PEN-200: Penetration

Testing with Kali

Linux PWK/OSCP
Duration
Target Audience 5 Weeks
Course Overview
Penetration Testing with Kali Linux Infosec professionals transitioning

(PWK) is an online pentesting

into penetration testing Certifications
OSCP
course designed for security Pentesters seeking one of the best
professionals and network pentesting certifications

administrators who want to take Those interested in pursuing a Contact Us

a serious and meaningful step penetration tester career path
800.674.3550
into the world of professional Security professionals
2151 W. Hillsboro Blvd.
penetration testing. This best-in-
Network administrators Suite 210
class training course introduces Deerfield Beach, FL 33442
students to the latest ethical Other technology professionals

hacking tools and techniques,

including remote, virtual Course Objectives
Connect with us
penetration testing labs for
• Using information gathering
practicing the course materials. techniques to identify and
PWK simulates a full penetration enumerate targets running various
test from start to finish by operating systems
immersing the student into a • Writing basic scripts and tools
target-rich and vulnerable network to aid in the penetration testing
environment. Students who pass process
the exam earn the industry-leading • Analyzing, correcting, modifying,
OSCP certification. cross-compiling, and porting public
exploit code
Exam Reference: OffSec Certified
Professional (OSCP) • Conducting remote, local privilege Sign Up Today!
escalation, and client-side attacks
Delivery Format: 5:1:6
• Identifying and exploiting XSS,
• 5 weeks guided self-study
pre-work SQL injection, and file inclusion
vulnerabilities in web applications
• 1 week Online Live immersive
boot camp • Leveraging tunneling techniques to
• 6 bi-weekly Online Live pivot between networks
post-immersive mentoring 3.5
• Creative problem solving and
hour sessions
lateral thinking skills

AppliedTechnologyAcademy.com
 PEN-200: Penetration
Testing with Kali
Linux PWK/OSCP

Course Outline
Penetration Testing: What You Should Practical Tools Vulnerability Scanning
Know • Netcat • Vulnerability Scanning
• This module introduces you to the • Socat Overview and Considerations
course and sets expectations. • PowerShell and Powercat • Vulnerability Scanning with
• About The PWK Course • Wireshark Nessus
• Overall Strategies for Approaching the • Tcpdump • Vulnerability Scanning with
Course Bash Scripting – NEW in 2020 Nmap
• Obtaining Support Web Application Attacks
• Intro to Bash Scripting
• About Penetration Testing
• Variables • Burp Suite, PHP Wrappers
• Legal
• If, Else, Elif Statements • Web Application Assessment
• The MegaCorpone.com and Sandbox.
• Boolean Logical Operations Methodology
local Domains
• Loops • Web Application Enumeration
• About the PWK VPN Labs
• Functions • Web Application Assessment
• Reporting
• Practical Examples Tools
• About the OSCP Exam • Exploiting Admin Consoles
Passive Information Gathering
Getting Comfortable with Kali Linux • Cross-Site Scripting (XSS)
• Using OSINT to gather information,
• Kali Linux is the penetration testing • Directory Traversal
• including the use of shodan and
platform used throughout PWK. In this Vulnerabilities
pastebin.
module, we cover how to use Kali and • File Inclusion Vulnerabilities
• Taking Notes
understand the OS. • SQL Injection
• Website Recon
• Booting Up Kali Linux Buffer Overflow Intro
• Whois Enumeration
• The Kali Menu
• Google Hacking • Introduction to the x86
• Kali Documentation
• Netcraft Architecture
• Finding Your Way Around Kali
• Recon-ng • Buffer Overflow Walkthrough
• Managing Kali Linux Services
• Open-Source Code
• Searching, Installing, and Removing Windows Buffer Overflows
• Shodan
Tools • Discovering the Vulnerability
• Security Headers Scanner
• Win32 Buffer Overflow
Command Line Fun • SSL Server Test
Exploitation
• Learning how to interact with the • Pastebin
• terminal. • User Information Gathering Linux Buffer Overflow
• The Bash Environment • Social Media Tools • About DEP, ASLR, and Canaries
• Piping and Redirection • Stack Overflow • Replicating the Crash
• Text Searching and Manipulation • Information Gathering Frameworks • Controlling EIP
• Editing Files from the Command Line • Locating Space for Your
Active Information Gathering
• Comparing Files Shellcode
• DNS Enumeration
• Managing Processes • Checking for Bad Characters
• Port Scanning
• File and Command Monitoring • Finding a Return Address
• SMB Enumeration
• Downloading Files • Getting a Shell
• NFS Enumeration
• Customizing the Bash Environment • SMTP Enumeration
• SNMP Enumeration

AppliedTechnologyAcademy.com
 PEN-200: Penetration
Testing with Kali
Linux PWK/OSCP

Course Outline
Client Side Attacks Port Redirection and Tunneling Assembling the Pieces:
• HTA Attacks, Microsoft Word Macros, • HTTP tunneling Penetration Test Breakdown
Object Linking and Embedding (DDE) • Port Forwarding • Sandbox.local hands-on
• Know Your Target • SSH Tunneling walkthrough
• Leveraging HTML Applications • PLINK.exe • Public Network Enumeration
• Exploiting Microsoft Office • NETSH • Targeting the Web Application
• HTTPTunnel-ing Through Deep • Targeting the Database
Using Public Exploits
Packet Inspection • Deeper Enumeration of the
• A Word of Caution
• Wrapping Up Web Application Server
• Searching for Exploits
• Targeting the Database Again
• Putting It All Together Metasploit
• Targeting Poultry
Fixing Exploits • Advanced options with multi/
• Internal Network Enumeration
handler, transport modules,
• Fixing Memory Corruption Exploits • Targeting the Jenkins Server
Meterpreter
• Fixing Web Exploits • Targeting the Domain
• Section: Metasploit User Interfaces
File Transfers Controller
and Setup
• Considerations and Preparations • Exploit Modules
• Transferring Files with Windows Hosts • Metasploit Payloads Prerequisites
• Building Our Own MSF Module All students are required to have:
Bypassing Antivirus Software
• Post-Exploitation with Metasploit • Solid understanding of TCP/IP
• What is Antivirus Software
• Metasploit Automation networking
• Methods of Detecting Malicious Code
• Reasonable Windows and Linux
• Bypassing Antivirus Detection • Wrapping Up
administration experience
• Wrapping Up Active Directory attacks (Domains) • Familiarity with basic Bash and/
Privilege Escalation • Active Directory Theory or Python scripting
• Information Gathering • Active Directory Enumeration
• Windows Privilege Escalation Examples • Active Directory Authentication
• Linux Privilege Escalation Examples • Active Directory Lateral Movement
• Enumerating Firewall and Status Rules, • Active Directory Persistence
Bypassing UAC • Includes Kerberos attacks, password
• Wrapping Up spraying AD
• Wrapping Up
Password Attacks
• Mimikatz
PowerShell Empire
• Wordlists • Introduction to Powershell Empire
• Brute Force Wordlists and the use of Power-Up
• Common Network Service Attack • Installation, Setup, and Usage
Methods • PowerShell Modules
• Leveraging Password Hashes • Switching Between Empire and
Metasploit
• Wrapping Up
• Wrapping Up

AppliedTechnologyAcademy.com