Penetration Testing as a Day Job

TIME: 09:00 to 17:00 ICT/GMT+7

Exclusive for HITB, this class will include :-

– Multiple HITB exclusive hands-on labs
– HITB exclusive CTF at the end of the course
– 30 days of on-demand lab access.

Many introductory hacking courses show attendees tools & exploit scenarios, yet don’t prepare attendees to work towards a pentesting career, with a methodical approach to beginning, “middling”, ending, or reporting on an actual real pentest.

We take attendees on a light-hearted and hopefully humorous journey from start to finish through a very real (totally simulated) pen test engagement. Pwning our way through our real (fictional) organisation’s apps and infra, including webapps through internal infra and even some physical device silliness (think lights / sounds / maybe even some foam darts), before telling our “client” our findings in a professional (mostly) pentest report.

Hugely lab driven, with a “narrative over the top” almost continuously hands-on approach.

If you didn’t have fun then honestly we totally screwed this up, yet we will ensure that you come away feeling confident and ready to practise your skills flying solo, with plenty of advice included on next steps.

Key Learning Objectives

• Learn a huge number of skills, tools, concepts and techniques used by real pentesters on real engagements
• Learn how to apply those skills in an actual pentest-like scenario
• Learn to proactively prepare for and produce a meaningful report at the end of the engagement
• Have fun along the way!

(Course is also fully aligned to the published syllabus to prepare for CREST CPSA and CRT examinations)

Student will be provided with

• Full slide deck.
• Handouts with lab walkthroughs
• 30 days worth of on-demand lab access (HITB exclusive)

Topics covered

1. Introduction, Soft Skills & Assessment Management

• How to approach a pentest
• Engagement Lifecycle
• Law & Compliance
• Methodology
• Scoping
• Understanding, Explaining, and Managing Risk
• Good report writing skills: before, during, and after the assessment

2. Background Information Gathering and Open Source (OSINT)

• Records: Registration / DNS / CT Logs
• Customer Web Site Analysis
• Google Hacking and Web Enumeration
• NNTP Newsgroups and Mailing Lists
• Information Leakage from Mail & News Headers
• Social Engineering and Physical Security

3. Security Fundamentals

• Cryptography
• Applications of Cryptography
• Encoding / Encryption / Hashing
• Hash cracking
• File System Permissions
• Audit Techniques
• Source Code Review

4. Web Technologies

• Web Servers
• Web Enterprise Architectures
• Web Protocols
• Web Mark-up Languages
• Web Programming Languages
• Web Application Servers
• Web APIs
• Web SubComponents

5. Web Application Security Assessment

• Web Application Reconnaissance
• Identifying vulnerabilities
• Web Site Structure Discovery
• Information Gathering from Web Mark-up
• Information Disclosure in Error Messages
• Enumerating CMSs
• Threat Modelling and Attack Vectors
• Authentication Mechanisms
• Authentication bypasses / flow abuses
• Authorization Mechanisms
• Session Handling: Predictability / Termination / Hijacking / Fixation
• Access control bypasses
• Object referencing issues
• Input Validation
• Cross-Site Scripting Attacks (XSS)
• SQL Injection
• Parameter Manipulation
• Web form input abuse
• CSRF
• Open redirects
• Command injection
• XXE
• Feature abuses
• Generating payloads

6. Databases

• MySQL
• PostgreSQL
• Microsoft SQL Server
• Oracle RDBMS
• Web / App / Database Connectivity

7. Networking

• IP Protocols
• Network Architectures
• Networking Protocols
• Network Mapping & Target Identification
• Interpreting Tool Output
• Filtering Avoidance Techniques
• OS Fingerprinting
• Windows vs Linux enumeration
• Application Fingerprinting and Evaluating Unknown Services
• Network Access Control Analysis
• Management Protocols
• Network Traffic Analysis
• IPSec
• VoIP
• Wireless
• Configuration Analysis

8. Windows Security Assessment

• Domain Reconnaissance
• User Enumeration
• Active Directory
• Windows Passwords
• Windows Vulnerabilities
• Windows Patch Management Strategies
• Desktop Lockdown
• Exchange
• Common Windows Applications

9. Unix/Linux Security Assessment

• User Enumeration
• Unix vulnerabilities
• FTP (Unix)
• Sendmail / SMTP (Unix)
• Network File System (NFS) (Unix)
• R* services (Unix)
• X11 (Unix)
• RPC services (Unix)
• SSH (Unix)

10. Finishing Up

• Good report writing skills: after the assessment