Requested resource is not accessible

DURATION: 18 hours

CPE POINTS: On completion, you get a certificate granting you 18 CPE points. 

SELF-PACED, PRE-RECORDED. 

In client-side exploitation, we take advantage of the weakest link, that is, clients. In this course, we will take a practical approach to learning, and our major targets will be client-side software like web browsers, media players, and e-mail applications. The vulnerabilities in these software are published often, and patches are often not installed quickly. Through attack scenarios, this course will increase your client-side attack skills. 

Who is this course for?

Every stakeholder who is eager to learn:

  • Pentesters and ethical hackers
  • Security admins
  • Security analysts
  • Software developers & testers 
  • Blue, Red, and Purple Teamers

Why NOW?

Also, virtual communications are increasing significantly in the post-covid era, and they will increase a cybersecurity culture as a cyber security practitioner.

Why this course? 

The server side is getting stronger by the day, but the client is still left vulnerable. This course will introduce various client-side exploitation techniques that can be used in a penetration test. 


Course benefits:

What tools will you use? 

  • Virtual Box or parallel
  • Kali Linux (2021.3) or Parrot OS Linux (4.11.2)
  • Metasploitable (version 2 or latest)
  • Different tools and features within Linux
  • For browser attacks, we will be using Firefox Mozilla for demonstrations 
  • For Windows demonstrations, we will use Windows 7 or Windows 10 (depending on which attacks will work best on each) 

What skills will you gain?  

This course includes the most offensive methods and will provide new methods for attacking client targets.

  • Virtual Environment
  • OSINT (open-source intelligence)
  • Penetration Test
  • Backdoors
  • Social Engineering
  • Client-Side Attacks
  • Client Remote Exploitations
  • Proficiency in Metasploit 

Course general information: 

Course format: 

  • Self-paced
  • Pre-recorded
  • Accessible even after you finish the course
  • No preset deadlines
  • Materials are video, labs, and text
  • All videos captioned

What equipment will you need? 

  • Installed Virtual Box with Kali Linux (2021.3) and vulnerable machines (setup instructions will be presented in the course)

What should you know before you join? 

  • This course is very practical, you will learn everything by simulations. Basic pentesting and ethical hacking knowledge will come in handy 

YOUR INSTRUCTOR:  

Krenar Kepuska is a cybersecurity researcher and lecturer who believes in the importance of cybersecurity culture. He is a PhD candidate studying cybersecurity threat management at the University of Montenegro. He has experience with threats and vulnerabilities, frameworks, and standards such as NIST, ISO 27001, COBIT, GDPR, CIS Controls, and tools such as Nmap, Nessus, Wireshark, OpenVAS, Burp Suite, Kali Linux, and Metasploit. He is also an ERASMUS+ alumnus and a FULBRIGHT Research Scholar. Krenar is currently pursuing a PhD internship in New York State.

 

 

 


COURSE SYLLABUS


Module 1

Client-Side Exploitation Attack Scenarios - Part 1

How to become an effective cyber security analyst following this course.

  • Client VS Server Side: Types of Client-Side Attacks, Client-Side Attack Methodology
  • Attack Scenario 1: E-Mails Leading to Malicious Link
  • Metasploit Framework: Exploits, Payloads, Auxiliary/Post/Encoders
  • DEMO - Configuring Apache Server
  • DEMO - Creating Reverse TCP Connection Payloads
  • Attack Scenario 2: E-Mails Leading to Malicious Attachments
  • Attack Scenario 3: Malware Loaded on USB
  • Attack Scenario 4: Credential Harvester Attacks
  • DEMO - Designing Backdoor with SET Tools
  • Practical assignments based on the contents of the module. 

Module 2

Using social engineering for client-side attacks 

To attack client-side applications you often start with social engineering. Once you get a foothold, you can exploit various vulnerabilities in client-side software. In this module, we will focus on that step-by-step process. 

  • Social Engineering
  • Backdoors
  • Client-user attacks and exploits
  • Installing and operating with Veil
  • Veil Payloads
  • Generating backdoor using Veil
  • Listening for incoming connections
  • Hack client with backdoor
  • Backdoor delivery with different methods
  • Protecting client-side from backdoors
  • Maltego
  • Enumerating targets
  • Spoofing (exe) extension with (jpg) and (pdf)
  • Spoofing email
  • BeEF Framework
  • BeEF hooking target using MiTM
  • BeEF gaining full control over client target
  • Detecting Trojans

Module 3

Client-Side Exploitation Attack Scenarios - Part 2

During this module, we will simulate different problems/attacks/weaknesses related with client caching, client cookies, client authentication, client password and sensitive information. To protect from different attacks in the client-side background, we should educate ourselves and increase cyber security awareness.

  • Different types of caching problems
  • Importance of secure cooking
  • Cookie Attacks
  • Cookie processing
  • Simulating different types of vulnerabilities in authentication mechanism
  • Password reset functionality and attacks
  • Different types of sensitive data exposure

Caching

  • Google caching
  • Cacheable HTTPs Responses
  • Credit card data
  • Sensitive data in URL

Cookies

  • Leakage cookies
  • Cookie hijacking
  • XSS via Cookies
  • Remote cookie tampering

Authentication

  • SQL injection
  • Dictionary Attacks
  • HTTPS enforcement
  • Session Regeneration

Passwords

  • Insecure direct object reference
  • Insecure session management
  • Weakness in life cycle of password reset link

Sensitive Data Exposure

  • Insecure error handling
  • Disclosure of sensitive data
  • Leakage cookies with sensitive data

Module 4

 Client Remote Exploitation 

In this module, we will learn the skills and principles of client remote exploitation. Using multiple tools, such as the classic Metasploit, and various techniques, we will learn advanced methods, building on previous modules. 

The main goal of this module is to learn the following: 

  • Metasploit
  • Reconnaissance with Metasploit
  • Exploiting the local/remote target with Metasploit 
  • Armitage

Exercises:

  • Metasploit Utilities (latest version)
  • Reconnaissance with Metasploit 
  • Port Scanning with Metasploit and NMAP
  • Compromising a Windows (version 7) Host with Metasploit 
  • Armitage 
  • Enumerating a Linux Machine 
  • Enumerating with Meterpreter 
  • Escalating Privileges 
  • Bypassing User Access Control 
  • Cracking the Hashes to Gain Access to Other Services 
  • Disabling the Firewall 
  • Killing the Antivirus 
  • Generating a Backdoor with MSFPayload 
  • MSFVenom 
  • Hashing Algorithm
  • Ophcrack 
  • Cracking passwords

Final exam

MCQ Test, checking knowledge from all 4 modules. 


QUESTIONS? 

If you have any questions, please contact our eLearning Manager at [email protected].

Course Reviews

5

5
1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. Get into Metasploit advanced.

    5

    Good Course for Beginners and also Intermediates.

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.