Hands on, Interactive, Penetration Testing & Ethical Hacking
- 3 hours on-demand video
- Full lifetime access
- Access on mobile and TV
- Certificate of Completion
Get your team access to 4,000+ top Udemy courses anytime, anywhere.Try Udemy for Business
- Choose the right exploitation methods with 100% practical hands on examples of real life scenarios. Learn to use Metasploit and Powershell together to enhance your attack. Utilize 'Pivoting' techniques to route into internal networks from compromised perimeter nodes to gain further exploitation and keep your sessions alive with 'persistance'. We will also explore 'covering your tracks' and evading Antivirus & IDS Systems.
- Be able to 'hack' into a system by understanding flaws and weakness's in configurations using your logic and problem solving skills.
- Students are requested to have root access to a system with multiple Operating Systems to mirror exactly what the course describes to illustrate learning. Please make sure you have a 500GB HDD and create sufficient space on each Virtual Machine.
- You need to have a passion for computing, with this you can go far. Without it, you will get bored.
This course has been designed to fill a hole in the market that no other course will give you with hands on step by step tutorials that this visual learning experience provides. This course allows you to follow, in real time, each stage of the engagement that you can tweak and train your skills from over and over again!
You will get the latest tools and techniques using Rapid 7's Superb tool, 'Metasploit', to exploit targets as well as run post exploitation techniques and utilize PowerShell with 'Empire'
The course will visually engage with 'Empire', a post exploitation tool, used to harness the power of Powershell to further exploit Microsoft Windows Operating systems where poor configurations and overlooked policy have been deployed.
The course will start with an understanding of how to move around Metasploit, basic key strokes to get from one section of the framework to another, and together, we will exploit our first system, work out what we can and cant do, how to keep it if something goes wrong, and how to leave the session without being tracked. We will learn how to not be seen by Intrusion Detection Systems and Evade Anti-Virus Software used by professional Penetration Testers around the globe. The course will then look at Empire, again we will start with the basics of moving around, how to gain our sessions known as 'agents', escalate our privileges if required and migrate over to the Metasploit framework. This gives us the beast of both worlds!
You will learn how to be professional in your methodology and help you to gain a foothold in the field.
I will teach you by visual learning and not simply speaking over presentations. Theory is good but this course will get you up and running with little to no knowledge at all. This is the course I really wish i had learning Penetration Testing as it answers the questions that are not a simple Google away.
- This course is designed at anyone with a passion for Network Security. If your a Red Team member looking to exploit weakness's and expose vulnerabilities for you clients or a Blue Teamer looking to protecte your network perimeter or mitigate from insider threats these labs will help your understanding by using visual examples to prove methodology.
In this video, we go over the key navigation points within Metasploit and touch on Handlers, Payloads, Jobs and sessions.
Learn how to gather information on your targets, this is arguably the most important phase of all. This is also known as "reconnaissance" and without it you wont be able to focus your energy in the right area. Spend a lot of time gathering as much information about your targets as this will help you to understand how to conquer them.
Description - Link https://www.rapid7.com/db/modules/exploit/windows/smb/ms08_067_netapi
"This module exploits a parsing flaw in the path canonicalization code of NetAPI32.dll through the Server Service. This module is capable of bypassing NX on some operating systems and service packs. The correct target must be used to prevent the Server Service (along with a dozen others in the same process) from crashing. Windows XP targets seem to handle multiple successful exploitation events, but 2003 targets will often crash or hang on subsequent attempts. This is just the first version of this module, full support for NX bypass on 2003, along with other platforms, is still in development."
In this lecture we gain a Command Shell (which is a DOS Prompt to you and I), and upgrade that DOS prompt to a meterpreter Shell. This will give us the ability to utilize more advanced exploitation techniques than simply having a shell and is usually the first point of getting any Command Shell. The Meterpreter session sits in memory so doesn't get triggered by Anti Virus Software of which is vital to being undetected whilst running through engagements.
During any Penetration Test, you will come across techniques that might, by design, perform a Denial Of Service which will leave the machine you are attacking, frozen, Blue Screened if in Windows, or simply reboot. It is important to know what these are so you don't accidentally try them. Your scope with your client will probably not allow you to perform DOS attacks intentionally, so make sure you're confident of what you're doing before your do it. This example in Windows (MS12020) has an availability checker that you can report to your clients the susceptibility of the DOS.
This time we look at the 'Web script Delivery' module. This module is a great module to learn as it gives you a quick and easy route to gather a new session to the box if you already have access to it. Say you manage to find the credentials and RDP onto a box, you can generate a script in PowerShell, run it and receive a session back on that box.
This also comes in PHP and Pearl flavors if these are relevant to your scenario.
This demonstration shows the bare bones of how to create a session, but in reality it would be rather unlikely for the victim to copy the code into a command box as shown in the video.
Part of being on the attacker side is to think of ways to execute code like this. You could for example, embed the code into a Macro of a Windows Excel or Word Document to automatically run when the file is opened.
Using an AutoRunScript can be a great technique to automate tasks and also allow you to speed up manual tasks & remove human error. This is great for migrating process's to evade antivirus when touching disk.
During your pentest, you will you will need to move around into different machines and gather credentials in order to do so. Here we look at how to gather hashes and crack them to re use these on other systems.
We look at using the popular tools like JTR (John The Ripper) & OPHCrack
Here we look at harnessing the power of Mimikatz.
Mimikatz is a post exploitation tool to gather passwords from compromised machines. Mimikatz isn't documented very well from within the Metasploit Module, so it's useful to see it in action fully.
Pass the Hash or PTH - Is a post exploitation method designed to allow you to give the NTLM Hash discovered from a previous exploit or from a 'hashdump' directly into the password field. This is an incredibly useful method when you don't have the time nor the resources to crack the hashes and need to gain further access and compromise your next machine.
This Lecture looks at the 'ask' module. This module is uses as a Privilege Escalation Tactic that displays a message to the user 'asking' the user if it's 'ok' to run a program. If the user agrees, and has local admin privileges, then a new session is spawned with NT AUTHORITY\SYSTEM.
This time we look at the creating a Windows component script-let file that we execute by using the "unregister" function! This is a nifty way to create shells.
As always we also bypass Anti-Virus and Endpoint Security Systems as the payload inside the script-let doesn't touch disk-space..