COURSE OVERVIEW; INFRASTRUCTURE PENETRATION TESTING- BEGINNER
Description of the Course
This course is designed to offer an introduction into performing an infrastructure penetration test.
The course will cover the basics and initial steps of infrastructure penetration testing, from information gathering, to enumeration of systems and services, to exploiting simple vulnerabilities with Metasploit.
The course will also provide further reading material which can be used as preparation for further courses such as the “Infrastructure Penetration Testing – Intermediate” course.
This is a two day course.
Minimum Skills Needed
To join this course, the participant is expected to have the following knowledge / skills / experience:
An understanding of why penetration tests are performed;
An understanding of relevant UK laws and their impact on penetration testing, inc. Computer Misuse Act 1990, Human Rights Act 1998, Data Protection Act 1998, Police and Justice Act 2006;
Some experience with both Windows and Linux operating systems;
Functional knowledge of common networking protocols,
IP, TCP, UDP, ARP, ICMP;
Functional knowledge of commonly used network services:
HTTP, SNMP, DNS, FTP, Telnet, SSH.
Knowledge of programming is not a requirement, but may be advantageous. If there is concern over a potential candidate’s suitability, we can arrange a discussion with the course leader to assess this.
As part of the course delivery, participants will need to access a purpose built test environment, in which techniques can be practiced. Therefore, participants will require:
Laptop with local administrator access and permission to load 3rd party software onto it. Hire laptops available on request for an additional fee;
A bootable image will be provided as part of the course materials and can be used as the operating system for the duration of the course. Candidates may also use their own preferred build.
What will be covered in the course (overview):
Purposes of infrastructure penetration testing;
An introduction to the basic toolset of an infrastructure tester;
Information gathering, target acquisition and classification, and enumeration of systems and services.
What will be covered in the course (specifics):
Gathering target information & finding alive hosts:
Including DNS, ARP, ICMP scanning, TCP scanning, UDP scanning and SNMP community scanning.
Including Ping –R, Traceroute, and SNMP.
Fingerprinting & identifying services:
Including Nmap service scan, bannergrab and connecting with Telnet & Netcat to identify unknown services.
Identifying interesting hosts:Analysing and assessing available services;
Identifying interesting Windows hosts within a domain;
Including Finger, Apache and SNMP.
Exploitation using an exploit framework:Finding exploits within Metasploit;
Using Metasploit to exploit a service and obtain a shell.
Cost (per participant)
|Infrastructure penetration testing||Beginner||2||£1,200|