• +91-8588881421

CyberSense 201 – Penetration testing

Every day we read about new vulnerabilities exploited by threat actors despite of multiple network security controls. Hackers continue to steal million of records every years at alarming frequency. There is a need to assess specific aspects of organization security program and the state of security of critical systems, networks and applications.

Penetrating testing is designed to assess security before an attacker an attacker does. Penetration testing is more than just assessing or uncovering the vulnerabilities and goes to next level in order to prove the attack vector and answer to real world effectiveness of existing security controls against skilled threat vectors. With increased in sophistication of attack vectors organization are looking for pen testers to identify higher-risk vulnerabilities that are difficult to track using automated tools and needless to say to meet the compliance requirements.

This course will help professionals to understand about web and buffer overflow attack vectors that can be exploited by attackers in order to gain the system access. This course will also teach you different post exploitation & privilege escalation techniques to maintain and elevate system access.

Course Objectives: After completion of this course candidate will have idea about understating of web applications architectures, common web based vulnerabilities including LFI, RFI, SQL injection, evasion techniques, system exploitation using Metasploit framework. This class will also cover local and remote privilege escalation, buffer overflow and password attacks

Prerequisites: CEH, Cybersense101 or equivalent certification is desired to attend this course.

Target Audience: Network security consultant, Security architects, security managers, systems engineers staff who are responsible for planning, Implementing and deploying security technologies which may require cybersecurity and penetration testing in future

Course syllabus

  • Overview of web from Penetration tester perspective
  • Defining the web application
  • HTTP/S protocol basics
    1. HTTPv1.0, HTTP1.1, HTTP2.0
    2. HTTP request& response
    3. Session cookies, permanents cookies, websockets
    4. Common HTTP header field definitions
    5. HTTPS overview
  • Understanding and using various web based tools such as HTTP watch, tamper data, cookie manager , fiddler, hackbar
  • Overview on web application Architecture and various components
  • Web Application proxies
    1. Getting started with Burp proxy
    2. Traffic interception through burp proxy
    3. Understanding burp tools including intruder, spider and repeater
    4. Overview of ZAP proxy
  • Footprointing and information gathering concepts
  • Footprointing Methodology& tools
    1. Search engines
    2. Social networking sites, Job sites
    3. Google dorks, Email Footprinting
    4. DNS Footprinting, Network footprinting
    5. Nikto web vulnerability scanner
  • Footprinting Tools
    1. Netcraft, Whois Lookups
    2. DNS Digger and DIG, FOCA
    3. Maltego& Recon-ng, Harvester
    4. Shodan
  • Introduction to Path Traversal
  • Introduction to different encoding techniques
  • File Inclusion Vulnerabilities
    1. Remote file inclusion
    2. Local file inclusion
    3. LFI to remote code execution
    4. Log file poisoning
  • File Upload vulnerabilities
    1. Content type restriction bypass
    2. Evasion to blacklist and whitelist configuration in PHP code
    3. Getserverimage function bypass
    4. Embed PHP code in images
    5. File upload to remote code execution
  • Introduction to SQL Injection
    1. SQL Statements
    2. SQL queries in web applications
    3. SQL errors in web applications
  • SQLi attacks classification & Exploitation
    1. In-band SQLi
    2. Error based
    3. Blind SQLi
    4. Enumerating number of fields
    5. Dumping database content
    6. MS-SQL error based exploitation
  • SQLi to Server takeover
    1. Xp_cmdshell
    2. Reading file systems
    3. Uploading files
    4. Executing shell commands
  • SQL Injection exploitation using SQLMap
  • Base64 Encoding evasion
  • URI Obfuscation techniques
    1. URL shortening
    2. URL Hostname Obfuscation
  • PHP obfuscation techniques
    1. String generation
    2. Type Juggling
    3. String and Array Data types
  • Understanding post exploitation and different privilege escalation techniques
  • Linux Privilege Escalation
    1. Kernel Exploits
    2. Elevating access using bad file permissions
    3. PE using cronjobs
    4. PE using installed third party application
    5. NFS
    6. SUID bit
    7. Sudoers
  • Windows Privilege Escalation
    1. Kernel Exploits
    2. PE using different tunneling techniques
    3. Weak folder permissions , DLL Hijacking
    4. PE using installed third party application
    5. Pass the hash
    6. Bad service permission
  • Overview on different compilers
  • Password management
  • Online password attacks
    1. Wordlists
    2. Guessing Usernames and Passwords with Hydra
  • Offline Password Attacks
    1. Recovering Password Hashes from a Windows SAM File
    2. Dumping Password Hashes with Physical Access
    3. LM vs. NTLM Hashing Algorithms
    4. John the Ripper
    5. Cracking Linux Passwords
    6. Rainbow Tables
  • Online Password-Cracking Services
  • Dumping Plaintext Passwords from Memory with Windows Credential Editor
  • Overview of Assembly and Python
    1. A sample python script
    2. Adding functionality with “if” statement
    3. Python script with “for” statement
    4. Python script to automate basic tasks
  • Writing and compiling the program
  • Streamlining the results
  • Understanding memory Theory
  • Overview of buffer overflow attacks
    1. Understanding vulnerable program
    2. Causing a crash
    3. Running Immunity debugger
    4. Crashing program in Immunity
    5. Controlling EIP
    6. Hijacking execution
  • Searching known vulnerability in any known application
    1. Causing a crash
    2. Locating EIP
    3. Hijacking execution
    4. Getting a shell

Register now for demo sessions on our customized cyber security training programs Register for Demo

  • Evaluate how you can benefit from Cyber Security courses
  • Highly customized and industry most cost-effective cyber security training modules with comprehensive coverage
  • Newly introduced threat hunting program with security analytics.
  • 24*7 anytime any-ware access to Cyberpeople online cloud lab along with various lab scenarios