SANS SEC580 – Metasploit Kung Fu for Enterprise Pen Testing

SANS SEC580 – Metasploit Kung Fu for Enterprise Pen Testing
English | Size: 778.85 MB
Category: Tutorial

Many enterprises today face regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments. Commercial tools and services for performing such tests can be expensive. While really solid free tools such as metasploit, are available, many testers do not understand the comprehensive feature sets of such tools and how to apply them in a professional-grade testing methodology. metasploit was designed to help testers with confirming vulnerabilities using an Open Source and easy-to-use framework. This course will help students get the most out of this free tool.

This class will show students how to apply the incredible capabilities of the metasploit framework in a comprehensive penetration testing and vulnerability assessment regimen, according to a thorough methodology for performing effective tests. Students who complete the course will have a firm understanding of how metasploit can fit into their penetration testing and day-to-day assessment activities. The course will provide an in-depth understanding of the metasploit framework far beyond simply showing attendees how to exploit a remote system. The class will cover exploitation, post-exploitation reconnaissance, token manipulation, spear-phishing attacks, and the rich feature set of the Meterpreter, a customized shell environment specially created for exploiting and analyzing security flaws.

The course will also cover many of the pitfalls that a tester may encounter when using the metasploit framework and how to avoid or work around them, making tests more efficient and safe.

SEC580.1: metasploit Kung Fu for Enterprise Pen Testing: Day 1
Day 1 of SANS Security 580: metasploit Kung Fu for PenetrationTesters is designed to help attendees master the most heavily used exploitation framework on the planet and see how they can wield it effectively in professional penetration testing. We analyze some of the most powerful and yet often overlooked capabilities of the framework with numerous exercises that make this class one of the most hands-on courses ever developed by SANS.

In SEC580.1, you will go from zero to exploit and beyond faster than you ever thought possible. For example, after this day of class, you will understand the Ruby foundations of metasploit and how interacting with these underpinnings will greatly optimize and enhance your testing activities. Further, you will understand how far you can extend your exploitation activities through the effective use of some of the late-breaking features of the amazing Meterpreter. Finally, have you ever wondered how you can compromise an entire Domain from simple Windows system access? After this day you will know exactly how to achieve this kind of result. After all, shell is only the beginning.

Topics

A Guided Overview of metasploit’s Architecture and Components
A Deep Dive into the Msfconsole Interface, including Logging and Session Manipulation
Careful and Effective Exploitation
The Ultimate Payload: The metasploit Meterpreter In Depth
Merciless Pivoting: Routing Through Exploited Systems
metasploit Sniffing on Exploited Systems
Windows Process Token Manipulation for Fun and Profit
metasploit’s Integration into a Professional Testing Methodology
Automation with Meterpreter scripts to Achieve More in Less Time with Consistency
It’s Not All Exploits – Using metasploit as a Recon Tool
Port and Vulnerability Scanning with metasploit, Including Integration with Nmap,
Nessus, and Qualys
Wielding metasploit Databases for Analysis and Ownage
Integrating Db_autopwn Functionality in Safe and Effective Penetration Testing

SEC580.2: metasploit Kung Fu for Enterprise Pen Testing: Day 2

In SANS Security 580.2, we build upon the deep foundations of Day 1 to see how metasploit can be used within a penetration tester’s ecosystem of tools and techniques to attack systems in new and creative ways. We’ll analyze the activities of the most effective bad guys to see how they target enterprises via complex and often non-traditional attack vectors so that we can model their behaviors in our penetration testing processes. Client-side attacks launched via email, phishing, and document payload attacks are currently some of the most heavily used attack vectors by the bad guys. They use these techniques because they almost always work. The course shows penetration testers how to wield such attacks with the goal of determining the business implications of vulnerabilities, all with the goal of improving the target organization’s security stance.

We’ll also cover how metasploit can effectively integrate with tools like NeXpose, Nmap, and Nessus to manage large scan results to find exactly which system(s) you wish to exploit. We also cover how metasploit can become a main component of your wireless penetration testing regimen and how metasploit can be used to attack databases and web applications.

Topics

metasploit Integration with Other Tools
Client-Side Exploitation
Automating Client-Side Attacks with Browser_autopwn
Using metasploit to Model Malware Attacks via Msfpayload
Dodging Detection Like the Bad Guys with Msfencode
Ultra Stealthy Techniques for Bypassing Anti-Virus Tools
Making the Most of Windows Payloads
Effective Tips and Tricks for Launching Unix Payload Attacks
Adobe, Microsoft, and Java… Oh My… Attacking via File Format Exploits
Exploiting the Soft Underbelly of Most Organizations through the Social Engineering Toolkit
Evading Countermeasures to Mimic Sophisticated Attackers
scripting Up the Meterpreter to Customize Your Own Attacks
Attacking Target Databases to Demonstrate Business Risk Effectively
metasploit’s Myriad of Wireless Features for Attacking Access Points and Clients
metasploit and the Web: Integration and Astonishing Automation via metasploit, MySQL, and More!

General : SANS SEC580 – metasploit Kung Fu for Enterprise Pen Testing\1.mp4
Format : MPEG-4 at 244 kb/s
Length : 264 MiB for 2 h 30 min 53 s 276 ms

Video #0 : AVC at 200 kb/s
Aspect : 1280 x 720 (1.778) at 30.000 fps

Audio #0 : AAC at 41.2 kb/s
Infos : 2 channels, 44.1 kHz
Language : en

General : SANS SEC580 – metasploit Kung Fu for Enterprise Pen Testing\2.mp4
Format : MPEG-4 at 265 kb/s
Length : 69.2 MiB for 36 min 29 s 497 ms

Video #0 : AVC at 204 kb/s
Aspect : 1280 x 720 (1.778) at 30.000 fps

Audio #0 : AAC at 41.5 kb/s
Infos : 2 channels, 44.1 kHz
Language : en

General : SANS SEC580 – metasploit Kung Fu for Enterprise Pen Testing\3.mp4
Format : MPEG-4 at 205 kb/s
Length : 113 MiB for 1 h 17 min 5 s 149 ms

Video #0 : AVC at 166 kb/s
Aspect : 1280 x 720 (1.778) at 30.000 fps

Audio #0 : AAC at 36.3 kb/s
Infos : 2 channels, 44.1 kHz
Language : en

General : SANS SEC580 – metasploit Kung Fu for Enterprise Pen Testing\4.mp4
Format : MPEG-4 at 181 kb/s
Length : 207 MiB for 2 h 39 min 48 s 286 ms

Video #0 : AVC at 137 kb/s
Aspect : 1280 x 720 (1.778) at 30.000 fps

Audio #0 : AAC at 27.9 kb/s
Infos : 2 channels, 44.1 kHz
Language : en

General : SANS SEC580 – metasploit Kung Fu for Enterprise Pen Testing\5.mp4
Format : MPEG-4 at 186 kb/s
Length : 54.0 MiB for 40 min 40 s 667 ms

Video #0 : AVC at 138 kb/s
Aspect : 1280 x 720 (1.778) at 30.000 fps

Audio #0 : AAC at 31.6 kb/s
Infos : 2 channels, 44.1 kHz
Language : en

About WoW Team

I’m WoW Team , I love to share all the video tutorials. If you have a video tutorial, please send me, I’ll post on my website. Because knowledge is not limited to, irrespective of qualifications, people join hands to help me.