Visão Geral

Curso TPKL - Teste de Penetração com Kali Linux é um curso de teste projetado para administradores de rede e profissionais de segurança que desejam dar um passo sério e significativo no mundo dos testes de penetração profissional.

Este curso exclusivo para testes de penetração apresenta aos alunos as mais recentes ferramentas e técnicas de hacking ético, incluindo laboratórios remotos e virtuais de testes de penetração para praticar em sala de aula. 

O teste de penetração com o Kali Linux simula um teste completo de penetração do início ao fim, injetando o aluno em um ambiente de rede rico em objetivos, diversificado e vulnerável.

Pre-Requisitos

O Curso TPKL Teste de Penetração com Kali Linux é um curso básico, mas ainda exige que os alunos tenham algum conhecimento  É necessário um sólido conhecimento de TCP / IP, rede e habilidades razoáveis ​​em Linux.

A familiaridade com o script Bash, juntamente com o Perl ou Python básico, é considerada uma vantagem.

Materiais

Conteúdo Programatico

• Teste de penetração com o Kali Linux: informações gerais do curso
  
• Ficando confortável com o Kali Linux
• Linha de comando divertida
• Ferramentas práticas
• Script Bash
• Coleta Passiva de Informações
• Coleta de informações ativas
• Verificação de vulnerabilidades
• Ataques de aplicativos da Web
• Introdução aos estouros de buffer
• Estouros de buffer do Windows
• Estouros de buffer do Linux
• Ataques do lado do cliente
• Localizando explorações públicas
• Corrigindo explorações
• Transferências de arquivo
• Evasão de antivírus
• Escalonamento de privilégios
• Ataques de senha
• Redirecionamento e tunelamento de portas
• Ataques do Active Directory
• A Estrutura Metasploit
• Império PowerShell
• Montagem das peças: quebra do teste de penetração
• Tentando mais: os laboratórios

Penetration Testing with Kali Linux: General Course Information

1. About The PWK Course
2. Overall Strategies for Approaching the Course
3. Obtaining Support
4. About Penetration Testing
5. Legal
6. The MegaCorpone.com and Sandbox.local Domains
7. About the PWK VPN Labs
8. Reporting
9. About the OSCP Exam
10. Wrapping Up

Getting Comfortable with Kali Linux

1. Booting Up Kali Linux
2. The Kali Menu
3. Kali Documentation
4. Finding Your Way Around Kali
5. Managing Kali Linux Services
6. Searching, Installing, and Removing Tools
7. Wrapping Up

Command Line Fun

1. The Bash Environment
2. Piping and Redirection
3. Text Searching and Manipulation
4. Editing Files from the Command Line
5. Comparing Files
6. Managing Processes
7. File and Command Monitoring
8. Downloading Files
9. Customizing the Bash Environment
10. Wrapping Up

Practical Tools

1. Netcat
2. Socat
3. PowerShell and Powercat
4. Wireshark
5. Tcpdump
6. Wrapping Up

Bash Scripting

1. Intro to Bash Scripting
2. If, Else, Elif Statements
3. Boolean Logical Operations
4. Loops
5. Functions
6. Practical Examples
7. Wrapping Up

Passive Information Gathering

1. Taking Notes
2. Website Recon
3. Whois Enumeration
4. Google Hacking
5. Netcraft
6. Recon-ng
7. Open-Source Code
8. Shodan
9. Security Headers Scanner
10. SSL Server Test
11. Pastebin
12. User Information Gathering
13. Social Media Tools
14. Stack Overflow
15. Information Gathering Frameworks
16. Wrapping Up

Active Information Gathering

1. DNS Enumeration
2. Port Scanning
3. SMB Enumeration
4. NFS Enumeration
5. SMTP Enumeration
6. SNMP Enumeration
7. Wrapping Up

Vulnerability Scanning

1. Vulnerability Scanning Overview and Considerations
2. Vulnerability Scanning with Nessus
3. Vulnerability Scanning with Nmap
4. Wrapping Up

Web Application Attacks

1. Web Application Assessment Methodology
2. Web Application Enumeration
3. Web Application Assessment Tools
4. Exploiting Web-based Vulnerabilities
5. Extra Miles
6. Wrapping Up

Introduction to Buffer Overflows

1. Introduction to the x Architecture
2. Buffer Overflow Walkthrough
3. Wrapping Up

Windows Buffer Overflows

1. Discovering the Vulnerability
2. Win Buffer Overflow Exploitation
3. Wrapping Up

Linux Buffer Overflows

1. About DEP, ASLR, and Canaries
2. Replicating the Crash
3. Controlling EIP
4. Locating Space for Our Shellcode
5. Checking for Bad Characters
6. Finding a Return Address
7. Getting a Shell
8. Wrapping Up

Client-Side Attacks

1. Know Your Target
2. Leveraging HTML Applications
3. Exploiting Microsoft Office
4. Wrapping Up

Ocating Public Exploits

1. A Word of Caution
2. Searching for Exploits
3. Putting It All Together
4. Wrapping Up

Fixing Exploits

1. Fixing Memory Corruption Exploits
2. Fixing Web Exploits
3. Wrapping Up

File Transfers

1. Considerations and Preparations
2. Transferring Files with Windows Hosts
3. Wrapping Up

Antivirus Evasion

1. What is Antivirus Software
2. Methods of Detecting Malicious Code
3. Bypassing Antivirus Detection
4. Wrapping Up

Privilege Escalation

1. Information Gathering
2. Windows Privilege Escalation Examples
3. Linux Privilege Escalation Examples
4. Wrapping Up

Password Attacks

1. Wordlists
2. Brute Force Wordlists
3. Common Network Service Attack Methods
4. Leveraging Password Hashes
5. Wrapping Up

Port Redirection and tunnelling

1. Port Forwarding
2. SSH tunnelling
3. PLINK.exe
4. NETSH
5. HTTP Tunnelling Through Deep Packet Inspection
6. Wrapping Up

Active Directory Attacks

1. Active Directory Theory
2. Active Directory Enumeration
3. Active Directory Authentication
4. Low and Slow Password Guessing
5. Active Directory Lateral Movement
6. Active Directory Persistence
7. Wrapping Up

The Metasploit Framework

1. Metasploit User Interfaces and Setup
2. Exploit Modules
3. Metasploit Payloads
4. Building Our Own MSF Module
5. Post-Exploitation with Metasploit
6. Metasploit Automation
7. Wrapping Up

PowerShell Empire

1. Installation, Setup, and Usage
2. PowerShell Modules
3. Switching Between Empire and Metasploit
4. Wrapping Up

Assembling the Pieces: Penetration Test Breakdown

1. Public Network Enumeration
2. Targeting the Web Application
3. Targeting the Database
4. Deeper Enumeration of the Web Application Server
5. Targeting the Database Again
6. Targeting Poultry
7. Internal Network Enumeration
8. Targeting the Jenkins Server
9. Targeting the Domain Controller
10. Wrapping Up

Trying Harder: The Labs

1. Real Life Simulations
2. Machine Dependencies
3. Cloned Lab Machines
4. Unlocking Networks
5. Routing
6. Machine Ordering & Attack Vectors
7. Firewall / Routers / NAT
8. Passwords