ＨｉｄｅＺｅｒｏＯｎｅ

We will be hosting interesting web application security challenges in this section for our students to try out. Challenges will be categorized into Beginner, Intermediate and Advanced Levels. We will either allow you to download Virtual Machines or point you to hosted sites which we have put up.

In case you are new to web application security, please note that we have already started posting the videos of our Web Application Security Course. However, this section is independent of that course.

A non-exhaustive set of topics covered include:

• Pentesting Routers
• Attacking SSH with Metasploit, Nmap, Medusa, Hydra, Ncrack
• SNMP attacks
• Bypassing Firewalls
• Payloads and Shells
• HTTP/HTTPS tunneling
• Port Forwaring, Pivoting, Reverse Connects
• Privilege Escalation and UAC bypass
• Hash Dumping and Mimikatz
• Windows Sessions, Stations and Desktops
• Impersonation attacks
• WMIC post exploitation
• Hidden bind shells
• Bitsadmin
• Browser Password Recovery
• PAC Attacks
• DNS Poisoning
• Veil Framework and AV Evasion
• Metasploit Loader 32/64-bit
• DLL Hijacking basics
• DLL Hijacking and Meterpreter
• Privilege Escalation via DLL Hijacking
• DLL Injection using Appinit_DLLs
• Stripping Manifest Files for DLL Hijacking
• Attacking with DLL Forwarding
• Anti-Forensics techniques
• Memory Dumping and Analysis
• … ton of other interesting topics

Pentester Academy – Network Pentesting

This course will cover the basics of using GDB on Linux – x86, x86_64 and ARM based platforms.