Penetration Testing In Real World - "Codename: Samurai Skills"
Another problem with today's Ethical hacking and penetration testing courses is that they fail to offer real world attack scenario in order for the students to practice and learn in a much better way. Most of the courses you would find on the internet would commonly suggest you the following for the lab.
1. Backtrack (Attacker)
2. Windows Xp (Victim)
And you would end up practicing on a vulnerable target of your choice, However penetration testing in the real world is extremely difficult and require creative thinking and you are faced up against lot of different security mechanisms such as Firewalls, IDS, IPS etc.
A couple of months before we wrote a complete review on "elearnsecurity Penetration testing course for beginners" and received extremely positive response from our readers. Recently this week I came across a Penetration testing course that gravitated my attention in the first look. The name of the course is "Codename: Samurai Skills".
"Codename: Samurai Skills" by ninja sec team is a medium level penetration testing course which provides students with a good base of both theoretical and practical knowledge. The approach of this course is similar to elearnsecurity and offensive security.
The whole course is divided into eight different modules. Each of the modules contains a PDF material along with the videos related to the topic. The course starts by giving a solid introduction related to Penetration testing, different types of approaches and methodology. The next chapter directly dive into the practical demonstrations of various penetration testing tools on backtrack related to information gathering.
Module 3: Scanning and Assessment
the author does not only introduces you to different types of scanning tools and methodologies but also provides handy tips in order to bypass different types of protections such as firewalls, IDS etc.
Module 4: Network Attacking Techniques
In this module author introduces the students to various types of different network attacking and exploitation techniques. Going beyond just using ms08_067_netapi exploits which is a common exploit used in almost every training. The module also covers topics like network password cracking, man-in-the-middle, ARP spoofing, password sniffing and common targeted protocols.
Module 5: Windows & UNIX Attacking Techniques
This module introduces the student to various types of vulnerabilities inside windows xp found inside windows Xp hashing mechanism. The module also talks about unix attacking techniques. However, I was expecting a bit more of material related to UNIX attacking techniques.
Module 6: Windows & UNIX Post-Exploitation Techniques
This module covers Windows and Unix post exploitation techniques in depth introducing the student to various topics such as meterpreter, privilege escalation, local password cracking, impersonation, routing / pivoting and other topics, for both Windows and UNIX.
Module 7: Web Exploitation Techniques
This module is the longest module of all with around 5 hours of practical demonstrations. The module starts by explaining various scanning and application footprinting techniques. Right after the scanning part the author directly dives the students inside web application exploitation techniques such as SQL injection and Blind SQLi, File Upload and Remote File Include (RFI) vulnerabilities, Command Injection, Cross Site Scripting (XSS) (both reflected and stored), and Cross-Site Request Forgery (CSRF).
Module 8: Windows Exploit Development
This module was by far my favorite as the instructor has done tremendous job in explaining the windows exploit development process. The module covers a step by step process of development of a buffer overflow exploit. The instructor has made the complex exploit development process look so easy for the students that even script kiddies can learn it with a little bit of effort.
Click Here To Enroll Your self