Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Practical Windows Penetration Testing
Rating: 4.0 out of 5(26 ratings)
274 students

Practical Windows Penetration Testing

Attacking & securing Windows systems with Metasploit and Kali Linux
Last updated 10/2018
English

What you'll learn

  • Scan and discover Windows environments to identify an attack surface.
  • Gather information that could be helpful in exploitation.
  • Penetrate Windows machines through various services.
  • Exploit well-known Windows vulnerabilities.
  • Create persistent access to an exploited machine and maintain a stable backdoor.
  • Collect valuable information from the exploited host.
  • Propagate to other machines using Pass-The-Hash techniques.

Course content

5 sections23 lectures5h 14m total length
  • The Course Overview2:15

    This video provides an overview of the entire course.

  • Disclaimer1:30

    Hacking is a legal gray zone, thus students need to understand that due diligence has to be practiced.

    • Understand what ethical means

    • Warn students that they need to understand the laws of their country

    • This course is for educational purposes only

  • Test Lab Architecture2:08

    We need a windows environment where all exercises in the course can be executed.

    • Understand the architecture of the network

    • Understand how the three machines relate to each other

    • Get ready to install the test machines

  • Setting Up Kali4:12

    Kali Linux is used as the attacker’s machine. It needs to be installed.

    • Download Kali

    • Download Virtual box

    • Import Kali to Virtual box

  • Setting Up Target Win 1024:57

    Most of the attacks will be done against a Windows 10 machine that symbolizes a standard enterprise workstation. It has to be configured carefully so that all exercises could be run.

    • Download the evaluation version of Windows 10

    • Create a new virtual machine and install Windows 10

    • Do additional configuration

  • Setting Up Target Win 20167:07

    Enterprise environments usually run Windows Servers. In our test network it will be a Windows 2016 that will act as the domain controller as well.

    • Download the evaluation version of Windows Server 2016

    • Create a new virtual machine and install Windows Server 2016

    • Save the virtual machine

  • Creating the Domain16:42

    The Windows machine should connect to an internal network that also runs an Active Directory Domain.

    • Turn the Windows 2016 to a domain controller

    • Join the new domain with the Windows 10

    • Create dummy service on the Windows 10

Requirements

  • Basic understanding of penetration testing would be an advantage.

Description

Managing Windows security has always been a challenge for any security professional. As Windows is the most popular operating system in the corporate environment, this course will help you detect and tackle attacks early to save your organization data and money.

This course will follow a typical penetration test scenario throughout. At each stage, you will be shown all the necessary tools and techniques, and how they are applied. The whole course is hands-on to guarantee that you gain practical knowledge. You will start by setting up the environment and learn service identification and network scanning techniques. You will master various exploitation and post exploitation techniques. You will also learn to proxy traffic and implement the most famous hacking technique: the pass-the-hash attack.

By the end of this video tutorial, you will be able to successfully identify and tackle the flaws and vulnerabilities within the Windows OS (versions 7, 8.1, 10) using Metasploit and Kali Linux tools.

About the Author

Gergely Révay, the instructor of this course, hacks stuff for fun and profit at Multinational Corporation in Germany and in the USA. He has worked as a penetration tester since 2011; before that, he was a quality assurance engineer in his home country, Hungary. As a consultant, he did penetration tests and security assessments in various industries, such as insurance, banking, telco, mobility, healthcare, industrial control systems, and even car production.
Gergely has also built online courses and tutorials since 2014 on various platforms. During this time he has put a lot of effort into understanding how pentesting and offensive security can be taught efficiently.

Who this course is for:

  • This course is for security and other IT professionals who would like to learn penetration testing on the Windows platform.