Acquire the Dreyfus framework to centralize penetration testing data by importing outputs from tools like Burp, Nessus, Nikto, Nmap, and OpenVAS into one organized repository.

Launch dradis on localhost port 3004, log in, explore the framework and documentation, create an internal testing branch, import a nikto file, and organize notes with categories and plugin configurations.

Create branches and add notes in Dreyfus to organize scanning findings, mark to-do items like Nessus follow ups, build a nested note tree with child nodes, and explore categories next.

Explore common map scan types, including syn scans, full tcp handshake scans, udp scans, and christmas tree scans, to determine open ports and host operating systems.

Students explore idle scanning, using a zombie host and spoofed ip addresses to infer open ports by monitoring changes in the ip id header, achieving stealthy, accurate results.

Explore how Wireshark reveals idle (zombie) scan behavior with spoofed packets and incremental IP ID patterns, plus map scripting checks for 404 and 200 responses.

Acquire Nessus by selecting the appropriate license, download the 64-bit installer, and begin installation, noting home vs professional licenses and update differences.

Install Nessus on Windows, register for a home license with a one-time activation code, and use the local web interface to download plugins and configure scans for vulnerabilities.

Learn to configure Nessus through its policies, plugin selections, and credentials, while managing users, proxies, and plugin feeds to prepare and customize scans efficiently.

Create a shared Nessus policy, configure port scanning with multiple scanners (Nessus, TCAP, SSH, WMI), adjust advanced safe checks, and log scan details to the server for internal network assessments.

Explore configuring Nessus scan credentials, plugins, and options, including Windows credentials and SSH settings, while reviewing clear text protocols and plugin categories for comprehensive network assessment.

Configure web application tests in the policy, enabling maximum runtime, all HTTP methods, and HTTP parameter pollution to uncover flaws, login tests, and server vulnerabilities with Nessus plugins.

Start a scan in Nessus by selecting a policy, adding targets or target lists, choosing run now or a template, and monitoring results as plugins load.

Review Nessus scan results and host summaries to evaluate vulnerabilities and patch status. Verify findings with manual checks and SSL analysis to identify false positives.

Acquire Nexpose and compare it with Nessus, exploring enterprise and community licenses, IP limits, OS options (Windows, Ubuntu Linux), and the installation process with a license key.

Configure and run a Nexpose community edition security scan by adding assets, authenticating with Windows credentials, and reviewing the console results for vulnerabilities.

Learn to perform a discovery scan with Nexpose to locate network hosts, identify assets and listening services, and prepare for deeper analyses on selected hosts.

Master netcat as a command line tool to read from and write to networks, connect to web servers on port 80, issue http requests, and listen on localhost port 5000.

Use netcat to perform protocol checking, issuing http and smtp commands to reveal server software, version, extensions, headers, and banners.

Deploy OpenSSL as a client to negotiate SSL/TLS handshakes, connect to secure hosts on port 443, inspect certificates, and exchange encrypted data that OpenSSL decrypts to plaintext.

discover how sslscan inventories web server encryption ciphers and ssl/tls versions to spot outdated algorithms like des and md5, and evaluate stronger options such as sha and aes.

Explore Nikto, a long-standing web application testing tool on the command line, configured with plugins and evasion techniques to scan a host and generate reports on vulnerabilities.

Acquire Medicine Lloyd, compare the community and professional versions, and note the 32-host limit of the community edition. Download, install, and begin hands-on work within Kali Linux or Backtrack environments.

Install and configure the Metasploit web interface, create a user account, activate the license with a product key (community edition), and navigate workspaces, hosts, vulnerabilities, and captured data.

Learn to organize data with workspaces in medicine Lloyd, creating a vtc workspace to segment hosts and projects, with console and web interface reflecting changes.

Import Nessus results into the selected workspace using a DB import. The process pulls hosts, ports, vulnerabilities, and service data into the database for easy review.

Review nessus scan results, examine hosts and services and open ports, and sift through a large vulnerability list with references to identify actionable vulnerabilities to pursue next.

Identify a vulnerability, set the target host, and run the exploit to gain access. Enumerate the system and gather data such as users, artifacts, and screenshots to prove access.

Demonstrate pivoting and tunneling in ethical hacking by using netstat and routing data to access networks behind an exploited host via auto route.

Write a http fuzzer to probe web servers for vulnerabilities by sending bogus requests and analyzing responses within a modular framework.

Explore social engineering and phishing techniques, including rogue websites and email scams, and see how the social engineering toolkit automates spearfishing and other penetration testing tasks.

Explore Firefox browser plugins for security testing by installing extensions such as Tamper Data, Greasemonkey, Firebug, Hack Bar, and XSSMe to run quick web app assessments.

Explore how tamper data reveals and manipulates cookie data, including session token and session id, to test cookie security, randomness, and potential base64-encoded information.

Use Firebug to inspect page elements, view the DOM and page source, and tweak CSS and scripting with plugins for Drupal and WordPress to reveal hidden inputs.

Explore how the Wappalyzer plug-in reveals a web application's server type and frameworks, including WordPress and Joomla as content management systems, and tools like Google Analytics and Modernizr.

Explore passive recon and passive cache to quickly retrieve historical page versions, DNS details, and MX records using the Wayback Machine, Google cache, and Netcraft.

Practice web application attacks using vulnerable applications like DVWA and WebGoat, exploring brute-force, command execution, SQL injection, and cross-site scripting within practical sandboxes that guide and test your skills.

Acquire Burp Suite, a web application tester with free and professional editions. Download the tool and explore features like intruder and scanner to begin testing.

Configure Firefox to route all browser traffic through Burp Suite professional proxy on 127.0.0.1:1880, with selective bypass for localhost and updates, to demonstrate Burp's testing capabilities.

review burp suite results by examining request and response tabs, headers, and render outputs, then validate cross-site scripting and potential sequel injection findings in a browser or with manual tools.

Learn to use Burp Suite's sequencer to test session ID randomness by live capture, auto analysis, and token analysis, including character, bit, and transition analyses and FIPS considerations.

Explore web application vulnerability testing with burp suite intruder, configuring positions and payloads for fuzzing, brute-forcing credentials, and processing payload transformations to reveal potential flaws.