This full day workshop runs for approximately 6 hours and is customised to fit the industry and expertise level of your I.T. department. From basic security risks to advanced exploitation demonstrations, we show the I.T. department exactly what an attack on their systems would look like from the perspective of the attacker and, more importantly, how to prevent an attack by implementing industry standards and best practices. Gain valuable insight about how hackers think and what they look for as they attack your infrastructure or scan you for easy targets.
This training course offers a collection of live demonstrations featuring a variety of hacking and defensive techniques used by hackers.
About the Training
Because security is an ever-changing battlefield, our Hands-on Penetration Testing exposes you to the latest in network and application vulnerabilities and defenses. Our instructor will illustrate each technology’s default security posture, installation weaknesses, methods hackers use to circumvent “secure” settings, and countermeasures for each vulnerability.
Every network administrator should know how to scan their own network for open ports like an attacker would.
- Port Scanning Basics
- Scanning Techniques
- Port Scanning, Network sweeping, OS fingerprinting, Service enumeration, Version scans
- Nmap Scripting Engine
Once we have identified vulnerabilities on those open poets, let’s see if we can attack them.
- Connecting and listening on TCP/UDP port with
- Compiling and Executing Linux and Windows exploits
- Metasploit Framework Fundamentals
- Using Metasploit Exploits
- Types of Payloads
- Metasploit Auxiliary Modules
How about attacking users instead of servers?
- Binary Payloads
- Bypassing Antivirus
- VBScript Infection
- Java Applet Infection
- PDF Exploits
- Trojan and Rootkit Development
- Social Engineering Toolkit
- Spear Phishing Attacks
- Credential Harvesting
- Infectious USB/DVD/CD attack
Now that we have “hacked” a server and a client, what’s next?
- Privilege Escalation
- Cleaning event logs
- Persistent Backdoor
- Enabling Remote Desktop
- Packet sniffing on compromised machines
The most likely attack vector – Websites
- Web Application Threats
- Cross-Site Scripting
- SQL Injections
- Blind SQL Injections
- Enumerating DBs
- Command Injection Flaws
- Parameter/Form Tampering
- Directory Traversal