Course Content

1) Introduction - 1.3 Hrs

i) Why should you be Offensive Security Pentester

ii) Whom it is for

iii) Advantage of having skill and knowledge

iv) Structure of course

v) What is Capture the flag

vi) Linux Basics

vii) Reporting

2) Kali Linux – 2.3 Hrs

i) What is kali linux

ii) How to set it up

iii) Automating the task

a. Bash scripting

b. Basic python understanding

iv) Important tools and understanding

v) Writing you own bash script

vi) Shells (Bind and Reverse Shell)

3) Information Gathering - 2 Hrs

i) What is information gathering

a. Active information gathering

b. Passive information Gathering

ii) Understanding and relating the results of information gathering

iii) Web application enumeration

iv) Technological information of target

v) Network or mass ip scan

vi) Tools to be used for enumeration

4) Web application attacks – 1.30 hrs

i) Inspecting the URLs(robots.txt, sitemap.xml)

ii) XSS attack

iii) SQL injection attack

iv) Finding Admin console and directory enumeration

v) Default login and credentials

vi) Finding hidden directories

vii) Automating the injection attack

viii) Important tools for injection attacks

5) Buffer Overflow - 2.30 hrs

i) Understanding stack, basic Registers functions

ii) ESP,EBP and EIP working as practical standpoint

iii) Windows Buffer overflow

iv) Linux buffer overflow

v) Immunity and edb tool to identify overflow

vi) Getting a shell

6) Client Side attack – 1 Hours

i) Knowing the target

a. Passive and Active client information gathering

ii) Leveraging HTML application

a. HTA attack

iii) Leveraging office tools

a. Leveraging macros to gain reverse shell

7) Finding the public exploit – 30 minute

i) Searching for exploit

ii) Online resources for exploit

iii) Precaution while choosing the exploit

8) Fixing the exploit – 30 minute

i) Fixing memory corruption

ii) Fixing web Exploits

9) File transfer – 1 Hours

a. From windows to linux

b. From linux to windows

c. From kali to exploited machine

10) Antivirus evasion – 30 minutes

a. What is antivirus solution

b. Method of detecting the malicious code

c. Bypassing the antivirus

11) Privilege escalation 1.3 hrs

a. Windows privilege escalation

i. Manual Enumeration

ii. Automated Enumeration

iii. Example of privilege escalation

b. Linux privilege escalation

i. Manual Enumeration

ii. Automated Enumeration

iii. Examples

12) password attacks – 1 Hour

a. Wordlists

b. Standard wordlists

c. Brute force

d. Common network service attack

e. Using Password hashes

13) Port Redirection and tunnelling - 1 Hour

a. What is port forwarding and tunnelling

b. Port Forwarding types

c. Leveraging SSH for port forwarding

d. PLINK, CHISEL

14) Active directory – 1 Hour

a. Understanding Active Directory

b. Enumeration

c. Authentication

d. Lateral Movement

e. Persistence

15) Metasploit framework– 1 hour

a. Familiarity with UI and setup

b. Auxiliary modules

c. At what level Metasploit should be used w.r.t Offensive Security Pentest

d. Metasploit Payloads

e. Post exploitation with Metasploit

f. Metasploit Automation

16) PowerShell Empire – 1 hour

a. Configuration & Setup

b. Empire Agent basics

c. PowerShell Modules

17) Gaining real insight -2 hour

a. Targeting the Web application

b. Targeting the database

c. Enumeration of webserver

d. Targeting the database again and gaining the reverse shell

e. Targeting the windows using Juicy Potato

18) Trying Labs – 30 minute

a. Real life simulations

b. Unlocking networks

c. Firewall/routers/NAT

d. Passwords

19) Out of box thinking for attacking a target – 15 minute

a. Targeting application or host with no know exploits

b. Configuring the technology on your own system to gain access

20) Summary – 15 minute

a. Wrapping up

b. All the best