoles,
9.4.2 Cross-Site Scripting (XSS),
9.4.3 Directory Traversal Vulnerabilities,
9.4.4 File Inclusion Vulnerabilities,
9.4.5 SQL Injection,
9.5 Extra Miles,
9.5.1 Exercises,
9.6 Wrapping Up
9.1 Web Application Assessment Methodology,
9.2 Web Application Enumeration,
9.2.1 Inspecting URLs,
9.2.2 Inspecting Page Content,
9.2.3 Viewing Response Headers,
9.2.4 Inspecting Sitemaps,
9.2.5 Locating Administration Consoles,
9.3 Web Application Assessment Tools,
9.3.2 DIRB,
9.3.3 Burp Suite,
9.3.4 Nikto,
9.4 Exploiting Web-based Vulnerabilities,
9.4.1 Exploiting Admin Consoles,
9.4.2 Cross-Site Scripting (XSS),
9.4.3 Directory Traversal Vulnerabilities,
9.4.4 File Inclusion Vulnerabilities,
9.4.5 SQL Injection,
9.5 Extra Miles,
9.5.1 Exercises,
9.6 Wrapping Up
Module 10
10.0 Introduction to Buffer Overflows
10.1 Introduction to the x Architecture,
10.1.1 Program Memory,
10.1.2 CPU Registers,
10.2 Buffer Overflow Walkthrough,
10.2.1 Sample Vulnerable Code,
10.2.2 Introducing the Immunity Debugger,
10.2.3 Navigating code,
10.2.4 Overflowing the Buffer,
10.2.5 Exercises,
10.3 Wrapping Up
10.1 Introduction to the x Architecture,
10.1.1 Program Memory,
10.1.2 CPU Registers,
10.2 Buffer Overflow Walkthrough,
10.2.1 Sample Vulnerable Code,
10.2.2 Introducing the Immunity Debugger,
10.2.3 Navigating code,
10.2.4 Overflowing the Buffer,
10.2.5 Exercises,
10.3 Wrapping Up
Module 11
11.0.0 Windows Buffer Overflows
11.1 Discovering the Vulnerability,
11.1.1 Fuzzing the HTTP Protocol,
11.2 Win Buffer Overflow Exploitation,
11.2.1 A Word About DEP, ASLR, and CFG,
11.2.2 Replicating the Crash,
11.2.3 Controlling EIP,
11.2.4 Locating Space for Our Shellcode,
11.2.5 Checking for Bad Characters,
11.2.6 Redirecting the Execution Flow,
11.2.7 Finding a Return Address,
11.2.8 Generating Shellcode with Metasploit,
11.2.9 Getting a Shell,
11.2.10 Improving the Exploit,
11.3 Wrapping Up
11.1 Discovering the Vulnerability,
11.1.1 Fuzzing the HTTP Protocol,
11.2 Win Buffer Overflow Exploitation,
11.2.1 A Word About DEP, ASLR, and CFG,
11.2.2 Replicating the Crash,
11.2.3 Controlling EIP,
11.2.4 Locating Space for Our Shellcode,
11.2.5 Checking for Bad Characters,
11.2.6 Redirecting the Execution Flow,
11.2.7 Finding a Return Address,
11.2.8 Generating Shellcode with Metasploit,
11.2.9 Getting a Shell,
11.2.10 Improving the Exploit,
11.3 Wrapping Up
Module 12
12.0 Linux Buffer Overflows
12.1 About DEP, ASLR, and Canaries,
12.2 Replicating the Crash,
12.3 Controlling EIP,
12.4 Locating Space for Our Shellcode,
12.5 Checking for Bad Characters,
12.6 Finding a Return Address,
12.7 Getting a Shell,
12.8 Wrapping Up
12.1 About DEP, ASLR, and Canaries,
12.2 Replicating the Crash,
12.3 Controlling EIP,
12.4 Locating Space for Our Shellcode,
12.5 Checking for Bad Characters,
12.6 Finding a Return Address,
12.7 Getting a Shell,
12.8 Wrapping Up
Module 13
13.0 Client-Side Attacks
13.1 Know Your Target,
13.1.1 Passive Client Information Gathering,
13.1.2 Active Client Information Gathering,
13.2 Leveraging HTML Applications,
13.2.1 Exploring HTML Applications,
13.2.2 HTA Attack in Action,
13.3 Exploiting Microsoft Office,
13.3.1 Installing Microsoft Office,
13.3.2 Microsoft Word Macro,
13.3.3 Object Linking and Embedding,
13.3.4 Evading Protected View,
13.4 Wrapping Up
13.1 Know Your Target,
13.1.1 Passive Client Information Gathering,
13.1.2 Active Client Information Gathering,
13.2 Leveraging HTML Applications,
13.2.1 Exploring HTML Applications,
13.2.2 HTA Attack in Action,
13.3 Exploiting Microsoft Office,
13.3.1 Installing Microsoft Office,
13.3.2 Microsoft Word Macro,
13.3.3 Object Linking and Embedding,
13.3.4 Evading Protected View,
13.4 Wrapping Up
Module 14
14.0 Locating Public Exploits
14.1 A Word of Caution,
14.2 Searching for Exploits,
14.2.1 Online Exploit Resources,
14.2.2 Offline Exploit Resources,
14.3 Putting It All Together,
14.4 Wrapping Up
14.1 A Word of Caution,
14.2 Searching for Exploits,
14.2.1 Online Exploit Resources,
14.2.2 Offline Exploit Resources,
14.3 Putting It All Together,
14.4 Wrapping Up
Module 15
15.0 Fixing Exploits
15.1 Fixing Memory Corruption Exploits,
15.1.1 Overview and Considerations,
15.1.2 Importing and Examining the Exploit,
15.1.3 Cross-Compiling Exploit Code,
15.1.4 Changing the Socket Information,
15.1.5 Changing the Return Address,
15.1.6 Changing the Payload,
15.1.7 Changing the Overflow Buffer,
15.2 Fixing Web Exploits,
15.2.1 Considerations and Overview,
15.2.2 Selecting the Vulnerability,
15.2.3 Changing Connectivity Information,
15.2.4 Troubleshooting the "index out of range" Error,
15.3 Wrapping Up
15.1 Fixing Memory Corruption Exploits,
15.1.1 Overview and Considerations,
15.1.2 Importing and Examining the Exploit,
15.1.3 Cross-Compiling Exploit Code,
15.1.4 Changing the Socket Information,
15.1.5 Changing the Return Address,
15.1.6 Changing the Payload,
15.1.7 Changing the Overflow Buffer,
15.2 Fixing Web Exploits,
15.2.1 Considerations and Overview,
15.2.2 Selecting the Vulnerability,
15.2.3 Changing Connectivity Information,
15.2.4 Troubleshooting the "index out of range" Error,
15.3 Wrapping Up
Module 16
16.0 File Transfers
16.1 Considerations and Preparations,
16.1.1 Dangers of Transferring Attack Tools,
16.1.2 Installing Pure-FTPd,
16.1.3 The Non-Interactive Shell,
16.2 Transferring Files with Windows Hosts,
16.2.1 Non-Interactive FTP Download,
16.2.2 Windows Downloads Using Scripting Languages,
16.2.3 Windows Downloads with exe2hex and PowerShell,
16.2.4 Windows Uploads Using Windows Scripting Languages,
16.2.5 Uploading Files with TFTP
16.3 Wrapping Up
16.1 Considerations and Preparations,
16.1.1 Dangers of Transferring Attack Tools,
16.1.2 Installing Pure-FTPd,
16.1.3 The Non-Interactive Shell,
16.2 Transferring Files with Windows Hosts,
16.2.1 Non-Interactive FTP Download,
16.2.2 Windows Downloads Using Scripting Languages,
16.2.3 Windows Downloads with exe2hex and PowerShell,
16.2.4 Windows Uploads Using Windows Scripting Languages,
16.2.5 Uploading Files with TFTP
16.3 Wrapping Up
Module 17
17.0 Antivirus Evasion
17.1 What is Antivirus Software,
17.2 Methods of Detecting Malicious Code,
17.2.1 Signature-Based Detection,
17.2.2 Heuristic and Behavioral-Based Detection,
17.3 Bypassing Antivirus Detection,
17.3.1 On-Disk Evasion,
17.3.2 In-Memory Evasion,
17.3.3 AV Evasion: Practical Example,
17.4 Wrapping Up
17.1 What is Antivirus Software,
17.2 Methods of Detecting Malicious Code,
17.2.1 Signature-Based Detection,
17.2.2 Heuristic and Behavioral-Based Detection,
17.3 Bypassing Antivirus Detection,
17.3.1 On-Disk Evasion,
17.3.2 In-Memory Evasion,
17.3.3 AV Evasion: Practical Example,
17.4 Wrapping Up
Module 18
18.0 Privilege Escalation
18.1 Information Gathering,
18.1.1 Manual Enumeration,
18.1.2 Automated Enumeration,
18.2 Windows Privilege Escalation Examples,
18.2.1 Understanding Windows Privileges and Integrity Levels,
18.2.2 Introduction to User Account Control (UAC),
18.2.3 User Account Control (UAC) Bypass: fodhelper.exe Case Study,
18.2.4 Insecure File Permissions: Serviio Case Study,
18.2.5 Leveraging Unquoted Service Paths,
18.2.6 Windows Kernel Vulnerabilities: USBPcap Case Study,
18.3 Linux Privilege Escalation Examples,
18.3.1 Understanding Linux Privileges,
18.3.2 Insecure File Permissions: Cron Case Study,
18.3.3 Insecure File Permissions: /etc/passwd Case Study,
18.3.4 Kernel Vulnerabilities: CVE-7-2 Case Study,
18.4 Wrapping Up
18.1 Information Gathering,
18.1.1 Manual Enumeration,
18.1.2 Automated Enumeration,
18.2 Windows Privilege Escalation Examples,
18.2.1 Understanding Windows Privileges and Integrity Levels,
18.2.2 Introduction to User Account Control (UAC),
18.2.3 User Account Control (UAC) Bypass: fodhelper.exe Case Study,
18.2.4 Insecure File Permissions: Serviio Case Study,
18.2.5 Leveraging Unquoted Service Paths,
18.2.6 Windows Kernel Vulnerabilities: USBPcap Case Study,
18.3 Linux Privilege Escalation Examples,
18.3.1 Understanding Linux Privileges,
18.3.2 Insecure File Permissions: Cron Case Study,
18.3.3 Insecure File Permissions: /etc/passwd Case Study,
18.3.4 Kernel Vulnerabilities: CVE-7-2 Case Study,
18.4 Wrapping Up
Module 19
19.0 Password Attacks
19.1 Wordlists,
19.1.1 Standard Wordlists,
19.2 Brute Force Wordlists,
19.3 Common Network Service Attack Methods,
19.3.1 HTTP htaccess Attack with Medusa,
19.3.2 Remote Desktop Protocol Attack with Crowbar,
19.3.3 SSH Attack with THC-Hydra,
19.3.4 HTTP POST Attack with THC-Hydra,
19.4 Leveraging Password Hashes,
19.4.1 Retrieving Password Hashes,
19.4.2 Passing the Hash in Windows,
19.4.3 Password Cracking,
19.5 Wrapping Up
19.1 Wordlists,
19.1.1 Standard Wordlists,
19.2 Brute Force Wordlists,
19.3 Common Network Service Attack Methods,
19.3.1 HTTP htaccess Attack with Medusa,
19.3.2 Remote Desktop Protocol Attack with Crowbar,
19.3.3 SSH Attack with THC-Hydra,
19.3.4 HTTP POST Attack with THC-Hydra,
19.4 Leveraging Password Hashes,
19.4.1 Retrieving Password Hashes,
19.4.2 Passing the Hash in Windows,
19.4.3 Password Cracking,
19.5 Wrapping Up
Module 20
20.0 Port Redirection and Tunneling
20.1 Port Forwarding,
20.1.1 RINETD,
20.2 SSH Tunneling,
20.2.1 SSH Local Port Forwarding,
20.2.2 SSH Remote Port Forwarding,
20.2.3 SSH Dynamic Port Forwarding,
20.3 PLINK.exe,
20.4 NETSH,
20.5 HTTPTunnel-ing Through Deep Packet Inspection,
20.6 Wrapping Up
20.1 Port Forwarding,
20.1.1 RINETD,
20.2 SSH Tunneling,
20.2.1 SSH Local Port Forwarding,
20.2.2 SSH Remote Port Forwarding,
20.2.3 SSH Dynamic Port Forwarding,
20.3 PLINK.exe,
20.4 NETSH,
20.5 HTTPTunnel-ing Through Deep Packet Inspection,
20.6 Wrapping Up
Module 21
21.0 Active Directory Attacks
21.1 Active Directory Theory,
21.2 Active Directory Enumeration,
21.2.1 Traditional Approach,
21.2.2 A Modern Approach,
21.2.3 Resolving Nested Groups,
21.2.4 Currently Logged on Users,
21.2.5 Enumeration Through Service Principal Names,
21.3 Active Directory Authentication,
21.3.1 NTLM Authentication,
21.3.2 Kerberos Authentication,
21.3.3 Cached Credential Storage and Retrieval,
21.3.4 Service Account Attacks,
21.3.5 Low and Slow Password Guessing,
21.4 Active Directory Lateral Movement,
21.4.1 Pass the Hash,
21.4.2 Overpass the Hash,
21.4.3 Pass the Ticket,
21.4.4 Distributed Component Object Model,
21.5 Active Directory Persistence,
21.5.1 Golden Tickets,
21.5.2 Domain Controller Synchronization,
21.6 Wrapping Up
21.1 Active Directory Theory,
21.2 Active Directory Enumeration,
21.2.1 Traditional Approach,
21.2.2 A Modern Approach,
21.2.3 Resolving Nested Groups,
21.2.4 Currently Logged on Users,
21.2.5 Enumeration Through Service Principal Names,
21.3 Active Directory Authentication,
21.3.1 NTLM Authentication,
21.3.2 Kerberos Authentication,
21.3.3 Cached Credential Storage and Retrieval,
21.3.4 Service Account Attacks,
21.3.5 Low and Slow Password Guessing,
21.4 Active Directory Lateral Movement,
21.4.1 Pass the Hash,
21.4.2 Overpass the Hash,
21.4.3 Pass the Ticket,
21.4.4 Distributed Component Object Model,
21.5 Active Directory Persistence,
21.5.1 Golden Tickets,
21.5.2 Domain Controller Synchronization,
21.6 Wrapping Up
Module 22
22.0 The Metasploit Framework
22.1 Metasploit User Interfaces and Setup,
22.1.1 Getting Familiar with MSF Syntax,
22.1.2 Metasploit Database Access,
22.1.3 Auxiliary Modules,
22.2 Exploit Modules,
22.2.1 SyncBreeze Enterprise,
22.3 Metasploit Payloads,
22.3.1 Staged vs Non-Staged Payloads,
22.3.2 Meterpreter Payloads,
22.3.3 Experimenting with Meterpreter,
22.3.4 Executable Payloads,
22.3.5 Metasploit Exploit Multi Handler,
22.3.6 Client-Side Attacks,
22.3.7 Advanced Features and Transports,
22.4 Building Our Own MSF Module,
22.5 Post-Exploitation with Metasploit,
22.5.1 Core Post-Exploitation Features,
22.5.2 Migrating Processes,
22.5.3 Post-Exploitation Modules,
22.5.4 Pivoting with the Metasploit Framework,
22.6 Metasploit Automation,
22.7 Wrapping Up
22.1 Metasploit User Interfaces and Setup,
22.1.1 Getting Familiar with MSF Syntax,
22.1.2 Metasploit Database Access,
22.1.3 Auxiliary Modules,
22.2 Exploit Modules,
22.2.1 SyncBreeze Enterprise,
22.3 Metasploit Payloads,
22.3.1 Staged vs Non-Staged Payloads,
22.3.2 Meterpreter Payloads,
22.3.3 Experimenting with Meterpreter,
22.3.4 Executable Payloads,
22.3.5 Metasploit Exploit Multi Handler,
22.3.6 Client-Side Attacks,
22.3.7 Advanced Features and Transports,
22.4 Building Our Own MSF Module,
22.5 Post-Exploitation with Metasploit,
22.5.1 Core Post-Exploitation Features,
22.5.2 Migrating Processes,
22.5.3 Post-Exploitation Modules,
22.5.4 Pivoting with the Metasploit Framework,
22.6 Metasploit Automation,
22.7 Wrapping Up
Module 23
23.0 PowerShell Empire
23.1 Installation, Setup, and Usage,
23.1.1 PowerShell Empire Syntax,
23.1.2 Listeners and Stagers,
23.1.3 The Empire Agent,
23.2 PowerShell Modules,
23.2.1 Situational Awareness,
23.2.2 Credentials and Privilege Escalation,
23.2.3 Lateral Movement,
23.3 Switching Between Empire and Metasploit,
23.4 Wrapping Up
23.1 Installation, Setup, and Usage,
23.1.1 PowerShell Empire Syntax,
23.1.2 Listeners and Stagers,
23.1.3 The Empire Agent,
23.2 PowerShell Modules,
23.2.1 Situational Awareness,
23.2.2 Credentials and Privilege Escalation,
23.2.3 Lateral Movement,
23.3 Switching Between Empire and Metasploit,
23.4 Wrapping Up
Module 24
24.0 Assembling the Pieces: Penetration Test Breakdown
24.1 Public Network Enumeration,
24.2 Targeting the Web Application,
24.2.1 Web Application Enumeration,
24.2.2 SQL Injection Exploitation,
24.2.3 Cracking the Password,
24.2.4 Enumerating the Admin Interface,
24.2.5 Obtaining a Shell,
24.2.6 Post-Exploitation Enumeration,
24.2.7 Creating a Stable Pivot Point,
24.3 Targeting the Database,
24.3.1 Enumeration,
24.3.2 Attempting to Exploit the Database,
24.4 Deeper Enumeration of the Web Application Server,
24.4.1 More Thorough Post Exploitation,
24.4.2 Privilege Escalation,
24.4.3 Searching for DB Credentials,
24.5 Targeting the Database Again,
24.5.1 Exploitation,
24.5.2 Post-Exploitation Enumeration,
24.5.3 Creating a Stable Reverse Tunnel,
24.6 Targeting Poultry,
24.6.2 Enumeration,
24.6.3 Exploitation (Or Just Logging In),
24.6.4 Post-Exploitation Enumeration,
24.6.5 Unquoted Search Path Exploitation,
24.6.6 Post-Exploitation Enumeration,
24.7 Internal Network Enumeration,
24.7.1 Reviewing the Results,
24.8 Targeting the Jenkins Server,
24.8.1 Application Enumeration,
24.8.2 Exploiting Jenkins,
24.8.3 Post Exploitation Enumeration,
24.8.4 Privilege Escalation,
24.8.5 Post Exploitation Enumeration,
24.9 Targeting the Domain Controller,
24.9.1 Exploiting the Domain Controller,
24.10 Wrapping Up
24.1 Public Network Enumeration,
24.2 Targeting the Web Application,
24.2.1 Web Application Enumeration,
24.2.2 SQL Injection Exploitation,
24.2.3 Cracking the Password,
24.2.4 Enumerating the Admin Interface,
24.2.5 Obtaining a Shell,
24.2.6 Post-Exploitation Enumeration,
24.2.7 Creating a Stable Pivot Point,
24.3 Targeting the Database,
24.3.1 Enumeration,
24.3.2 Attempting to Exploit the Database,
24.4 Deeper Enumeration of the Web Application Server,
24.4.1 More Thorough Post Exploitation,
24.4.2 Privilege Escalation,
24.4.3 Searching for DB Credentials,
24.5 Targeting the Database Again,
24.5.1 Exploitation,
24.5.2 Post-Exploitation Enumeration,
24.5.3 Creating a Stable Reverse Tunnel,
24.6 Targeting Poultry,
24.6.2 Enumeration,
24.6.3 Exploitation (Or Just Logging In),
24.6.4 Post-Exploitation Enumeration,
24.6.5 Unquoted Search Path Exploitation,
24.6.6 Post-Exploitation Enumeration,
24.7 Internal Network Enumeration,
24.7.1 Reviewing the Results,
24.8 Targeting the Jenkins Server,
24.8.1 Application Enumeration,
24.8.2 Exploiting Jenkins,
24.8.3 Post Exploitation Enumeration,
24.8.4 Privilege Escalation,
24.8.5 Post Exploitation Enumeration,
24.9 Targeting the Domain Controller,
24.9.1 Exploiting the Domain Controller,
24.10 Wrapping Up
Module 25
25.0 Trying Harder: The Labs
25.1 Real Life Simulations,
25.2 Machine Dependencies, 25.3 Cloned Lab Machines,
25.4 Unlocking Networks,
25.5 Routing,
25.6 Machine Ordering & Attack Vectors,
25.7 Firewall / Routers / NAT,
25.8 Passwords
25.1 Real Life Simulations,
25.2 Machine Dependencies, 25.3 Cloned Lab Machines,
25.4 Unlocking Networks,
25.5 Routing,
25.6 Machine Ordering & Attack Vectors,
25.7 Firewall / Routers / NAT,
25.8 Passwords
