Course Details : PenTest+

Overview

CompTIA PenTest+ is an intermediate-skills level cybersecurity certification that focuses on offensive skills through pen testing and vulnerability assessment. Cybersecurity professionals with CompTIA PenTest+ know how plan, scope, and manage weaknesses, not just exploit them

Schedule


Virtual Classroom
-

Course Fee

Apply Now

What you will learn


Outline


Course Introduction:

Preparation: • Lab overview & Needed Software • Installing Kali 2020 As a virtual Machine Using a ready Image. • Installing Metashploitable As a Virtual Machine • Installing Windows As a virtual Machine.

Class 1

Preparation Linux basics

Preparation Linux basics: • Basic Overview of kali Linux • The Linux Terminal & Basic Linux Commands • Configuring Metasploitable & Lab Network Setting

Class 2

Website Basics

Website Basics • What a Website? • How to Hack a Website?

Class 3

Information Gathering

Information Gathering • Gathering Information Using Whois Lookup • Discovering Technologies Used On the Website • Gathering Comprehensive DNS Information • Discovering Website On The Same Server • Discovering Subdomains • Discovering Sensitive Files • Analyzing Discovered Files • Maltego – Discovering Servers, Domain & Files • Meltego – Discovering Website, Hosting Provider @ Emails

Class 4

File Upload Vulnerabilities

File Upload Vulnerabilities • How to Discover & Exploit Basic File Upload Vulnerabilities to Hack Websites • HTTP Requests - GET & POST • Intercepting HTTP Requests • Exploiting Advanced File Upload Vulnerabilities To Hack Websites • Exploiting More Advanced File Upload Vulnerabilities • [Security] Fixing File Upload Vulnerabilities

Class 5

Code Execution Vulnerabilities

Code Execution Vulnerabilities • How To Discover & Exploit Basic Code Execution Vulnerabilities To Hack Websites • Exploiting Advanced Code Execution Vulnerabilities • [Security] - Fixing Code Execution Vulnerabilities

Class 6

Local File Inclusion Vulnerabilities (LFI)

Local File Inclusion Vulnerabilities (LFI) • What are they? And How To Discover & Exploit Them • Gaining Shell Access From LFI Vulnerabilities - Method 1 • Gaining Shell Access From LFI Vulnerabilities - Method 2

Class 7

Remote File Inclusion Vulnerabilities (RFI)

Remote File Inclusion Vulnerabilities (RFI) • Remote File Inclusion Vulnerabilities - Configuring PHP Settings • Remote File Inclusion Vulnerabilities - Discovery & Exploitation • Exploiting Advanced Remote File Inclusion Vulnerabilities To Hack Websites • [Security] Fixing File Inclusion Vulnerabilities

Class 8

SQL Injection Vulnerabilities

SQL Injection Vulnerabilities • What is SQL? • Dangers of SQL Injections

Class 9

SQL Injetion Vulnerabilities – SQLi In Login Pages

SQL Injection Vulnerabilities – SQLi In Login Pages • Discovering SQL Injections In POST • Bypassing Logins Using SQL Injection Vulnerability • Bypassing More Secure Logins Using SQL Injections • [Security] Preventing SQL Injections In Login Pages

Class 10

SQL Injection Vulnerabilities – Extracting Data From The Database

SQL Injection Vulnerabilities – Extracting Data From The Database • Discovering SQL Injections in GET • Reading Database Information • Finding Database Tables • Extracting Sensitive Data Such As Passwords

Class 11

SQL Injection Vulnerabilities – Advanced Exploitation

SQL Injection Vulnerabilities – Advanced Exploitation • Discovering & Exploiting Blind SQL Injections • Discovering Complex SQL Injection Vulnerabilities • Exploiting an advanced SQL Injection Vulnerability to Extract Passwords • Bypassing Filters • Bypassing Security & Accessing All Records • [Security] Quick Fix To Prevent SQL Injections • Reading & Writing Files On The Server Using SQL Injections • Getting A Shell & Controlling The Target Server Using an SQL Injection • Discovering SQL Injections & Extracting Data Using SQLmap • Getting a Direct SQL Shell using SQLmap • [Security] - The Right Way To Prevent SQL Injection Vulnerabilities

Class 12

XSS Vulnerabilities

XSS Vulnerabilities • Introduction - What is XSS or Cross Site Scripting? • Discovering Basic Reflected XSS • Discovering Advanced Reflected XSS • Discovering An Even More Advanced Reflected XSS • Discovering Stored XSS • Discovering Advanced Stored XSS

Class 13

XSS Vulnerabilities – Exploitation

XSS Vulnerabilities – Exploitation • Hooking Victims To BeEF Using Reflected XSS • Hooking Victims To BeEF Using Stored XSS • Interacting With Hooked Targets • Running Basic Commands On Victims • Stealing Credentials/Passwords Using A Fake Login Prompt

Class 14

Insecure Session Management

Insecure Session Management • Logging In As Admin Without a Password By Manipulating Cookies • Discovering Cross Site Request Forgery Vulnerabilities (CSRF) • Exploiting CSRF To Change Admin Password Using a HTML File • Exploiting CSRF Vulnerabilities To Change Admin Password Using Link • [Security] The Right Way To Prevent CSRF Vulnerabilities

Class 15

Brute Force & Dictionary Attacks

Brute Force & Dictionary Attacks • Introduction to Brute Force & Dictionary Attacks? • Creating a Wordlist • Guessing Login Password Using a Wordlist Attack With Hydra

Class 16

Discovering Vulnerabilities Automatically Using Owasp – ZAP

Discovering Vulnerabilities Automatically Using Owasp – ZAP • Scanning Target Website For Vulnerabilities • Analysing Scan Results

Class 17

Post Exploitaion

Post Exploitation • Post Exploitation Introduction • Executing System Commands On Hacked Web Servers • Escalating Reverse Shell Access To Weevely Shell • Weevely Basics - Accessing Other Websites, Running Shell Commands ...etc • Bypassing Limited Privileges & Executing Shell Commands • Downloading Files From Target Webserver • Getting a Reverse Connection From Weevely • Accessing The Database

Class 18

Prerequisites


Class lab


Who should attend