Duration 5 Days
DAY 1 – INFORMATION GATHERING
- The mindset of a penetration tester.
- Types of penetration tests.
- Limitations of penetration testing.
- How to create a testing infrastructure.
- Defining rules of engagement and scoping a project.
- A pen tester's tool chest of information gathering resources.
- Types of scans - Network sweeps, network tracing, port scans, OS fingerprinting, version scans, and vulnerability scans.
- Network mapping.
- Port scanning
- OS Fingerprinting.
- Vulnerability Scanning.
DAY 2 – GAINING ACCESS
- Exploit categories - server-side, client-side, and local privilege escalation
- Metasploit Framework
- The Metepreter
- Exploit without Metasploit
- Transferring file techniques
- Windows commandline for penetration tester
- Password attack
- Password Guessing with Hydra
- Knowing password format in Windows and Linux
- Dumping Windows Hash
- Offline password attack with John the Ripper
- Rainbow table attacks using Ophcrack
DAY 3 – WIRELESS ATTACK
- Wireless Concepts
- Wireless Encryption Algorithms
- Wireless Threats
- Wireless Hacking Methodology
- Wireless Hacking Tools
- Wireless Security Tools and Penetration Testing
DAY 4 – WEB APPLICATION ATTACK
- Web application scanning and exploitation tools
- Web application manipulation tools
- Injection attacks
- Building a wireless pentest platform
- Identifying unsecured access points and peer-to-peer systems
- Identifying wireless misconfigurations
- Exploiting various wireless protocols
DAY 5 - MOBILE ATTACK
- Mobile Platform Attack Vectors
- Hacking Android OS
- Hacking iOS
- Mobile Device Security ManagementGuidelines and Tools
- Mobile Pen Testing