applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Pentesting and Exploiting Corporate Infrastructure - Advanced

Register for March 18-19, 2019 (2-day Course)

Instructor(s):
Vikram Salunke

Description

This training is Hands-on training on pentesting and exploiting corporate infrastructure.

Training follows CTF approach to compromise the machines. This training intended for people, who wants to start their career in penetration testing.

Training has module on python scripting. Because automation of tools is essential due to time constraints also it is helps to automate the testing of systems, services, and applications. Multiple python Modules, libraries, and debugging tools have been already written to help simplify and automate fuzzing and research. In order to reach the next level in penetration testing, one must embrace the idea of adding programming into their penetration testing toolkit. Once obtaining this power, tools can be written and shared, allowing you to build up an arsenal for reconnaissance, scanning, fuzzing, and exploitation.

As a pentester you need to be familiar with how to edit, modify and execute shellcodes and be able to understand how exploit works. There are few scripts on internet which causes harm to your system, so you need to how that script works. Metasploit’s XOR, shikata_ga_gai encoders are quite well detectable by AntiVirus so we will write our own custom encoders to evade Antivirus and we will use polymorphic engines which is quite difficult to detect and fingerprint.

This training contains over 50 labs and 30+ challenges which are inspired by real world vulnerabilities and case studies.

If you want to learn pentesting end to end, then it is recommended to take both our Basics and Advanced classes In a 4-day format.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Course Outline

Day 1: Day 2:
  • Web Application Penetration Testing
  • Hacking CMS - Wordpress, Drupal, Joomla
  • Assembly Language basics
  • Shellcoding - Writing Encoders, Decoders, Crypters to evade AntiVirus
  • Attendees will be provided with:

    Who Should Take This Course:

    Web developers, system administrators, IT security professionals with a technical background, IT manage rs, and system architects.

    Pre-requisites:

    ~ ~ ~