CompTIA Pentest+ Training & LAB

سرفصل های دوره

Penetration Testing Strategies for Network Security and Web Applications

1. Introduction

1. Introduction

2. Scoping Organizational Customer Requirements

1. Cyber Health and Risk management

2. Penetration Testing Processes

3. PCI DSS Payment Card Industry Data security standard

4. GDPR and other laws

5. Identifying Pentesting Frameworks

6. Different penetration testing frameworks.

7. Investigating CVE and CWE

3. Defining the Rules of Engagement

1. Assess Environmental Considerations

2. Outline the Rules of Engagement

3. Prepare Legal Documents

4. Footprinting and Gathering Intelligence

1. How to access the CompTIA Pentest+ lab

2. Discover the Target

3. Gather information from source code repository

4. Google hacking and Google hacking database

5. Gather information from archive and image search

6. Retrieve Website information

7. Testing ssl and TLS certificate

8. LAB nslookup dig and whois -1

9. Discover Open-Source Intelligence Tools

10. LAB Use tool harvester for gathering emails

5. Evaluating Human and Physical Vulnerabilities

1. Social engineering motivation Techniques

2. Social engineering attack

3. Social engineering Countermeasures

4. Some other type of social engineering attacks

5. Physical attacks in the term of social engineering

6. LAB - Social Engineering Toolkit

6. Preparing the Vulnerability Scan

1. Overview of Vulnerability

2. Life Cycle of Vulnerability

3. Researching Vulnerabilities - CVE

4. CWE - Common Weakness Enumeration

5. CAPEC- Common Attack Pattern Enumeration and Classification

6. MITRE Attack Adversarial Tactics, Techniques and Common Knowledge

7. Scanning Logical Vulnerabilities

1. Web vulnerability scanning with Nikto

2. Web Vulnerability Scanning with Wapiti

3. Vulnerability scanning with OpenVAS

4. OpenVAS Report Analyze

5. Automating Vulnerability Scanning with Nessus

6. Nessus Scan Analyze the scan Report

8. Analyzing Scanning Results

1. nmap basic syntax for host discovery in the netowrk

2. Different scanning Techniques to Bypass Firewall, IDS and IPS

3. LAB host discovery by using nmap

4. Different techniques used for scanning ports

5. Fingerprinting and Enumeration with nmap

6. nmap script engine for Vulnerability scanning

9. Avoiding Detection and Covering Tracks

1. Flying under the Radar

2. Bypassing network Access Control NAC

3. LOITL and covering the Track.

4. Tiding Logs and Entries

5. Using Steganography to Hide and Conceal Data

6. Data Exfiltration and SSH Channel

7. Netcat and winrm to manage covert channel.

8. Using Proxy and Proxy Chaining

10. Network Attacks LAN and WAN

1. What is network attacks

2. Load balance or stress testing

3. Protect transmission stream

4. Bluetooth Attacks in Network

5. RFID and NFC Attacks

6. ARP poisoning Attack

7. ARP poisoning attack using ettercap to capture password.

8. Arp Spoofing Attack with arpspoof tool

9. MAC table overflow Attack

10. What mac spoofing attack LAB in Linux

11. VLAN hopping and double Tagging attack

12. DNS poisoning Attack using ettercap

13. Password Attacks

14. Password attack Demonstration LAB

15. Pass the hash Attack and Kerboroasting Attack

16. Kerboroasting a Complete LAB demo

17. On path attack in Network

18. LLMNR and NBT-NS Poisoning Attack with Example and LAB

19. Advance password attacks and prevention techniques

20. NAC Bypass Attack in Network

21. Using Reverse and bind Shell LAB

22. Exploit Resources Exploit-DB or Chaining

11. Testing Wireless Networks

1. Securing Wireless Communication

2. Signal transmission and Exploitation

3. Quick demo on capture wireless data

4. deauthentication attack inside wireless network

5. LAB deauthentication attack agains wireless network

6. Wi-Fi Jamming Attack

7. Crack WPA and WPA2 key with Demo

8. Cracking WEP - LAB

9. Cracking WPS wireless security

10. Evil Twins attack

12. Targeting Mobile Device

1. Mobile device vulnerability and deployment methods

2. Controlling access

3. EMM Security policies and protecting data

4. Vulnerability and protection of Android and iOS device

5. Attacking on mobile platforms

6. Moving through attacks and spyware

7. Bluetooth attack and malware analysis

13. Attacking Specialized Systems

1. Identify Vulnerabilities and attacks on IoT Devices

2. Leveraging the Protocols

3. LAB Discovering IoT devices with Shodan

4. Recognize Other Vulnerable Systems

14. Web Application-Based Attacks

1. Exposing Sensitive Data with improper error handling

2. Missing Input Validation and Signing the Code

3. Causing a Race condition

4. Hijacking Session Credentials

5. Crafting Request Forgery Attacks

6. Privilege Escalation

7. Upgrading a Non-Interactive Shell

8. Identifying SQLi Vulnerabilities

9. Traversing Files Using Invalid Input

10. Executing Cross Site Scripting XSS attack and Web proxy

11. LAB SQL Injection Attack

12. Overview of Web Testing Tools

13. Exploring the Browser Exploit Framework BeEF

15. Performing System Hacking

1. Objectives Perform System Hacking

2. Net framework and Powershell in Windows 10

3. Command and Control C2 Frameworks

4. LAB Using Reverse Shell and Bind Shell

5. Remote Access Tool - Netcat

6. Communicating withing a Secure Shell (SSH)

7. Analyze Exploit code

16. Scripting and Software Development

1. Analyzing and automating tasks using scripting

2. Basic understanding about scripting languages

3. LAB Exploring Programming Shells

4. Basics of logic construct

5. Data structure in python

6. LAB Automate the penetration testing process

7. Automate Penetration Testing

17. Leveraging the Attack Pivot and Penetrate

1. Password cracking method online and offline

2. Dictionary attack and bypass lockout policy

3. Bruteforce and password spraying attack

4. Test Credential as Linux and Windows

5. LAB password attack

6. LAB post exploitation Techniques

18. Communicating During the PenTesting Process

1. Define and outlining the communication Path

2. Communicating with Client Counterparts

3. Defining Contacts

4. Triggering Communication Events and Prioritize findings

5. Providing Situational Awareness and Criminal Activity

6. Triggering and Investigating False Positives

7. Presenting the Findings

8. Sharing and Building Reports with Dardis and Nessus

19. Summarizing Report Components

1. Identify Report Audience

2. List Report Contents

3. Define Best Practices for Reports

20. Recommending Remediation

1. Hardening the System

2. Sanitizing User Input

3. Implementing Multifactor Authentication MFA

4. Encrypting the password

5. Process-Level Remediation and Patch Management

6. Key rotation and Certificate Management

7. Providing Secret Management Solution and Network Segmentation

139,000 تومان

افزودن به سبد خرید

خرید دانلودی فوری

در این روش نیاز به افزودن محصول به سبد خرید و تکمیل اطلاعات نیست و شما پس از وارد کردن ایمیل خود و طی کردن مراحل پرداخت لینک های دریافت محصولات را در ایمیل خود دریافت خواهید کرد.

تولید کننده: Udemy