This 2023 course is targeted for Beginner security professionals and enthusiasts who want to learn more about Penetration Testing and Red Teaming with practical examples. Topics cover the basics of offensive security and dive into the full pentesting lifecycle from Enumeration to Post-Exploitation.
The course guides the student through red team and ethical hacking TTP's while showcasing real-world scenarios on a cyber-range which mimics a target network. The cyber-range, Neotek is hosted by Slayer Labs and contains 11 Windows and Linux VM's all engineered to exploit! The course walks through the Neotek Campaign which is stroyline-based, providing hints and targeted directions to the attacker. Completing the course will allow you to own all 11 Neotek range targets!
The mission of this course and cyber-range is to provide the user with a technical high-level overview of ethical hacking, along with realistic scenarios and learning opportunities to become proficient in the basics of Pentesting. The goal is to provide real-world scenarios so the student can get hands-on keyboard and start running through the entire process from Enumeration to Post-Exploitation.
The course has been designed to trim the fat with the expectation that students can pause, re-watch or do additional research if they are following along hands-on in the labs. With that, the student is expected to know basic tools and TTP's in relation to offensive security, ethical hacking and pentesting. For example - covering how to setup a VM in VirtualBox, explaining the basics of networking or installing additional tools on Kali will not be covered.
Each topic dives into the technical side, providing command-line examples and explanations along the way. Topics covered (but are not limited to):
Enumeration with Nmap scripts and Metasploit.
Initial Exploitation with public Exploit-DB proofs of concepts, WebApp and vulnerable service exploitation & Brute Forcing with Hydra and CrackMapExec.
PrivEsc with LinPEAS, WinPEAS, Credential Harvesting, Metasploit Post Modules & Packet Sniffing.
Post-Exploitation by Collecting and Cracking Linux and Windows hashes with Mimikatz and John the Ripper, Harvesting SSH Keys, Transferring Files & Establishing Tunnels.
Course content uses Kali the majority of the time, but also uses Slayer Labs Neotek range targets for intel collection and as jump boxes, utilizing built-in services such as Nmap and SSH portforwarding. Students should be comfortable using Kali Linux along with Linux and Windows command-line. This course is Begineer-friendly in relation to Penetration Testing, however the student should have prior knowledge in IT fundamentals and Security essentials.