A non-exhaustive set of topics covered include:

  • Pentesting Routers
  • Attacking SSH with Metasploit, Nmap, Medusa, Hydra, Ncrack
  • SNMP attacks
  • Bypassing Firewalls
  • Payloads and Shells
  • HTTP/HTTPS tunneling
  • Port Forwaring, Pivoting, Reverse Connects
  • Privilege Escalation and UAC bypass
  • Hash Dumping and Mimikatz
  • Windows Sessions, Stations and Desktops
  • Impersonation attacks
  • WMIC post exploitation
  • Hidden bind shells
  • Bitsadmin
  • Browser Password Recovery
  • PAC Attacks
  • DNS Poisoning
  • Veil Framework and AV Evasion
  • Metasploit Loader 32/64-bit
  • DLL Hijacking basics
  • DLL Hijacking and Meterpreter
  • Privilege Escalation via DLL Hijacking
  • DLL Injection using Appinit_DLLs
  • Stripping Manifest Files for DLL Hijacking
  • Attacking with DLL Forwarding
  • Anti-Forensics techniques
  • Memory Dumping and Analysis
  • … ton of other interesting topics

Pentester Academy – Network Pentesting

ادامه مطلب

A beginner friendly introduction to Web Application Security with starts from the very basics of the HTTP protocol and then takes on more advanced topics.

Pentester Academy – Web Application Pentesting

ادامه مطلب

This course will cover the basics of using GDB on Linux – x86, x86_64 and ARM based platforms.

Syllabus

Course Introduction and Debugging Basics   

What’s Up With The Symbol Files?

Analyzing Symbols With Nm

System Call Tracing With Strace

Breakpoints, Examining Registers And Memory

Modifying Registers And Memory

GDB Convenience Variables And Calling Routines

Cracking A Simple Binary With Debug Symbols

Disassembling And Cracking A Simple Binary

Conditional Breakpoints Using Variables And Registers

Setting Up Debian Armel In Qemu

Cracking A Simple Program On Arm Architectures

Iphone Application Reversing And Cracking With Gdb

Gdb On 64 Bit Systems

ادامه مطلب

This course focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to Infosec. Once we are through with the basics, we will look at writing shellcode, encoders, decoders, crypters and other advanced low level applications.

ادامه مطلب

This course focuses on the iOS platform and application security and is ideal for pentesters, researchers and the casual iOS enthusiast who would like to dive deep and understand how to analyze and systematically audit applications on this platform using a variety of bleeding edge tools and techniques.
A non-exhaustive list of topics to be taught includes:

  • Module 1: Introduction to iOS Security
  • Module 2: Creating an Application Pentest Platform
  • Module 3: Advanced Application Runtime Analysis
  • Module 4: Exploiting iOS Applications
  • Module 5: iOS Forensics and Data Recovery
  • Module 6: iOS Malware and Backdoors
  • Module 7: Further Study and Roadmap

Pentesting iOS Applications

ادامه مطلب