SlideShare a Scribd company logo

BRISK_Network_Pentest_

BriskInfosec Solutions
BriskInfosec Solutions
1 of 4
Download to read offline
1 1BRISK NETWORK PENETRATION TESTER BRISK NETWORK PENETRATION TESTER Duration - 45 Hours Cost - INR 35000/- Only SYLLABUS: 1. Kali Linux Basics 2. The Bash Environment 3. Netcat the Almighty 4. Using Wireshark 5. ARP Spoofing 6. Buffer Overflow Exploitation 7. Working With Exploits 8. Transferring Files 9. Exploit frameworks 10.Client Side Attacks 11.Port Fun 12.Password Attacks 13. Review BRISK NETWORK PENETRATION TESTER-SYLLABUS 1. Module 1 - Kali Linux Basics 1.1 Finding your way around Kali Linux 1.1.1 Exercise 1.2 Kali Linux Services 1.2.1 DHCP 1.2.2 Static IP assignment 1.2.3 SSHD 1.2.4 Apache 1.2.5 FTP 1.2.6 TFTPD 1.2.7 VNC Server 1.2.8 Additional Resources 1.2.9 Exercise
2 2BRISK NETWORK PENETRATION TESTER-Syllabus 2. The Bash Environment 2.1 Simple Bash Scripting 2.2 Sample Exercise 2.3 Sample Solution 2.4 Additional Resources 2.5 Exercise 3. Netcat the Almighty 3.1 Connecting to a TCP/UDP port with Netcat 3.2 Listening on a TCP/UDP port with Netcat 3.3 Transferring files with Netcat 34 Remote Administration with Netcat 35 Exercise 4. Using Wireshark 4.1 Peeking at a Sniffer 4.2 Capture and Display filters 4.3 Following TCP Streamsvice Enumeration 4.4 Nmap Scripting Engine 4.5 PBNJ 4.6 Unicornscan 4.7 Exercise 5. Module 5- ARP Spoofing 5.1 The Theory 5.2 Doing it the hard way 5.3 Ettercap 6. Module 6- Buffer Overflow Exploitation 6.1 Looking for Bugs 6.2 Fuzzing 6.3 Exploiting Windows Buffer Overflows 6.3.1 Replicating the Crash 6.3.2 Controlling EIP 6.3.3 Locating Space for our Shellcode 6.3.4 Redirecting the execution flow 6.3.5 Finding a return address
3 3BRISK NETWORK PENETRATION TESTER-Syllabus 6.3.6 Basic shellcode creation 6.3.7 Getting our shell 6.3.8 Exercise 6.4 Exploiting Linux Buffer Overflows 6.4.1 Setting things up 6.4.2 Controlling EIP 6.4.3 Landing the Shell 6.4.4 Avoiding ASLR 7. Module 7- Working With Exploits 7.1 Looking for an exploit on BackTrack 7.2 Looking for exploits on the web 8. Module 8- Transferring Files 8.1 The non interactive shell 8.2 Uploading Files 8.2.1 Using TFTP 8.2.2 Using FTP 8.2.3 Inline Transfers 8.3 Exercise 9. Module 9 – Exploit frameworks 9.1 Metasploit 9.2 Interesting Payloads 9.2.1 Meterpreter Payload 9.2.2 Binary Payloads 9.2.3 Other Framework v3.x features 9.2 Core Impact 10. Module 10- Client Side Attacks 10.1 Client side attacks 10.2 CVE-2009-0927 10.3 MS07-017 – From PoC to Shell 10.4 MS06-001 10.5 Client side exploits in action 10.6 Exercise 11. Module 11- Port Fun 11.1 Port Redirection 11.2 SSL Encapsulation - Stunnel
4 4TOOLS 11.3 HTTP CONNECT Tunneling 11.4 ProxyTunnel 11.5 SSH Tunneling 11.6 What about content inspection? 12. Module 12- Password Attacks 12.1 Online Password Attacks 12.2 Hydra 12.2.1 FTP Bruteforce 12.2.2 POP3 Bruteforce 12.2.3 SNMP Bruteforce 12.2.4 Microsoft VPN Bruteforce 12.2.5 Hydra GTK 12.3 Password profiling 12.3.1 CeWL 12.4 Offline Password Attacks 12.4.1 Windows SAM 12.4.2 Windows Hash Dumping – PWDump / FGDump 12.4.3 John the Ripper 12.4.4 Rainbow Tables 12.4.5 “Windows does WHAT????” 12.4.6 Exercise 12.5 Physical Access Attacks 12.5.1. Resetting Microsoft Windows 12.5.2 Resetting a password on a Domain Controller 12.5.3 Resetting Linux Systems 12.5.4 Resetting a Cisco Device TOOLS  Kali Linux tools  Browser based tools

Recommended

Containerd: Building a Container Supervisor by Michael Crosby
Containerd: Building a Container Supervisor by Michael CrosbyContainerd: Building a Container Supervisor by Michael Crosby
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
 
Alex Dias: how to build a docker monitoring solution
Alex Dias: how to build a docker monitoring solution Alex Dias: how to build a docker monitoring solution
Alex Dias: how to build a docker monitoring solution Outlyer
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon HashiCorp User Group
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secretsCameron More
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HashiCorp User Group
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with MicronautQAware GmbH
 
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Codemotion
 

Recommended

Containerd: Building a Container Supervisor by Michael Crosby
Containerd: Building a Container Supervisor by Michael CrosbyContainerd: Building a Container Supervisor by Michael Crosby
Containerd: Building a Container Supervisor by Michael CrosbyDocker, Inc.
 
Alex Dias: how to build a docker monitoring solution
Alex Dias: how to build a docker monitoring solution Alex Dias: how to build a docker monitoring solution
Alex Dias: how to build a docker monitoring solution Outlyer
 
Leveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettLeveraging the Power of containerd Events - Evan Hazlett
Leveraging the Power of containerd Events - Evan HazlettDocker, Inc.
 
London Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon Hug 20/6 - Vault production
London Hug 20/6 - Vault productionLondon HashiCorp User Group
 
Hug #9 who's keeping your secrets
Hug #9 who's keeping your secretsHug #9 who's keeping your secrets
Hug #9 who's keeping your secretsCameron More
 
London HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HUG 19/5 - Kubernetes and vault
London HUG 19/5 - Kubernetes and vaultLondon HashiCorp User Group
 
Microservices with Micronaut
Microservices with MicronautMicroservices with Micronaut
Microservices with MicronautQAware GmbH
 
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...
Jacopo Nardiello - Monitoring Cloud-Native applications with Prometheus - Cod...Codemotion
 
Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-NuleculeLalatendu Mohanty
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Oscar Renalias
 
Your (container) secret's safe with me
Your (container) secret's safe with me Your (container) secret's safe with me
Your (container) secret's safe with me Liz Rice
 
London Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon HashiCorp User Group
 
Your secret's safe with me
Your secret's safe with meYour secret's safe with me
Your secret's safe with meLiz Rice
 
Docker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMDocker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMNeependra Khare
 
Container secrets talk from DevSecCon
Container secrets talk from DevSecConContainer secrets talk from DevSecCon
Container secrets talk from DevSecConLiz Rice
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
How choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeHow choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeRobert Wojciechowski
 
Jenkins as Code
Jenkins as CodeJenkins as Code
Jenkins as CodeCloudOps2005
 
Istio Playground
Istio PlaygroundIstio Playground
Istio PlaygroundQAware GmbH
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
Practical CNI
Practical CNIPractical CNI
Practical CNILinuxCon ContainerCon CloudOpen China
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosLakmal Warusawithana
 
ZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesJulia Proskurnia
 
LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperE Hacking
 
Reversing and Malware Analysis
Reversing and Malware Analysis Reversing and Malware Analysis
Reversing and Malware Analysis E Hacking
 

More Related Content

What's hot

Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with SysdigSreenivas Makam
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Oscar Renalias
 
Your (container) secret's safe with me
Your (container) secret's safe with me Your (container) secret's safe with me
Your (container) secret's safe with me Liz Rice
 
London Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon HashiCorp User Group
 
Your secret's safe with me
Your secret's safe with meYour secret's safe with me
Your secret's safe with meLiz Rice
 
Docker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMDocker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMNeependra Khare
 
Container secrets talk from DevSecCon
Container secrets talk from DevSecConContainer secrets talk from DevSecCon
Container secrets talk from DevSecConLiz Rice
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
How choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeHow choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeRobert Wojciechowski
 
Istio Playground
Istio PlaygroundIstio Playground
Istio PlaygroundQAware GmbH
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Ontico
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Nicolas De Loof
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Docker, Inc.
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutionsNick Owen
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeVictor Morales
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosLakmal Warusawithana
 
ZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesJulia Proskurnia
 

What's hot (20)

Container Monitoring with Sysdig
Container Monitoring with SysdigContainer Monitoring with Sysdig
Container Monitoring with Sysdig
 
Project Atomic-Nulecule
Project Atomic-NuleculeProject Atomic-Nulecule
Project Atomic-Nulecule
 
Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015Containerize everything - Wildcardconf 2015
Containerize everything - Wildcardconf 2015
 
Your (container) secret's safe with me
Your (container) secret's safe with me Your (container) secret's safe with me
Your (container) secret's safe with me
 
London Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using ConsulLondon Hug 20/6 - Clustering RabbitMQ using Consul
London Hug 20/6 - Clustering RabbitMQ using Consul
 
Your secret's safe with me
Your secret's safe with meYour secret's safe with me
Your secret's safe with me
 
Docker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBMDocker Multi Host Networking, Rachit Arora, IBM
Docker Multi Host Networking, Rachit Arora, IBM
 
Container secrets talk from DevSecCon
Container secrets talk from DevSecConContainer secrets talk from DevSecCon
Container secrets talk from DevSecCon
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
How choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development timeHow choosing the Raft consensus algorithm saved us 3 months of development time
How choosing the Raft consensus algorithm saved us 3 months of development time
 
Jenkins as Code
Jenkins as CodeJenkins as Code
Jenkins as Code
 
Istio Playground
Istio PlaygroundIstio Playground
Istio Playground
 
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
Testing applications with traffic control in containers / Alban Crequy (Kinvolk)
 
Breaking the RpiDocker challenge
Breaking the RpiDocker challenge Breaking the RpiDocker challenge
Breaking the RpiDocker challenge
 
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
Mobycraft:Docker in 8-bit (Meetup at Docker HQ 4/7)
 
Securing Network Access with Open Source solutions
Securing Network Access with Open Source solutionsSecuring Network Access with Open Source solutions
Securing Network Access with Open Source solutions
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
 
Practical CNI
Practical CNIPractical CNI
Practical CNI
 
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache StratosContainers in production with Docker, CoreOS, Kubernetes and Apache Stratos
Containers in production with Docker, CoreOS, Kubernetes and Apache Stratos
 
ZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processesZooKeeper - wait free protocol for coordinating processes
ZooKeeper - wait free protocol for coordinating processes
 

Viewers also liked

LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperE Hacking
 
Reversing and Malware Analysis
Reversing and Malware Analysis Reversing and Malware Analysis
Reversing and Malware Analysis E Hacking
 
Android System Architecture And  Pen-testing of Android applications
Android System Architecture And  Pen-testing of Android applications Android System Architecture And  Pen-testing of Android applications
Android System Architecture And  Pen-testing of Android applications yavuzwb
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationzeroSteiner
 
Metasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeMetasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeE Hacking
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android ApplicationsCláudio André
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basicsOWASPKerala
 
The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3hannob
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security TestingNutan Kumar Panda
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
Automated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAutomated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAbhijeth D
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...Ajin Abraham
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Ajin Abraham
 

Viewers also liked (20)

LDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections PaperLDAP Injections & Blind LDAP Injections Paper
LDAP Injections & Blind LDAP Injections Paper
 
Reversing and Malware Analysis
Reversing and Malware Analysis Reversing and Malware Analysis
Reversing and Malware Analysis
 
Brisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_ReportBrisk_Sample_Website_Pentest_Report
Brisk_Sample_Website_Pentest_Report
 
Android System Architecture And  Pen-testing of Android applications
Android System Architecture And  Pen-testing of Android applications Android System Architecture And  Pen-testing of Android applications
Android System Architecture And  Pen-testing of Android applications
 
Pentest trends 2017
Pentest trends 2017Pentest trends 2017
Pentest trends 2017
 
Metasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel ExploitationMetasploit & Windows Kernel Exploitation
Metasploit & Windows Kernel Exploitation
 
Metasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning TreeMetasploit - The Exploit Learning Tree
Metasploit - The Exploit Learning Tree
 
Pentesting Android Applications
Pentesting Android ApplicationsPentesting Android Applications
Pentesting Android Applications
 
Android pen test basics
Android pen test basicsAndroid pen test basics
Android pen test basics
 
The Fuzzing Project - 32C3
The Fuzzing Project - 32C3The Fuzzing Project - 32C3
The Fuzzing Project - 32C3
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Andriod Pentesting and Malware Analysis
Andriod Pentesting and Malware AnalysisAndriod Pentesting and Malware Analysis
Andriod Pentesting and Malware Analysis
 
Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0Pentesting RESTful WebServices v1.0
Pentesting RESTful WebServices v1.0
 
Rapid Android Application Security Testing
Rapid Android Application Security TestingRapid Android Application Security Testing
Rapid Android Application Security Testing
 
JSON Injection
JSON InjectionJSON Injection
JSON Injection
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration Testing
 
Automated API pentesting using fuzzapi
Automated API pentesting using fuzzapiAutomated API pentesting using fuzzapi
Automated API pentesting using fuzzapi
 
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
G4H Webcast: Automated Security Analysis of Mobile Applications with Mobile S...
 
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...Automated Security Analysis of Android & iOS Applications with Mobile Securit...
Automated Security Analysis of Android & iOS Applications with Mobile Securit...
 

Similar to BRISK_Network_Pentest_

A fun cup of joe with open liberty
A fun cup of joe with open libertyA fun cup of joe with open liberty
A fun cup of joe with open libertyAndy Mauer
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 RecapLee Calcote
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Projectwajrcs
 
Final_Report_new (1)
Final_Report_new (1)Final_Report_new (1)
Final_Report_new (1)Adarsh Burma
 
Lessons learned and challenges faced while running Kubernetes at Scale
Lessons learned and challenges faced while running Kubernetes at ScaleLessons learned and challenges faced while running Kubernetes at Scale
Lessons learned and challenges faced while running Kubernetes at ScaleSidhartha Mani
 
Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engFFRI, Inc.
 
From CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CIFrom CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CIDenis Izmaylov
 
OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)JeSam Kim
 
"Wix Serverless from inside", Mykola Borozdin
"Wix Serverless from inside", Mykola Borozdin"Wix Serverless from inside", Mykola Borozdin
"Wix Serverless from inside", Mykola BorozdinFwdays
 
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless PodmanAkihiro Suda
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with AnsibleBas Meijer
 
Network programming blown up syllabus
Network programming blown up syllabusNetwork programming blown up syllabus
Network programming blown up syllabusVinay Kumar C
 
Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...DataWorks Summit
 
LibOS as a regression test framework for Linux networking #netdev1.1
LibOS as a regression test framework for Linux networking #netdev1.1LibOS as a regression test framework for Linux networking #netdev1.1
LibOS as a regression test framework for Linux networking #netdev1.1Hajime Tazaki
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...LinuxCon ContainerCon CloudOpen China
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerunidsecconf
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikEdgar Espina
 

Similar to BRISK_Network_Pentest_ (20)

A fun cup of joe with open liberty
A fun cup of joe with open libertyA fun cup of joe with open liberty
A fun cup of joe with open liberty
 
Dockercon 16 Recap
Dockercon 16 RecapDockercon 16 Recap
Dockercon 16 Recap
 
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example ProjectMastering Kubernetes - Basics and Advanced Concepts using Example Project
Mastering Kubernetes - Basics and Advanced Concepts using Example Project
 
Final_Report_new (1)
Final_Report_new (1)Final_Report_new (1)
Final_Report_new (1)
 
Lessons learned and challenges faced while running Kubernetes at Scale
Lessons learned and challenges faced while running Kubernetes at ScaleLessons learned and challenges faced while running Kubernetes at Scale
Lessons learned and challenges faced while running Kubernetes at Scale
 
Mr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_engMr201309 automated on-execute_test_using_virtual_box_eng
Mr201309 automated on-execute_test_using_virtual_box_eng
 
From CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CIFrom CoreOS to Kubernetes and Concourse CI
From CoreOS to Kubernetes and Concourse CI
 
OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)OpenStack hands-on (All-in-One)
OpenStack hands-on (All-in-One)
 
"Wix Serverless from inside", Mykola Borozdin
"Wix Serverless from inside", Mykola Borozdin"Wix Serverless from inside", Mykola Borozdin
"Wix Serverless from inside", Mykola Borozdin
 
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016
CI Provisioning with OpenStack - Gidi Samuels - OpenStack Day Israel 2016
 
[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman[Podman Special Event] Kubernetes in Rootless Podman
[Podman Special Event] Kubernetes in Rootless Podman
 
docker build with Ansible
docker build with Ansibledocker build with Ansible
docker build with Ansible
 
Network programming blown up syllabus
Network programming blown up syllabusNetwork programming blown up syllabus
Network programming blown up syllabus
 
Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1Mastering VMware Datacenter Part-1
Mastering VMware Datacenter Part-1
 
Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...Why Kubernetes as a container orchestrator is a right choice for running spar...
Why Kubernetes as a container orchestrator is a right choice for running spar...
 
LibOS as a regression test framework for Linux networking #netdev1.1
LibOS as a regression test framework for Linux networking #netdev1.1LibOS as a regression test framework for Linux networking #netdev1.1
LibOS as a regression test framework for Linux networking #netdev1.1
 
Neutron CI Run on Docker
Neutron CI Run on DockerNeutron CI Run on Docker
Neutron CI Run on Docker
 
See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...See what happened with real time kvm when building real time cloud pezhang@re...
See what happened with real time kvm when building real time cloud pezhang@re...
 
Linux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - WonokaerunLinux kernel-rootkit-dev - Wonokaerun
Linux kernel-rootkit-dev - Wonokaerun
 
Apache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip HanikApache Tomcat 7 by Filip Hanik
Apache Tomcat 7 by Filip Hanik
 

BRISK_Network_Pentest_

  • 1. 1 1BRISK NETWORK PENETRATION TESTER BRISK NETWORK PENETRATION TESTER Duration - 45 Hours Cost - INR 35000/- Only SYLLABUS: 1. Kali Linux Basics 2. The Bash Environment 3. Netcat the Almighty 4. Using Wireshark 5. ARP Spoofing 6. Buffer Overflow Exploitation 7. Working With Exploits 8. Transferring Files 9. Exploit frameworks 10.Client Side Attacks 11.Port Fun 12.Password Attacks 13. Review BRISK NETWORK PENETRATION TESTER-SYLLABUS 1. Module 1 - Kali Linux Basics 1.1 Finding your way around Kali Linux 1.1.1 Exercise 1.2 Kali Linux Services 1.2.1 DHCP 1.2.2 Static IP assignment 1.2.3 SSHD 1.2.4 Apache 1.2.5 FTP 1.2.6 TFTPD 1.2.7 VNC Server 1.2.8 Additional Resources 1.2.9 Exercise
  • 2. 2 2BRISK NETWORK PENETRATION TESTER-Syllabus 2. The Bash Environment 2.1 Simple Bash Scripting 2.2 Sample Exercise 2.3 Sample Solution 2.4 Additional Resources 2.5 Exercise 3. Netcat the Almighty 3.1 Connecting to a TCP/UDP port with Netcat 3.2 Listening on a TCP/UDP port with Netcat 3.3 Transferring files with Netcat 34 Remote Administration with Netcat 35 Exercise 4. Using Wireshark 4.1 Peeking at a Sniffer 4.2 Capture and Display filters 4.3 Following TCP Streamsvice Enumeration 4.4 Nmap Scripting Engine 4.5 PBNJ 4.6 Unicornscan 4.7 Exercise 5. Module 5- ARP Spoofing 5.1 The Theory 5.2 Doing it the hard way 5.3 Ettercap 6. Module 6- Buffer Overflow Exploitation 6.1 Looking for Bugs 6.2 Fuzzing 6.3 Exploiting Windows Buffer Overflows 6.3.1 Replicating the Crash 6.3.2 Controlling EIP 6.3.3 Locating Space for our Shellcode 6.3.4 Redirecting the execution flow 6.3.5 Finding a return address
  • 3. 3 3BRISK NETWORK PENETRATION TESTER-Syllabus 6.3.6 Basic shellcode creation 6.3.7 Getting our shell 6.3.8 Exercise 6.4 Exploiting Linux Buffer Overflows 6.4.1 Setting things up 6.4.2 Controlling EIP 6.4.3 Landing the Shell 6.4.4 Avoiding ASLR 7. Module 7- Working With Exploits 7.1 Looking for an exploit on BackTrack 7.2 Looking for exploits on the web 8. Module 8- Transferring Files 8.1 The non interactive shell 8.2 Uploading Files 8.2.1 Using TFTP 8.2.2 Using FTP 8.2.3 Inline Transfers 8.3 Exercise 9. Module 9 – Exploit frameworks 9.1 Metasploit 9.2 Interesting Payloads 9.2.1 Meterpreter Payload 9.2.2 Binary Payloads 9.2.3 Other Framework v3.x features 9.2 Core Impact 10. Module 10- Client Side Attacks 10.1 Client side attacks 10.2 CVE-2009-0927 10.3 MS07-017 – From PoC to Shell 10.4 MS06-001 10.5 Client side exploits in action 10.6 Exercise 11. Module 11- Port Fun 11.1 Port Redirection 11.2 SSL Encapsulation - Stunnel
  • 4. 4 4TOOLS 11.3 HTTP CONNECT Tunneling 11.4 ProxyTunnel 11.5 SSH Tunneling 11.6 What about content inspection? 12. Module 12- Password Attacks 12.1 Online Password Attacks 12.2 Hydra 12.2.1 FTP Bruteforce 12.2.2 POP3 Bruteforce 12.2.3 SNMP Bruteforce 12.2.4 Microsoft VPN Bruteforce 12.2.5 Hydra GTK 12.3 Password profiling 12.3.1 CeWL 12.4 Offline Password Attacks 12.4.1 Windows SAM 12.4.2 Windows Hash Dumping – PWDump / FGDump 12.4.3 John the Ripper 12.4.4 Rainbow Tables 12.4.5 “Windows does WHAT????” 12.4.6 Exercise 12.5 Physical Access Attacks 12.5.1. Resetting Microsoft Windows 12.5.2 Resetting a password on a Domain Controller 12.5.3 Resetting Linux Systems 12.5.4 Resetting a Cisco Device TOOLS  Kali Linux tools  Browser based tools