- Pre-configured labs with lab guides
- Gain hands-on skills in topic areas aligned to Penetration Testing Training: Tools and Techniques
Penetration Testing & Network Exploitation Labs
- Duration: Multi-Week
- Language: English
- Level: Foundation
Learn the security techniques used by the Internet’s most skilled professionals. This Pentesting & Network Exploitation lab bundle, which includes 4 distinct, hands-on labs, will provide you with an introduction to all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networks.
This lab bundle aligns with the learning objectives found in Course 537, Penetration Testing Training: Tools and Techniques.
Penetration Testing & Network Exploitation Labs Delivery Methods
- 6-month access to CYBRScore Penetration Testing & Network Exploitation Labs
- Content aligned to Penetration Testing Training: Tools and Techniques
Penetration Testing & Network Exploitation Labs Course BenefitsComplete all manner of reconnaissance, scanning, enumeration, exploitation and pillaging for 802.3 networksSimulate an insider threat and escape restricted environments by abusing native services and functionalityHost target analysis on Linux and Windows systems
Penetration Testing & Network Exploitation Lab Content
Introduces students to host target analysis on Linux systems. Topics include Linux command line, bash scripting and simple programming to enumerate, attack and exploit Linux hosts.
- Using Linux: Students will learn a variety of Linux command line commands to navigate the system, identify users, identify network configuration, search, modify & manipulate files as well as bash scripting.
- More Linux: Students will learn about the Apache web server, creating a file on the server and establishing a secure connection between 2 hosts.
- IP Tables: Linux Firewall: Students will learn how to manipulate firewall rules from the command line to allow traffic to pass out of the network.
- Custom Password Creation with Crunch: Students will learn how to generate password lists for use in password cracking tools.
Introduces students to host target analysis on Windows systems. Topics include basic through intermediate Windows Command Line skills, PowerShell cmdlets and the PowerShell attack framework called PowerPreter.
- Using DOS: Students will learn a variety of DOS command line commands to navigate the system, identify users, identify network configuration, search, modify & manipulate files as well as scripting in DOS.
- Using PowerShell: Students will receive an overview of PowerShell commands.
- Leveraging PowerShell: Students will learn how to use Windows Management Instrumentation to manage both host and remote systems as well as using PowerPreter to steal password hashes and perform port scans.
Introduces student to basic scanning and exploitation of systems on internal networks that replicate a real-world penetration test. Students learn how to map, discover and exploit web applications, which requires the tester to understand how they communicate and the role the server plays in the relationship. Students learn how to conduct reconnaissance against a web server, followed by mapping its architecture and challenged with discovering vulnerabilities and misconfigurations for follow-on exploitation.
- Scanning LAN Segment: Students use Nmap and Metasploit to identify all of the hosts on the network.
- Verifying Scan Data through Banner Grabbing: Students use netcat to validate the host OS and find open ports on a target host.
- Target Host Enumeration: Students use Metasploit to identify open ports on a target host.
- Exploiting Linux Hosts: Students use Metasploit to execute exploit code on a remote Linux host.
- Web Application Mapping, Discovery and Exploitation with BurpSuite & Nikto: Students use BurpSuite and Nikto to intercept web traffic, scan webservers behind firewalls and inject a PHP attack.
- Windows Restricted Desktop Escape & Exploitation: Students will break into a Windows 7 desktop computer using standard windows tools.
Students learn how to simulate an insider threat and escape restricted environments by abusing native services and functionality. Students then move to routed attacks against clients that have NAT devices, firewalls and DMZs deployed. They learn how to exploit a variety of web-facing services and gain access to the DMZ. Once in the DMZ they are asked to pillage the hosts and find additional information to assist in pivoting deeper into the network and into network segments that don’t touch the web directly.
- Scan Web Facing Target IP: Students will use the Metasploit console to scan for live hosts using nmap to identify firewalls, webservers and vulnerabilities.
- Web Application Scanning: Students will use nitko to scan and enumerate webserver applications.
- Web Application Spidering with BurpSuite: Students will use Burpsuite as an intercept proxy to penetrate web applications.
- SSH Exploitation: Students will learn how to establish a route from outside on the Internet with an attack host to a live internal victim computer and establish a compromised DMZ host to an internal LAN segment.
- Scan & Exploit Internal Segment: Students will learn how to extend their access from the internal LAN segment to the rest of the network and perform scans of the larger network.
- Covering Tracks: Students learn how to modify audit logs to cover their tracks.
- Final Challenges: Students are asked to demonstrate their skills by performing the techniques they learned on a new scenario.
Need Help Finding The Right Training Solution?
Our training advisors are here for you.
- This lab bundle aligns to the learning objectives found in Course 537, Penetration Testing Training: Tools and Techniques, and provides an alternate delivery mode to explore the topics in that course.
- CYBRScore Labs are pre-configured hardware layouts with accompanying lab guides for fast, convenient access that make studying for an exam or learning new technologies an engaging experience.
- Each lab consists of multiple tasks that take anywhere from 30 minutes to 2 hours to complete.
- All you need is an HTML5 compatible browser, such as Google Chrome, Mozilla Firefox, or Microsoft Edge.
- CYBRScore Labs are available for use for 6 months after the date of purchase. CYBRScore Labs are hosted online and available 24x7x365.
- Once your purchase is complete, Learning Tree will contact you with the URL and login credentials you will use to access your lab bundle.