OSCP Penetration Testing Certification

Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security. Those new to OffSec or penetration testing should start here. This online ethical hacking course is self-paced. It introduces penetration testing tools and techniques via hands-on experience. PEN-200 trains not only the skills, but also the mindset required to be a successful penetration tester. Students who complete the course and pass the exam earn the coveted Offensive Security Certified Professional (OSCP) certification.

Course Objectives

After completing this course, students will be able to :

Using multiple information gathering techniques to identify and enumerate targets running various operating systems and services.
Ability to write basic scripts and tools to aid in the penetration testing process
How to analyze, correct, modify, cross-compile, and port public exploit code.
Ability to successfully conduct both remote and client side attacks.
Ability to identify and exploit XSS, SQL injection, and file inclusion vulnerabilities in web applications – Expertise in deploying tunneling techniques to bypass firewalls

Target Audience

IT Professionals
System Administrator
Network Engineer
SOC Analyst
Pentesters

Course Pre-requisite

Penetration Testing with Kali Linux is a foundational course, but still requires students to have certain knowledge prior to attending the online class.
A solid understanding of TCP/IP , networking, and reasonable Linux skills are required.
Familiarity with Bash scripting along with basic Perlor Python is considered a plus.

Course Summary

Course Fee

৳ 30,000

Training Method

Offline/Online

Total Modules

25 Course Duration

40 Hours

Total Session

20 Class Duration

2 Hours

Enroll Now

Details Course Outlines

Module-01

Getting Comfortable with Kali Linux

Module-02

Finding Your Way Around Kali

Module-03

Managing Kali Linux Services

Module-04

Searching, Installing, and Removing Tools

Module-05

Command Line Fun

The Bash Environment
Environment Variables
Tab Completion
Bash History Tricks
Piping and Redirection
Redirecting to a New File
Redirecting to an Existing File
Redirecting from a File
Redirecting STDERR
Piping

Module-06

Text Searching and Manipulation

Module-07

Editing Files from the Command Line

Module-08

Managing Processes

Backgrounding Processes (bg)
Jobs Control: jobs and fg
Process Control: ps and kill
File and Command Monitoring
tail
watch
Downloading Files
wget
curl
axel

Module-09

Customizing the Bash Environment

Bash History Customization
Alias
Persistent Bash Customization
Netcat
Connecting to a TCP/UDP Port
Listening on a TCP/UDP Port
Transferring Files with Netcat
Remote Administration with Netcat
Socat
Netcat vs Socat
Socat File Transfers
Socat Reverse Shells
Socat Encrypted Bind Shells
PowerShell and Powercat
PowerShell File Transfer
PowerShell Reverse Shells
PowerShell Bind Shells
Powercat
Powercat File Transfers
Powercat Reverse Shells
Powercat Bind Shells
Powercat Stand-Alone Payloads

Module-10

Packet Capturing

Wireshark Basics
Launching Wireshark
Capture Filters
Display Filters
Following TCP Streams
Tcpdump
Filtering Traffic
Advanced Header Filtering

Module-11

Bash Scripting

Intro to Bash Scripting
Variables
Arguments
Reading User Input
If, Else, Elif Statements
Boolean Logical Operations
Loops
For Loops
While Loops
Functions
Practical Examples
Practical Bash Usage – Example

Module-12

Passive Information Gathering

Taking Notes
Website Recon
Whois Enumeration
Google Hacking
Netcraft
Recon-ng
Open-Source Code
Shodan
Security Headers Scanner
SSL Server Test
Pastebin
User Information Gathering
Email Harvesting
Password Dumps
Social Media Tools
Site-Specific Tools
Stack Overflow
Information Gathering Frameworks
OSINT Framework
Maltego

Module-13

Active Information Gathering

DNS Enumeration
Interacting with a DNS Server
Automating Lookups
Forward Lookup Brute Force
Reverse Lookup Brute Force
DNS Zone Transfers
Relevant Tools in Kali Linux
Port Scanning
TCP / UDP Scanning
Port Scanning with Nmap
Masscan
SMB Enumeration
Scanning for the NetBIOS Service
Nmap SMB NSE Scripts
NFS Enumeration
Scanning for NFS Shares
Nmap NFS NSE Scripts
SMTP Enumeration
SNMP Enumeration
The SNMP MIB Tree
Scanning for SNMP
Windows SNMP Enumeration Example

Module-14

Vulnerability Scanning

Vulnerability Scanning Overview and Considerations
How Vulnerability Scanners Work
Manual vs Automated Scanning
Internet Scanning vs Internal Scanning
Authenticated vs Unauthenticated Scanning
Vulnerability Scanning with Nessus
Installing Nessus
Defining Targets
Unauthenticated Scanning with Nessus
Authenticated Scanning with Nessus
Scanning with Individual Nessus Plugins
Vulnerability Scanning with Nmap

Module-15

Web Application Attacks

Web Application Assessment Methodology
Web Application Enumeration
Inspecting URLs
Inspecting Page Content
Viewing Response Headers
Inspecting Sitemaps
Locating Administration Consoles
Web Application Assessment Tools
DIRB
Burp Suite
Nikto
Exploiting Web-based Vulnerabilities
Exploiting Admin Consoles
Cross-Site Scripting (XSS)
Directory Traversal Vulnerabilities
File Inclusion Vulnerabilities
SQL Injection
Extra Miles
Exercises

Module-16

Introduction to Buffer Overflows

Introduction to the x Architecture
Program Memory
CPU Registers
Buffer Overflow Walkthrough
Sample Vulnerable Code
Introducing the Immunity Debugger
Navigating Code
Overflowing the Buffer
Exercises
Windows Buffer Overflows
Discovering the Vulnerability
Fuzzing the HTTP Protocol
Win Buffer Overflow Exploitation
A Word About DEP, ASLR, and CFG
Replicating the Crash
Controlling EIP
Locating Space for Our Shellcode
Checking for Bad Characters
Redirecting the Execution Flow
Finding a Return Address
Generating Shellcode with Metasploit
Getting a Shell

Module-17

Client-Side Attacks

Know Your Targe
Passive Client Information Gathering
Active Client Information Gathering
Leveraging HTML Applications
Exploring HTML Applications
HTA Attack in Action
Exploiting Microsoft Office
Installing Microsoft Office
Microsoft Word Macro
Object Linking and Embedding
Evading Protected View
Wrapping Up
Locating Public Exploits
A Word of Caution
Searching for Exploits
Online Exploit Resources
Offline Exploit Resources
Putting It All Together
Fixing Exploits
Fixing Memory Corruption Exploits
Overview and Considerations
Importing and Examining the Exploit
Cross-Compiling Exploit Code
Changing the Socket Information
Changing the Return Address
Changing the Payload
Changing the Overflow Buffer
Fixing Web Exploits
Considerations and Overview
Selecting the Vulnerability
Changing Connectivity Information

Module-18

Antivirus Evasion

What is Antivirus Software
Methods of Detecting Malicious Code
Signature-Based Detection
Heuristic and Behavioral-Based Detection
Bypassing Antivirus Detection
On-Disk Evasion
In-Memory Evasion
AV Evasion: Practical Example

Module-19

Privilege Escalation

Information Gathering
Manual Enumeration
Automated Enumeration
Windows Privilege Escalation Examples
Understanding Windows Privileges and Integrity Levels
Leveraging Unquoted Service Paths
Linux Privilege Escalation Examples
Understanding Linux Privileges
Insecure File Permissions: Cron Case Study
Insecure File Permissions: /etc/passwd Case Study
Kernel Vulnerabilities: CVE- - Case Study

Module-20

Wordlists

Standard Wordlists
Brute Force Wordlists
Common Network Service Attack Methods
HTTP .htaccess Attack with Medusa
Remote Desktop Protocol Attack with Crowbar
SSH Attack with THC-Hydra
HTTP POST Attack with THC-Hydra
Leveraging Password Hashes
Retrieving Password Hashes
Passing the Hash in Windows
Password Cracking

Module-21

Port Redirection and Tunneling

Port Forwarding
SSH Tunneling
SSH Local Port Forwarding
SSH Remote Port Forwarding
SSH Dynamic Port Forwarding
NETSH
HTTP Tunnelling

Module-22

Active Directory Attacks

Active Directory Theory
Active Directory Enumeration
Traditional Approach
A Modern Approach
Resolving Nested Groups
Currently Logged on Users
Enumeration Through Service Principal Names
Active Directory Authentication
NTLM Authentication
Kerberos Authentication
Cached Credential Storage and Retrieval
Service Account Attacks
Low and Slow Password Guessing
Active Directory Lateral Movement
Pass the Hash
Overpass the Hash
Pass the Ticket
Active Directory Persistence
Active Directory Persistence
Domain Controller Synchronization

Module-23

The Metasploit Framework

Metasploit User Interfaces and Setup
Getting Familiar with MSF Syntax
Metasploit Database Access
Auxiliary Modules
Exploit Modules
SyncBreeze Enterprise
Metasploit Payloads
Staged vs Non-Staged Payloads
Meterpreter Payloads
Experimenting with Meterpreter
Executable Payloads
Metasploit Exploit Multi Handler
Client-Side Attacks
Advanced Features and Transports
Building Our Own MSF Module
Post-Exploitation with Metasploit
Core Post-Exploitation Features
Migrating Processes
Post-Exploitation Modules
Pivoting with the Metasploit Framework

Module-24

PowerShell Empire

Installation, Setup, and Usage
PowerShell Empire Syntax
Listeners and Stagers
The Empire Agent
PowerShell Modules
Situational Awareness
Credentials and Privilege Escalation
Credentials and Privilege Escalation
Switching Between Empire and Metasploit

Module-25

Assembling the Pieces: Penetration Test Breakdown

Public Network Enumeration
Targeting the Web Application
Web Application Enumeration
SQL Injection Exploitation
Cracking the Password
Enumerating the Admin Interface
Obtaining a Shell
Post-Exploitation Enumeration
Creating a Stable Pivot Point
Targeting the Database
Enumeration
Attempting to Exploit the Database
Deeper Enumeration of the Web Application Server
More Thorough Post Exploitation
Privilege Escalation
Searching for DB Credentials
Targeting the Database Again
Exploitation
Post-Exploitation Enumeration
Creating a Stable Reverse Tunnel

GET IT BEFORE EXPIRE

TEST EXAM 10% OFF