Upload File

mejfy3bqawzrbvbiwllustjovejpt0rrde56vmpoqzawt1rreuxubghnvgt0wxpwbvpxwmlzakk1turcbq==

  • Home
  • Documents
  • MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==
13
Real World Penetration Testing RWPT Online Syllabus v.1.0

Upload: ahmed-akram

Post on 27-Nov-2014

80 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Real World Penetration Testing

RWPT Online Syllabus

v.1.0

Page 2: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Real World Penetration Testing course is an investment in your own career. Give yourself

a competitive advantage over your colleagues. Our course is the most up-to-date

in the industry!

Prerequisites

Real World Penetration Testing is an entry-level course but still requires students to

have certain knowledge prior to attending the class. A solid understanding of TCP/IP,

networking, and reasonable Linux skills are required. This course it requires practice,

testing, and the ability to want to learn in a manner that will grow your career in the

information security field.

Who Should Attend

Penetration testers

Ethical hackers

Auditors who need to build deeper technical skills

Security personnel whose job involves assessing target networks and systems

to find security vulnerabilities

Security managers

System Administrators

Network Administrators

Training Areas

Web Application Security

Source Code Audit

Security Awareness

Application Security Testing

Security management

Security Policy Implementation

SDLC Development

Threat Modeling

Page 3: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Table of Contents

Introduction

Module 1:

Information Intelligence

1.1 Information Intelligence

1.1.1 Organize your information during penetration testing

1.1.2 Google/Bing Hacking

1.1.3 Extracting metadata of public documents

1.1.4 Gathering e-mail accounts, user names, subdomains and hostnames

1.1.5 whois lookups, OS info, uptime info, web server info

1.1.6 Traceroute Target IP Addres

Page 4: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 2:

Scanning and Enumerating

2.1 Scanning 2.1.1 TCP Port Scanning 2.1.2 TCP SYN Port Scanning 2.1.3 TCP ACK Firewall Scanning

2.1.4 TCP "XMas" Port Scanning 2.1.5 Finding live hosts 2.1.6 UDP sweeping and probing 2.1.7 SSL Scanning

2.2 Database Enumerating 2.2.1 MySQL server version enumeration 2.2.2 MSSQL server version enumeration

2.2.3 Postgres server version enumeration

2.2.4 ORACLE server version enumeration

2.3 DNS Enumerating

2.4 SNMP Enumerating

2.5 SMTP Enumerating

2.6 SSH, POP3 and telnet version enumeration 2.7 Microsoft NetBIOS Enumerating

Page 5: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 3:

Advanced Fingerprinting

3.1 Advanced Fingerprinting

3.1.1 Advanced web server fingerprinting

3.1.2 Advanced MSSQL servers fingerprinting

3.1.3 Advanced Web Application fingerprinting

3.1.4 Advanced Web Application Firewall fingerprinting

3.1.5 Advanced DNS and HTTP Load Balancers fingerprinting 3.1.5 Advanced Intrusion Prevention System fingerprinting

3.1.7 Advanced OS fingerprinting

Module 4:

Vulnerability Assessment

4.1 Vulnerability Assessment

4.1.1 Vulnerability Assessment vs Penetration testing

4.2 Assessing vulnerabilities

4.2.1 Nessus

4.2.2 W3af

Page 6: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 5:

Advanced Web Application Attacks

5.1 Advanced Cross Site Scripting attacks

5.1.1 From reflected XSS to reverse shell 5.1.2 From stored XSS to reverse shell

5.2 Advanced File handling attacks

5.2.1 from File Upload to reverse shell 5.2.2 from Remote File Inclusion to reverse shell 5.2.3 from Local File Inclusion to reverse shell

5.3 Advanced SQL Injection attacks

5.3.1 from SQL injection to reverse shell

5.3.2 from Blind SQL injection to reverse shell

5.4 Advanced Brute Force attacks 5.5 Advanced Cross-Site Request Forgery (CSRF) attacks

5.6 Advanced System Command injection attacks

Page 7: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 6:

Advanced Network Attacks

6.1 Sniffing Network Passwords

6.1.1 Sniffing HTTP passwords 6.1.2 Sniffing ftp and telnet passwords 6.1.3 Sniffing MYSQL and VNC passwords 6.2 Advanced sniffing 6.2.1 Advanced SSL sniffing 6.2.2 Sniffing Facebook Cookies 6.2.3 Sniffing IM (Yahoo,Msn) chat 6.3 Advanced network Attacks 6.3.1 Attacking Windows Domain Controller and Own the Network 6.3.2 from Man in the Middle Attack to Full Network Compromise

Page 8: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 7:

Wireless Attacking Techniques

7.1 Discovery

7.1.1 Windows Discovery

7.1.2 Linux Discovery

7.1.3 Mobile Discovery

7.2 Attacking 802.11 Wireless Networks

7.2.1 De-authenticating Users

7.2.2 Defeating Mac Filtering

7.2.3 Cracking WEP on Linux with a Client Attached

7.2.4 Cracking WEP on Linux without a Client Attached

7.2.5 Denial of Service Attack 7.3 Attacking WPA-Protected 802.11 Networks

7.3.1 Breaking Authentication: WPA-PSK

7.3.2 Obtaining the Four-Way Handshake

7.3.3 Cracking the Pre-Shared Key

7.3.4 Decrypting WPA-PSK Captures

Page 9: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 8:

Windows Exploit Development

8.1 Introduction 8.1.1 Memory Corruption 8.1.2 Memory Corruption Classes 8.1.3 Vulnerability Analysis

8.1.4 Exploit Development

8.1.5 Debugger (Olly), Stack and Assembly all in one

8.2 Fuzzing

8.3 Exploiting Windows Buffer Overflows

8.3.1 Replicating the Crash

8.3.2 Controlling EIP

8.3.3 Locating Space for our Shellcode

8.3.4 Redirecting the execution flow

8.3.5 Finding a return address

8.3.6 Basic shellcode creation

8.3.7 from bind shell to reverse meterpreter shell

Page 10: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 9:

Password Attacks

9.1 Online Password Attacks

9.1.1 FTP Bruteforce

9.1.2 POP3 Bruteforce

9.1.3 SNMP Bruteforce

9.1.4 VNC Bruteforce

9.1.5 MySQL Bruteforce 9.1.6 SMB Bruteforce

9.2 Password profiling

9.3 Offline Password Attacks

9.3.1 Hash Examples and how to crack MD5 hash

9.3.2 Cracking Linux/UNIX passwd and shadow files

9.3.3 Change/reset any account password from Windows 2000 to Windows 7

9.3.4 Retrieve Browser Passwords

9.3.5 Retrieve RDP passwords

9.3.6 Retrieve VNC passwords

9.3.7 Retrieve Instant Messaging passwords

9.3.8 Retrieve Facebook,Twitter,gmail,Hotmail and yahoo Passwords

9.3.9 Retrieve Wireless profile passwords

9.3.10 Cracking Windows SAM Database in Seconds 9.3.11 Why cracking the Hash When you can pass the hash!

Page 11: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 10:

The Exploitation Show

10.1 Server side attacks

10.1.1 Attacking Linux server

Scanning

Attack scenario 1: Remote Exploitation

Attack scenario 2: Web Application Exploitation

Attack scenario 3: Brute Force Login

Post Exploitation

Privilege Escalation

10.1.2 Attacking windows server

Scanning

Attack scenario 1: Remote Exploitation

Attack scenario 2: Brute Force RDP

Post Exploitation

Privilege Escalation

10.2 Client side attacks

10.2.1 Attacking windows 7 and bypassing DEP and ASLR 10.2.2 Attacking Ubuntu 10 10.2.3 Attacking mac os x 10.6.2 snow leopard

10.3 Attacking SCADA Systems

Page 12: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 11:

Denial of Service Attacks

11.1 Attacking Apache web server 11.2 Attacking IIS web server 11.3 Attacking windows Domain Controller

Page 13: MEJfY3BqaWZRbVBiWllUSTJOVEJpT0RrdE56VmpOQzAwT1RreUxUbGhNVGt0WXpWbVpXWmlZakk1TURCbQ==

Module 12:

Advanced Bypassing and Evasion techniques

12.1 Advanced stateful packet inspection firewall Evasion and Bypassing 12.2 Advanced Antivirus Detection Evasion and Bypassing (100% FUD) 12.3 Advanced Intrusion Detection System (IDS) Evasion and Bypassing 12.4 Advanced Internal Network enumeration Against NIPS/HIPS 12.5 Advanced NO DHCP Evasion and Bypassing 12.6 Advanced DHCP MAC Address reservations Evasion and Bypassing

12.7 Advanced Firewall outbound/inbound rules and proxy Evasion and Bypassing

12.8 Advanced Windows User Access Control (UAC) Evasion and Bypassing


Cakes Recipes

Bodybuilding - The Rock Hard Challenge (Month 1 Training)

Keyboard Shortcuts for the Opera Browser for Mac OS X

Star Wars Original Trilogy Trivia (Episodes IV-VI)

Chapter-01

I Am a Holocaust Denier and I Am Unafraid

Physical Modelling Synthesis Overview

Chapter 24

Daniel Zanella and Alexander Weygers

Heidegger Kritik

Improve the Color Quality Of Your Monitor

Barclays1

Plato - Symposium

Star Wars Trivia!

Algorithms

Venture Capital

Basic Buffer Overflows Explained

United States Constitution

Steve Jobs' Commencement Speech at Stanford

Who Killed God

Oedipus The King: The Ideal Tragic Play

Star Wars Prequel Trilogy Trivia (Episodes I-III)

18 Tricks to Teach Your Body

Tragic Heroes

The Dutch Republic In International Trade

Personality Development

Do you admire Leonardo da Vinci?

Simple Functions in Haskell

The Last Carnival I Ever Saw

xCDC14a

Effective Parenting: Establishing Boundaries

How Computer Keyboards Work

Introduction to Six Sigma

Rubik's cube solution

How Computer Monitors Work