This course will cover all of the fundamental aspects of the Metasploit framework, tying a subset of the phases of the penetration testing execution standard (PTES) methodology to the course structure. These will be specific information gathering, vulnerability assessment, exploitation and post-exploitation.
The course also goes beyond the basics by dealing with social engineering, privilege escalation, antivirus evasion, persistent backdoors, trojanizing executable files, remote desktop, web penetration testing, port forwarded reverse shells, the Beef-XSS Framework, event log management.
To follow this course you will need to be confident using generic software programs, know the basics of the Linux command line and a little of system administration.
If something isn't clear or doesn't work on your system you can always hit me up and we'll solve the problem. Concerning hardware requirements: a host machine with at least 8 GB of RAM with a moderately fast processor, 70 GB of hard-drive space for the vulnerable virtual machine and other 30GB for the Kali VM is a good setup to have, but not mandatory: you can also alternatively install the vulnerable machine on another pc in your home network and work with Kali on your main machine.
The course is laid out in 7 main sections:
- Section 1: setup of our environment and will introduce you to the Penetration Testing Execution Standard (PTES), which is a state of art methodology to carry out a penetration test. Other Metasploit variants like the Metasploit framework on Windows, the Metasploit community edition and Armitage will be covered.
- Section 2: fundamental commands of Metasploit and how it works, how to automate repetitive tasks, how to run exploits and Metasploit modules.
- Section 3: information gathering on the target machine with nmap and the other tools available in Metasploit to check which services are installed and effectively map the the attack surface.
- Section 4: vulnerability assessment. We'll check which of the services fingerprinted are likely to be vulnerable. We'll learn how to install the Nessus vulnerability scanner and integrate it with Metasploit to populate its workspace.
- Section 5: finally exploit seven services using Metasploit exclusively, web penetration testing will also be covered.
- Section 6: exploiting services via Social Engineering. We'll mainly create vectors for Social Engineering engagements, which are unsuspecting payloads for the victim to execute on their machine to obtain remote command execution. We'll create trojanized files, we'll greatly lower the antivirus detection rate and we'll use the Beef-XSS Framework together with Metasploit to deliver more complex attacks.
- Section 7: monitoring the user on his machine, logging his keyboard activity, performing privilege escalation, generating persistent backdoors and log management.
- Section 8: the course outro.
Who should take this course?
- Anyone interested in penetration testing who would like to learn the Metasploit Framework inside out and learn how it can be integrated with other pen-testing tools.
Goals
What will students achieve or be able to do after taking your course?
- You will have a solid understanding of the Metasploit framework and how to work around its limitations.
- You'll also have the right frame of mind to carry out penetration tests efficiently and effectively.
Prerequisites
What knowledge & tools are required?
- You should know the basic commands of the Linux command line and a little bit of system administration.
- A 64-bit PC with 8 GB or RAM and 140GB of free hard drive space, at least an i3 core processor. Alternatively, you could install the vulnerable virtual machine on another PC in your home network and use Kali on your main PC with a lightweight desktop environment like XFCE.
