September's Back To Hacking...err...I Mean Back To School Package Deal
We've put the "So You Wanna Be A Pentester", and the "So You Wanna Be A Web App Pentester"
courses into a package deal. For the month of September only you get 3 course options:
Option 1: So You Wanna Be A Pentester for $200 (regular price $300)
Option 2: So You Wanna Be A Web App Pentester $300 (regular price $450)
Option 3: Both courses for $500 (regular price $600)
Option 1: So You Wanna Be A Pentester for $200 (regular price $300)
Option 2: So You Wanna Be A Web App Pentester $300 (regular price $450)
Option 3: Both courses for $500 (regular price $600)
Course Descriptions Below:
Title:So You Wanna Be A Pentester? $200 (regular price $300)
Description
This course will cover some of the newer aspects of penetration testing
such as Open Source Intelligence Gathering with Maltego and other Open
Source tools.
Advanced Scanning, Enumeration, Exploitation (remote and client-side),
and Post-Exploitation relying heavily on the features included in the
Metasploit Framework will also be covered.
Emphasis throughout the entire workshop will be placed on being as
stealthy as possible, and dealing with popular defensive technologies
such as:
- Network Intrusion Detection/Prevention Systems
- Host-Based Intrusion Detection/Prevention Systems
- Web Application Firewalls
- Anti-Virus
- Content-Filtering Proxies
Topics
- Penetration Testing Fundamentals
- Scope of Modern Pentests
- Compliance Testing (PCI, HIPAA, ISO 27000)
- Blackbox
- Whitebox
- Full Scope
- The Down & Dirty
- Open Source Intelligence (OSINT)
- Maltego, and other tools
- Scanning
- Vulnerability Scanners
- Port Scanners
- Tips & Tricks
- Nmap Scripting
- Stealth Scanning Techniques
- Scanning from the outside
- Scanning from the inside
- Enumeration
- Bannergrabbing
- HTTP Fingerprinting
- SMB Version Detection
- Vulnerability Testing
- Using Nessus Attack Scripting Language (NASL)
- Correlating Scan results to public exploits
- Owning Boxes for Fun and Profit
- Exploitation
- Remote Exploits
- Local Exploits
- Why didn't my exploit work?
- Client-Side Attacks
- Delivery Methods
- Post-Exploitation (Old School)
- Setting up a workshop
- Metasploit (MSF)
- MSF Basics
- MSF Post-Exploitation
- Customizing MSF (Cool stuff)
Delivery Method:
Online Course with email support
Lab Network Info:
The LSO HackLab is back online now, and within 4 hours of course registration you'll receive an email with access instructions.
Maintaining access to the LSO lab is only 30 dollars USD per month after purchasing this course.
Deliverables:
Courseware PDFs
Lab Manual PDF
Three (3) 30 minute phone calls with Joe McCray to walk you through specific lab exercises and/or answer questions
30 Day Unlimited Access to LSO Lab Network (from day of course registration)
Title:
So You Wanna Be A Web App Pentester? $300 (regular price $450)
Course Focus:
Web Application penetration testing will be covered with focus on
practical exploitation of cross-site scripting (XSS), cross-site
request forgery (CSRF), local/remote file includes, and SQL Injection.
- Transitioning from Network to Web App Penetration Testing
- Similarities & Differences
- What Makes up a Web Application Assessment
- Web Application Security Threat Classification
- OWASP Testing Guide
- Injection Vulnerabilities
- SQL Injection
- Error-based
- Union-based
- True/False Blind
- Time Based Blind
- Platform Specifics
- SQL Server (2000/2005)
- MySQL
- Oracle
- Abuse of Trust Vulnerabilites
- Cross-Site Scripting
- Cross-Site Request Forgery
- File Handling/Redirection Vulnerabilities
- Remote File Includes
- Local File Includes
- File Upload
- Null Byte Injection
- Filter/IDS/Web Application Firewall Evasion
- Client-Side Filtering
- Alphanumeric Filtering
- IDS Signature Evasion
- Dealing with Web Application Firewalls
Joe's Web Application Assessment Attack Methodology
- Stepping Through A Web App
- Automated Tools
- Commercial Tools
- Open Source Tools
- Manual Analysis
- How to look at a Web App
- Common Headaches
- Tips & Tricks
- Labs
- HackMe Bank
- MackMe Books
- WebMaven
- WebGoat
Popular Testing Guides & Methodologies
- Can You Use The Open Source Testing Methodology Manual (OSSTMM) for Web App Testing
- Simplifying The OWASP Testing Guide into something managable
When and how to Threat Model
- Popular Methodologies
- Stride vs Dread
Web Application Security Reporting
- Don't just hand the scanner results to the customer
Course Prequisites
Students should have some basic familiarity with the following web technologies and
languages:
- HTTP
- HTML
- Javascript
- ASP
- PHP
- SQL
How Is The Course Delivered & What Do You Get
All of the courseware will be delivered in PDF format
- 5 sets of powerpoint slides in PDF format
- 1 document (103 page course document) in PDF format
- 1 web app tools install walkthrough document
- 4 lab documents
Basic tutorial documents (each ranging from 20 - 50 pages in length)
- HTML
- PHP
- ASP
- CSS
- XML
- SQL
All labs must be performed on your own machine (NOT IN THE LSO LAB NETWORK).
VMWare virtual machines for the lab exercises will be provided for download.
Both courses for $500 (regular price $600)