What you'll learn
Welcome to my Hands-on Penetration Testing Labs 2.0 course. You can think of this as part 2 of my other course which has a similar name. This lecture will provide an overview of what you can expect for the remainder of this course.
First of all, this course is extremely hands-on. This means we're not going to be doing much talking about the theory of penetration testing, we're going to be diving into hands on technical application right away. We'll be using VirtualBox as a software hypervisor to build a host-only lab environment. Not only will this help you gain insight into penetration testing, but will give you the skills and resources to create your own environment to test and research beyond what you learn in this course.
The lab is going to consist of Kali Linux, and a variety of intentionally vulnerable Linux and Windows VMs. Some of the things we'll be covering are enumeration and vulnerability scanning and local and remote exploitation with industry standard penetration testing tools such as nmap, dirb, and nikto, Metasploit and standalone exploits. We're also going to focus upon exploit development, covering in detail how to craft a buffer overflow exploit for a custom Linux and Windows binary.
In order to accomplish this goal of buffer over flow exploit development and debugging, we're going to be creating a Windows 7 analysis and attack machine. This will have industry standard tools for exploit dev such as Immunity Debugger. We're also going to learn how to use Kali Linux's built in gnu debugger for this purpose.
The technology and methodology used is in this course is current at the time of this recording, which is January 2019. If you're watching this after the stated date, don't be worried too much, as this content should still be highly relevant for aspiring penetration testers.
I will also be introducing you to several free training platforms which I've found to be extremely helpful prior to earning my many hands-on penetration testing certs including OSCP and eWPT. This training has also helped sky rocket my progress as a skilled senior penetration tester and subject matter expert.
I truly hope that you enjoy my course and I'm very excited to be working with all of you. If you have any trouble, please don't hesitate to reach out to me via the Q&A system or by direct message. However, please make sure you include a detailed and specific question, not something like "I can't get it to work".
Also, I highly encourage independent research and attempting to find answers on your own. This is the single most important skill as a penetration tester, the ability to find solutions to problems you haven't yet encountered.
I ask you to please go through the majority of this course prior to leaving a review so that you can accurately measure the course's quality in entirety. I always appreciate constructive feedback, and encourage students to reach out to me if they think anything valuable could be added to the coursework.
Thanks, and have fun!
Who this course is for:
Jesse Kurrus is a cybersecurity professional with strong network
security analysis and intrusion detection experience. Jesse is skilled
in utilizing commercial and proprietary Security Information and Event
Management (SIEM) technology to create rules, filters, generate reports,
and analyze correlations and events. Other professional strengths
include cybersecurity, ethical hacking, penetration testing, training, and
technical writing. Jesse has a true passion for cybersecurity and
information technology, and an insatiable ambition to further his
knowledge and professional skill set.
Specialties: Intrusion Detection / Network Security Monitoring (Security Onion, Snort, Bro, and Suricata); SIEM Technology (Elasticsearch, Logstash, Kibana (ELK), ArcSight, and Splunk); PCAP analysis (Tcpdump, Wireshark, NetworkMiner, NetWitness/Security Analytics); Penetration Testing (Kali Linux, BurpSuite, Nikto, Nmap, Metasploit, etc.)
Current Degrees/Certifications: M.S. in Information Technology with Information Assurance Specialization / B.S. in Computer Networks and Security / Network+, A+, Security+, Linux+, Certified Ethical Hacker v8 (CEH), Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP)