Course Outline
Planning and Scoping
- Understand the importance of planning for an engagement
- Key legal concepts
- Understand the importance of scoping an engagement correctly
- Understand critical aspects of compliance-based assessments
Information Gathering and Vulnerability Identification
- For various scenarios, execute information gathering with different techniques
- Vulnerability scanning techniques for various scenarios
- Anayzing vulnerability scanning results
- Process for leveraging information to prepare for exploitations
- Weaknesses and specialized systems
Attacks and Exploits
- Understanding differences between social engineering attacks
- Exploiting network-based vulnerabilities
- Exploiting wireless and RF-based vulnerabilities
- Exploiting application-based vulnerabilities
- Exploiting local host vulnerabilities
- Physical security attacks related to facilities
- Post exploitation techniques
Penetration Testing Tools
- Utilizing Nmap to execute information gathering exercises
- Understanding the use cases for different tools
- Analyzing tool output data from a penetration test
- Analyzing basic scripts (limited to Bash, Python, Ruby, and PowerShell)
Reporting and Communication
- Report writing and handling best practices
- Post report delivery activities
- Mitigation strategies for discovered vulnerabilities
- Communication during the penetration testing process