Ethical Hacking – Pentest Training (Penetration Testing)

Education Objectives:

• Specialize in Penetration Testing,
• Spinning around the network axis, running exploit codes in your favor, or grasping Bash, Python, Perl and Ruby scripts,
• Ability to perform advanced techniques and attacks to identify SQL injection, Cross-site scripting (XSS), LFI, RFI vulnerabilities in web applications,
• To be able to submit a professional and industry-accepted report with management and technical involvement,
• To learn and comprehend internationally recognized penetration testing methodologies in the best way,
• Write exploit code to gain access to a vulnerable system or application,
• Exploiting vulnerabilities in operating systems such as Windows and Linux,
• To be able to perform privilege escalation to gain root access to a system,
• Learning to think like a “pentester”,
• To be able to perform penetration tests using vulnerability discovery methodologies and penetration methods by exploiting these vulnerabilities,
• In addition, developing modules and custom Meterpreter scripts with the Metasploit Framework to further improve their penetration testing knowledge,
• It is aimed that the participants will be able to reach the level of knowledge to have CPENT, Certified Ethical Hacker (CEH), Licensed Penetration Tester (LPT) Master Credential or an equivalent certificate or skill.

Training Content – GENERAL TITLES

ETHICAL HACKING & PENETRATION TESTING

• Introduction to Ethical Hacking
• Discovery
• Network Scans
• What is Ethical Hacking?
• Cyber Security
• Ethical Hacking and Information Security
• Careers in Ethical Hacking
• Introduction to Linux
• Introduction to Cryptology
• Passive Information Gathering in Ethical Hacking
• Port and Services Scans
• Application Security in Ethical Hacking
• XSS Attacks
• File Include Attacks
• CSRF Attacks
• HTTP Parameter Pollution (HPP) Attacks
• CRLF Injection Attacks
• Application Logic Attacks
• Application Logic Attacks – Examples
• Race Conditions Attacks
• XML External Entity Attacks
• Remote Code Execution (RCE) Attacks
• Enumeration
• Vulnerability Analysis
• System Hacking
• Malware Threats
• Sniffing
• Social Engineering
• Denial-of-Services
• Session Hijacking
• IDS, Firewall and Honeypot Bypassing
• Web Server Hacking
• Web Application Hacking
• SQL Injection
• Wireless Network Hacking
• Mobile Platform Hacking
• IoT Hacking
• Cloud Computing
• System Security in Ethical Hacking
• Network Security in Ethical Hacking
• Reverse Engineering
• Red Team (Introduction to Red Team Attacks)

—

• Introduction to Penetration Testing
• Penetration Testing Scoping and Interaction
• Open Source Intelligence (OSINT)
• Social Engineering Penetration Testing
• Network Penetration Test – External
• Network Penetration Test – Internal
• Network Penetration Testing – Peripheral Devices
• Web Application Penetration Testing
• Wireless Penetration Test
• IoT Penetration Testing
• OT/SCADA Penetration Test
• Cloud Penetration Testing
• Binary Analysis and Exploitation
• Report Writing and Post-Testing Actions

Training Content – DETAILED TITLES

ETHICAL HACKING & PENETRATION TESTING

• Definitions : Threat, Vulnerability, Risk, Vulnerability
• Attack Types:Active Attack, Passive Attack, Internal Attack, External Attack
• Ethical Hacking and Penetration Testing Concept
• Ethical Hacking and Penetration Testing Types: Network Security Tests, Web Application Tests,
• Client Tests, Wireless Security Tests
• Shortcomings of Ethical Hacking and Penetration Testing Approaches
• Other Approaches to Detecting Security Vulnerabilities
• Overview of Test Methodologies (OSSTMM, NIST 800-42, OWASP, Penetration Testing Framework)
• Ethical Hacking Test Tools and Exploit Resources
• The Environment to be Used During the Tests and Things to Consider
• Overview of Ethical Hacking and Penetration Testing Steps
• Scope and “Rules of Engagement” in Ethical Hacking and Penetration Testing
• Test Steps to be Applied in Ethical Hacking and Penetration Tests
• Reporting process, Mandatory Information in the Report and Matters to be Considered
• Legal Considerations During Tests
• First Step in Ethical Hacking andPenetration Testing: Information Gathering
• Inventorying in Scope
• Search Engines and Information Extraction on the Web
• Whois Usage
• IP Block Assignments and Regional Internet Registration Authorities (ARIN, RIPE, etc.)
• Information Collection via DNS (nslookup, Recurse-Norecurse queries, Dig, Zone Transfer)
• Information Collection with Maltego
• Google Hacking and GHDB (Google Hacking Database)

**

• Screening Phase and Screening Types
• Scan Step Tips
• Using Sniffer During Scanning, Advantages and tcpdump
• Network Scanning Tools (Angry IP and ICMPQuery)
• Network Scanning with Hping
• Using Network Trace and Traceroute
• Port Scanning
• TCP and UDP Basic Features and Their Effects on Port Scanning
• Introduction to Advanced Port Scanning Techniques with Nmap (Packet trace, timing, ping, traceroute features)
• TCP Port Scan Types with Nmap (Connect Scan, SYN Scan, ACK Scan, FTP Bounce Scan)
• UDP Port Scanning with Nmap
• Operating System Detection
• Operating System Detection with Active and Passive Methods
• Version Scanning
• Version Scanning with Amap
• Vulnerability Scanning
• Vulnerability Scanning Approaches
• Nmap Scripting Engine (NSE) Overview
• NSE Script Categories
• NSE Usage
• Vulnerability Scanning with Nessus
• Overview of Other Vulnerability Scanning Software
• Import User Accounts (via Windows Null Session, Finger, LDAP)
• Netcat Usage and Advanced Netcat Usage Scenarios

**

• Exploitation
• What is an Exploit?
• Exploit Categories (Server Side, Client Side, Local Upgrade)
• Introduction to Metasploit
• Metasploit Modules (Exploit, Payload, Stager, Stage)
• Meterpreter Details
• Non-Metasploit Exploits
• Shell and Terminal Access Dilemma, Problems and Solutions
• Relay Scenarios with Netcat
• What Can Be Done After Exploit (File Transfer, Collecting Extra Data on the Compromised System)
• Remote Command Execution Methods on Windows Systems (using psexec, at, schtasks, sc, wmic)
• Advanced Windows Command Line Techniques for Ethical Hacking and Penetration Testing
• Client Hijacking Methods with Client-Side Exploits and Sample Application

**

• Password Attacks
• Introduction to Password Cracking and Password Guessing
• Tips for Password Attacks
• Account Lockout Scenarios in Windows and Linux (Account Policy and PAM)
• Password Prediction with THC-Hydra
• Using Pw-inspector
• Password Formats
• Password Formats in Windows SAM Database
• Password Formats in Active Directory
• LANMAN Hash Algorithm
• NT Hash Algorithm
• Challenge/Response in Windows Networks (LANMAN Challenge/Response, NTLMv1, NTLMv2,
• Microsoft Kerberos)
• LANMAN and NTLMv1 Challenge/Response
• NTLMv2 Challenge/Response
• Password Formats in Linux and Unix
• Intercepting Password Hashes
• Pwdump6, Fgdump, Metasploit Priv Module
• John the Ripper
• John the Ripper Configuration File and Password Cracking Modes
• pot and john.rec Files
• John the Ripper Patches, John the Ripper in Speed and Distributed Structure
• Cain as a Password Cracking Tool
• Cain’s Sniffer Features
• ARP-Poisoned Routing with Cain
• Auxiliary Tools in Cain
• Rainbow Tables, Creation Logic and Usage
• Using Rainbow Table with Ophcrack
• Pass-the-Hash Technique
• Pass-the-Hash with pshtoolkit, SAMBA and Metasploit

**

• Wireless Networks
• Vulnerabilities in Wireless Networks
• Hardware Selection in Wireless Security Tests (Wireless Cards, Antennas, GPS)
• Wireless Network Basics (802.11 b/g Channels, SSID, Handshake Steps in 802.11)
• Methods for Detecting Wireless Networks (Managed/Monitor Interface Modes)
• Using Sniffer in Wireless Networks
• Wireless Sniffing with Kismet
• Wireless Network Detection with NetStumbler and Cain
• SSID Cloaking
• Crypto Attacks on Wireless Networks
• Wired Equivalent Privacy Protocol (WEP) Basics, Operation, Weaknesses
• Wifi Protected Access (WPA)
• Attack Tools with WPA1 and WPA2
• Aircrack-ng
• Dictionary Attacks with CoWPAtty
• Wireless Client Attacks (Airpwn, AirJack, Karma, Karmasploit)
• Web Applications
• Introduction to Web Applications
• Web Server Vulnerabilities and Nikto
• Examples of Manual Confirmation of Nikto Results
• Paros Proxy and Features (HTTP Request and Response Capture, Vulnerability Scanning, Request Editor, Hash Calculator)
• Injection Attacks
• Cross Site Request Forgery (XSRF)
• Cross-Site Scripting Attacks (Reflected, Stored XSS Attacks)
• Command Injection (Non-Blind, Blind Command Injection)
• SQL Injection (Executing Commands on the Server with SQL Injection, Blind SQL Injection)

• Information Security Experts,
• IT Professionals Who Want to Perform In-House Penetration Testing,
• Experts Who Want to Perform Professional Penetration Testing,
• Network Experts,
• Application Security Experts
• Those who want to learn Ethical Hacker Basics,
• Those who want to learn and use Penetration Testers,
• Network Server Administrators,
• Firewall Administrators,
• Those who want to learn about Safety Test Equipment,
• System Administrators
• Risk Assessment Specialists,
• Those who want to have knowledge about cyber security,
• Those who plan a career in penetration testing and want to enter this sector,
• Those who want to have knowledge about information security,
• Those who want to protect themselves from hacker attacks,
• Anyone who wants to learn the latest hacking methods and software.

• Participants should have a basic knowledge of Computer Networks, Network Protocols, Server Network Services, Virtualization, Database Concepts as well as Web Sites.
• Familiarity with Kali or Parrotos and Common Penetration Testing Tools,
• To have basic knowledge of utilization of Windows and Linux Hosts,
• To have knowledge about Privilege Escalation in Linux and Windows,
• Getting Familiar with Wireless Penetration Testing,
• Basic knowledge of systems, cloud and networking is required.