The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription
18 CPE credits
“All your base are belong to us” - The Metasploit Framework Course
You should know ...
Ranging from 1: absolute beginner and 10: guru, the students should be able to rate themselves as follows:
- Linux operating system – distro is not relevant: 6
- Windows operating system: 5
- Network protocols and structure: 4
- Basic penetration testing techniques, such as port scanning and automated vulnerability assessments: 3
Nevertheless, the students will be steered to some information source at the beginning of every module.
You will learn how to use Metasploit Framework as a professional penetration tester. We have tried to cover up all the aspects of a professional usage of the framework, while keeping the course approachable by everybody having some previous experience in ethical hacking.
- The structure of the Metasploit Framework
- How to use the Metasploit Framework
- Mastering the MSF and its components
- Attacking servers and clients
- Integrating MSF with other tools
- Creating meaningful reports
Module 1: The structure of the Metasploit Framework
In this module, an in-depth view of the architecture of MSF and its components is given. The students will master the msfconsole, the main MSF interface and learn how to manage sessions.
- Tutorial 1: Installing the MSF
- Tutorial 2: Running the MSF and msfcli
- Tutorial 3: Getting acquainted with the internal database
- Tutorial 4: The environments
- Tutorial 5: playing around with the interface
- Tutorial 6: logging
- Exercise 1: Preparing your machine for the course
- Exercise 2: Starting the environment for the course
- Exercise 3: Downloading the virtual targets (VT’s)
- Exercise 4: Preparing the VT’s
Module 2: Information gathering AND the MSF
Prior to any exploitation attempt, you should have information about your target. During this module, we will show how to perform the task, and how to automate it with MSF
- Tutorial 1: Network Mapping
- Tutorial 2: Service Fingerprinting
- Tutorial 3: Automated Vulnerability Scanners
- Tutorial 4: Importing into the MSF
- Tutorial 5: Information gathering and management from within the MSF
- Tutorial 6: Targeted scanning from within the MSF
- Exercise 1: Scanning VT’s (from scratch, from within the MSF)
- Exercise 2: Examining your data
Module 3: Exploitation is the way!
Time to roll up your sleeves and start doing mischiefs J In this module the student will learn the basics of exploitation with the Framework, and put in practice what they’ve learnt in the previous modules.
- Tutorial 1: Getting acquainted with the msfcli
- Tutorial 2: The basic of exploitation: what are exploits, how to select one
- Tutorial 3: Payloads
- Tutorial 4: Mastering Meterpreter
- Tutorial 5: your first exploit
- Exercise 1: Exploiting a Linux VT
- Exercise 2: Exploiting a Windows VT
- Exercise 3: Changes in the internal database
Module 4: Inside the target
In this module, the student will learn how to ‘pwn’ the target once they broke into it.
- Tutorial 1: Capturing screenshots
- Tutorial 2: Capturing key pressed
- Tutorial 3: Dumping credentials
- Tutorial 4: NTLM equivalence and the cursed ‘pass-the-hash’ attack
- Tutorial 5: Privilege escalation, part 1.
- Exercise 1: Capture the flag: you’re into the box
- Exercise 2: Hack and hack again: escalate privileges!
Module 5: Bow before me. For I am ROOT!
This module expands the previous one.
- Tutorial 1: Privilege escalation, part 2
- Tutorial 2: Windows process token manipulation
- Tutorial 3: Sniff traffic on exploited VT’s
- Tutorial 4: Pivoting through exploited VT’s
- Tutorial 5: maintaining access
- Tutorial 6: attacking databases
- Tutorial 7: using the Framework along with other tools
- Tutorial 8: overview of wireless attacks through Metasploit
- Tutorial 8: Persistent backdoor
- Tutorial 9: Metasploit GUI
- Tutorial 10: Armitage
- Exercise 1: Become root!
- Exercise 2: Jump around across systems
- Exercise 3: Download credentials
Module 6: Client side attack
Exploitation is not all about servers, indeed. Now the students will take a look at the other side of the equation: the clients!
- Tutorial 1: Browser ‘pwn’-ing
- Tutorial 2: Malware on demand: msfpayload
- Tutorial 3: Evasion and obfuscation, Escaping client-side security controls: msfencode and the new Msfvenom
- Tutorial 4: Exploiting the user with the Social Engineering Toolkit
- Tutorial 5: scripting the attacks
- Exercise 1: Create malicious attachments
- Exercise 2: ‘pwn’ the browser
- Exercise 3: ‘pwn’ fat components
- Exercise 4: ‘pwn’ the user
|Week 6||Final exam|
Final exam: Putting it all together
Every course ends with an exam and this one is no exception.
The student is asked to put in practice all the skills they have learnt in order to:
- Hack into a vulnerable Virtual Network
- Escalate privileges
- Gather evidences
- Produce a business report
WHO SHOULD TAKE THIS COURSE
This course offers advanced penetration testing skillsets. Though we tried to keep it simple, a prior knowledge of ethical hacking tools and techniques is beneficial to proceed to the end without wasting time, however this is not a prerequisite.
Everybody that manages a system should have its security framed in their DNA; and the best way to have a secure system is to be able to test it.
Specifically for people in the following industries will benefit greatly:
• System Administrators
• Penetration Testers
• Security architects
Students are required to know:
- Windows OS
- Linux OS
WHAT STUDENTS SHOULD BRING
- A (virtual is good, but physical is better) machine running your favorite linux distro. We are going to use Kali, but this is not a problem
- 4 GB RAM you will need to wait forever, 8 GB RAM is a fair amount, 16 is better.
- A virtualization software (we will use VMWare, but VirtualBox is ok as well)
Gabriele is an Information Security Expert, certified CISSP, CISM, OPST and some other 10 funny acronyms. Practicing Penetration testing since 2002, he’s seen how the security landscape has changed over the years. Currently working for iDialoghi SRL as CTO, he’s into ICT Forensics, Penetration Testing, but also Risk Management and Governance. In his spare time, Gabriele practices archery, photography, and is currently enrolled in a Math MSc.
Email: [email protected]
Paolo Stagno, aka VoidSec, is a Cyber Security Analyst for iDialoghi, an Italian security firm based in Milan.
He is a consultant specialized in Penetration Test, Vulnerability Assessment, Information Security, Technology Risk and Network and Application Security for a wide range of clients across top tier international bank, major companies and industries. He is attending as speaker for various international conferences, like: DEFCON, BlackHat and Droidcon.
He is also the leader and founder of VoidSec.com
Email: [email protected]