A Powerful Exploitation Framework
This course will cover all of the fundamental aspects of the Metasploit framework, tying a subset of the phases of the penetration testing execution standard (PTES) methodology to the course structure.
These will be specifically information gathering, vulnerability assessment, exploitation and post-exploitation.
msf> search type:post
The course goes beyond the basics also covering:
- Social Engineering
- Privilege escalation
- Antivirus Evasion
- Persistent Backdoors
- Executable trojanization
- Remote Desktop
- Web penetration testing
- Reverse shell connections via port forwarding
- The Beef-XSS Framework
- Log Post-Exploitation Cleanup
To follow this course you will need to be confident using generic software programs, know the basics of the Linux command line and a little of system administration.
FAQ
Can I get a refund if I'm not satisfied?
Teachable has a 14-day satisfaction guarantee from the purchase date of any course, it is also possible to pay for the course in three convenient installments.
I have a question about the courses or a technical issue, how can I contact you?
Send me an email at a.gattabuia [at] primeradsec.com.
Curriculum
- 1.1 Course Introduction (3:42)
- 1.2 Introduction To Metasploit And The PTES (3:12)
- 1.3 Setting Up, Updating The Metasploit Framework And Other Metasploit Variants (12:36)
- 1.4 The Metasploit Filesystem And Modules (5:26)
- 1.5 Installing The Metasploitable3 Virtual Machine (10:41)
- 1.6 The Metasploit Unleashed Reference (1:43)
- 6.1 Introduction To Social Engineering (1:01)
- 6.2 Generating Payloads To Connect To Remote Machines Over The Internet (8:45)
- 6.3 Trojanizing An Executable With Msfvenom (5:12)
- 6.4 Trojanizer (8:17)
- 6.5 Social Engineering With Beef-XSS And Metasploit (4:48)
- 6.6 Antivirus Evasion Techniques (5:41)
- 6.7 Higher Antivirus Evasion Success Rates With The Veil Framework (4:37)
- 7.1 Monitoring The User's Screen, Keyboard And Killing The Antivirus (4:44)
- 7.2 Enabling Remote Desktop (2:40)
- 7.3 Privilege Escalation: Basic Enumeration (5:12)
- 7.4 Privilege Escalation: Getting The User's Password And Going Deeper (9:46)
- 7.5 Cracking Found Password Hashes (1:55)
- 7.6 Using Meterpreter To Create A Persistent Backdoor (2:43)
- 7.7 Cleaning Up After Yourself (8:11)
The course is laid out in 7 main sections:
Section 1
Setup of our environment and will introduce you to the Penetration Testing Execution Standard (PTES), which is a state of art methodology to carry out a penetration test. Other Metasploit variants like the Metasploit framework on Windows, the Metasploit community edition and Armitage will be covered.
Section 2
Fundamental commands of Metasploit and how it works, how to automate repetitive tasks, how to run exploits and Metasploit modules.
Section 3
Information gathering on the target machine with nmap and the other tools available in Metasploit to check which services are installed and effectively map the the attack surface.
Section 4
Vulnerability assessment. We'll check which of the services fingerprinted are likely to be vulnerable. We'll learn how to install the Nessus vulnerability scanner and integrate it with Metasploit to populate its workspace.
Section 5
Finally exploit seven services using Metasploit exclusively, web penetration testing will also be covered.
Section 6
Exploiting services via Social Engineering. We'll mainly create vectors for Social Engineering engagements, which are unsuspecting payloads for the victim to execute on their machine to obtain remote command execution. We'll create trojanized files, we'll greatly lower the antivirus detection rate and we'll use the Beef-XSS Framework together with Metasploit to deliver more complex attacks.
Section 7
Monitoring the user on his machine, logging his keyboard activity, performing privilege escalation, generating persistent backdoors and log management.
Section 8
Course outro and credits.