Penetration Testing Course Content
The penetration course curriculum is designed to get learners to build skills by performing penetrations tests and documenting the methodologies.
- Writing buffer overflow exploits
- dlmalloc Heap Overflow exploits
- Win32 Heap Overflow exploits
- Linux stack overflow exploits
- Defeating non-exec stacks
- Return-to-libc shellcode
- Function pointer overwrites
- Crafting injectable shellcode
- Defeating non-executable stacks
- Linux LKM rootkits
- Windows kernel rootkits
- Reverse engineering training
- Vulnerability development and discovery
- Attacking and blinding IDSs
- Hiding your attacks from IDSs
- Encrypted covert channels
- The global offset table overwrites
- Windows shellcode
- Integer overflows
- Linux shellcode
- “No listening port” Trojans
- A whole day on breaking through enterprise DMZs
- Reconstructing binaries from sniffed traffic
- Circumventing antivirus
- Bi-directional spoofed communication
- Session fixation
- Advanced SQL injection
- Justifying a penetration test to management and customers
- Defensive techniques
- Capture the flag exercises every night!
- Writing a stack buffer overflow
- Porting exploits to Metasploit modules
- Find socket shellcode
- Writing shellcode for Linux
- Using Ollydbg for Win32 Exploits
- Using IDA Pro for reversing
- Reconstructing sniffed images
- Reverse engineering Windows PE binaries
- Session hijacking
- Passive network analysis
- Exploitation with a remote GUI
- Sniffing SSL encrypted sessions
- Format string exploits
- Heap overflow exploits
- Windows exploits
- Calculating offsets
- Reversing with SoftIce
- OS determination without touching the target
- SQL injection timing attacks
- Port redirection
- ASP source disclosure attacks
- Call-back backdoors
- Encrypted covert channels
- Remote keyloggers
- PHP/MySQL SQL injection
- Inserting malicious code into Unix binaries