Masterclass: 360 pentesting course

Pen-testers, red teamers, Windows network administrators, security professionals, systems engineers, IT professionals, security consultants and other people responsible for implementing infrastructure security.

After completing this course you should be able to:

• Identify security profile of the target
• Perform the testing activities
• Figure out protection oportunities
• Optimize security controls to reduce risks

Module 1: Introduction to Penetration Testing • What is Penetration Testing • Cyber Kill Chain • MITRE ATT&CK Matrix • Testing methodologies • Reporting

Module 2: Reconnaissance • Open-Source Intelligence (OSINT) • Social Media Intelligence (SOCMINT) • Google hacking and alternative search engines • Subdomains and DNS enumeration • Public services enumeration • Discovering hidden secrets

Module 3: Infrastructure penetration testing • Modern company, systems and solutions • Determining attack scope • Discovering services • Attacking services • Vulnerable default configurations

Module 4: Weaponization and delivery • Generating malicious payloads • Office Suite macros • Reverse shells • Evasion techniques • Command and Control • Securing C2 environment • Building and executing phishing campaigns • Physical toolkit

Module 5: Exploitation and Installation • Types of vulnerabilities • Exploit development • Bypassing system guards • Living Off the Land Binaries • Stealth communication channels

Module 6: Privilege escalation • Token and privileges • Attacking services • Attacking file system • Accessing system secrets

Module 7: Lateral movement • Responder • Pass-The-Hash family attacks • Bloodhound • Critical Active Directory misconfigurations • Lateral movement within AD

Module 8: Introduction to Web Application testing • Modern Web standards and protocols • Modern Web languages and libraries • OWASP TOP 10 • Role of web-proxy • Work automatization • Business and logic issues • Supply chain attacks and vulnerable components • Chaining security issues • SSL/TLS issues • Information disclosures

Module 9: Browser's security mechanisms • Same Origin Policy • CORS and other exceptions • Security headers • Cookies' and local storage security • Differences across implementations

Module 10: Cross Site Scripting • Reflected and Stored Cross Site Scripting • Attacking Document Object Model • DOM clobbering • Bypassing weak CSP • Dangling markups

Module 11: Injections • Blacklisting vs whitelisting • SQL injections • Command injections • Header splitting and injection • Other injection attacks

Module 12: Authentication and Authorization • Attacks on authentication and authorization • Attacks on sessions • Insecure Direct Object Reference (IDOR) attacks • Default credentials • JSON Web Tokens • SAML • OAuth

Module 13: Insecure file handling • Path traversal • Content manipulation • Insecure file extensions

Module 14: Insecure inclusions • Local File Inclusion • Remote File Inclusion

Module 15: Testing API • OWASP Top 10 for API • Bypassing API access controls • Mass assignment attacks
 

You should have at 3-5 years of experience in cybersecurity to attend this training or have successfully completed one of the following CQURE Academy courses: • Introduction to Pentesting Course • 30 Days to Web Application Pentesting Course You should have a good understanding of Windows infrastructure security concepts and features. Before attending this course, you should also be familiar with basic hacking tools and Kali Linux.

After the completion of our all of our Masterclasses we provide our students with an online certification. What is wonderful about our certificate is that it is lifetime valid – technology changes, but fundamentals and attitude remain mostly the same.

Our Virtual Certificates, which entitle the participants to collect CPE Points, are issued via Accredible – an online platform equipped with some superb features like: easy online access to the Certificate and the Badge, and the "Add to LinkedIn" button in case the student would like to share the certificate with their colleagues.

To be sure the personal details stay secure, Accredible uses a Blockchain verification and bank-level encryption in order to control and manage all the certification processes. This platform provides our alumni with an easy access to their certificates, protects their data and provides an easy method of sharing the information about their acquired competences.

During each of our courses the students will receive the Course Materials (including detailed lab instructions that can be used when course is over). Moreover, they are granted a lab access for the duration of the training and a complementary access for the next 3 weeks after the training concludes. With the materials provided, participants will be able to refresh your knowledge and practically apply the skills you have just learned.

Finally, all alumni of our courses are granted an access to our unique Toolkit, consisting of over 200 authored tools and other useful materials used during the Training.