Training Hands-on Penetration Testing

Training Hands-on Penetration Testing

From BruCON 2014

Jump to: navigation, search

Hands-on Penetration Testing by Georgia Weidman

Course Description

This course will give you hands-­on experience examining multiple facets of penetration testing following the Penetration Testing Execution Standard(PTES). We will explore the basics of using Kali Linux as well as programming and scripting in Bash, Python, and C.  We  will  study  the Metasploit Framework  before  using  it  and  supporting  tools  to simulate a penetration test against target virtual machines. We will discuss real world, non-­‐technical necessities such as negotiating penetration testing with clients and how best to express your findings in your report.

Starting with information gathering, we will move through the phases of penetration testing covered in PTES including threat modeling vulnerability identification, exploitation, post exploitation, and reporting. The class will begin with basic, easily exploitable vulnerabilities such as missing patches and weak passwords, but will also cover the latest client side issues being exploited in the wild. This course will heavily focus on post exploitation techniques such as information gathering, privilege escalation, lateral movement, and pivoting. We will study advanced techniques such as bypassing anti-­‐virus and IDS systems. Though we will learn many tools used by pentesters in the field, the basics of developing exploits manually will also be covered. We will in turn port our custom exploits into Metasploit modules, laying the groundwork for you to become a contributor to an open source pentesting tool. Finally, we will take a look at the rapidly developing field of mobile hacking using the instructor’s own Smartphone Pentest Framework.

The course will finish with a live capture the flag environment where you can test what you have learned against a variety of vulnerable targets ranging from easy wins, to complex targets that require multiple levels of exploitation and post exploitation. You will additionally be provided with online VPN lab access to further hone your skills after class is finished. This class is ideal for aspiring and beginning penetration testers and assumes no prior knowledge. Those with some experience though, who find themselves frustrated as their clients update environments and remove the low hanging fruit will hone their real world experience as we examine the post exploitation portion of the class to include techniques such as information gathering, privilege escalation, lateral movement, and pivoting. Anticipating a variety of skill levels being possible, more advanced exercises and early access to the capture the flag environment can be made available during parts of the class that are review to some, while necessary first steps for others. This course will cover the use of a variety of tools that are open source and/or have free editions including, but not limited to, Metasploit, SET, Maltego, Immunity Debugger, etc.

Course Contents

1 Introduction  to  the  PTES
2 Using  Kali  Linux
3 Programming  and  Scripting
4 Using  the  Metasploit  Framework
5 Information  Gathering
6 Vulnerability  Identification  
7 Capturing  Traffic  and  Analysis
8 Exploitation
9 Cracking  and  Guessing  Passwords
10 Client-­‐Side  Attacks
11 Social  Engineering
12 Bypassing  Detection
13 Post-­‐Exploitation
14 Web  Foothold
15 Attacking  Wireless  Networks
16 Exploit  Development
17 Developing  Metasploit  Modules  
18 Mobile  Attacks
19 Capture-­‐the-­‐Flag
20 Further  Resources/Where  To  Go  from  Here


Linux will be used extensively in this class. We will cover the basics briefly in the first module, but some prior knowledge is helpful. Likewise no prior programming knowledge is required though it will be helpful in the exploit development module. Some programming and scripting will be covered at the beginning of class.

Hardware and Software

  • Laptop (capable of running at least 2 virtual machines simultaneously)
  • VMware product (Player, Workstation, or Fusion)
  • Kali Linux Virtual Machine (

Trainer Biography

Georgia  Weidman  is  a penetration tester, security researcher, and trainer.  She was hand selected by DARPA to develop an open source tool for smartphone penetration testing; introducing the world to a solution for assessing the security posture of smartphone devices in an enterprise. Her perspicacious method of training and consulting has not only earned her the opportunity to teach at coveted conferences around the world such as Shmoocon, Blackhat, Hack in the Box, and Derbycon but also the responsibility of protecting our most vulnerable data. Georgia has delivered highly technical security training for conferences, schools, and corporate clients to excellent reviews. Her work in the field of smartphone exploitation has been featured in print and on television internationally.

She is the author of “Penetration Testing: A Hands-­‐on Introduction to Hacking” from No Starch Press and a contributor to open source projects such as Georgia holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her company, Bulb Security is the recognized leader in Network & Mobile Security. They specialize in Vulnerability and Penetration Testing along with the sophisticated staff training and auditing necessary for a comprehensive Cyber Security program.  Bulb Security is 100% committed to protecting vulnerable infrastructure through customized Security Solutions and Information Security Assessments tailored to a company’s needs.  These companies range from large, highly specialized federal government institutions along with state and local municipalities to private businesses looking to protect proprietary data through automated security workflows in this age of wireless and mobile. This course is the first step down the same path.

Mon. 22 - Wed. 24 September 2014 (09:00 - 17:00)


Back to Training Overview