Masterclass: Introduction to Pen-testing Course

Live Virtual Class – Super Intensive Remote Training with Labs!
(9:00am – 4:00pm CEST Monday to Wednesday)

Notify me

Masterclass: Introduction to Pen-testing course

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 12 participants by default, or supported by an assistant instructor if the number of delegates exceeds 12. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Upcoming Live Virtual Classes

Live Virtual Class Length Start Date Instructor
Notify me 3 days-21h To be announced To be announced

See the schedule of our all Live Virtual Classes

You will enjoy it!

This course serves as an introductory course for performing internal and web application penetration testing.

Our course has been developed around professional penetration testing and security awareness in the business and IT fields. During the course you will learn how to pick the right methodology for your project and acquire the skills on how to successfully perform target reconnaissance and get valuable data on the objective.

Later on, we will go through various aspects of Web Application Pentesting and review the key concepts of web app security. We will also familiarize ourselves with Web Application pentester’s best friend: the Burp Suite. Afterwards we will go through the OWASP Top 10 for 2021 to get a better understanding of top vulnerabilities to look for during our work.

During the final stage of the training, we will guide you through various methods of infrastructure penetration testing. We will learn how to determine the attacks scope, discover vulnerable services and configurations. After we have successfully prepared for the pen-test, the next steps will be to weaponize and in this chapter we will undergo the preparation of malicious payloads and reverse shells. As soon as we have gained the access to the target system, we will try various methods of privilege escalation and lateral movement.

To make sure that all participants gain the necessary security concepts and knowledge, our classes have an intensive hands-on labs format and we have prepared tons of exercises that you will be able to perform even after the course concludes, as we will grant you an extra 3-weeks of lab access!

The knowledge used to prepare the unique content of this amazing course has been gathered during tons of penetration testing projects done all around the world by CQURE Experts. The training will allow you to understand the penetration tester’s perspective on security, and learn crucial tools and concepts needed for everyone considering developing their career in penetration testing or cybersecurity in general.

Platform and Technical Requirements:

To participate in the course you need a Stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the Lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

Certification:

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

COURSE FORMULA

Remote Delivery

We are Experts in remote delivery. In the past year, we have organized over 200 days of trainings and we have tested many solutions. The experience remains the same as in the case of face-to-face trainings – a personalized, lab intense training with a lot of interaction between you and the instructor.

Virtual Labs

You will be granted a lab access for the duration of the training and a complementary access for additional 3 weeks after the training concludes with new challenging exercise instructions. With the extra self-study materials, you will be able to refresh your knowledge, acquire new skills and practically apply the techniques you have just learned.

Lifelong Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

COURSE SYLLABUS

Module 1

Introduction to Penetration Testing

  1. Functional issue or security issue?
  2. What is Penetration Testing?
  3. What skills should Pentester have?
  4. The best operating system, web browser and other tools
  5. Cyber Kill Chain

Module 2

Performing security testing

  1. Testing methoologies
  2. Measuring severity of an issue
  3. Risk matrix and CVSS score
  4. Vulnerabilities and Risks
  5. The role of automatization
  6. What defines a test scope?
  7. How to create good report?
  8. Useful reporting skills

Module 3

Reconnaissance

  1. Why is recon needed?
  2. Open-Source Intelligence (OSINT)
  3. Google hacking and alternative search engines
  4. DNS and WHOIS databases
  5. Subdomain enumeration
  6. Social Media Intelligence (SOCMINT)
  7. Public services enumeration
  8. Discovering hidden secrets

Module 4

Web Applications

  1. Introduction to HTTP
  2. Modern web applications, frameworks and web programming languages
  3. Client and server-side security
  4. The hidden gems of web browsers
  5. The role of web-proxy

Module 5

INtroduction to Burp Suite

  1. Tool overview
  2. Community and Pro features
  3. Basic web attacks using Burp Suite
  4. Work automatization
  5. Useful extensions

Module 6

Introduction to Web Attacks

  1. OWASP TOP 10 project
  2. OWASP TOP 10 2021
  3. Discovering Access Control issues
  4. Injection Attacks
  5. Insecure file inclusions
  6. Web attacks and Remote Code Execution

Module 7

Infrastructure penetration testing

  1. Infrastructure as entry point
  2. Modern architecture
  3. Introduction to TCP and UDP
  4. Nmap – powerful port scanner
  5. Ncat – netcat for 21st century
  6. Vulnerable default configurations

Module 8

Using and creating offensive security tools

  1. Programing languages for offensive tasks
  2. Types of shells
  3. Generating reverse shell
  4. Generating web shell
  5. Bypassing firewalls
  6. Finding Exploits
  7. Reviewing and fixing public exploits

Module 9

Security solutions

  1. Security solutions on modern systems
  2. Yara rules
  3. Bypassing Anti-Virus and EDRs
  4. Alternative file types
  5. Living Off the Land Binaries

Module 10

Privelage escalation

  1. How Windows access control works?
  2. Attacking services
  3. Accessing system secrets
  4. Mimikatz

Module 11

Lateral Movement

  1. Sniffing
  2. Gathering network information
  3. Bloodhound
  4. Pass-The-Hash family attacks
  5. Critical Active Directory issues
Notify me

Click here to browse the modules:

WHO IS IT FOR?

Audience

This course is ideal for junior pen-testers and red teamers, Windows network administrators, security professionals, systems engineers, developers, IT professionals, security consultants and other people responsible for implementing infrastructure security.

Recommendations

To attend this training, you should have at least 2-3 years of experience in IT-related job or at least 1 year of experience in cybersecurity field.

Exercises

All the exercises are based on Windows Server 2016 and 2019, Windows 10 and Kali Linux.

Our students say…

I have attended CQURE’s training as someone who is not a security professional, but just an enthusiast, and I feel like I learned a A LOT. The whole training was loaded with information and nice demos of the latest technologies. On top of that — having an opportunity to ask and talk to professionals was priceless.

Marek Chmel

SQL Server DBA | AT&T

Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!

Martin Weber

CTO | IT.innovation.4U GmbH

All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you will never use. You’ll find that all of the material you’ll learn in the class will be used, at some point, in your security career.

Jack Perry

Security Principal Consultant

×