Penetration Testing - Basics

This seminar gives a comprehensive introduction to penetration testing of IT systems, networks and IT infrastructures.

Future penetration testers learn the basics of information security and the methods of penetration testing using powerful tools. General principles, best practices and different attack techniques are presented. In practical exercises, the participants carry out attacks themselves and compromise vulnerable services provided by our modern training environment.

The training includes a variety of practical exercises for which our convenient mobile training environment is used. The participants learn to understand the vulnerabilities by solving tasks at different difficulty levels before discussing them in the group.

The participants are encouraged to use their own laptop with their own preferred working environment and don’t have to adapt to the training environment. The use of a suitable pentest environment, such as Kali Linux or Blackarch, is recommended but not required.

All contents can be adapted specifically to your needs!

Content

  • Basics of information security
    • Protection targets, identification and authentication models
    • Attacker models
    • Important terms (Threat, Vulnerability, Risk, Controls, …)
    • General procedure of penetration tests
  • Information gathering / reconaissance
    • OSI/ISO model, TCP/IP model
    • Netcat, Wireshark
    • Ettercap, Arp spoofing, SSL MitM
    • Intercepting mobile device traffic
    • Nmap, Banner grabbing
    • DNS reconnaissance (forward lookup, reverse lookup)
    • Network architectures, packet filters, firewalls, IDS/IPS
    • Filetransfer, port redirection, stunnel
  • Exploitation
    • Buffer overflows, server-side, client-side
    • Exploitdb, metasploit
    • Privilege escalation
    • Trajan horse, antivirus bypass
    • Online password attacks (SMTP, SSH, HTML)
    • Side channel attacks, anti automation
  • Cryptography
    • Symmetric vs. asymmetric cryptography,
    • Hash algorithm, password storage
    • Public Key Infrastructure (PKI)
    • SSL/TLS
    • Audit (openssl, sslscan, o-saft)
    • offline brute-force (john, ophcrack)

Target Audience

  • Pentester

Duration

2 to 5 days

Prerequisites

none

Trainer

Basic training in Penetration TestingDr. Benjamin Kellermann
Experienced penetration tester and IT security consultant

Our training courses are aimed at companies and organisations. A training course can be economical with just three or more participants. The trainings take place at your premises or is organised by us in your desired environment.

You might also be interested in these trainings:

all trainings
Mirko Richter

Your Contact:

Mirko Richter

Tel.: +49 (351) 465 662-886
mirko.richter@mgm-sp.com

Wenn Sie auf der Seite weitersurfen, stimmen Sie der Cookie-Nutzung zu.
If you continue to visit the site, you agree to the use of cookies.
Privacy Policy / Cookie Policy

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close