Advanced Penetration Testing with Kali Linux

Preface

Beginning with Advanced Pen Testing

• Fundamentals of VAPT
• Advanced penetration testing techniques and strategies
• Business and compliance requirements for VAPT
• Industrial approach and methodology in VAPT
• Security audit standards and frameworks: Best practices
• Pre-engagement interaction with customers
• Designing the Scope of Work for security audits
• Project planning and governance in VAPT
• Delivery and customer success tactics in VAPT
• Conclusion

Setting up the VAPT Lab

• Initiating with Kali Linux
• Establishing the virtualization landscape
• Deploying Kali Linux 2023.2
• Arranging network services
• Enabling ProxyChains
• Personalizing Kali Linux
• Refreshing Kali Linux
• Enabling third-party VAPT tools
• Setting up vulnerable machines and applications
• Conclusion

Active and Passive Reconnaissance Tactics

• Introduction
• What is reconnaissance
• Passive reconnaissance tools and tactics
• Active reconnaissance tools and tactics
• Additional resources for reconnaissance
• Conclusion

Vulnerability Assessment and Management

• Introduction
• Overview of vulnerability assessment
• Vulnerability nomenclature
• Vulnerability management life cycle
• Vulnerability assessment
• Vulnerability management
• Application security
• Conclusion

Exploiting Computer Network

• Introduction
• Understanding network pen testing
• Introduction to Metasploit
• Metasploit database and workspace management
• Integrating NMAP scans with Metasploit
• Metasploit automation
• Starting with auxiliary and exploits
• Manual exploitation
• Exploitation using Armitage
• Conclusion

Exploiting Web Application

• Introduction
• What is web application pen testing
• Web application pen testing threat modeling
• Web application pen testing mind map
• Detecting web app firewalls and load balancers
• Exploiting application-specific vulnerabilities
• Business logic flaws
• Conclusion

Exploiting Wireless Network

• Introduction
• Introduction to wireless pentesting
• Wireless network fundamentals
• Wireless security threats and standards
• Wireless pen testing methodology
• Wireless pen testing tools
• Configuring Kali Linux for wireless pentesting
• Wireless network exploitation techniques
• Advanced wireless attacks
• Conclusion

Hash Cracking and Post Exploitation

• Exploring hash functions
• Mastering password hashing
• Unleashing hash cracking techniques
• Empowering hash cracking arsenal
• Difference between hashing, encryption and encoding
• Post exploitation and lateral movement
• Privilege escalation techniques
• Exploring network pivoting
• Persistence and lateral movement
• Unleashing the power of Mimikatz in meterpreter
• Conclusion

Bypass Security Controls

• Introduction
• Significance of bypassing security controls
• Advancements in security controls
• Security control bypass in network recon
• Outsmarting Windows Defender
• Antivirus evasion techniques and tools
• Cutting-edge WAF evasion tactics
• Evolving social engineering tactics
• Conclusion

Revolutionary Approaches to Report Writing

• Introduction
• Overview of report writing
• Components of well-crafted reports
• Risk assessment and prioritization
• Utilizing CVSS scores
• Types of cybersecurity assessment reports
• Examples of detailed reports
• Automated vulnerability management with DefectDojo
• Conclusion

lesson10

lesson1