Do you find CEH relatively simple and are looking to master the hands on aspects of penetration testing?
Are you a security professional who wants to move beyond scanning and study advanced concepts like exploit development and client side attacks?
Have you conducted your first exploit, but can’t figure out what to do next to make your penetration testing reports stand out to your clients?
If so then this course is for you. Students who complete Advanced Metasploit Decoded and the accompanying exam will gain an in-depth knowledge of the skills required of top penetration testers. Built using real world scenarios encountered in client environments this course focuses on the Metasploit Framework, the de-facto open source penetration testing tool, with support from many other tools in the Backtrack Linux penetration testing distribution. Rather than focusing solely on exploiting systems, this course will cover in-depth the multiple facets of
penetration testing training such as gaining domain administration privileges during an internal penetration test and moving from exploiting a public facing web application to attacking internal systems. Upon graduating from this course you will possess a deep understanding of advanced penetration testing techniques and be well prepared to perform advanced penetration testing services for your clients.
Georgia Weidman is an experienced penetration tester, security researcher, and trainer. She holds a Master of Science degree in computer science, secure software engineering, and
information security as well as holding Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), NIST 4011, and an Offensive Security Certified Professional (OSCP) certifications. Her groundbreaking work in the field of smartphone exploitation has been featured in print and on television including MIT Technology Review, Ars Technica, PC World, Fox News and Global TV Canada. She has presented her research at conferences around the world including Shmoocon, Hacker Halted, Security Zone, and Bsides. Georgia has delivered highly technical security training at conferences, hacker spaces, and schools to excellent reviews. Building on her experience working in both the public and private sectors, Georgia founded Bulb Security LLC, a security consulting firm specializing in security assessments/penetration testing, security training, and research/development. She was awarded a DARPA Cyber Fast Track grant to continue her work in mobile device security.
Module 1: Introduction to the Metasploit Framework
- Using the Backtrack Linux Penetration Testing Distribution
- Deep dive into the Metasploit Framework
- Using the Metasploit Framework
Module 2: Information Gathering
- Penetration Testing Overview
- Passive Reconnaissance
- Port Scanning with nmap
- Metasploit port scanning
Module 3: Vulnerability Scanning
- Vulnerability Scanners
- Metasploit and Nessus
- Metasploit vulnerability scanning
Module 4: Exploitation
- Searching for exploits
- Exploitation with Metasploit
- Network attacks
- Web application attacks
- Attacks against misconfigurations
- Metasploit Scripting
Module 5: Post Exploitation
- Meterpreter
- Local Privilege Escalation attacks
- Pivoting
- Attacks against domains
Module 6: Advanced Exploitation Techniques
- Trojans and Executables
- Client-Side attacks
- The Social Engineer Toolkit
- Bypassing Anti-virus
Module 7: Exploit Development
- Writing a buffer overflow exploit
Module 8: Writing Metasploit Modules
- Writing a simple auxiliary module
- Porting an exploit into Metasploit
- Challenge: Hands on exam practice (hack a live network)
Metasploit has become the defacto tool for penetration testing and exploit development. A deep understanding of the framework is essential to a career as an information security practitioner. This course will teach you how to use Metasploit to improve and streamline each phase of penetration testing and exploit development