Real World Penetration Testing
RWPT Online Syllabus
v.1.0
Real World Penetration Testing course is an investment in your own career. Give yourself
a competitive advantage over your colleagues. Our course is the most up-to-date
in the industry!
Prerequisites
Real World Penetration Testing is an entry-level course but still requires students to
have certain knowledge prior to attending the class. A solid understanding of TCP/IP,
networking, and reasonable Linux skills are required. This course it requires practice,
testing, and the ability to want to learn in a manner that will grow your career in the
information security field.
Who Should Attend
Penetration testers
Ethical hackers
Auditors who need to build deeper technical skills
Security personnel whose job involves assessing target networks and systems
to find security vulnerabilities
Security managers
System Administrators
Network Administrators
Training Areas
Web Application Security
Source Code Audit
Security Awareness
Application Security Testing
Security management
Security Policy Implementation
SDLC Development
Threat Modeling
Table of Contents
Introduction
Module 1:
Information Intelligence
1.1 Information Intelligence
1.1.1 Organize your information during penetration testing
1.1.2 Google/Bing Hacking
1.1.3 Extracting metadata of public documents
1.1.4 Gathering e-mail accounts, user names, subdomains and hostnames
1.1.5 whois lookups, OS info, uptime info, web server info
1.1.6 Traceroute Target IP Addres
Module 2:
Scanning and Enumerating
2.1 Scanning 2.1.1 TCP Port Scanning 2.1.2 TCP SYN Port Scanning 2.1.3 TCP ACK Firewall Scanning
2.1.4 TCP "XMas" Port Scanning 2.1.5 Finding live hosts 2.1.6 UDP sweeping and probing 2.1.7 SSL Scanning
2.2 Database Enumerating 2.2.1 MySQL server version enumeration 2.2.2 MSSQL server version enumeration
2.2.3 Postgres server version enumeration
2.2.4 ORACLE server version enumeration
2.3 DNS Enumerating
2.4 SNMP Enumerating
2.5 SMTP Enumerating
2.6 SSH, POP3 and telnet version enumeration 2.7 Microsoft NetBIOS Enumerating
Module 3:
Advanced Fingerprinting
3.1 Advanced Fingerprinting
3.1.1 Advanced web server fingerprinting
3.1.2 Advanced MSSQL servers fingerprinting
3.1.3 Advanced Web Application fingerprinting
3.1.4 Advanced Web Application Firewall fingerprinting
3.1.5 Advanced DNS and HTTP Load Balancers fingerprinting 3.1.5 Advanced Intrusion Prevention System fingerprinting
3.1.7 Advanced OS fingerprinting
Module 4:
Vulnerability Assessment
4.1 Vulnerability Assessment
4.1.1 Vulnerability Assessment vs Penetration testing
4.2 Assessing vulnerabilities
4.2.1 Nessus
4.2.2 W3af
Module 5:
Advanced Web Application Attacks
5.1 Advanced Cross Site Scripting attacks
5.1.1 From reflected XSS to reverse shell 5.1.2 From stored XSS to reverse shell
5.2 Advanced File handling attacks
5.2.1 from File Upload to reverse shell 5.2.2 from Remote File Inclusion to reverse shell 5.2.3 from Local File Inclusion to reverse shell
5.3 Advanced SQL Injection attacks
5.3.1 from SQL injection to reverse shell
5.3.2 from Blind SQL injection to reverse shell
5.4 Advanced Brute Force attacks 5.5 Advanced Cross-Site Request Forgery (CSRF) attacks
5.6 Advanced System Command injection attacks
Module 6:
Advanced Network Attacks
6.1 Sniffing Network Passwords
6.1.1 Sniffing HTTP passwords 6.1.2 Sniffing ftp and telnet passwords 6.1.3 Sniffing MYSQL and VNC passwords 6.2 Advanced sniffing 6.2.1 Advanced SSL sniffing 6.2.2 Sniffing Facebook Cookies 6.2.3 Sniffing IM (Yahoo,Msn) chat 6.3 Advanced network Attacks 6.3.1 Attacking Windows Domain Controller and Own the Network 6.3.2 from Man in the Middle Attack to Full Network Compromise
Module 7:
Wireless Attacking Techniques
7.1 Discovery
7.1.1 Windows Discovery
7.1.2 Linux Discovery
7.1.3 Mobile Discovery
7.2 Attacking 802.11 Wireless Networks
7.2.1 De-authenticating Users
7.2.2 Defeating Mac Filtering
7.2.3 Cracking WEP on Linux with a Client Attached
7.2.4 Cracking WEP on Linux without a Client Attached
7.2.5 Denial of Service Attack 7.3 Attacking WPA-Protected 802.11 Networks
7.3.1 Breaking Authentication: WPA-PSK
7.3.2 Obtaining the Four-Way Handshake
7.3.3 Cracking the Pre-Shared Key
7.3.4 Decrypting WPA-PSK Captures
Module 8:
Windows Exploit Development
8.1 Introduction 8.1.1 Memory Corruption 8.1.2 Memory Corruption Classes 8.1.3 Vulnerability Analysis
8.1.4 Exploit Development
8.1.5 Debugger (Olly), Stack and Assembly all in one
8.2 Fuzzing
8.3 Exploiting Windows Buffer Overflows
8.3.1 Replicating the Crash
8.3.2 Controlling EIP
8.3.3 Locating Space for our Shellcode
8.3.4 Redirecting the execution flow
8.3.5 Finding a return address
8.3.6 Basic shellcode creation
8.3.7 from bind shell to reverse meterpreter shell
Module 9:
Password Attacks
9.1 Online Password Attacks
9.1.1 FTP Bruteforce
9.1.2 POP3 Bruteforce
9.1.3 SNMP Bruteforce
9.1.4 VNC Bruteforce
9.1.5 MySQL Bruteforce 9.1.6 SMB Bruteforce
9.2 Password profiling
9.3 Offline Password Attacks
9.3.1 Hash Examples and how to crack MD5 hash
9.3.2 Cracking Linux/UNIX passwd and shadow files
9.3.3 Change/reset any account password from Windows 2000 to Windows 7
9.3.4 Retrieve Browser Passwords
9.3.5 Retrieve RDP passwords
9.3.6 Retrieve VNC passwords
9.3.7 Retrieve Instant Messaging passwords
9.3.8 Retrieve Facebook,Twitter,gmail,Hotmail and yahoo Passwords
9.3.9 Retrieve Wireless profile passwords
9.3.10 Cracking Windows SAM Database in Seconds 9.3.11 Why cracking the Hash When you can pass the hash!
Module 10:
The Exploitation Show
10.1 Server side attacks
10.1.1 Attacking Linux server
Scanning
Attack scenario 1: Remote Exploitation
Attack scenario 2: Web Application Exploitation
Attack scenario 3: Brute Force Login
Post Exploitation
Privilege Escalation
10.1.2 Attacking windows server
Scanning
Attack scenario 1: Remote Exploitation
Attack scenario 2: Brute Force RDP
Post Exploitation
Privilege Escalation
10.2 Client side attacks
10.2.1 Attacking windows 7 and bypassing DEP and ASLR 10.2.2 Attacking Ubuntu 10 10.2.3 Attacking mac os x 10.6.2 snow leopard
10.3 Attacking SCADA Systems
Module 11:
Denial of Service Attacks
11.1 Attacking Apache web server 11.2 Attacking IIS web server 11.3 Attacking windows Domain Controller
Module 12:
Advanced Bypassing and Evasion techniques
12.1 Advanced stateful packet inspection firewall Evasion and Bypassing 12.2 Advanced Antivirus Detection Evasion and Bypassing (100% FUD) 12.3 Advanced Intrusion Detection System (IDS) Evasion and Bypassing 12.4 Advanced Internal Network enumeration Against NIPS/HIPS 12.5 Advanced NO DHCP Evasion and Bypassing 12.6 Advanced DHCP MAC Address reservations Evasion and Bypassing
12.7 Advanced Firewall outbound/inbound rules and proxy Evasion and Bypassing
12.8 Advanced Windows User Access Control (UAC) Evasion and Bypassing