Basic Hacking and Penetration Testing

Duration:

5 Days

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description:

This is a general hacking class. It is not designed with a specific certification test in mind, but it will overlap with CEH v9, Mile2, and Pen+ certification goals

Course Outline:

  • Introduction and concepts
    • Ports to know
    • Standards
      • NIST 800-115
      • NIST 800-53
      • NSA-IAM
      • PCI-DSS
    • Terminology
    • Vulnerability Scanning
    • Passive Scanning
    • io
  • Scanning and enumerating
    • TCPDump
    • SuperScan
    • NMAP
    • Cain and Abel
    • Basic Networking
    • DNS Zone transfer
    • Wireshark
    • Security Fundamentals
  • Intro to Kali Linux
    • Basic Linux
    • How to use Metasploit
    • Metasploit applications
  • Intro to Metasploit
    • Overview of Metasploit
    • Scanning with Metasploit
    • Basic exploits
    • Post exploits
  • Cryptography and general knowledge
    • General overview of crypto
    • Steganography
    • Hashes and Rainbow Tables
    • Wi-Fi
    • Bluetooth
    • TOR/Dark Web
  • Malware
    • Malware types
    • Malware taxonomy
    • Creating basic malware with tools
    • Creating basic malware by hand.
  • Windows hacking
    • Windows essentials
      • Registry
      • Windows structure
    • Password cracking
    • SMB exploits
  • Web hacking
    • Basic web structure
    • SQL Injection
    • XSS & CRSF
    • Basic Burp Suite

The course also includes numerous hands on labs. Students will use nmap, shodan.io, burp suite, Metasploit, and other tools. Students will create a basic virus and a basic Trojan horse. Students will manually perform SQL Injection.