Finding and Exploiting Hidden Vulnerabilities
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1 student enrolled
Wishlisted Wishlist

Please confirm that you want to add Finding and Exploiting Hidden Vulnerabilities to your Wishlist.

Add to Wishlist

Finding and Exploiting Hidden Vulnerabilities

Dive into the world of Advanced Network Penetration Testing
0.0 (0 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
1 student enrolled
Created by Packt Publishing
Last updated 9/2017
English [Auto-generated]
Current price: $10 Original price: $125 Discount: 92% off
5 hours left at this price!
30-Day Money-Back Guarantee
  • 2.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Explore well-known tools such as Nessus and OpenVas to perform vulnerability assessments
  • See how to export the scan results and analyze them
  • Get familiar with Metasploit Framework and its modules such as Exploits and Payloads
  • Import Nessus results in Metasploit and perform targeted exploitation
  • Dive deep into Metasploit modules to perform various types of scans
  • Create custom backdoors using Msfvenom and Encoders
  • Exploit the target using well-known applications such as MS Office documents and PDF documents
  • Document the findings of the VAPT activity to prepare an impressive report
View Curriculum
  • Throughout the course, the focus is less theory and more practical examples through a step-by-step approach.

When learning about penetration testing, vulnerability assessments play an important role, followed by exploiting the vulnerabilities identified. Finally, everything needs to be documented properly to present to the client. This course focuses on all these elements of the VAPT activity.

Courses focused on teaching Vulnerability Assessment and Penetration Testing sometimes miss out on essential elements such as documentation. Keeping this in mind, the course module has been developed to help you understand the process of VAPT step by step. So here you’ll learn how to perform vulnerability assessments using well-known softwares such as Nessus and OpenVas.

After finding the vulnerabilities, the next step for a pentester is to try to exploit those vulnerabilities to show the consequences, and nothing is better for this than Metasploit Framework. This being said you’ll also learn about many key features of Metasploit Framework and use it to exploit the vulnerabilities on the target device/machine.

Finally, you’ll understand why you need to document everything done during the activity. By the end of this course, you’ll have a good understanding of the approach to follow when doing VAPT for any client.

About the Author :

Tajinder Kalsi

With more than 9 years of working experience in the field of IT, Tajinder has conducted Seminars in Engineering Colleges all across India, on topics such as Information Security and Android Application Development at more than 120 colleges and teaching 10,000+ students. Apart from training, he has also worked on VAPT projects for various clients. When talking about certifications, Tajinder is a certified ISO 27001:2013 Auditor.

Prior to this course, Tajinder has authored Practical Linux Security Cookbook published by Packt Publishing. He was also a Technical Reviewer with Packt, in his spare time and has reviewed the books titled - Web Application Penetration Testing with Kali Linux and Mastering Kali Linux for Advanced Penetration Testing. He is best described as dedicated, devoted, and determined and a person who strongly believes in making his dreams come true. He defines himself as a tireless worker, who loves to laugh and make others laugh.

Who is the target audience?
  • This course is for those who already know the basics of various methodologies related to penetration testing, and how to perform Reconnaissance and scanning on the target. Anyone from a novice to an experienced security tester can learn effective techniques to perform VAPT.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
22 Lectures
Vulnerability Assessment
6 Lectures 39:00
This video will give an overview of the entire course
Preview 01:33

We know that Vulnerability Assessment involves finding the vulnerabilities that exist in the network devices or the applications, in scope. But doing so manually for a large setup would not be easy. This is where the Vulnerability Assessment tools like Nessus walk in.

Installing Nessus Vulnerability Scanner

Once Nessus has been installed on our system, we need to know how to use it to perform an effective scan.

Using Nessus

Once Nessus completes a Vulnerability scan, the scan output can be used by other tools for further analysis. For this purpose it is essential to export the scan results in different formats as needed by the analysis tool.

Exporting Nessus Output

At times we may want to use free tools instead of commercial tools to perform Vulnerability assessment. When we talk about free tools, OpenVas is a really good choice to use.
Installing OpenVas

When using any tool, it is essential to know about its architecture and working, so that it can be utilized properly.
Using OpenVas
Introducing Metasploit Framework
6 Lectures 48:40

A successful pentest needs appropriate tools in the arsenal. Metasploit is the best tool to have in our arsenal, as a pentester.

Preview 08:35

To use Metasploit, it’s essential to understand its modules. In this video we shall discuss about Exploits and Payloads, the most important modules of Metasploit.

Understanding Payloads and Exploits

At times we may be working on Metasploit through console, where we can’t access the GUI of Nessus, to go through the scan results.

Importing Nessus Results

If we are working only on terminal/console, then we can’t use Nessus through browser to perform vulnerability scan.

Scanning with Metasploit

Working with Metasploit only through console, may sometimes not offer all the features it can. At times, GUI may offer better features as compared to terminal. In this video we will learn about Graphical interface of Metasploit, i.e. Armitage.

Metasploit Interfaces

Once we have successfully exploited the target machine, getting the maximum benefits from the target machine is also essential. Meterpreter is one of feature-rich payload of Metasploit, which offers a lot to work with on the exploited target machine.
Using Meterpreter
Exploitation Using Metasploit
5 Lectures 39:22
The target machine can be running any OS platform. When exploiting such machines, our tool should be capable enough to exploit it irrespective of the platform.
Preview 04:10

For exploiting target machine we have to generate different payloads according to the needs. Msfvenom is a standalone payload generator for Metasploit, using which we can generate different payloads for different needs

When we exploit any target machine, it may be running some anti-virus software, which may not allow our payloads to run. In this video, we will learn to evade anti-virus softwares

While exploiting a target machine, one of the easiest way of spreading the exploit code is through an exe file. However, in case of EXE files, the drawback is that the anti-virus might catch them. In such situations we can try to exploit the applications running on the target machine such as Ms Office and Adobe Reader.
Exploiting MS Office and PDF Documents

When we talk about breaking security, the weakest link is human. And for using this weak link for hacking, we need to use social engineering attacks. Social Engineering toolkit is a framework designed that helps us in creating a believable attack in fraction of time.

Social Engineering Toolkit
Assembling the Pieces
5 Lectures 24:44

After completing pentesting activity, next task is to document everything. And while documenting we don't want to miss any detail.

Preview 04:26

When performing pentest, it’s essential to gather all required information from the client. This helps when documenting the activity in report.
Information Gathered

A Vulnerability assessment & Penetration testing activity report should contain information about all the vulnerabilities identified. In this video we’ll discuss how to go through the output of all the tools used

Vulnerabilities Identified

In this video, we discuss about how the vulnerabilities are categorized according to their criticality and the Proof of Concept (POC) for each vulnerability, which is then included in the report

Exploitable Vulnerabilities

The final report being created is the face of the overall activity performed during pentesting. Hence it is essential that the report has everything required in a proper way.

About the Instructor
Packt Publishing
3.9 Average rating
8,138 Reviews
58,573 Students
686 Courses
Tech Knowledge in Motion

Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.

With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.

From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.

Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.