Note that learners can generate a set of course materials (PDF and videos) once their access to the course starts. To make the learning experience seamless we have provided a one-to-one mapping of the video-downloaded material to the course portal.
Module 6 Information Gathering | |
Portal Text Name | Offline (Folder - IG) |
6.2 - Passive Information Gathering | |
6.2.1 - Whois Enumeration | IG_02_01 |
6.2.2 - Google Hacking | IG_02_02 |
6.2.3 - Netcraft | IG_02_03 |
6.2.4 - Open-Source Code | IG_02_04 |
6.2.5 - Shodan | IG_02_05 |
6.2.6 - Security Headers and SSL/TLS | IG_02_06 |
6.3 - Active Information Gathering | |
6.3.1 - DNS Enumeration | IG_03_01 |
6.3.2 - TCP/UDP Port Scanning Theory | N/A |
6.3.3 - Port Scanning with Nmap | IG_03_03 |
6.3.4 - SMB Enumeration | IG_03_04 |
6.3.5 - SMTP Enumeration | IG_03_05 |
6.3.6 - SNMP Enumeration | IG_03_06 |
Module 7 Vulnerability Scanning | |
Portal Text Name | Offline (Folder - VS) |
7.2 - Vulnerability Scanning with Nessus | |
7.2.1 - Installing Nessus | N/A |
7.2.2 - Nessus Components | VS_02_02 |
7.2.3 - Performing a Vulnerability Scan | VS_02_03 |
7.2.4 - Analyzing the Results | VS_02_04 |
7.2.5 - Performing an Authenticated Vulnerability Scan | VS_02_05 |
7.2.6 - Working with Nessus Plugins | VS_02_06 |
7.3 - Vulnerability Scanning with Nmap | |
7.3.1 - NSE Vulnerability Scripts | VS_03_01 |
7.3.2 - Working with NSE Scripts | VS_03_02 |
Module 8 Introduction to Web Application Attacks | |
Portal Text Name | Offline (Folder - ITWAA) |
8.2 - Web Application Assessment Tools | |
8.2.1. Fingerprinting Web Servers with Nmap | ITWAA_02_01 |
8.2.2. Technology Stack Identification with Wappalyzer | N/A |
8.2.3. Directory Brute Force with Gobuster | ITWAA_02_03 |
8.2.4. Security Testing with Burp Suite | ITWAA_02_04 |
8.3 - Web Application Enumeration | |
8.3.1. Debugging Page Content | ITWAA_03_01 |
8.3.2. Inspecting HTTP Response Headers and Sitemaps | ITWAA_03_02 |
8.3.3. Enumerating and Abusing APIs | ITWAA_03_03 |
8.4 - Cross-Scripting | |
8.4.1. Stored vs Reflected XSS Theory | N/A |
8.4.2. JavaScript Refresher | N/A |
8.4.3. Identifying XSS Vulnerabilities | N/A |
8.4.4. Basic XSS | ITWAA_04_04 |
8.4.5. Privilege Escalation via XSS | ITWAA_04_05 |
Module 9 Common Web Application Attacks | |
Portal Text Name | Offline (Folder - CWAA) |
9.1 Directory Traversal | |
9.1.1. Absolute vs Relative Paths | CWAA_01_01 |
9.1.2. Identifying and Exploiting Directory Traversals | CWAA_01_02 |
9.1.3. Encoding Special Characters | CWAA_01_03 |
9.2. File Inclusion Vulnerabilities | |
9.2.1. Local File Inclusion (LFI) | CWAA_02_01 |
9.2.2. PHP Wrappers | CWAA_02_02 |
9.2.3. Remote File Inclusion (RFI) | CWAA_02_03 |
9.3. File Upload Vulnerabilities | |
9.3.1. Using Executable Files | CWAA_03_01 |
9.3.2. Using Non-Executable Files | CWAA_03_02 |
9.4. Command Injection | |
9.4.1. OS Command Injection | CWAA_04_01 |
Module 10 SQL Injection | |
Portal Text Name | Offline (Folder - SQLi) |
10.1. SQL Theory and Databases | |
10.1.1. SQL Theory Refresher | N/A |
10.1.2. DB Types and Characteristics | SQLi_01_02 |
10.2. Manual SQL Exploitation | |
10.2.1. Identifying SQLi via Error-based Payloads | SQLi_02_01 |
10.2.2. UNION-based Payloads | SQLi_02_02 |
10.2.3. Blind SQL Injections | SQLi_02_03 |
10.3. Manual and Automated Code Execution | |
10.3.1. Manual Code Execution | SQLi_03_01 |
10.3.2. Automating the Attack | SQLi_03_02 |
Module 11 Client Side Attacks | |
Portal Text Name | Offline (Folder - CSA) |
11.1. Target Reconnaissance | |
11.1.1. Information Gathering | CSA_01_01 |
11.1.2. Client Fingerprinting | CSA_01_02 |
11.2. Exploiting Microsoft Office | |
11.2.1. Preparing the Attack | N/A |
11.2.2. Installing Microsoft Office | N/A |
11.2.3. Leveraging Microsoft Word Macros | CSA_02_03 |
11.3. Abusing Windows Library Files | |
11.3.1. Obtaining Code Execution via Windows Library Files | CSA_03_01 |
Module 12 Locating Public Exploits | |
Portal Text Name | Offline (Folder - LOCPE) |
12.1. Getting Started | |
12.1.1. A Word of Caution | N/A |
12.2. Online Exploit Resources | |
12.2.1. The Exploit Database | N/A |
12.2.2. Packet Storm | N/A |
12.2.3. GitHub | N/A |
12.2.4. Google Search Operators | N/A |
12.3. Offline Exploit Resources | |
12.3.1. Exploit Frameworks | |
12.3.2. SearchSploit | LOCPE_03_02 |
12.3.3. Nmap NSE Scripts | LOCPE_03_03 |
12.4. Exploiting a Target | |
12.4.1. Putting It Together | LOCPE_04_01 |
Module 13 Fixing Exploits | |
Portal Text Name | Offline (Folder - FE) |
13.1. Fixing Memory Corruption Exploits | |
13.1.1. Buffer Overflow in a Nutshell | N/A |
13.1.2. Importing and Examining the Exploit | FE_01_02 |
13.1.3. Cross-Compiling Exploit Code | FE_01_03 |
13.1.4. Fixing the Exploit | FE_01_04 |
13.1.5. Changing the Overflow Buffer | FE_01_05 |
13.2. Fixing Web Exploits | |
13.2.1. Considerations and Overview | N/A |
13.2.2. Selecting the Vulnerability and Fixing the Code | FE_02_02 |
13.2.3. Troubleshooting the "index out of range" Error | FE_02_03 |
Module 14 Antivirus Evasion | |
Portal Text Name | Offline (Folder - AVE) |
14.1. Antivirus Software Key Components and Operations | |
14.1.1. Known vs Unknown Threats | N/A |
14.1.2. AV Engines and Components | N/A |
14.1.3. Detection Methods | AVE_01_03 |
14.2. Bypassing Antivirus Detections | |
14.2.1. On-Disk Evasion | N/A |
14.2.2. In-Memory Evasion | N/A |
14.3. AV Evasion in Practice | |
14.3.1. Testing for AV Evasion | N/A |
14.3.2. Evading AV with Thread Injection | AVE_03_02 |
14.3.3. Automating the Process | AVE_03_03 |
Module 15 Password Attacks | |
Portal Text Name | Offline (Folder - PA) |
15.1. Attacking Network Services Logins | |
15.1.1. SSH and RDP | PA_01_01 |
15.1.2. HTTP POST Login Form | PA_01_02 |
15.2. Password Cracking Fundamentals | |
15.2.1. Introduction to Encryption, Hashes and Cracking | PA_02_01 |
15.2.2. Mutating Wordlists | PA_02_02 |
15.2.3. Cracking Methodology | N/A |
15.2.4. Password Manager | PA_02_04 |
15.2.5. SSH Private Key Passphrase | PA_02_05 |
15.3. Working with Password Hashes | |
15.3.1. Cracking NTLM | PA_03_01 |
15.3.2. Passing NTLM | PA_03_02 |
15.3.3. Cracking Net-NTLMv2 | PA_03_03 |
15.3.4. Relaying Net-NTLMv2 | PA_03_04 |
Module 16 Windows Privilege Escalation | |
Portal Text Name | Offline (Folder - WPE) |
16.1. Enumerating Windows | |
16.1.1. Understanding Windows Privileges and Access Control Mechanisms
|
N/A |
16.1.2. Situational Awareness | WPE_01_02 |
16.1.3. Hidden in Plain View | WPE_01_03 |
16.1.4. Information Goldmine PowerShell | WPE_01_04 |
16.1.5. Automated Enumeration | WPE_01_05 |
16.2. Leveraging Windows Services | |
16.2.1. Service Binary Hijacking | WPE_02_01 |
16.2.2. Service DLL Hijacking | WPE_02_02 |
16.2.3. Unquoted Service Paths | WPE_02_03 |
16.3. Abusing Other Windows Components | |
16.3.1. Scheduled Tasks | WPE_03_01 |
16.3.2. Using Exploits | WPE_03_02 |
Module 17 Linux Privilege Escalation | |
Portal Text Name | Offline (Folder - LPE) |
17.1. Enumerating Linux | |
17.1.1. Understanding Files and Users Privileges on Linux | N/A |
17.1.2. Manual Enumeration | LPE_01_02 |
17.1.3. Automated Enumeration | LPE_01_03 |
17.2. Exposed Confidential Information | |
17.2.1. Inspecting User Trails | LPE_02_01 |
17.2.2. Inspecting Service Footprints | LPE_02_02 |
17.3. Insecure File Permissions | |
17.3.1. Abusing Cron Jobs | LPE_03_01 |
17.3.2. Abusing Password Authentication | LPE_03_02 |
17.4. Insecure System Components | |
17.4.1. Abusing Setuid Binaries and Capabilities | LPE_04_01 |
17.4.2. Abusing Sudo | LPE_04_02 |
17.4.3. Exploiting Kernel Vulnerabilities | LPE_04_03 |
Module 18 Port Redirection and SSH Tunneling | |
Portal Text Name | Offline (No Folder) |
18.1. Why Port Redirection and Tunneling? | |
18.2. Port Forwarding with Linux Tools | |
18.2.1. A Simple Port Forwarding Scenario | PRAT_02_01 |
18.2.2. Setting Up the Lab Environment | PRAT_02_02 |
18.2.3. Port Forwarding with Socat | PRAT_02_03 |
18.3. SSH Tunneling | |
18.3.1. SSH Local Port Forwarding | PRAT_03_01 |
18.3.2. SSH Dynamic Port Forwarding | PRAT_03_02 |
18.3.3. SSH Remote Port Forwarding | PRAT_03_03 |
18.3.4. SSH Remote Dynamic Port Forwarding | PRAT_03_04 |
18.3.5. Using sshuttle | PRAT_03_05 |
18.4. Port Forwarding with Windows Tools | |
18.4.1. ssh.exe | PRAT_04_01 |
18.4.2. Plink | PRAT_04_02 |
18.4.3. Netsh | PRAT_04_03 |
Module 19 Tunneling Through Deep Packet Inspection | |
Portal Text Name | Offline (No Folder) |
19.1. HTTP Tunneling Theory and Practice | |
19.1.1. HTTP Tunneling Fundamentals | PRAT2_01_01 |
19.1.2. HTTP Tunneling with Chisel | PRAT2_01_02 |
19.2. DNS Tunneling Theory and Practice | |
19.2.1. DNS Tunneling Fundamentals | PRAT2_02_01 |
19.2.2. DNS Tunneling with dnscat2 | PRAT2_02_02 |
Module 20 The Metasploit Framework | |
Portal Text Name | Offline (No Folder) |
20.1. Getting Familiar with Metasploit | |
20.1.1. Setup and Work with MSF | TMF_01_01 |
20.1.2. Auxiliary Modules | TMF_01_02 |
20.1.3. Exploit Modules | TMF_01_03 |
20.2. Using Metasploit Payloads | |
20.2.1. Staged vs Non-Staged Payloads | TMF_02_01 |
20.2.2. Meterpreter Payload | TMF_02_02 |
20.2.3. Executable Payloads | TMF_02_03 |
20.3. Performing Post-Exploitation with Metasploit | |
20.3.1. Core Meterpreter Post-Exploitation Features | TMF_03_01 |
20.3.2. Post-Exploitation Modules | TMF_03_02 |
20.3.3. Pivoting with Metasploit | TMF_03_03 |
20.3. Performing Post-Exploitation with Metasploit | |
20.4.1. Resource Scripts | TMF_04_01 |
Module 21 Active Directory Introduction and Enumeration | |
Portal Text Name | Offline (No Folder) |
21.1. Active Directory - Introduction | |
21.1.1. Enumeration - Defining our Goals | N/A |
21.2. Active Directory - Manual Enumeration | |
21.2.1. Active Directory - Enumeration Using Legacy Windows Tools
|
ADIE_02_01 |
21.2.2. Enumerating Active Directory using PowerShell and .NET Classes
|
ADIE_02_02 |
21.2.3. Adding Search Functionality to our Script | ADIE_02_03 |
21.2.4. AD Enumeration with PowerView | ADIE_02_04 |
21.3. Manual Enumeration - Expanding our Repertoire | |
21.3.1. Enumerating Operating Systems | ADIE_03_01 |
21.3.2. Getting an Overview - Permissions and Logged on Users
|
ADIE_03_02 |
21.3.3. Enumeration Through Service Principal Names | ADIE_03_03 |
21.3.4. Enumerating Object Permissions | ADIE_03_04 |
21.3.5. Enumerating Domain Shares | ADIE_03_05 |
21.3. Manual Enumeration - Expanding our Repertoire | |
21.4.1. Collecting Data with SharpHound | ADIE_04_01 |
21.4.2. Analysing Data using BloodHound | ADIE_04_02 |
Module 22 Attacking Active Directory Authentication | |
Portal Text Name | Offline (No Folder) |
22.1. Understanding Active Directory Authentication | |
22.1.1. NTLM Authentication | N/A |
22.1.2. Kerberos Authentication | N/A |
22.1.3. Cached AD Credentials | AADA_01_03 |
22.2. Performing Attacks on Active Directory Authentication | |
22.2.1. Password Attacks | AADA_02_01 |
22.2.2. AS-REP Roasting | AADA_02_02 |
22.2.3. Kerberoasting | AADA_02_03 |
22.2.4. Silver Tickets | AADA_02_04 |
22.2.5. Domain Controller Synchronization | AADA_02_05 |
Module 23 Lateral Movement in Active Directory | |
Portal Text Name | Offline (No Folder) |
23.1. Active Directory Lateral Movement Techniques | |
23.1.1. WMI and WinRM | ADLM_01_01 |
23.1.2. PsExec | ADLM_01_02 |
23.1.3. Pass the Hash | ADLM_01_03 |
23.1.4. Overpass the Hash | ADLM_01_04 |
23.1.5. Pass the Ticket | ADLM_01_05 |
23.1.6. DCOM | ADLM_01_06 |
23.2. Active Directory Persistence | |
23.2.1. Golden Ticket | ADLM_02_01 |
23.2.2. Shadow Copies | ADLM_02_02 |
Module 24 Assembling the Pieces | |
Portal Text Name | Offline (No Folder) |
24.1. Enumerating the Public Network | |
24.1.1. MAILSRV1 | ATP_01_01 |
24.1.2. WEBSRV1 | ATP_01_02 |
24.2. Attacking a Public Machine | |
24.2.1. Initial Foothold | ATP_02_01 |
24.2.2. A Link to the Past | ATP_02_02 |
24.3. Gaining Access to the Internal Network | |
24.3.1. Domain Credentials | ATP_03_01 |
24.3.2. Phishing for Access | ATP_03_02 |
24.4. Enumerating the Internal Network | |
24.4.1. Situational Awareness | ATP_04_01 |
24.4.2. Services and Sessions | ATP_04_02 |
24.5. Attacking an Internal Web Application | |
24.5.1. Speak Kerberoast and Enter | ATP_05_01 |
24.5.2. Abuse a WordPress Plugin for a Relay Attack | ATP_05_02 |
24.6. Gaining Access to the Domain Controller | |
24.6.1. Cached Credentials | ATP_06_01 |
24.6.2. Lateral Movement | ATP_06_02 |