Penetration Testing Fundamentals
Published by O'Reilly Media, Inc.
How to Get Paid to Hack for a Living + AI
Penetration testing is sometimes called hacking with permission. We do what evil people do before they do it to our organization so our defenders can fix the flaws before the real evil people attempt to break in. The difference between us and them is we must test every way in, they only need one way in.
In this course, expert Dean Bushmiller will teach you the necessary skills, abilities, tasks, and knowledge required to perform a penetration test including target building, scanning, and vulnerability analysis, social engineering. You will use Kali linux, nmap, metasploit, and metasploitable3 as well as perform a social engineering exercise. Throughout the course, Dean will cover the most up-to-date technological developments including AI.
This course delivers components of NICCSs knowledge, skills, and abilities for the work role of Vulnerability Assessment Analyst and prepares you for the future of cybersecurity.
What you’ll learn and how you can apply it
- How to maintain your own pentesting lab environment
- Which tools, operating systems, and virtualization you need to succeed
- Which of the 38 penetration testing certifications you want and how to get it
- The 5 technical phases of penetration testing
- How to keep your job and stay out of jail as a tester
And you’ll be able to:
- Perform a penetration test
- Build foundational skills in penetration testing
- Understand what it takes to do the job of an ethical hacker
This live event is for you because...
- You are interested in becoming a Vulnerability Assessment Analyst, Penetration Tester, Blue Team Technician, Computer Network Defense Auditor, Ethical Hacker, Red Team Technician, Risk Assessment Engineer, or Risk Assessor
- You work with vulnerability scanners and want to upskill
- You are new to the field of cyber security and looking to improve your skills with core tools
Prerequisites
- Learners must have a basic understanding of cybersecurity and networking concepts
- Learners are strongly encouraged to setup their lab before class starts (see recommended preparation below)
Recommended preparation:
- Read the instructor’s github page
- Watch technical setup video posted 72 hours before class on github page
- Students must have the ability to install software on the local machine if they wish to do the labs.
- Download PDFs from github page
- Review Playlist: _ Vulnerability Assessment Analyst & Pentester By Dean Bushmiller_
Recommended follow-up:
- Take CISSP 8 Domains (video course)
- Take Certified Ethical Hacker v11 Video Series with Lab Recordings (video course)
Related Live Online Trainings
Take these live online training by Dean Bushmiller after this live training:
- Take CISSP Bootcamp (live online training)
- Take Certified Ethical Hacker v11 Video Series with Lab Recordings (video course)
Related Certification
CEH, Pentest+, CEPT, CHA, CHAT, CISST, CMWAPT, CPT, CREST CCSAS, CREST CCT, CREST CRT, CREST CSAM, CREST CWAT, CRTOP, eCPPT, eCPTX, EEHF, eJPT, eMAPT, eWPT, eWPTX, GCPEH, GCPT, KLCP, LPT, OPST, OSCP, OSEE, OSEP, OSWE, OSWP, PA CRTE, PA CRTP, PACES, S-EHF, S-EHP, SSEP, GASF, GAWN, GPEN, GEVA, GXPN, GWAPT
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Getting Started (15 minutes)
- Presentation: Class Intro
- Exercise: Reconnaissance of Dean
- Exercise: Getting to resources, starting lab machines or watching
- Exercise: Career and Skills survey
- Discussion: Why do you want this job?
- Presentation: Measure your results for Reconnaissance of Dean
- Q&A
Careers in Vulnerability Assessment Analyst and the 38 Certifications (15 minutes)
- Presentation: Work role, Job titles, Certifications, Resume building
- Exercise: Reconnaissance of Expandingsecurity.com
- Discussion: Horizontal changing jobs but your boss says no
- Exercise: Choosing your current path
- Presentation: 38 penetration testing certifications
- Q&A
- Break (5m)
Stating lab environment (15 minutes)
- Presentation: The lab setup
- Exercise: Starting Metasploitable3 & Kali
- Q&A
- Break (5m)
Targets (30 minutes)
- Exercise: Reconnaissance of Metasploitable3
- Presentation: Metasploitable3
- Discussion: Building other target for the future
- Exercise: Building a new target.
- Q&A
- Break (5m)
Technical process 5 Phases of penetration testing (30 minutes)
- Exercise: Reconnaissance of expsec.us
- Presentation: What we do / What bad people do
- Discussion: Tools mapped to phases
- Exercise: OSINT, Discovery, Reconnaissance
- Exercise: Collect your data for reporting
- Q&A
- Break (5m)
Documentation & Skill building (30 minutes)
- Exercise: Building a worksheet from the template
- Presentation: Mapping Testing Report to Scope
- Discussion: Template additions
- Exercise: Recon data collection
- Presentation: Mapping sheets to skills to phases
- Discussion: Template progression
- Q&A
- Break (5m)
Phishing of Passwords (30 minutes)
- Exercise: Collect default passwords & phishing live accounts
- Presentation: Main site, secondary sites, in and out of scope
- Discussion: When is it too invasive
- Exercise: building social media profiles for testing
- Q&A
- Break (5m)
Scanning (30 minutes)
- Exercise: scan yourself from the outside
- Presentation: What are you really looking for in scan & Why do you do it more than once.
- Discussion: What can you use? What should you use?
- Exercise: nmap, nmap inside metasploit
- Exercise: Collect your data for reporting
- Q&A
- Break (5m)
Vulnerability Analysis (30 minutes)
- Exercise: Using CVE data in your reporting
- Presentation: Scan results
- Discussion: Zero day, 1 day, Nth day
- Exercise: Reporting of Vulnerabilities in business way
- Q&A
- Break (5m)
Exploitation (30 minutes)
- Exercise: Labs after class
- Presentation: Metasploit basics and beyond
- Discussion: Escalation of Privilege
- Exercise: metasploit
- Exercise: Collect your data for reporting
- Q&A
- Break (5m)
Real Social Engineering (30 minutes)
- Presentation: Success and failure
- Discussion: Rules of getting Dean’s secret phone number
- Exercise: After class research your targets & 1 attempt
- Discussion: Issues with SET and your lab
- Q&A
- Break (5m)
Next steps (15 minutes)
- Presentation: Next steps
- Exercise: Confirming your certification and career objectives
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller is a virtual CISO, a penetration tester, and a global incident responder. His work with the Z9M9Z think tank impacts many Fortune 500 companies. As an instructor, he won O’Reilly’s Engager Award for 2023, so be ready to learn and have fun. He’s been teaching cybersecurity since 1999 and has achieved more than 34 major cybersecurity certifications and passed over 100 certification exams. Though Dean is nonmilitary, he has had the honor to train the US military since 1999. In recognition of his outstanding service in the Information Assurance field, he has received eight mission coins.