Penetration testing – detecting and exploiting vulnerabilities ( pentest | 28 hours )

• Knowledge of basic issues related to computer networks (IP addressing, Ethernet, basic services - DNS, DHCP) and operating systems
• Knowledge of Windows and Linux (basic administration, system terminal)

target group

• people responsible for network and service security,
• network and system administrators who want to learn about security testing
• everyone interested in the topic.

The training comprehensively presents the issue of penetration testing and practical
testing the security of their own services and systems. Each participant will have the opportunity to independently perform the presented scanning and attack methods on a controlled virtualized environment on their computer, starting with learning the addresses of the attacked services and ending with obtaining full authorizations on all attacked machines. Issues related to both organizational aspects and preparing a report on the conducted test will also be discussed.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

How to test network and service security

• Penetration Testing – What is It?
• Penetration Testing vs. Auditing – Similarities, Differences, What is Appropriate?
• Practical problems – what could go wrong?
• Test scope – what do we want to check?
• Sources of good practices and recommendations

Penetration Test - Reconnaissance

• OSINT – or obtaining information from open sources
• Passive and active methods of network traffic analysis
• Identification of services and network topology
• Security systems (firewalls, IPS/IDS systems, WAF, etc.) and their impact on tests

Penetration Test – Searching for Vulnerabilities

• Recognition of systems and their versions
• Searching for vulnerabilities in systems, infrastructure and applications
• Vulnerability Assessment – or “Will It Hurt?”
• Exploit Sources and Customization Options

Penetration Test – Attack and Takeover

• Types of attacks – how are they carried out and what are their effects?
• Remote and local exploit attack
• Attacks on network infrastructure
• Reverse shell – how to manage a compromised system
• Privilege Escalation – or How to Become an Administrator
• Ready-made "hacking tools"
• Analysis of the compromised system – interesting files, saved passwords, private data
• Special cases: web applications, WiFi networks
• Social engineering – or how to “break” a person if you can’t break the systems?

Penetration Testing – Covering Up Traces and Maintaining Access

• Login and activity monitoring systems
• Log cleaning and trace erasure
• Backdoor – or how to leave yourself an open door

Penetration Test Summary

• Preparation of the report and its structure
• Submission and consultation of the report
• Verification of implementation of recommendations