Special Notices

QA is proud to be the UK official partner with Offensive Security.

Offensive Security logo

Penetration Testing with Kali Linux (PWK) is the foundational course at Offensive Security, new live training dates in the UK for 2020.

Overview

Penetration Testing with Kali (PWK) is a pen testing course, updated in Feb 2020, designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment.

Please note, there is an optional 24 hour lab based certification exam available to delegates who have sat this course. This exam leads to the Offensive Security Certified Professional (OSCP) certification and must be booked directly with Offensive Security.

What’s New for 2020

New

  • Modules
    • Active Directory Attacks
    • PowerShell Empire
    • Introduction to Buffer Overflows
    • Bash Scripting
  • Labs: 3 dedicated student virtual machines (Windows 10 client, Active Directory domain controller, Debian client), more shared lab machines
  • New target network to facilitate a hands-on walkthrough demonstrating a complete penetration testing exercise
  • Extra mile exercises

Updated

  • All existing modules were updated, most notably:
    • Passive Information Gathering
    • Win32 Buffer Overflows
    • Privilege Escalation
    • Client-Side Attacks
    • Web Application Attacks
    • Port Redirection and tunnelling
    • The Metasploit Framework
  • Updates to existing machines’ OS and attack vectors

Prerequisites

Penetration Testing with Kali Linux is a foundational course, but still requires students to have certain knowledge prior to attending the online class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.

Course Topics

  1. Penetration Testing with Kali Linux: General Course Information
  2. Getting Comfortable with Kali Linux
  3. Command Line Fun
  4. Practical Tools
  5. Bash Scripting
  6. Passive Information Gathering
  7. Active Information Gathering
  8. Vulnerability Scanning
  9. Web Application Attacks
  10. Introduction to Buffer Overflows
  11. Windows Buffer Overflows
  12. Linux Buffer Overflows
  13. Client-Side Attacks
  14. Locating Public Exploits
  15. Fixing Exploits
  16. File Transfers
  17. Antivirus Evasion
  18. Privilege Escalation
  19. Password Attacks
  20. Port Redirection and Tunnelling
  21. Active Directory Attacks
  22. The Metasploit Framework
  23. PowerShell Empire
  24. Assembling the Pieces: Penetration Test Breakdown
  25. Trying Harder: The Labs

Course Outline

1 Penetration Testing with Kali Linux: General Course Information

  • About The PWK Course
  • Overall Strategies for Approaching the Course
  • Obtaining Support
  • About Penetration Testing
  • Legal
  • The MegaCorpone.com and Sandbox.local Domains
  • About the PWK VPN Labs
  • Reporting
  • About the OSCP Exam
  • Wrapping Up

2 Getting Comfortable with Kali Linux

  • 2.1 Booting Up Kali Linux
  • 2.2 The Kali Menu
  • 2.3 Kali Documentation
  • 2.4 Finding Your Way Around Kali
  • 2.5 Managing Kali Linux Services
  • 2.6 Searching, Installing, and Removing Tools
  • 2.7 Wrapping Up

3 Command Line Fun

  • 3.1 The Bash Environment
  • 3.2 Piping and Redirection
  • 3.3 Text Searching and Manipulation
  • 3.4 Editing Files from the Command Line
  • 3.5 Comparing Files
  • 3.6 Managing Processes
  • 3.7 File and Command Monitoring
  • 3.8 Downloading Files
  • 3.9 Customizing the Bash Environment
  • 3.10 Wrapping Up

4 Practical Tools

  • 4.1 Netcat
  • 4.2 Socat
  • 4.3 PowerShell and Powercat
  • 4.4 Wireshark
  • 4.5 Tcpdump
  • 4.6 Wrapping Up

5 Bash Scripting

  • 5.1 Intro to Bash Scripting
  • 5.3 If, Else, Elif Statements
  • 5.4 Boolean Logical Operations
  • 5.5 Loops
  • 5.6 Functions
  • 5.7 Practical Examples
  • 5.8 Wrapping Up

6 Passive Information Gathering

  • 6.1 Taking Notes
  • 6.2 Website Recon
  • 6.3 Whois Enumeration
  • 6.4 Google Hacking
  • 6.5 Netcraft
  • 6.6 Recon-ng
  • 6.7 Open-Source Code
  • 6.8 Shodan
  • 6.9 Security Headers Scanner
  • 6.10 SSL Server Test
  • 6.11 Pastebin
  • 6.12 User Information Gathering
  • 6.13 Social Media Tools
  • 6.14 Stack Overflow
  • 6.15 Information Gathering Frameworks
  • 6.16 Wrapping Up

7 Active Information Gathering

  • 7.1 DNS Enumeration
  • 7.2 Port Scanning
  • 7.3 SMB Enumeration
  • 7.4 NFS Enumeration
  • 7.5 SMTP Enumeration
  • 7.6 SNMP Enumeration
  • 7.7 Wrapping Up

8 Vulnerability Scanning

  • 8.1 Vulnerability Scanning Overview and Considerations
  • 8.2 Vulnerability Scanning with Nessus
  • 8.3 Vulnerability Scanning with Nmap
  • 8.4 Wrapping Up

9 Web Application Attacks

  • 9.1 Web Application Assessment Methodology
  • 9.2 Web Application Enumeration
  • 9.3 Web Application Assessment Tools
  • 9.4 Exploiting Web-based Vulnerabilities
  • 9.5 Extra Miles
  • 9.6 Wrapping Up

10 Introduction to Buffer Overflows

  • 10.1 Introduction to the x Architecture
  • 10.2 Buffer Overflow Walkthrough
  • 10.3 Wrapping Up

11 Windows Buffer Overflows

  • 11.1 Discovering the Vulnerability
  • 11.2 Win Buffer Overflow Exploitation
  • 11.3 Wrapping Up

12 Linux Buffer Overflows

  • 12.1 About DEP, ASLR, and Canaries
  • 12.2 Replicating the Crash
  • 12.3 Controlling EIP
  • 12.4 Locating Space for Our Shellcode
  • 12.5 Checking for Bad Characters
  • 12.6 Finding a Return Address
  • 12.7 Getting a Shell
  • 12.8 Wrapping Up

13 Client-Side Attacks

  • 13.1 Know Your Target
  • 13.2 Leveraging HTML Applications
  • 13.3 Exploiting Microsoft Office
  • 13.4 Wrapping Up

14 Locating Public Exploits

  • 14.1 A Word of Caution
  • 14.2 Searching for Exploits
  • 14.3 Putting It All Together
  • 14.4 Wrapping Up

15 Fixing Exploits

  • 15.1 Fixing Memory Corruption Exploits
  • 15.2 Fixing Web Exploits
  • 15.3 Wrapping Up

16 File Transfers

  • 16.1 Considerations and Preparations
  • 16.2 Transferring Files with Windows Hosts
  • 16.3 Wrapping Up

17 Antivirus Evasion

  • 17.1 What is Antivirus Software
  • 17.2 Methods of Detecting Malicious Code
  • 17.3 Bypassing Antivirus Detection
  • 17.4 Wrapping Up

18 Privilege Escalation

  • 18.1 Information Gathering
  • 18.2 Windows Privilege Escalation Examples
  • 18.3 Linux Privilege Escalation Examples
  • 18.4 Wrapping Up

19 Password Attacks

  • 19.1 Wordlists
  • 19.2 Brute Force Wordlists
  • 19.3 Common Network Service Attack Methods
  • 19.4 Leveraging Password Hashes
  • 19.5 Wrapping Up

20 Port Redirection and tunnelling

  • 20.1 Port Forwarding
  • 20.2 SSH tunnelling
  • 20.3 PLINK.exe
  • 20.4 NETSH
  • 20.5 HTTP Tunnelling Through Deep Packet Inspection
  • 20.6 Wrapping Up

21 Active Directory Attacks

  • 21.1 Active Directory Theory
  • 21.2 Active Directory Enumeration
  • 21.3 Active Directory Authentication
  • 21.3.5 Low and Slow Password Guessing
  • 21.4 Active Directory Lateral Movement
  • 21.5 Active Directory Persistence
  • 21.6 Wrapping Up

22 The Metasploit Framework

  • 22.1 Metasploit User Interfaces and Setup
  • 22.2 Exploit Modules
  • 22.3 Metasploit Payloads
  • 22.4 Building Our Own MSF Module
  • 22.5 Post-Exploitation with Metasploit
  • 22.6 Metasploit Automation
  • 22.7 Wrapping Up

23 PowerShell Empire

  • 23.1 Installation, Setup, and Usage
  • 23.2 PowerShell Modules
  • 23.3 Switching Between Empire and Metasploit
  • 23.4 Wrapping Up

24 Assembling the Pieces: Penetration Test Breakdown

  • 24.1 Public Network Enumeration
  • 24.2 Targeting the Web Application
  • 24.3 Targeting the Database
  • 24.4 Deeper Enumeration of the Web Application Server
  • 24.5 Targeting the Database Again
  • 24.6 Targeting Poultry
  • 24.7 Internal Network Enumeration
  • 24.8 Targeting the Jenkins Server
  • 24.9 Targeting the Domain Controller
  • 24.10 Wrapping Up

25 Trying Harder: The Labs

  • 25.1 Real Life Simulations
  • 25.2 Machine Dependencies
  • 25.3 Cloned Lab Machines
  • 25.4 Unlocking Networks
  • 25.5 Routing
  • 25.6 Machine Ordering & Attack Vectors
  • 25.7 Firewall / Routers / NAT
  • 25.8 Passwords

Related to this course