DAY 1 – INFORMATION GATHERING The mindset of a penetration tester. Types of penetration tests. Limitations of penetration testing. How to create a testing infrastructure. Defining rules of engagement and scoping a project. Reporting A pen tester's tool chest of information gathering resources. Types of scans - Network sweeps, network tracing, port scans, OS fingerprinting, version scans, and vulnerability scans. Network mapping. Port scanning OS Fingerprinting. Vulnerability Scanning.
DAY 2 – GAINING ACCESS Exploit categories - server-side, client-side, and local privilege escalation Metasploit Framework The Metepreter Exploit without Metasploit Backdooring Transferring file techniques Windows commandline for penetration tester Password attack Password Guessing with Hydra Knowing password format in Windows and Linux Dumping Windows Hash Offline password attack with John the Ripper Cain Rainbow table attacks using Ophcrack Pass-the-hash attacks
DAY 4 – WEB APPLICATION ATTACK Web application scanning and exploitation tools Web application manipulation tools Injection attacks Building a wireless pentest platform Identifying unsecured access points and peer-to-peer systems Identifying wireless misconfigurations Exploiting various wireless protocols
DAY 5 - MOBILE ATTACK Mobile Platform Attack Vectors Hacking Android OS Hacking iOS Mobile Device Security ManagementGuidelines and Tools Mobile Pen Testing