Get In Touch

contact@moringaschool.com
Phone: +254 711 581 484
Address: P.O.Box 28860-00100 - Nairobi

Our Location

Cyber Security

Weekend
March 10th to April 14th (Saturdays from 9:30 am to 4:00pm for 6 weeks)

Weekday
March 5th to March 26th (Monday to Friday from 6:00 pm to 8:30 pm for 4 weeks)

Course Fee
Ksh 30,000

Course Outline

This Penetration Testing and Ethical Hacking training course teaches the methodologies, techniques, and tactical tools of modern adversaries. Offensively-focused hands-on education is an essential foundation for all information security practitioners or those aspiring to be one; knowing how to attack gives keen insight into proper defensive, vulnerability assessment, forensic and incident response processes. For seasoned and skilled penetration testing professionals, we offer advanced and intensive hands-on training of exploitation development, Metasploit techniques, wireless and mobile device hacking, and coding custom payloads in Python for penetration testing.
In our Penetration Testing and Ethical Hacking training is where you will learn to properly and professionally break things, figure out how and why they work, and put them back together to make them better than before.

Target
Professionals who need to hit the ground running and need an overview of information assurance. Managers, Information Security Officers, students looking to enter Information Security field and System Administrators who need an overview of risk management and defense in depth techniques. Anyone who writes, implements, or must adhere to policy, disaster recovery or business continuity.

*No Specific training is required for this course.

Week 1
  1. About the tools used
  2. About Penetration Testing
  3. Legal
  4. The creative.com Domain
  5. Creative Ground Tech Labs
  1. Finding Your Way Around Kali
  2. Updating Kali Linux Tools
  3. The Bash Environment
  4. Intro to Bash Scripting
  1. Netcat
  2. Neat
  3. Wireshark
  4. Tcpdump
  1. Open Web Information Gathering
  2. Email Harvesting
  3. Additional Resources
  4. Recon- ng
Week 2
  1. DNS Enumeration
  2. Port Scanning
  3. SMB Enumeration
  4. SMTP Enumeration
  5. SNMP Enumeration
  1. Vulnerability Scanning with Nmap
  2. Vulnerability Scanning with Nikto
  3. Directory Scanning with Dirsearch
  4. The Open VAS Vulnerability Scanner
  1. Replicating the Crash
  2. Controlling EIP
  3. Locating Space for Your Shellcode
  4. Checking for Bad Characters
  5. Redirecting the Execution Flow
  6. Generating Shellcode with Metasploit
  7. Getting a Shell
  8. Improving the Exploit
  1. Setting Up the Environment
  2. Crashing the Code
  3. Controlling EIP
  4. Finding Space for Our Shellcode
  5. Improving Exploit Reliability
  6. Discovering Bad Characters
  7. Finding a Return Address
  8. Getting a Shell
Week 3
  1. Searching for Exploits
  2. Customizing and Fixing Exploits
  1. A Word About Anti Virus Software
  2. File Transfer Methods
  1. Privilege Escalation Exploits
  2. Configuration Issues
  1. Know Your Target
  2. MS17-­- 010-­- SMB – Eternalblue exploit
  3. Java Signed Applet Attack
  1. Essential Iceweasel Add- ons
  2. Cross Site Scripting (XSS)
  3. File Inclusion Vulnerabilities
  4. MySQL SQL Injection
  5. Web Application Proxies
  6. Automated SQL Injection Tools
Week 4
  1. Preparing for Brute Force
  2. Online Password Attacks
  3. Password Hash Attacks
  1. Port Forwarding/Redirection
  2. SSH Tunneling
  3. Proxychains
  4. HTTP Tunneling
  5. Traffic Encapsulation
  1. Metasploit User Interfaces
  2. Setting up Metasploit Framework on Kali
  3. Exploring the Metasploit Framework
  4. Auxiliary Modules
  5. Exploit Modules
  6. Metasploit Payloads
  7. Building Your Own MSF Module
  8. Post Exploitation with Metasploit
  1. Encoding Payloads with Metasploit
  2. Crypting Known Malware with Software Protectors
  3. Using Custom/Uncommon Tools and Payloads
  1. Phase 0 – Scenario Description
  2. Phase 1 – Information Gathering
  3. Phase 2 – Vulnerability Identification and Prioritization
  4. Phase 3 – Research and Development
  5. Phase 4 –Exploitation
  6. Phase 5 – Post- Exploitation