Introduction to pentesting

The Pentest training is an intensive 3-day program designed to introduce developers, system administrators and any cybersecurity enthusiasts to the fundamentals of ethical hacking. Through a combination of theory and practical exercises in dedicated environments, participants will learn how to identify and exploit vulnerabilities in web applications and network services. Essential tools such as Kali Linux, Metasploit, Burp Suite and more will be covered. At the end of the training, participants will be able to conduct effective security audits and strengthen the protection of their IT infrastructures.

Program:

Day 1 - Introduction and information gathering

Audit charter

What is it?
Content of the audit charter

Methodology

Steps of an attack
An attacker’s bag of tricks
Testing process

Introduction to Kali Linux

What is it?
Tools included
Lab configuration

Information gathering

Passive vs active recon
Google, Shodan, GitHub hacking
Collect Companies and employees data
Technologies
ASN enumeration
DNS enumeration, resolution and probing
Port scan

Vulnerability scan

CWEs, CVEs & CVSS
Scanners

Day 2 - Exploitation techniques and web security

Report

What is it?
Content of the report

HTTP testing

Requirements
What would you test?
Browser extensions
Introduction to Burp Suite
Cross Site Scripting
SQL injection
Arbitrary file upload

Other network services

Shell vs reverse shell
Find, install and use exploits
Introduction to Metasploit
Service exploitation: FTP, SMB, PostgreSQL, WebDAV…

Day 3 - Post-exploitation and password attacks

Final presentation

What is it?

Password attacks

Cryptography refresher: encoding, hashing, encryption
Leaked passwords and default passwords
Online services & network attacks
Wordlists
Linux vs Windows

Privilege escalation

Horizontal vs Vertical
Linux vs Windows

Post-exploitation

Persistency
Antivirus evasion
Port forwarding and port tunneling

Gwendal Le Coguic - contact@glc.st - quotes on request - SIRET 79778302400038