• +91 - 9582 90 7788

CyberSense 101 – cybersecurity basics with Metasploit

Emerging technologies such as IoT, mobility, cloud computing and block chain has transmuted virtually all business processes that has led to introduction of new attack vectors. Cyber security has become biggest concern for organizations today. This course will has been designed for professionals seeking understanding of cybersecurity domain.

Recent digital initiatives such as smartcities, digital locker, demonetization is likely to be key contributor in nation growth. However it also pose big challenge, that of cyber security since there will be increase in digital transactions and that make India a bigger target for cyber criminals. One of the major reason behind this is cyber awareness.

This course will help professionals to understand cybersecurity and Metasploit framework essentials and they can apply this knowledge to conduct the vulnerability assessment, penetration testing and basic system exploitation.

Course Objectives: After completion of this course candidate will have idea about system exploitation using Metasploit framework. This class will cover cybersecurity essentials, footprointing, and Metasploit framework, basic exploitation using Metasploit, POST exploitation, meterpreter, client side attacks,and spear-phishing & password attacks.

Target Audience : Network security consultant, Network architects, network managers, systems engineers staff who are responsible for planning, Implementing and deploying networks which may require cloud computing technology in future

Prerequisites: CCNA or equivalent certification is desired to attend this course.

Course syllabus

  • Cyber security overview
  • Overview of Current Security Trends
  • Top information security attack vectors
    1. Motives , Goals and Objectives of Information Security Attacks
    2. Types of Attacks
    3. Essential terminologies
  • Hacking Concepts , Types and Phases
  • Information Security Controls
    1. Threat Modeling
    2. Network Security Zoning and Defense in Depth
  • Overview on Vulnerability Assessment and Penetration testing
    1. Types on Vulnerability Assessment
    2. Vulnerability Assessment methodology
    3. Why penetration testing
    4. Red team vs Blue team
    5. Types of Pentesting
    6. Pentesting methodology
  • Footprinting concepts
  • Footprinting Methodology
    1. Search engines
    2. Social networking sites
    3. Job sites
    4. Google dorks
    5. Email Footprinting
    6. DNS Footprinting
    7. Network footprinting
  • Footprinting Tools
    1. Netcraft
    2. Whois Lookups
    3. DNS Digger and DIG
    4. FOCA
    5. Maltego& Recon-ng
    6. Harvester
    7. Shodan
  • Overview of network scanning
    1. TCP communication Flags
    2. TCP session Establishment and Termination
    3. ICMP scanning/Ping sweep
  • Scanning with nmap
    1. Namp with scripts
    2. Working with DB to store scan results
    3. Scanning with auxiliary modules
    4. Vulnerability scanning with nexpose
  • Understanding Metasploit framework & architecture
  • Essential Metasploit modules& components
    1. Exploit, payload, shell code
    2. Module, listener, handler
  • Understanding Metasploit user interface and utilities
    1. Netcat
    2. MSFconsole, MSFcli
    3. MSFpayload, Nasm shell
  • Understanding Metasploit elements
    1. Exploits & payloads
    2. Auxiliary modules
    3. Post modules
    4. Using the Multi/Handler Module
  • Types of shell
    1. Bind shell, reverse shell
    2. Others
  • Exploiting your first machine with Metasploit
  • Understanding meterpreter framework
    1. Basic meterpreter commands, dll injection
    2. Staged and single payloads
    3. Capturing keystrokes, pass the hash
    4. Dumping username and password, process migration
    5. Killing antivirus , disable firewall , identify installed applications
  • Meterpreter core and extension
  • Meterpreter stdapi
    1. networking commands
    2. system capabilities
    3. process and user interface commands
  • Merciless Pivoting: Routing Through Exploited Systems
    1. Pivoting using port forward
    2. Using plink
  • Metasploit Sniffing on Exploited Systems
    1. Passing the hash
    2. Setting up persistence connection using meterpreter
    3. Understanding meterpreter scripts
  • Introduction to meterpreter POST modules
    1. Executing shell and channels
    2. Keystroke logging
    3. Getting information about target system
    4. Process migration
  • meterpreter privilege extension
  • Privilege escalation using meterpreter
    1. Kernel exploit, Pivoting
    2. Meterpreter Token impersonation
    3. Interacting with registry
    4. Getting control of devices such as web cam, mic
  • Maintaining access
    1. Keylogging
    2. Meterpreter backdoor
    3. Persistence backdoor
  • Understanding Client-Side Exploitation
    1. Automating Client-Side Attacks with Browser_autopwn
    2. File Format Exploits - Adobe, Microsoft, and JavaETC..
  • Social engineering tool kit (SET)
    1. Understanding SET
    2. Man in the middle
    3. spear phishing attacks
    4. web jacking & tab nabbing
  • Using Metasploit to Model Malware Attacks via Msfpayload
    1. Creating Standalone Payloads with Msfvenom
    2. Choosing a Payload
    3. Encoders, cryptors and packers
    4. Using the Multi/Handler Module
  • Creating your own exploits
  • Porting exploits to Metasploit framework
  • Using Metasploit as a Recon Tool
  • Password management
  • Online password attacks
    1. Wordlists
    2. Guessing Usernames and Passwords with Hydra
  • Offline Password Attacks
    1. Recovering Password Hashes from a Windows SAM File
    2. Dumping Password Hashes with Physical Access
    3. LM vs. NTLM Hashing Algorithms
    4. John the Ripper
    5. Cracking Linux Passwords
    6. Rainbow Tables
  • Online Password-Cracking Services
  • Dumping Plaintext Passwords from Memory with Windows Credential Editor

Register now for demo sessions on our customized cyber security training programs Register for Demo

  • Evaluate how you can benefit from Cyber Security courses
  • Highly customized and industry most cost-effective cyber security training modules with comprehensive coverage
  • Newly introduced threat hunting program with security analytics.
  • 24*7 anytime any-ware access to Cyberpeople online cloud lab along with various lab scenarios