Penetration testing – detecting and exploiting vulnerabilities Training Course

How to Test Network and Service Security

• Penetration Testing – What is it?
• Penetration Testing vs. Audit – Similarities, Differences, and What is Correct?
• Practical Problems – What Can Go Wrong?
• Scope of Tests – What Do We Want to Check?
• Sources of Good Practices and Recommendations

Penetration Testing – Reconnaissance

• OSINT – Obtaining Information from Open Sources
• Passive and Active Methods of Network Traffic Analysis
• Identification of Services and Network Topology
• Security Systems (Firewalls, IPS/IDS Systems, WAF, etc.) and Their Impact on Tests

Penetration Testing – Vulnerability Searching

• Recognition of Systems and Their Versions
• Searching for Vulnerabilities in Systems, Infrastructure, and Applications
• Vulnerability Assessment – So, "Will it Hurt?"
• Exploit Sources and Their Adaptability

Penetration Testing – Attack and Gaining Control

• Types of Attacks – How Are They Conducted and What Are Their Consequences?
• Attack Using Remote and Local Exploits
• Attacks on Network Infrastructure
• Reverse Shell – How to Manage a Captured System
• Privilege Escalation – How to Become an Administrator
• Ready-Made "Hacking Tools"
• Analysis of the Captured System – Interesting Files, Saved Passwords, Private Data
• Special Cases: Web Applications, WiFi Networks
• Social Engineering – How to "Break" a Person if the Systems Cannot Be Bypassed?

Penetration Testing – Covering Tracks and Maintaining Access

• Logging and Activity Monitoring Systems
• Log Cleaning and Covering Tracks
• Backdoor – How to Leave Yourself an Open Entry Point

Penetration Testing – Summary

• Preparing the Report and Its Structure
• Delivering and Consulting the Report
• Verifying the Implementation of Recommendations