• No products in the cart.

ON-DEMAND, SELF-PACED, 18 CPE CREDITS, This course will walk you through setting up your own penetration testing lab.

18 CPE credits


Your instructor

IMG_0112 (1)paul

Paul Janes, CISSP, GIAC – GISP, is an Information Security Analyst at Corning Incorporated with over 19 years of experience in IT Security, (DLP) Data Loss Prevention, Project Management and Server Management. He has been involved in creating his own ethical hacking lab and enhancing his skills as an ethical hacker.



Course format

Build your own PenTest lab – we mean it! With this course, you decide on your configuration! Want to scan BeeBox with Kali using VMPlayer? Great, here’s a step-by-step. Feel more like scanning Metasploitable with Ubuntu running on VirtualBox? That’s here too. Mix and match, or get all of them, your choice.

Described in this eBook:
– Installation and usage of BOTH VMPlayer and VirualBox – in ALL case scenarios
– Installation and usage of BOTH Kali Linux and Ubuntu – in ALL case scenarios
– Installation and usage of BOTH Metasploitable and BeeBox vulnerable machines – in ALL case scenarios

    • The course is self-paced – you can visit the training whenever you want and your content will be there.

    • 18 CPE points

    • FREE eBook with all course materials as a bonus

    • Once you’re in, you keep access forever, even when you finish the course.

    • There are no deadlines, except for the ones you set for yourself.

    • We designed the course so that a diligent student will need about 18 hours of work to complete the training.

    • You time will be filled with reading, videos, and exercises.


 Pre-Course Materials – FREE!

    • Why Do I Need a Pen Test Lab

    • Definitions

    • Creating Directory Structure For the Course

    • Download Virtual Images

    • Acquire Nessus Licenses

Module 1 The Build

    • Definitions

    • Some Basic Linux Commands You Need to Know


    • Installation of VMPlayer and Virtual Box. You Decide, We Will Cover Both.

    • Setup of Our Penetration Testing System – Kali Linux Distribution

    • Setup a Linux Client as a Virtual Machine

    • Setup Our First Vulnerable Machine Metasploitable2

    • Setup Our Second Vulnerable Machine Bee-box (BWAMP)


    • Overview of Virtual Machine Settings

    • Run the Basic Linux commands

    • Upgrade Kali Linux Distribution

Module 2 Port Scanning

    • Nmap and Zenmap Installation

    • Nmap Basic Scanning

    • ZenMap Basic Scanning

    • db_map Scanning


    • Run Nmap Scans against Ubuntu

    • Run Zenmap Scans Against Metasploitable2

    • Run db_map Scans Against Host

Module 3 Vulnerability Scans

    • Installation Nessus Vulnerability Scanner Windows

    • Installation Nessus Vulnerability Scanner Kali Linux

    • Installation Nessus Vulnerability Scanner Ubuntu

    • Basic Nessus Scanning Metasploitable2

    • Basic Nessus Scanning Bee-box


    • Run a Nessus Scan Against Metasploitable2

    • Run a Nessus Scan Against Bee-Box (BWAMP)

    • Run a Nessus Scan Against Ubuntu

Module 4 Advanced Scanning and Reporting

    • Nessus Advanced Scans

    • Nmap Advanced Scans

    • Metasploit Reporting

    • Review Other Resources Available to You…

    • Where Do I Get Virtual Machines


    • Create a Metasploit Report Combining Nessus and Dnmap Scans

    • Run an Advanced Nessus Scan Against Metasploitable 2

    • Run an Advanced Netsparker Scan Against Bee-Box (BWAMP)


IMG_0112 (1)paul

Paul Janes, CISSP, GIAC – GISP, is an Information Security Analyst at Corning Incorporated with over 19 years of experience in IT Security, (DLP) Data Loss Prevention, Project Management and Server Management. Most recently, he has been involved in creating his own ethical hacking lab and enhancing his skills as an ethical hacker.


    • Capella University, Minneapolis, MN

      Master of Science degree in Information Assurance, Jne 2012

      Graduated with Distinction

    • Syracuse University, NY

      Bachelor of Science in Computer and Information Studies, June 1991

      Officers Basic Course, FT Gordon, GA

    • Signal Corps Officer training, June 1990

Additional Training:

    • Penetration Testing and Ethical Hacking, SANS

    • CISSPBootcamp, SANS

    • Implementing and Auditing the Twenty Critical Security Controls –In Depth, SANS

    • Hacker Techniques, Exploits & Incident Handling, SANS

    • Mobile Device Security, SANS

    • Metasploit Training, Eforensics

    • Data Loss Prevention, Symantec

    • Insider Threat, CERT

    • Building Effective Intercultural Relationships, Corning Incorporated


    • Risk Assessments

    • Vulnerability Assessments

    • Top 20 critical controls (Automation)

    • Data Loss Prevention

    • Incident Response

    • Managing Project Risks

    • Reviewing cloud implementations and managing risk

    • Security Awareness

    • Corporate Phishing exercises

    • Corporate Training

    • Benefits of a strong password

    • Secure communications

    • Penetration testing


Metasploit, Nessus, Nexpose, Kali Linux, Nmap, Zenmap,  John the Ripper, Cain and Abel, Hydra, GoogleHacking;

IT Security Organization Memberships:


Profesional Certifications:


    • Creating Security Online Courses for eForensics Magazine

    • Developing new Information Assurance Certification

    • Blogs for eForensics Magazine

If you have any questions, drop us a line:

Course Reviews


1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars1
  • 2 stars0
  • 1 stars0
  1. A must have if getting started or refreshing


    Course is definitely well worth it! It emphasizes two UNIX based vulnerability scanning OS’s as well as two exploitable UNIX OS’s that are mainstays in the security field. This makes it nice in that all materials are free so there are no additional out of pocket expenses to get a good introductory experience in the world of vulnerability scanning.

    Where it really shines though is in the hands on coverage of the material. The course reinforces the commands needed to get the tools installed and running across two to three platforms which means one walks away being able to replicate the instruction in one’s own experience without a lot of Googling to look up commands.

    As an IT instructor and longtime IT veteran I can attest to the fact that the best learning is by doing and this course hits the mark. I have seen too many students speed through labs in the past and walk away not knowing the material. Repetition is the solution and this course provides it.

    Another standout element is that the course will work with your schedule. It is not overly burdensome and the material is presented in an easy to learn manner that won’t leave you dazed and lost in convoluted technical jargon.

    Finally, the course touches on a rich variety of security resources that only a person with years of experience in the specialty would know about and be able to direct you to in short order. It leaves it to you to explore these additional resources, which means the course does not get off track, and gives you the starting points to pick-up where the course leaves off. This alone makes the course worth the cost. The alternative is to know a veteran in the industry and find a way to glean the time and the interest from them to gain this knowledge or spend tons of hours lost on the internet among the overwhelming amount of security information that is available today. Most of which has a price tag attached to it.

    Bottom line, this course is a must have start point for anyone interested in vulnerability scanning and pen testing or for someone getting back into it after having been away for a time.

  2. Good toe dip into Pen Testing


    Good course if you are looking get your feet wet with virtual clients and some pen testing tools. I would guess that all th information is available for free on the internet, but it was nice to have all the install and basic information for the applications in one place. Was it worth the price? Probably not, definitely not at full price. If you can catch the course on sale and you’re curious about pen testing, then go for it. At the very least you can get some ideas on how to create a safe environment to test some hacking techniques. Just make sure that you have a machine that is capable of running the virtual environment:

    Hard Disk – 200GB of disk space or more depending on the number of guest operating systems you plan on installing. A good use of an external hard drive.
    CPU – I recommend the latest technology but any of the I3/I5/I7 families are ok. The more processing power you have the better
    Memory – 2 GB minimum, I recommend 8GB or 16GB. Memory is critical. The more memory you have the more virtual systems you will be able to have running at one time

  • $249.00
  • Course Certificate

Who’s Online

Profile picture of nashie@clara.co.uk

Certificate Code

eForensics Magazine's online courses are conducted by experts on our online platform. Courses are designed for hackers, pentesters, IT security experts – professionals and ethusiasts alike. During the course you will not only learn the material and gain the skill, you will also get the unique opportunity to train under the supervision of some of the best experts out there.

The courses are self-paced, and are available on demand. When the course is in session, we release new materials every week, but you can always join in and catch up – when the session ends, everything stays on the website. The added benefit of participating in a session is the hands-on guidance you get from the instructor!

flexible approach; instructor's guidance; course certificate; 18 CPE points for every completed course;

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013