When learning about penetration testing, vulnerability assessments play an important role, followed by exploiting the vulnerabilities identified. Finally, everything needs to be documented properly to present to the client. This course focuses on all these elements of the VAPT activity.
Courses focused on teaching Vulnerability Assessment and Penetration Testing sometimes miss out on essential elements such as documentation. Keeping this in mind, the course module has been developed to help you understand the process of VAPT step by step. So here you’ll learn how to perform vulnerability assessments using well-known softwares such as Nessus and OpenVas.
After finding the vulnerabilities, the next step for a pentester is to try to exploit those vulnerabilities to show the consequences, and nothing is better for this than Metasploit Framework. This being said you’ll also learn about many key features of Metasploit Framework and use it to exploit the vulnerabilities on the target device/machine.
Finally, you’ll understand why you need to document everything done during the activity. By the end of this course, you’ll have a good understanding of the approach to follow when doing VAPT for any client.
About the Author :
With more than 9 years of working experience in the field of IT, Tajinder has conducted Seminars in Engineering Colleges all across India, on topics such as Information Security and Android Application Development at more than 120 colleges and teaching 10,000+ students. Apart from training, he has also worked on VAPT projects for various clients. When talking about certifications, Tajinder is a certified ISO 27001:2013 Auditor.
Prior to this course, Tajinder has authored Practical Linux Security Cookbook published by Packt Publishing. He was also a Technical Reviewer with Packt, in his spare time and has reviewed the books titled - Web Application Penetration Testing with Kali Linux and Mastering Kali Linux for Advanced Penetration Testing. He is best described as dedicated, devoted, and determined and a person who strongly believes in making his dreams come true. He defines himself as a tireless worker, who loves to laugh and make others laugh.
We know that Vulnerability Assessment involves finding the vulnerabilities that exist in the network devices or the applications, in scope. But doing so manually for a large setup would not be easy. This is where the Vulnerability Assessment tools like Nessus walk in.
Once Nessus has been installed on our system, we need to know how to use it to perform an effective scan.
Once Nessus completes a Vulnerability scan, the scan output can be used by other tools for further analysis. For this purpose it is essential to export the scan results in different formats as needed by the analysis tool.
A successful pentest needs appropriate tools in the arsenal. Metasploit is the best tool to have in our arsenal, as a pentester.
To use Metasploit, it’s essential to understand its modules. In this video we shall discuss about Exploits and Payloads, the most important modules of Metasploit.
At times we may be working on Metasploit through console, where we can’t access the GUI of Nessus, to go through the scan results.
If we are working only on terminal/console, then we can’t use Nessus through browser to perform vulnerability scan.
Working with Metasploit only through console, may sometimes not offer all the features it can. At times, GUI may offer better features as compared to terminal. In this video we will learn about Graphical interface of Metasploit, i.e. Armitage.
When we talk about breaking security, the weakest link is human. And for using this weak link for hacking, we need to use social engineering attacks. Social Engineering toolkit is a framework designed that helps us in creating a believable attack in fraction of time.
After completing pentesting activity, next task is to document everything. And while documenting we don't want to miss any detail.
A Vulnerability assessment & Penetration testing activity report should contain information about all the vulnerabilities identified. In this video we’ll discuss how to go through the output of all the tools used
In this video, we discuss about how the vulnerabilities are categorized according to their criticality and the Proof of Concept (POC) for each vulnerability, which is then included in the report
The final report being created is the face of the overall activity performed during pentesting. Hence it is essential that the report has everything required in a proper way.
Packt has been committed to developer learning since 2004. A lot has changed in software since then - but Packt has remained responsive to these changes, continuing to look forward at the trends and tools defining the way we work and live. And how to put them to work.
With an extensive library of content - more than 4000 books and video courses -Packt's mission is to help developers stay relevant in a rapidly changing world. From new web frameworks and programming languages, to cutting edge data analytics, and DevOps, Packt takes software professionals in every field to what's important to them now.
From skills that will help you to develop and future proof your career to immediate solutions to every day tech challenges, Packt is a go-to resource to make you a better, smarter developer.
Packt Udemy courses continue this tradition, bringing you comprehensive yet concise video courses straight from the experts.