applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Advanced Penetration Testing with Metasploit

Register for March 8-9 Course

Instructor:
Georgia Weidman

Description

Picking up where introductory Penetration with Metasploit left off, this course goes beyond learning the pentesting methodology to discover and exploit low hanging fruit such as missing Windows patches and default passwords. In this course we will drive deeper into finding vulnerabilities when your vulnerability scanners are coming up with no findings. We will look at client side attacks, social engineering campaigns, and web application attack vectors. We will delve deep into post exploitation techniques such as pivoting and lateral movement, local information gathering, and persistence. We will also spend some time avoiding detection such as bypassing antivirus and perimeter filtering. This course will use the Metasploit Framework extensively as well as several supporting tools in Kali Linux. We will also learn the basics of writing our own exploits manually and porting publicly available exploits to meet our needs rather than relying soley on exploits in Metasploit and other exploitation tools.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Learning Objectives

Prerequisites

This class will assume basic pentesting knowledge and basic Metasploit syntax. Time will be spent at the beginning of class reviewing these concepts briefly, but we will quickly dive in to more advanced material. If you are unsure of your level of preparation this introductory self-pace on demand online course will more than prepare you for this course: http://www.bulbsecurity.com/online-security-training/virtual-live/penetration-testing-level-1-pentesting-with-metasploit-on-demand/. If you are familiar with the basics of that course outline you should be ready to dive into this more challenging, intensive course.

What to bring

Students Will Be Presented With

Course Schedule

*students will also be provided with VPN lab access after class with additional targets to practice their skills.