The courses below were all published in 2015 or earlier. While we stand by pubishing them then, we’ve grown so much since. We recognize that these workshops don’t exactly meet our standards, as we understand them today.
All classes are available within our premium membership, and have adjusted CPE awards to reflect their respective contents. If you join, please keep in mind that some of the information inside might be outdated or not relevant. We’ll be adding notes at the beginning of each course to let you know what’s worth checking out in each!
The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
It is high time to learn what you can do knowing the Metasploit Framework. In this course Abdelli will guide you through the installation process on different platforms (Linux, Windows, and Mac OS X), the you will learn how to set up your Own Pen-Testing Lab.
Abdelli will guide you step by step how to create your own Lab which consists of 2 Virtual-Box machines, however you can expand it as much as you like once you get the idea. In the next part you will learn all about main payload types available for Metasploit framework. These include VNC injection, file execution, an interactive shell, command execution, DLL injection, adding a user and the Meterpreter. However, not all payload types are available on every operating system.
When you have a basic knowledge on how to generate payloads and how to use them, we will tell you how can they help with in exploiting remote hosts? And it is time to learn more about exploiting the software & evading the antivirus. Then, you will gain the next superpower: What is Armitage and how to install and configure it to use the MSF database; How to scan and exploit hosts using Armitage GUI.
In this course you will learn how to use an already exploited host as a pivot and get access to other hosts on the same network. Finally, Metasploit provides modules for Post Exploitation activities for a variety of systems. In this section, we will examine how we can use Metasploit to perform Post Exploitation. And now, we are ready to begin writing the report of all hosts we compromised and the existing vulnerabilities. Also, we can make our report more rich with some confidential files, that way we inform the client that the weakest point is the “Customer service” and from there we were able to gain access to all internal machines.
ABDELLI Nassereddine is a professional penetration tester, he specializes in web application security but he also has a very strong knowledge on other forms of penetration testing including networks. He does security researches in his spear time as he always has something in mind to work on. He also worked for several companies like Sucuri inc, Nethemba s.r.o and Defencely.
He can be contacted at pinasro[at]gmail[dot]com or via Linkedin at https://www.linkedin.com/in/abdellinassereddine.
Certificate of completion, no CPE credits
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
Module 1: INTRODUCTION
- Preparation and Requirements
- Linux (Ubuntu)
Module 2: BASIC EXPLOITATION TECHNIQUES
Setting up your Own Pen-Testing Lab
- Installing Metasploitable on Virtual-Box
- Installing Windows XP on Virtual-Box
Module 3: ARMITAGE
Installation (Mac OSX, Linux)
- Utilization of Armitage
- Scanning and Exploitation
Module 4: POST EXPLOITATION
What is Post-Exploitation?
- Pass The Hash (PTH)
Penetration Testing Scenarios