The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription

18 CPE credits


Build your own PenTest lab - we mean it! With this course, you decide on your configuration! Want to scan BeeBox with Kali using VMPlayer? Great, here's a step-by-step. Feel more like scanning Metasploitable with Ubuntu running on VirtualBox? That's here too. Mix and match, or get all of them, your choice.

  • The course is self-paced – you can visit the training whenever you want and your content will be there.
  • 18 CPE points
  • Once you’re in, you keep access forever, even when you finish the course.
  • There are no deadlines, except for the ones you set for yourself.
  • We designed the course so that a diligent student will need about 18 hours of work to complete the training.
  • Your time will be filled with reading, videos, and exercises.


 Pre-Course Materials - FREE!

  • Why Do I Need a Pen Test Lab
  • Definitions
  • Creating Directory Structure For the Course
  • Download Virtual Images
  • Acquire Nessus Licenses

Module 1 The Build

  • Definitions
  • Some Basic Linux Commands You Need to Know


  • Installation of VMPlayer and Virtual Box. You Decide, We Will Cover Both.
  • Setup of Our Penetration Testing System - Kali Linux Distribution
  • Setup a Linux Client as a Virtual Machine
  • Setup Our First Vulnerable Machine Metasploitable2
  • Setup Our Second Vulnerable Machine Bee-box (BWAMP)


  • Overview of Virtual Machine Settings
  • Run the Basic Linux commands
  • Upgrade Kali Linux Distribution

Module 2 Port Scanning

  • Nmap and Zenmap Installation
  • Nmap Basic Scanning
  • ZenMap Basic Scanning
  • db_map Scanning


  • Run Nmap Scans against Ubuntu
  • Run Zenmap Scans Against Metasploitable2
  • Run db_map Scans Against Host

Module 3 Vulnerability Scans

  • Installation Nessus Vulnerability Scanner Windows
  • Installation Nessus Vulnerability Scanner Kali Linux
  • Installation Nessus Vulnerability Scanner Ubuntu
  • Basic Nessus Scanning Metasploitable2
  • Basic Nessus Scanning Bee-box


  • Run a Nessus Scan Against Metasploitable2
  • Run a Nessus Scan Against Bee-Box (BWAMP)
  • Run a Nessus Scan Against Ubuntu

Module 4 Advanced Scanning and Reporting

  • Nessus Advanced Scans
  • Nmap Advanced Scans
  • Metasploit Reporting
  • Review Other Resources Available to You…
  • Where Do I Get Virtual Machines


  • Create a Metasploit Report Combining Nessus and Dnmap Scans
  • Run an Advanced Nessus Scan Against Metasploitable 2
  • Run an Advanced Netsparker Scan Against Bee-Box (BWAMP)


IMG_0112 (1)paulPaul Janes, CISSP, GIAC – GISP, is an Information Security Analyst at Corning Incorporated with over 19 years of experience in IT Security, (DLP) Data Loss Prevention, Project Management and Server Management. Most recently, he has been involved in creating his own ethical hacking lab and enhancing his skills as an ethical hacker.


  • Capella University, Minneapolis, MN, Master of Science degree in Information Assurance, Jne 2012, Graduated with Distinction
  • Syracuse University, NY, Bachelor of Science in Computer and Information Studies, June 1991
  • Officers Basic Course, FT Gordon, GA
  • Signal Corps Officer training, June 1990

Additional Training:

  • Penetration Testing and Ethical Hacking, SANS
  • CISSPBootcamp, SANS
  • Implementing and Auditing the Twenty Critical Security Controls –In Depth, SANS
  • Hacker Techniques, Exploits & Incident Handling, SANS
  • Mobile Device Security, SANS
  • Metasploit Training, Eforensics
  • Data Loss Prevention, Symantec
  • Insider Threat, CERT
  • Building Effective Intercultural Relationships, Corning Incorporated

Profesional Certifications: CISSP, GIAC GISP


If you have any questions, please contact us at [email protected].

Course Reviews


1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars1
  • 2 stars0
  • 1 stars0
  1. A must have if getting started or refreshing


    Course is definitely well worth it! It emphasizes two UNIX based vulnerability scanning OS’s as well as two exploitable UNIX OS’s that are mainstays in the security field. This makes it nice in that all materials are free so there are no additional out of pocket expenses to get a good introductory experience in the world of vulnerability scanning.

    Where it really shines though is in the hands on coverage of the material. The course reinforces the commands needed to get the tools installed and running across two to three platforms which means one walks away being able to replicate the instruction in one’s own experience without a lot of Googling to look up commands.

    As an IT instructor and longtime IT veteran I can attest to the fact that the best learning is by doing and this course hits the mark. I have seen too many students speed through labs in the past and walk away not knowing the material. Repetition is the solution and this course provides it.

    Another standout element is that the course will work with your schedule. It is not overly burdensome and the material is presented in an easy to learn manner that won’t leave you dazed and lost in convoluted technical jargon.

    Finally, the course touches on a rich variety of security resources that only a person with years of experience in the specialty would know about and be able to direct you to in short order. It leaves it to you to explore these additional resources, which means the course does not get off track, and gives you the starting points to pick-up where the course leaves off. This alone makes the course worth the cost. The alternative is to know a veteran in the industry and find a way to glean the time and the interest from them to gain this knowledge or spend tons of hours lost on the internet among the overwhelming amount of security information that is available today. Most of which has a price tag attached to it.

    Bottom line, this course is a must have start point for anyone interested in vulnerability scanning and pen testing or for someone getting back into it after having been away for a time.

  2. Good toe dip into Pen Testing


    Good course if you are looking get your feet wet with virtual clients and some pen testing tools. I would guess that all th information is available for free on the internet, but it was nice to have all the install and basic information for the applications in one place. Was it worth the price? Probably not, definitely not at full price. If you can catch the course on sale and you’re curious about pen testing, then go for it. At the very least you can get some ideas on how to create a safe environment to test some hacking techniques. Just make sure that you have a machine that is capable of running the virtual environment:

    Hard Disk – 200GB of disk space or more depending on the number of guest operating systems you plan on installing. A good use of an external hard drive.
    CPU – I recommend the latest technology but any of the I3/I5/I7 families are ok. The more processing power you have the better
    Memory – 2 GB minimum, I recommend 8GB or 16GB. Memory is critical. The more memory you have the more virtual systems you will be able to have running at one time

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023