img
img

Course Details!

Details

  1. Home
  2. Details

Master Penetration Testing and Red Teaming
5.0

List Of Diploma Courses

  • Level 1 : Network ,OS and Web preparation course
  • Level 2 : RED Team penetration testing track

What Will I Learn?

  • Network & OSA Basics (network fundamentals – OS Basics)
  • Web Crash course
  • Intro to cyber security
  • Network penetration testing
  • Web penetration testing
  • Mobile penetration testing (android –IOS)

Certificates

  • *Certificate of Attendance from IT-Gate Academy
  • *Certificate from Ain Shams University (optional)

Network &OSA preparation course 40hrs.

  • Intro to networks

  • Network protocols

  • OSI Model

  • Ipv4 &ipv6

  • Switch basic configuration

  • Switching protocols (VLAN – STP – SVI –HSRP –Port security )

  • Switching security and mitigations

  • Routing protocols dynamic & static

  • WAN Technologies

  • Installing & administrating windows server

  • Active directory services (domain controller – containers – OU – Group policy)

WEB programming Crash course 40hrs

  • HTML basics

  • Css basics

  • Js basics

  • Bootstrap

  • Ajex basics

  • PHP Fundamentals

  • SQL basics

Web Applications Penetration Testing 40 hrs.

  • Module 0x01 – Introduction

  • - Web Apps

  • - Web Servers.

  • - HTTP Basics.

  • - Cookies.

  • - Encoding.

  • - WAF.

  • - Web Proxy.

  • - Web Vulnerabilities.

  • - Pentesting Methodology.

  • - History Of Web Application Vulnerabilities


  • Module 0x02 - Enumeration and Recon

  • – Introduction

  • - Scanning & Scanning tools

  • – Nmap

  • – Nikto

  • – Whatweb

  • - Banner Grabbing

  • - Dorks & “Google Hacking”

  • - DNS & DNS Enumeration

  • 1.6.1 – DNSMap

  • 1.6.2 – Fierce

  • - Mapping Attack Surface

  • - Detecting Web Apps

  • - Detecting Web Application Firewall

  • - Detecting Hidden Files

  • - Identifying application entry points

  • - Spidering and crawling

  • - Burp Suite


  • Module 0x03 - Server Side Attacks

  • - SQL Injection

  • 1.2 – introduction

  • 1.3 - Types of databases.

  • 1.4 - Command Crafting Example

  • 1.5 - Blind SQL-Injection

  • 1.6 - Time-Based SQL injection

  • 1.7 – Countermeasures

  • 2.0 - Command injection

  • 2.1 – introduction

  • 2.2 - Command injection: a real-life example.

  • 2.3 - Countermeasures

  • 3.0 - Parameter tampering

  • 3.1 – introduction

  • 3.2 - parameter tampering: a real life example.

  • 3.3 – Countermeasures

  • 4.0 - File inclusion

  • 4.1 - LFi.

  • 4.2 - Directory Traversal.

  • 4.3 - Finding and Exploiting.

  • 4.4 - From Fi to Webshell

  • 5.0 - File Upload.

  • 5.1 - Basics.

  • 5.2 - Unrestricted File Upload.

  • 5.3 - From Upload to Defacement.

  • 5.4 - Exercises & CTF

  • 6.0 - Attack Authentication.

  • 6.1 - Authentication VS. Authorization.

  • 6.2 - Usernames Enumeration.

  • 6.3 - Bruteforcing Attack.

  • 6.4 - Bypassing Authentication.

  • 6.5 - Exercises & CTF

  • 7.0 - DOS Attacks.

  • 8.0 - Sniffing Attacks.

  • 9.0 - Exploitation Techniques.

  • 10.0 - Exercises & CTF


  • Module 0x04 - Client-side attacks

  • - XSS (Cross site scripting)

  • 1.2 - Reflective XSS

  • 1.2.1 - Example: XSS based phishing attacks

  • 1.3 - DOM-Based XSS

  • 1.4 - DOM-Based XSS: A real life example

  • 1.5 – Ramifications

  • 1.5.1 - Session Hijacking

  • 1.6 – Countermeasures

  • - CSRF

  • XSRF (Cross site request forgery)

  • – introduction

  • - Exploiting GET Based CSRF.

  • - Exploiting POST Based CSRF.

  • - CSRF: A real life example

  • – Countermeasures


  • Module 0x05 - Reporting and responsible disclosure

  • – Reporting

  • - Responsible disclosure

  • - Why report a vulnerability?

  • - Bug Bounty programs

  • - Intro to Exploit Platforms

  • - Intro About Exploit Bugs on Metasploit Project

  • - Intro About Exploit Bug on Exploit Pack

  • - Intro to Exploit Platforms

  • - Intro to the Metasploit Project

  • - Intro to Exploit Packs

  • - Bug Bounty & Report creation

  • - About Bug Bounty Programs.

  • - About Programs & How To Earn Bounty

  • - How To Create Bug Report

  • - Final Test & CTF

  • Tools

  • – Hackbar

  • - Plug n’ pwn

  • - Netsparker

  • - WPSCAN

  • - SQLMAP

  • - Live Header

  • - Tamper Data

  • - Meltego

Penetration Testing & Network Testing Course 40 hrs.

  • Module 0x01 - Information Gathering

  • 1.1. Introduction

  • 1.2. OSINT

  • Search Engines

  • 1.2.1. Organization Web Presence

  • 1.2.2. Finding government contracts

  • 1.2.3. Partners and third parties

  • 1.2.4. Job postings

  • 1.2.5. Financial information

  • 1.2.6. Information Harvesting

  • 1.2.6.1. the Harvester

  • 1.2.7. Cached information

  • 1.3. OSINT

  • Social Media

  • 1.3.1. People search and investigation

  • 1.3.2. Real-world information gathering against eLSFoo

  • 1.4. Infrastructure information gathering

  • 1.4.1. Domains

  • 1.4.1.1. DNS Enumeration

  • 1.4.1.2. Ips

  • 1.4.1.3. Bing

  • 1.4.1.4. Netblocks & Ass

  • 1.4.2. Netblocks

  • 1.4.2.1. Live hosts

  • 1.4.2.2. Further DNS

  • 1.4.3. Maltego


  • Module 0x02 – Scanning and Recon

  • 2.1. Introduction

  • 2.1.1. Ports, Protocol, and Services

  • 2.1.2. The Three-Way Handshake

  • 2.1.2.1. Crafting Packets

  • 2.2. Detect Live Hosts and Open Ports

  • 2.2.1. Tools

  • 2.2.1.1. Nmap

  • 2.2.1.1.1. SYN Scan

  • 2.2.1.1.2. Connect Scan

  • 2.2.1.1.3. UDP Scan

  • 2.2.1.1.4. Idle Scan

  • 2.2.1.1.5. NULL

  • FIN

  • Xmas

  • 2.2.1.1.6. ACK Scan

  • 2.2.1.1.7. IP Scan

  • 2.2.1.1.8. Nmap NSE

  • 2.2.1.2. Hping

  • NETWORK SECURITY

  • 2.2.1.3. Other Tools

  • 2.3. Service and OS Detection

  • 2.3.1. Banner Grabbing

  • 2.3.2. Probing Services

  • 2.3.3. OS Fingerprinting

  • 2.3.3.1. Active OS Fingerprinting

  • 2.3.3.2. Passive OS Fingerprinting

  • 2.4. Firewall

  • IDS Evasion

  • 2.4.1. Fragmentation

  • 2.4.2. Decoys

  • 2.4.3. Timing

  • 2.4.4. Source Ports


  • Module 0x03 – Enumeration

  • 3.2. NetBIOS

  • 3.2.1. What is NetBIOS

  • 3.2.2. How NetBIOS works

  • 3.2.3. SMB

  • 3.2.4. NetBIOS Commands and Tools

  • 3.2.4.1. Nbtstat

  • 3.2.4.2. Nbtscan NETWORK SECURITY

  • 3.2.4.3. Net Command

  • 3.2.4.4. Smbclient and Mount

  • 3.2.4.5. Null Session

  • 3.2.4.5.1. Winfingerprint

  • 3.2.4.5.2. Winfo

  • 3.2.4.5.3. DumpSec

  • 3.2.4.5.4. Enum4Linux

  • 3.2.4.5.5. RPCClient

  • 3.3. SNMP

  • 3.3.2. How it works (Agents, MIB, OID)

  • 3.3.3. SNMP Attacks

  • 3.3.3.1. Enumeration

  • 3.3.3.2. Obtaining Community Strings

  • 3.3.3.3. SNMPWalk

  • 3.3.3.4. SMBPSet

  • 3.3.3.5. Nmap SNMP Scripts


  • Module 0x04 – Sniffing & MITM

  • 4.1. What sniffing means

  • 4.1.1. Why it is Possible

  • 4.2. Sniffing in action

  • 4.2.1. Passive Sniffing

  • 4.2.2. Active Sniffing

  • 4.2.2.1. MAC Flooding

  • 4.2.2.2. ARP Poisoning

  • 4.3. Basic of ARP

  • 4.3.1. Gratuitous ARP

  • 4.3.2. ARP Poisoning

  • NETWORK SECURITY

  • NETWORK SECURITY

  • 4.3.2.1. Host poisoning

  • 4.3.2.2. Gateway poisoning

  • 4.4. Sniffing Tools

  • 4.4.1. Dsniff

  • 4.4.2. Wireshark

  • 4.4.3. TCPDump

  • 4.4.4. WinDump

  • 4.5. Man-in-the-Middle (MITM) Attacks

  • 4.5.1. What they are

  • 4.5.2. ARP Poisoning for MITM

  • 4.5.3. Local to Remote MITM

  • 4.5.4. DHCP Spoofing

  • 4.5.5. MITM in Public Key Exchange

  • 4.5.6. LLMNR and NBT-NS Spoofing-Poisoning

  • 4.5.6.1. Responder-MultiRelay

  • 4.6. Attacking Tools

  • 4.6.1. Ettercap: Sniffing and MITM Attacks

  • 4.6.1.1. SSL Traffic Sniffing

  • 4.6.2. Cain&Abel: Sniffing and MITM Attacks

  • 4.6.3. Macof

  • 4.6.4. Arpspoof

  • 4.6.5. Bettercap 4.7. Intercepting SSL traffic

  • 4.7.1. SSLStrip

  • 4.7.2. HSTS Bypass


  • Module 0x05 - VULNERABILITY ASSESSMENT & EXPLOITATION

  • 5. Vulnerability Assessment & Exploitation

  • 5.1. Vulnerability Assessment

  • 5.1.1. Vulnerability Scanners

  • 5.1.2. Nessus

  • 5.2. Low-Hanging Fruits

  • 5.2.1. Weak Password

  • 5.2.1.1. Ncrack

  • 5.2.1.2. Medusa

  • 5.2.1.3. Patator

  • 5.2.1.4. EyeWitness

  • 5.2.1.5. Rsmangler

  • 5.2.1.6. CeWL

  • 5.2.1.7. Mentalist

  • 5.3. Exploitation

  • 5.3.1. Metasploit introduction

  • 5.3.2. Windows Authentication Weaknesses

  • 5.3.2.1. LM

  • NTLMv1

  • 5.3.2.2. NTLMv2

  • 5.3.2.3. SMB Relay on NTLMv1

  • 5.3.2.4. SMB Relay on NTLMv2

  • 5.3.2.5. Eternal Blue (MS17-010)

  • 5.3.3. Client-Side Exploitation

  • 5.3.4. Remote-Side Exploitation


  • Module 0x06 - POST EXPLOITATION

  • 6.1. Introduction

  • 6.1.1. Maintaining Access and Clean-up

  • 6.1.2. Permanent Edits

  • 6.2. Privilege Escalation and Maintaining Access

  • 6.2.1. Privilege Escalation

  • 6.2.1.1. Stable

  • 6.2.1.2. Windows Privilege Escalation

  • 6.2.1.2.1. Unquoted Service Paths

  • 6.2.1.3. Linux Privilege Escalation

  • 6.2.2. Maintaining Access

  • 6.2.2.1. Password and Hashes

  • 6.2.2.1.1. Pass the Hash

  • 6.2.2.1.2. Cracking Hashes

  • 6.2.2.1.3. Mimi Katz

  • 6.2.2.1.4. Windows Credentials Editor

  • 6.2.2.2. Enable RDP Service

  • 6.2.2.3. Backdoor

  • 6.2.2.3.1. Persistence

  • 6.2.2.3.2. Manual Installation

  • 6.2.2.4. New Users

  • 6.2.2.5. DLL Hijacking

  • Preloading

  • 6.3. Pillaging

  • NETWORK SECURITY

  • 6.3.1. Exfiltration over DNS with Iodine (DNS Tunneling)

  • 6.4. Mapping the Internal Network

  • 6.5. Exploitation through Pivoting


  • Module 0x07 – ANONYMITY

  • 7. Anonymity

  • 7.1. Browsing Anonymously

  • 7.1.1. HTTP Proxies

  • 7.1.1.1. Anonymous proxies

  • 7.1.1.2. Transparent proxies

  • 7.1.2. Tor Network

  • 7.2. Tunneling for Anonymity

  • 7.2.1. SSH Tunneling


  • Module 0x08 – SOCIAL ENGINEERING

  • 8.1. What is Social Engineering

  • 8.2. Types of Social Engineering

  • 8.2.1. Pretexting

  • 8.2.2. Phishing

  • 8.2.3. Baiting

  • 8.2.4. Physical

  • 8.3. Samples of Social Engineering Attacks

  • 8.3.1. Canadian Lottery

  • 8.3.2. FBI Email

  • 8.3.3. Online Banking

  • 8.4. Pretexting samples

  • 8.5. Tools

  • 8.5.1. Social Engineering Toolkit

Mobile Penetration Testing Course (IOS, Android) 40 hrs

  • Module 0x01 - Diving into Android

  • Setting up a Mobile Pentest Environment

  • Android Security Architecture

  • Permission Model Flaws

  • Getting familiar with ADB

  • Activity and Package Manager Essentials

  • API level vulnerabilities

  • Rooting for Pen testers Lab

  • Android ART and DVM Insecurities


  • Module 0x02 - Android App for Security Professionals

  • Security Analysis of AndroidManifest.xml

  • Reverse Engineering for Android Apps

  • Smali for Android 101

  • Smali Labs for Android

  • Cracking and Patching Android apps

  • Understanding Dalvik

  • Dex Analysis and Obfuscation

  • Android Application Hooking

  • Using JDB and Andbug

  • Dynamic Dalvik Instrumentation for App Analysis

  • Introspy for Android

  • Creating custom Hooks


  • Module 0x03 - Application Specific Vulnerabilities

  • Static Analysis of Android Apps

  • Attack Surfaces for Android applications

  • Exploiting Side Channel Data Leakage

  • Exploiting and identifying vulnerable IPCs

  • Exploiting Backup and Debuggable apps

  • Exploiting Exported Components

  • Webview based vulnerabilities

  • Dynamic Analysis for Android Apps

  • Logging Based Vulnerabilities

  • Insecure Data Storage

  • Network Traffic Interception

  • Analysing Network based weaknesses

  • Exploiting Secure applications

  • Analysing Proguard, DexGuard and other Obfuscation Techniques

  • OWASP Mobile Top 10

  • Using Drozer for Exploitation

  • Writing custom Modules for Drozer

  • Exploiting Android apps using Frida

  • Analysing Android apps using Androguard

  • Analysing Native Libraries

  • Security Issues in Hybrid Apps


  • Module 0x04 - ARM for Android Exploitation

  • Getting familiar with Android ARM

  • ARM Architecture and Calling conventions

  • Debugging with GDB

  • Using IDA for Android

  • Exploiting Overflow based vulnerabilities

  • ROP Labs for Android

  • Use After Free vulns

  • Writing your own reliable exploit

  • Race Condition vulns

  • Hardware Exploitation Techniques

  • Exploit Mitigation and Protections


  • Module 0x05 - Getting Started with iOS Pentesting

  • iOS security model

  • App Signing, Sandboxing and Provisioning

  • Setting up XCode

  • Changes in iOS 10

  • Exploring the iOS filesystem

  • Intro to Objective-C and Swift


  • Module 0x06 - Getting Started with iOS Pentesting

  • Jailbreaking your device

  • Cydia, Mobile Substrate

  • Getting started with Damn Vulnerable iOS app

  • Binary analysis

  • Finding shared libraries

  • Checking for PIE, ARC

  • Decrypting ipa files

  • Self signing IPA files


  • Module 0x07 - Static and Dynamic Analysis of iOS Apps

  • Static Analysis of iOS applications

  • Dumping class information

  • Insecure local data storage

  • Dumping Keychain

  • Finding url schemes

  • Dynamic Analysis of iOS applications

  • Cycript basics

  • Advanced Runtime Manipulation using Cycript

  • Writing patches using Theos

  • Frida for iOS

  • Method Swizzling

  • GDB basic usage

  • GDB kung fu with iOS


  • Module 0x08 - Exploiting iOS Applications

  • Broken Cryptography

  • Side channel data leakage

  • Sensitive information disclosure

  • Exploiting URL schemes

  • Client side injection

  • Bypassing jailbreak, piracy checks

  • Inspecting Network traffic

  • Traffic interception over HTTP, HTTPs

  • Manipulating network traffic

  • Bypassing SSL pinning


  • Module 0x09 - Reversing iOS Apps

  • Introduction to Hopper

  • Disassembling methods

  • Modifying assembly instructions

  • Patching App Binary

  • Logify, Introspy, iNalyzer, Snoopit

Comments

EGP

Diploma Instructors