Security+ 701 Just Labs: The Ultimate Hands-On Bootcamp

Explore ipconfig, a Windows command line tool, to view and manage network settings, including IPv4 and IPv6 addresses, subnet masks, gateways, DNS, and DHCP details.

Explore how ipconfig translates to the Linux equivalents ifconfig and ip address show, compare Windows and Linux networking outputs, including IPv4/IPv6 addresses, MAC addresses, and loopback.

Learn how the ping command tests reachability and measures round-trip time using ICMP echo requests, tracks packet loss, and uses TTL and DNS resolution on Windows with switches.

Master the Linux ping command, using -c for count, -i for interval, and -s for packet size, to test connectivity to gateways, hosts, and DNS servers.

Explore tracing network paths with tracert and traceroute on Windows and Linux, using time-to-live (TTL) and ICMP to map hops, diagnose connectivity, and reveal each router along the route.

Set up a Kali Linux virtual machine in VMware Workstation using the Kali purple ISO, configure hardware and network, and perform a graphical install.

Set up Kali Linux in a virtual machine, choose a desktop environment (GNOME or XFCE), and install the NIST framework tools, the GRUB bootloader, and VMware Tools for full-screen usability.

Explore Kali Linux setup and the linux file system hierarchy, and learn how apt handles updates, dependencies, and installing packages like Kali wallpapers.

Learn to use nslookup to query DNS servers, resolve domains to IP addresses or reverse lookups, and retrieve records like A, AAAA, MX, CNAME, and TXT in Linux and Windows.

Master the dig command, a flexible DNS lookup tool for querying DNS servers to retrieve A, MX, NS, and TXT records, reverse lookups, and zone transfers for troubleshooting.

Explore curl, a versatile client URL tool for transferring data over http and https. Learn its syntax, redirects, get and post requests, saving output, and API interactions in Kali Linux.

Learn real-world curl usage for http get requests, following redirects, saving response bodies and headers, and testing secure connections; essential skills for security professionals.

Learn how SSH enables encrypted remote login, secure file transfer, and tunneling, with key exchange, authentication, and port forwarding demonstrated on Linux using OpenSSH.

Explore the ssh file structure and configuration, including sshd_config and known_hosts, and set up an OpenSSH server on Kali while adjusting Windows firewall and using scp for secure transfers.

Explore hping3 to craft and analyze custom ip, tcp, udp, and icmp packets, set flags, spoof addresses, and time traffic for firewall testing and tcp handshake simulation in a lab.

Discover how Putty enables SSH sessions and SCP or SFTP transfers from Windows. Demonstrate connecting to a Kali Linux SSH server inside a virtual machine from Windows, using port forwarding.

Master basic nmap techniques to discover live hosts, perform port scans, detect services and versions, fingerprint operating systems, and explore the nmap scripting engine in a Kali Linux lab.

Demonstrates UDP and mixed TCP/UDP scans with Nmap, then uses -sV for service version detection and OS fingerprinting to identify hosts and running software such as OpenSSH and Apache.

Explore advanced nmap techniques, from OS detection and version scanning to aggressive scans and NSE scripts, including vulnerability checks with CVEs and exploits, in an authorized lab setup.

explore how Recon ng, a python-based osint framework, automates gathering open source intelligence from public sources like search engines and social media, including whois and subdomain data.

discover how the harvester, a Kali Linux OSINT tool, gathers domain information, including IPs, emails, and subdomains, using multiple search engines and a Git-based setup in a virtual environment.

Learn practical banner grabbing with telnet and netcat, a basic reconnaissance technique to read server banners, identify software versions, and assess weaknesses.

Learn how Shodan.io acts as a passive reconnaissance tool, indexing banners, protocols, and metadata from internet-connected devices, with filters for ports, countries, and organizations to reveal exposed services and vulnerabilities.

Explore cross-site scripting (xss) testing using burp suite on the OWASP broken web application, covering reflected, stored, and dom xss, with payloads and browser verification on Kali Linux.

Demonstrate credential harvesting through site cloning using the social engineering toolkit in a Kali Linux lab, cloning a login page to capture credentials and teach detection and mitigation.

Demonstrate a controlled dictionary and brute-force attack with Hydra on Kali Linux to test the security of network login credentials and show how defenders detect and mitigate such attacks.

Explore the evil twin attack, a wireless man-in-the-middle where a fake access point mimics a legitimate network to capture credentials via captive portals and traffic manipulation.

Explore dns zone transfers using axfr with dig in a controlled lab, demonstrating dns replication and how a misconfigured bind nine server can leak an internal zone to an attacker.

Explore netstat, a network statistics utility, to view listening services, active connections, routing tables, and per‑process socket ownership on Windows and Linux, with tips for detection, response, and forensics.

Explore netcat on Kali Linux to perform banner grabbing, file transfer, and a client-server chat, illustrating raw sockets, tcp handshakes, and what defenders see in logs and packet captures.

Explore the address resolution protocol, mapping IPv4 addresses to MAC addresses, inspect ARP caches and gratuitous ARP, and manage static entries in Kali for spoofing defense.

Inspect the routing table and view routes with legacy route and ip route on Linux; learn to add or remove static routes, troubleshoot connectivity and arp, and understand default gateways.

Explore dnsenum, a multi-threaded dns reconnaissance tool that queries A and NS records, performs zone transfers, brute forces subdomains, and reverse lookups, scraping search engines, in a simulated private-lab workflow.

Connect to an internal network with OpenVPN by establishing a secure TLS tunnel, authenticating clients and servers, and encrypting data via AES 256, using profiles or a server URL.

Explore hashcat's offline password cracking with dictionary attacks on Kali Linux, learn about deterministic hashes (md5, sha1, sha256), salting, and how hashing differs from encryption.

Utilize fuzzing to automatically generate and inject random inputs, triggering crashes and vulnerabilities, including zero-day exploits, for early discovery of security issues. Monitor results and perform reproducible analysis with spike.

Learn how to spoof mac addresses using the mac changer tool on Kali Linux, enabling privacy, testing, and network impersonation by temporarily changing hardware addresses and reverting to originals.

Explore WP scan to audit WordPress sites from the outside, detect version, enumerate plugins and themes, and identify known vulnerabilities and weak passwords with a word list.

Explore Reaver, a penetration testing tool that exploits the Wi-Fi Protected Setup vulnerability by brute-forcing an eight-digit pin split into halves to reveal the WPA or WPA2 passphrase.

Learn Gobuster, a fast Go tool for reconnaissance and directory busting, using wordlists to reveal hidden web paths, understand status codes, and explore redirects and subdomain discovery.

Examine cross-site request forgery, where an authenticated user’s browser is tricked into sending forged requests that perform state-changing actions via the session cookie.

Learn to use Burp Suite Intruder to automate web application attacks by sending customized HTTP requests with payloads, employing sniper and cluster bomb strategies to brute-force credentials.

Explore manual sql injection as a web security vulnerability, understanding how unsanitized input can bypass login and expose data, with hands-on demonstrations using vulnerable apps.

Sqlmap automates detecting and exploiting sql injection flaws in web apps. It covers target identification, payload injection into get, post, or cookies, and enumerating databases, tables, and data.

Explore broken access control vulnerabilities, including insecure direct object references, privilege escalation, command injection, and cross-site scripting, through a lab using Kali, Burp Suite, and OWASP Juice Shop.

Learn Nessus Essentials, a free vulnerability scanner, install and run a credentialed scan on Kali Linux, scan the OWASP Broken Web App, interpret results, and export reports for remediation.

Explore Nessus essentials part 2 by navigating its interface, creating scans, and configuring scheduling and notifications for host discovery and web application testing with OWASP DVWA.

Utilize nmap with the scripting engine to map services, query the vulnerability database for known CVEs and CVSS scores, and derive actionable vulnerability leads during recon on Kali Linux.

Scan web servers quickly with Nikto, a fast, open source scanner that uses a regularly updated vulnerability database to identify outdated software, misconfigurations, and dangerous files.

Master Linux fundamentals for security work, including the Linux file system structure, users and permissions, essential navigation and file commands, process and service management, and basic networking.

Explore Linux file permissions, ownership, users, and process management, including chmod numeric mode, chown, add user, and using ps, top, and htop to monitor systems.

Learn to create, view with cat, and edit linux files using touch, echo, and redirection; edit with vim or nano and remove files with rm and rmdir.

Master Linux operations on a Kali Linux VM by managing processes with ps ox and top, using nice and kill, and monitoring logs with tail and journalctl, plus ufw hardening.

Generate and verify file checksums in Windows using certutil and PowerShell to ensure integrity and detect tampering, compare hashes against vendor values, and practice hash algorithms like MD5 and SHA-256.

Use nikto to scan ssl and tls misconfigurations on https endpoints, identifying expired or self-signed certificates, weak ciphers, and server misconfigurations, including virtual hosts. Analyze outputs for targeted security testing.

Explore local and remote file inclusion vulnerabilities, how attackers exploit them, and techniques like PHP wrappers and log poisoning that lead to code execution and a shell.

Demonstrates a controlled lab to obtain a reverse shell by uploading a PHP reverse shell to a vulnerable DVWA file upload endpoint, using MSF venom and a listener.

Explore Wireshark, a free and open source packet analyzer that captures and displays network traffic, letting you inspect, filter, and export packets via its graphical interface and adapters.

Analyze live network traffic with Wireshark, apply display filters for IPs, ports, or protocols, and inspect packet details across Ethernet, IPv4, TLS, and the OSI and TCP/IP layers.

Master hands-on Wireshark to capture packets and analyze http traffic, apply filters, follow http and tcp streams, and inspect credentials and ftp login data for network security insights.

Capture and analyze network traffic with tcpdump, a lightweight CLI packet sniffer. Filter traffic, write rotating pcaps and stream captures, and inspect data with Tshark or Wireshark in a lab.

Master tcpdump and tshark on Kali Linux to capture and filter traffic for http and https ports, and save results to pcap files.

Explore OWASP ZAP, the free open source web application security scanner, a man-in-the-middle proxy for passive inspection and active probing of vulnerabilities like SQL injection and cross-site scripting and CSRF.

Explore BeEF, a browser exploitation framework that uses client-side vulnerabilities to hook browsers, inject a malicious JavaScript payload, and execute commands via a C2 server for information gathering.

Explore the responder tool for network penetration testing on Kali Linux, demonstrating legacy name resolution protocol poisoning, credential capture, and hash cracking with hashcat.

detect backdoors by inspecting listening sockets and established connections with netstat and ss, mapping ports to processes; use netcat in listener and client modes to test open ports.

Explore the OWASP top ten vulnerabilities using the broken web application lab, detailing broken access control, cryptographic failures, injection, and other threats from 2021 to 2025.

examine sniper, an automated penetration testing framework that performs reconnaissance, osint, enumeration, vulnerability scanning, exploitation, and reporting by orchestrating tools like nmap, nikto, and metasploit.

Explore Kismet, an open-source wireless detector, sniffer, and intrusion detection system that passively monitors Wi-Fi, Bluetooth, and Zigbee traffic via monitor mode for network discovery and threat detection.

Explore WiFi, an automated command-line tool for auditing wireless networks that automates attacks using the Aircrack-ng suite, targeting WEP, WPA, WPA2, and PS-enabled networks, with handshake capture.

Explore the aircrack-ng suite for wireless security testing, including recon with airodump-ng in monitor mode and capturing handshakes with aireplay-ng, then crack WPA with aircrack-ng using a wordlist.

Explore advanced Linux file operations by examining inodes, hard and symbolic links, and their implications for data integrity, with practical commands like readlink and ls for forensic insight.

Explore advanced Linux file operations with find and locate, including size, time-based searches, and forensics use; manage immutable and append-only attributes with chattr and lsattr.

Learn to write and run Bash scripts that automate tasks on Linux, covering script structure, variables, arguments, conditionals, loops, and execution control. Understand the shebang, comments, and making scripts executable.

Explore interactive and non-interactive bash scripting by using variables, read for user input, script arguments, positional parameters, for loops, and conditional statements to control flow.

Explore how Bash scripting uses variables, conditional statements, and loops (for, while, until) to automate tasks, verify files, and understand script execution.

Master bash scripting by defining reusable functions, passing arguments, and invoking conditional logic with if else blocks. Use exit codes, loops, and internet connectivity checks to build practical, maintainable scripts.

Explore advanced hash cracking with John the Ripper on Linux, covering Etsy shadow integration, shadow password formats, and word-mangling techniques for real-world labs.

Explore advanced uses of John the Ripper to crack SSH keys and password-protected archives, using custom wordlists and hash conversions in Linux for penetration testing and capture the flag contexts.

Establish a reverse shell with netcat on Kali Linux to access a Metasploitable host, configuring a listener and using specific port settings for a secure connection.

Learn to stabilize a netcat reverse shell by using Python to spawn a bash, exporting terminal settings, and foregrounding processes for an interactive, reliable shell.

Explore how Socat creates secure, flexible reverse shells and data relays, comparing it to netcat, and demonstrate a TCP reverse shell on Kali Linux with Metasploitable.

Learn to establish a bind shell with socat on a metasploitable machine by configuring a listener, connecting from Kali, and noting firewall effects versus reverse shells.

Stabilize a socat shell by establishing a fully interactive reverse shell over tcp, using port 8080, a pseudo-terminal, and enabling std err for error visibility.

Create metasploit payloads with msfvenom, encode to evade detection, and test them with VirusTotal to assess antivirus and intrusion detection systems evasion capabilities.

Explore msfvenom as a payload factory to generate Linux x86 payloads for a reverse shell, using an MSF console listener and a Metasploitable target in a controlled lab.

Learn to create and deploy a bind shell using msfvenom and Metasploit, configure a bind TCP payload, transfer it to a victim, and establish a meterpreter session.

Learn basic meterpreter commands for post-exploitation, including starting a reverse shell. Enumerate processes, transfer files, manage channels, and gather system information.

Demonstrates advanced Meterpreter commands, including bind shell setup, session management, process migration, file upload/download, and automated tasks via resource scripts, with Windows hash dump concepts and webcam snapshots.

Upgrade a limited ssh shell to a meterpreter shell with metasploit, using db nmap for discovery and postgresql for the database, then manage meterpreter sessions.

Exploit a vulnerable vsftpd ftp service with Metasploit in a controlled lab, gaining a root shell after target enumeration. Emphasize enumeration's importance and the ethical/legal considerations of testing vulnerable services.

Examine Eternalblue, a critical smb vulnerability enabling remote code execution on unpatched Windows systems, demonstrated in an airgapped lab; practice post-exploitation, telemetry collection, and defender-focused detection and remediation.

Demonstrates exploiting the eternal blue vulnerability with Metasploit, performs reconnaissance, and gains remote access to vulnerable Windows targets including Windows 7, Windows Embedded standard seven, Windows Server, and Windows 8 8.0.

Explore how scheduled task persistence works on Windows 7, learn to detect such persistence through event logs and task scheduler activity, and apply effective remediation strategies in a controlled lab.

Build a small, practical bash network check tool from scratch, using argument handling and timeouts with netcat and a bash fallback. Embrace defensive scripting patterns for robust port checks.

Update the Metasploitable SSH configuration with the new IP and verify SSH, ICMP, and port 22 and 80 status using the tiny recon bash script with regular expressions.

Explore PowerShell scripting fundamentals, including its cross-platform automation, cmdlets with verb-noun syntax, pipeline data flow, and integration with the .NET framework, WMI, and Azure and 365.

Explore PowerShell scripting basics on Windows, defining variables with the dollar sign, using write-host for output, and running simple ps1 scripts with proper execution policy.

Explore PowerShell scripting fundamentals, including if-else, loops, and functions, and learn to read input, test host reachability with ping, and fetch or filter services using get-service, where-object, and select-object.

Build a PowerShell system health checker using variables, conditions, functions, and loops to gather host name, OS details, uptime, five resource hungry processes, and Windows service status, with time-stamped logs.

Explore advanced PowerShell scripting by building a system checker that collects network and system info on Kali, prints results, saves to an append-only log, and analyzes top memory processes.

Explore an advanced PowerShell script that collects system information, tests network connectivity, logs results, and defines a reusable service status checker function with logging.

Explore python scripting as a readable upgrade to bash and PowerShell, enabling automation on any machine with a vast library ecosystem, and mastering printing, data types, and variables.

Explore Python scripting basics by defining variables, understanding dynamic typing, and working with data types like strings, integers, floats, and booleans, plus taking sanitized user input and producing formatted output.

Explore Python data structures including lists, tuples, and dictionaries, and learn to create, access, modify, and append items, while mastering mutability, indexing, and key-value access.

Explore Python scripting fundamentals with if-else logic, elif and else, and loop constructs (for and while), using lists, ranges, and simple input validation.

Explore Python scripting basics of loops for and while loops with security-focused examples like pin validation and brute-force prompts, and learn functions, parameters, returns, and f strings.

Explore advanced Python scripting to build a functional port scanner with file logging, using variables, conditionals, loops, and functions for reusable, network-based tools.

Learn advanced Python scripting by building a port scanner and logger in Linux, using socket and datetime to log open ports to a timestamped log file.

Advanced Python scripting by building a main port scanner with exception handling, input validation, and logging. Learn to test, run, and gracefully handle errors while scanning ports.

Learn to establish a benign TCP session with Python scripting by building a simple TCP echo server that binds to an IP and port, accepts connections, receives and echoes data.

Write a Python TCP client to connect to a server and exchange an echo, using client.py and server.py. Learn handling IP, port, timeouts, and basic socket programming.

Create a metasploit payload with the social engineering toolkit to establish a Windows reverse meterpreter shell, then set up a listener and transfer the payload to a Windows 10 VM.

Learn how to use winpeas to enumerate privilege escalation opportunities on a Windows target, interpret on-disk artifacts and event logs, and draft detection and remediation steps in a safe lab.

Explore Linux privilege escalation enumeration with linpeas on a Linux target, using Kali Linux to prepare scripts and establish a shell on Metasploitable, extracting credentials and sensitive data.

Demonstrates suid privilege escalation on Linux using a Metasploitable lab, from initial access to root by exploiting misconfigurations, unprotected suid/sgid executables, and high-permission services.

Master Windows privilege escalation via token impersonation using the rock potato from the potato framework. Practice hands-on with a Kali Linux setup and TryHackMe labs.

Practice identifying and mitigating command injection in a safe lab using the OWASP top ten, Kali Linux, and an intentionally vulnerable web app, focusing on input validation.

Explore broken authentication in the OWASP top 10, demonstrating how weak authentication and session controls enable username enumeration, password changes, and unauthorized access through login flows.

Explore sensitive information disclosure, an A3 OWASP Top 10 vulnerability, by examining how HTML comments, robots.txt, and exposed credentials in a broken web app reveal passwords and database credentials.

Explore XML external entity (XXE) vulnerabilities in the OWASP top ten and how weak parsers enable data disclosure, DoS, and SSRF through hands-on Kali and Burp Suite experiments.

Explore broken access control in the OWASP top ten through a hands-on Kali Linux lab using Burp Suite, demonstrating how manipulating user IDs reveals unauthorized access and data.

Explore security misconfiguration in the OWASP top ten, demonstrating insecure defaults, misconfigured HTTP headers, verbose error messages, and exposed files like robots.txt and passwords.txt.

Explore insecure deserialization as OWASP top 10 vulnerability and see how untrusted serialized data can be manipulated to gain admin access in a lab using Kali Linux and Burp Suite.

Identify and exploit applications using out-of-date or vulnerable components, guided by the OWASP top ten. Examine PHP 7.4 vulnerabilities and the need to keep components up to date.

Identify how unvalidated redirects and forwards arise from untrusted input and enable phishing, credential theft, and access to privileged pages, demonstrated with a practical lab on OWASP top ten A10.

Learn practical reverse engineering fundamentals using static and controlled dynamic analysis to safely dissect binaries, extract indicators, and document findings through a repeatable triage workflow.

Practice basic reverse engineering with static and dynamic analysis, apply file, strings, and exiftool on Linux to solve PicoCTF challenges and extract hidden flags.

Plan, execute, and document a red team engagement using defined scope, roe, conops, and ctI-driven tactics, mapping mitre ATT&CK to the kill chain for realistic simulations.

Learn how red teams plan, execute, and report a realistic engagement by applying a five-step opsec process: identify critical information, analyze threats and vulnerabilities, assess risk, and implement countermeasures.

Explore the Walmart attack through an incident response tabletop exercise, analyzing the intrusion kill chain from vendor access to POS ram scraping, data exfiltration, and PCI DSS implications.

Engage in the blue team capstone by analyzing malicious logs and pcaps with Wireshark to triage alerts, extract IOCs, build incident timelines, and apply concrete detection and remediation steps.

Turn scripting skills into defensive Yara rules for detection and hunting, converting attacker artifacts like strings and headers into scalable rules across SIEM and EDR.