Metasploit for Enterprise Penetration Testing
In this course we will teach you how to apply the incredible capabilities of the Metasploit Framework in a comprehensive penetration testing and vulnerability assessment regimen. In this course, you will learn how Metasploit can fit into your day-to-day penetration testing assessment activities. You’ll gain an in-depth understanding of the Metasploit Framework far beyond how to exploit a remote system. You’ll also explore exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.
Course Key Learnings
- Many enterprises today face regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments. Commercial tools and services for performing such tests can be expensive. While really solid solid free tools such as Metasploit are available, many testers do not understand the comprehensive feature sets of these tools and nor how to apply them in a professional-grade testing methodology.
- Students who complete the course will have a firm understanding of how Metasploit can fit into their penetration testing and day-to-day assessment activities. The course will provide an in-depth understanding of the Metasploit Framework far beyond simply showing attendees how to exploit a remote system. The class will cover exploitation, post-exploitation reconnaissance, anti-virus evasion, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created to exploit and analyze security flaws.
- The course will also cover many of the pitfalls that a tester may encounter when using the Metasploit Framework and how to avoid or work around them, making tests more efficient and safer.
Course Content:
Module1: Metasploit for Enterprise Penetration Testing – Section 1v
Overview
Section 1 is designed to help attendees master the most heavily used exploitation framework on the planet and see how they can wield it effectively in professional penetration testing. We analyze some of the most powerful and yet often overlooked capabilities of the Metasploit Framework, using numerous exercises that make this one of the most hands-on courses ever developed by SANS.
You will go from zero to exploit and beyond faster than you ever thought possible. For example, after this course section you will understand the Ruby foundations of Metasploit and how interacting with these underpinnings will greatly optimize and enhance your testing activities. Further, you will understand how far you can extend your exploitation activities through the effective use of some of the late-breaking features of the amazing Meterpreter. Finally, have you ever wondered how you can compromise an entire domain from simple Windows system access? After this section you will know exactly how to achieve this kind of result. After all, shell is only the beginning.
Topics
- Guided Overview of Metasploit’s Architecture and Components
- Deep Dive into the Msfconsole Interface, including Logging and Session Manipulation
- Careful and Effective Exploitation
- The Ultimate Payload: The Metasploit Meterpreter In-Depth
- Metasploit’s Integration into a Professional Testing Methodology
- Automation with Meterpreter Scripts to Achieve More in Less Time with Consistency
- It’s Not All Exploits – Using Metasploit as a Recon Tool
- Using Auxiliary Modules to Enhance your Testing
- Ultra-Stealthy Techniques for Bypassing Anti-Virus Tools
- Client-Side Attacks – Using One-Liners instead of Executables
- Port and Vulnerability Scanning with Metasploit, Including Integration with Nmap, Nessus, and Qualys
- Capturing SMB Credentials and Metasploit’s awesome PowerShell integration
Module2: Metasploit for Enterprise Penetration Testing – Section 2
Overview
In this second section we build upon the deep foundations of section 1 to see how Metasploit can be used within a penetration tester’s ecosystem of tools and techniques to attack systems in new and creative ways. We’ll analyze the activities of the most effective bad guys to see how they target enterprises via complex and often non-traditional attack vectors so that we can model their behaviors in our penetration testing processes. Client-side attacks launched via email, phishing, and document payload attacks are currently some of the most heavily used attack vectors. The bad guys use these techniques because they almost always work. The course shows penetration testers how to wield such attacks to determine the business implications of vulnerabilities, all with the objective of improving the target organization’s security stance.
Topics
- Merciless Pivoting: Routing Through Exploited Systems
- Exposing Metasploit’s Routing Using SOCKS Proxies
- Privilege Escalation Attacks
- Metasploit’s Integration with Other Tools
- Making the Most of Windows Payloads
- Advanced Pillaging – Gathering Useful Data from Compromised Machines
- Evading Countermeasures to Mimic Sophisticated Attackers
- Scripting Up the Meterpreter to Customize Your Own Attacks
- Persisting Inside an Environment
- Carefully Examining Your Attack’s Forensic Artifacts
- Integration with CrackMapExec, a Stand-alone Testing Tool
- Command and Control via Third-Party Infrastructure
International Student Fee: 950 US$
Job Interview Preparation (Soft Skills Questions & Answers)
- Tough Open-Ended Job Interview Questions
- What to Wear for Best Job Interview Attire
- Job Interview Question- What are You Passionate About?
- How to Prepare for a Job Promotion Interview
Your FREE eLEARNING Courses (Click Here)
Internships, Freelance and Full-Time Work opportunities
- Join Internships and Referral Program (click for details)
- Work as Freelancer or Full-Time Employee (click for details)
Flexible Class Options
- Week End Classes For Professionals SAT | SUN
- Corporate Group Trainings Available
- Online Classes – Live Virtual Class (L.V.C), Online Training
Related Courses
IOS and Android Application Security Analysis and Penetration Testing
Wireless Penetration Testing and Ethical Hacking
Hacker Tools, Techniques, and Incident Handling
Enterprise Penetration Testing