Mgr. Ivo Nutár
Penetration tester - CSIRT MU
Penetration Testing
Masaryk_University
About This Course
This course will give you a practical understanding of basic and some advanced techniques utilized during penetration testing. It will guide you through every important phase of test and give you information (and practical examples) on how to use available open source tools (such as Metasploit, Nmap, Burp suite) etc. to automate some of the effort. The course materials will provide a lot of links to various sources that can and should be used for studying and deepening the knowledge.
Meet your lecturers
Bc. Andrej Tomči
Penetration tester - CSIRT MU
Course Outline
- Lesson 1 – Introduction and Reconnaissance
- Lesson 2 – Initial access I
- Lesson 3 – Initial access II
- Lesson 4 – Privilege escalation
- Lesson 5 – Post exploitation
Prerequisites
- User knowledge of Linux file structure and command line (Some basic utilities like cron, sudo, etc.)
- Understanding of network protocols
- Understanding of web technologies such as:
- Distinction between frontend and backend languages
- How HTTP headers are used
- Ability to read HTML and JavaScrip
- Ability to understand code (any language)
Learning Outcomes
Once you finish this course, you will be able to:
- Understand and apply learned techniques (reconnaissance, exploitation, escalation) for both infrastructures and web applications
- Scan the targets of your assessment to find potential attack vectors
- Analyze and move through the attacked network to find more vulnerabilities
- Exploit identified vulnerabilities to gain access
- Escalate low privileges to administrator/root access
Literature
Web exploitation:
- “All learning materials: Web Security Academy”, PortSwigger, c2020. Available here
- P. Yaworski, Web Hacking 101: How to Make Money Hacking Ethically. LeanPub, 2017. Available here
General penetration testing:
- D. Regalado, A. Harper, S. Harris, R. Linn, C. Eagle, J. Ness, B. Spasojevic, and M. Baucom, Gray Hat Hacking: The Ethical Hacker's Handbook, 5th edition. USA: McGraw-Hill, 2018.
- W. Allsopp, Advanced Penetration Testing: Hacking the World's Most Secure Networks. Indianapolis: Wiley, 2017.
FAQ
- Q: I have an issue with registration/logging in. Who can I contact?
A: In this case, please contact our edX administrator — contact@bootcamp.nc3.cz.
- Q: Do I need some sort of special equipment for passing the course?
A: No. You don't need any special equipment. You will just basically need a PC or a notebook with an internet connection for studying our course.
- Q: What's the difference between your course and other online courses that seem the same?
A: Besides the course's theoretical background (during its self-study part), it is primarily focused on practical tasks with hands-on exercises, final an assignment, and one day workshop.
- Q: I have some experience in the field that your course covers. I just need to study topics I am not experienced with. Can I just skip those parts of the course I already know?
A: The whole self-study part of the course is focused on your own learning process. It means you can study as fast or as slow as you can at the moment. It also includes the content itself — our course allows you to learn just those important parts. But it is crucial to accomplish all mandatory tasks to finish our course.
- Q: What are the conditions for successful completion of the course?
A: You need to accomplish the course's final assignment and be present at the workshop (which will be followed after the self-study part of the course). The final assignment consists of two parts. They are connected to the workshop, so they are a crucial element of this course.
- Q: What if I find out that the course is not useful for me?
A: Of course, this can happen. In the first place, we recommend you contact the course administrator to help you anyhow. Even after that, if you still feel that our course does not suit you, just stop studying and let us know.
Sub-project TN01000077/8 CSIRT BootCamp implemented within the project TN01000077 The National Center of Competence for Cybersecurity is solved with the financial support of TA ČR.
