The following labs employ an ethical hacking methodology to introduce the learner to various techniques and tools to include, but not limited to: reconnaissance, scanning, enumeration, exploitation, and post-exploitation:

  1. Performing Reconnaissance from the WAN
  2. Scanning the Network on the LAN
  3. Enumeration Hosts using Wireshark, Windows, and Linux Commands
  4. Remote and Local Exploitation
  5. Crafting and Deploying Malware Using a Remote Access Trojan (RAT)
  6. Capturing and Analyzing Network Traffic Using a Sniffer
  7. Social Engineering Using SET
  8. Performing a Denial of Service Attack from the WAN
  9. Using Browser Exploitation to Take Over a Host’s Computer
  10. Attacking Webservers from the WAN
  11. Exploiting a Vulnerable Web Application
  12. Performing SQL Injection to Manipulate Tables in a Database
  13. Breaking WEP and WPA and Decrypting the Traffic
  14. Attacking the Firewall and Stealing Data over and Encrypted Channel
  15. Using Public Key Encryption to Secure Messages

Additional Lab Exercises

  1. Provisioning a Web Server
  2. Exploring the HTML
  3. Provisioning a MySQL Database
  4. Provisioning PHP
  5. Dissecting the Login Process
  6. SQL Injections (SQLi)
  7. SQLi Vulnerability and Pentesting Steps
  8. HTML Injections (HTMLi)
  9. HTMLi Vulnerability and Mitigation
  10. Reflected XSS
  11. Reflected XSS Mitigation and URL Encoding
  12. PHP Sessions and Cookies
  13. Additional SCRIPT Elements
  14. Session Stealing (Remote Reflected XSS)
  15. Remote Reflected XSS Mitigation and URL Encoding
  16. Vulnerable Forum
  17. Pentesting the Forum
  18. Session Stealing (Stored XSS)
  19. Command Injection
  20. Stateless Firewall
  21. Abusing a Stateless Firewall
  22. Stateful Firewall
  23. Abusing a Stateful Firewall
  24. IDS, SYSLOG, and NTP
  25. Signature Detection and Alerting an Admin
  26. IPS, SYSLOG, and NTP
  27. Signature Detection and Remote Shells
  28. RemoteShell: Embedding Client-side Code into a Package
  29. Remote Shell Extracting Data
  30. Incident Response