Hands-on Penetration Testing Labs 2.0
What you'll learn
- Remote and Local Exploitation
- Vulnerability Scanning
- SQL injection
- Cross-site Scripting
- Reverse shells
- Burp Suite
- Penetration Testing
- Kali Linux
- Remote and local buffer overflows
- Privilege escalation
- Custom exploit development
- Windows host (preferred, course tested with Windows 10, although other OS's should work)
- 8 GB RAM (the more the better)
- Basic Linux skills
- Several free vulnerable VMs (will include comprehensive lab setup instruction)
NOTE: This is independent from my other course, Hands-on Pentration Labs 1.0 - they both have original content and you're not required to buy one or the other by itself.
Welcome to my Hands-on Penetration Testing Labs 2.0 course. You can think of this as part 2 of my other course which has a similar name. This lecture will provide an overview of what you can expect for the remainder of this course.
First of all, this course is extremely hands-on. This means we're not going to be doing much talking about the theory of penetration testing, we're going to be diving into hands on technical application right away. We'll be using VirtualBox as a software hypervisor to build a host-only lab environment. Not only will this help you gain insight into penetration testing, but will give you the skills and resources to create your own environment to test and research beyond what you learn in this course.
The lab is going to consist of Kali Linux, and a variety of intentionally vulnerable Linux and Windows VMs. Some of the things we'll be covering are enumeration and vulnerability scanning and local and remote exploitation with industry standard penetration testing tools such as nmap, dirb, and nikto, Metasploit and standalone exploits. We're also going to focus upon exploit development, covering in detail how to craft a buffer overflow exploit for a custom Linux and Windows binary.
In order to accomplish this goal of buffer over flow exploit development and debugging, we're going to be creating a Windows 7 analysis and attack machine. This will have industry standard tools for exploit dev such as Immunity Debugger. We're also going to learn how to use Kali Linux's built in gnu debugger for this purpose.
The technology and methodology used is in this course is current at the time of this recording, which is January 2019. If you're watching this after the stated date, don't be worried too much, as this content should still be highly relevant for aspiring penetration testers.
I will also be introducing you to several free training platforms which I've found to be extremely helpful prior to earning my many hands-on penetration testing certs including OSCP and eWPT. This training has also helped sky rocket my progress as a skilled senior penetration tester and subject matter expert.
I truly hope that you enjoy my course and I'm very excited to be working with all of you. If you have any trouble, please don't hesitate to reach out to me via the Q&A system or by direct message. However, please make sure you include a detailed and specific question, not something like "I can't get it to work".
Also, I highly encourage independent research and attempting to find answers on your own. This is the single most important skill as a penetration tester, the ability to find solutions to problems you haven't yet encountered.
I ask you to please go through the majority of this course prior to leaving a review so that you can accurately measure the course's quality in entirety. I always appreciate constructive feedback, and encourage students to reach out to me if they think anything valuable could be added to the coursework.
Thanks, and have fun!
Who this course is for:
- Penetration Testers
- Cyber Security Students
- Cyber Security Analysts
- Aspiring Penetration Testers
- Aspiring Cyber Security Analysts
- Technology Enthusiasts
- OSCP Candidates
- CEH Candidates
- Pentest+ Candidates
Summary: Jesse K is a cybersecurity expert with a breadth and depth of knowledge, professional experience, and top of the line credentials directly related to his field of expertise. He has provided quality training for thousands of students online, has mentored them one-on-one, and has coached many to acquire jobs in the cyber field. Professional strengths include security analysis, intrusion detection, ethical hacking, penetration testing, training, and technical writing. Jesse has a true passion for cybersecurity and information technology, and an insatiable ambition to further his knowledge and professional skill set.
Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata); SIEM Technology (Elasticsearch, Logstash, Kibana (ELK), ArcSight, and Splunk); PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics); Penetration Testing (Kali Linux, BurpSuite, Nikto, Nmap, Metasploit, etc.)
Current Degrees/Certifications: M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8 (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP), eLearnSecurity Web application Penetration Tester (eWPT)