Basic Penetration Testing Online Course in Thai language – Sumedt Jitpukdebodin

Salepage link: At HERE. Archive: http://archive.is/wip/vwb5S

Course Outline

1. Basic Security

2. Reconnaissance

3. Scanning

4. Gaining Access & Maintaining Access

5. Enumeration in target

6. Metasploit Framework

7. Web Application Security

8. Pivoting Network

9. Lab with real experimental

Section 0: ?????????????????? tip & technique ???????? Course

Section 1: Overview and basic information security knowledge

Section 2: Kali Linux

Kali Linux (6:32)w
How to run Kali Linux (5:52)
Kali Rolling Edition (5:09)
How to install Kali Linux in Virtualbox (11:24)
How to install Guest Additional Tool in Virtualbox (6:26)
How to install Kali Linux in VMWare Fusion (13:41)
Install open-vm-tools-desktop in VMWare Fusion (4:09)

Section 3: Intelligence Gathering

Overview of Intelligence Gathering (9:36)
What is DNS, NSLOOKUP, WHOIS (9:00)
How to use NSLOOKUP (14:40)
What is dig command (1:22)
Dig and Zonetransfer (9:28)
Zonetransfer with tools (15:55)
Intelligence Gathering with Windows and Website (16:33)
OSINT – Part 1 (11:33)
OSINT – Part 2 (7:36)
What is Recon-ng? And how to use it (5:13)
Recon-ng in actions – Part 1 (10:51)
Recon-ng in actions – Part 2 (12:43)
Recon-ng in actions – Part 3 (9:12)
Google Hacking – Part 1 (10:37)
Google Hacking – Part 2 (13:03)
Google Hacking with Tools (10:18)
What is Spiderfoot? And how to use it (9:29)
Search Engine for Pentester (5:26)
Metadata and how to view it (18:10)

Section 4: Network Security

What is surface of target (2:17)
What is NetBIOS (2:43)
Network Security and Basic Network – Part 1 (11:56)
Network Security and Basic Network – Part 2 (6:38)
Learning NMAP in practical way – Part 1 (11:12)
Learning NMAP in practical way – Part 2 (8:56)
NSE Categories (4:18)
Example of NSE (6:54)
Learning NSE in practical way (13:42)
Auditing website with NSE – Part 1 (9:44)
Auditing website with NSE – Part 2 (11:50)
Write your own NSE (16:25)
Edit NSE for your propose (4:21)
How to install Nessus and How to use Nessus scanner (16:16)
How to setup and use Openvas (5:59)
Web Vulnerability Scanner and Arachni (12:53)
Netcat Usage (12:56)
Network Sniffer and Man in the middle (16:03)
DNS Spoofing (2:52)
DNS Spoofing with Ettercap (4:47)
Bettercap (5:20)
Using bettercap to inject javascript (13:05)

Section 5: Metasploit

Overview of Metasploit – Part 1 (4:54)
Overview of Metasploit – Part 2 (17:24)
Metasploit Pro Log
Ranking of Module (3:51)
Msfconsole (10:56)
Metasploit in one line (3:23)
Msfvenom (11:39)
Msfvenom in actions – Part 1 (13:57)
Msfvenom in actions – Part 2 (8:27)
Metasploit works with database (9:30)
Web Delivery Module (4:43)
Exploit MS08_067_netapi with Metasploit (14:36)
Exploit Easy File Management Web Server with Metasploit (12:54)
Brute Forcing SSH with Metasploit (5:21)
Automate in Metasploit (5:51)
Metasploit Cheat Sheet
Metasploit Base64 encoder module (7:47)

Section 6: Crack the password

Overview crack the password (14:32)
Cewl Usage (4:32)
Brute forcing SSH with Hydra (13:08)
Brute forcing HTTP with Hydra (10:08)
LM Hash ??? Linux Password (8:41)
Cracking LMHash and NTLM (12:29)
Windows Credential Editor (5:04)
Cracking Linux Password (4:34)
Crack PDF Password (7:26)
Crack Zip File (4:28)

Section 7: Web Application Security

Slide of Web Architecturet
Web Architecture – Part 1 (8:20)
Web Architecture – Part 2 (12:52)
Information gathering website (9:23)
Basic SQL (9:43)
SQL Injection (11:21)
Timebase SQL Injection (4:51)
Cheat Sheet SQL Injection (8:50)
SQL Injection with SQLMap (13:40)
SQL Injection 2nd order attack (16:37)
Cross Site Scripting (XSS) (13:57)
File Inclusion – Part 1 (8:58)
File Inclusion – Part 2 (4:11)
File Upload (3:45)
Insecure Direct Object Reference (IDOR) (6:06)
Command Injection (2:22)
Command Injection with COMMIX (13:08)
Cross Site Request Forgery (CSRF) (4:16)
Example payload for redirect

Section 8: Client Side Exploitation

Overview of Client Side Exploitation (2:10)
Overview of DLL Hijacking (7:08)
DLL Hijacking in actions (14:47)
Exploit with Winrar SFX (9:40)
Bypass antivirus with Shellter (7:13)
Create malicious document with Metasploit (8:38)
Exploit Adobe Reader with adobe_pdf_embbed_exe (5:35)
Exploit Adobe Flash Player with Metasploit (2:50)
Microsoft DDEAUTO Attack (6:58)

Section 9: Post Exploitation

Overview of Post Exploitation and Post exploitation in Windows (16:08)
Post Exploitation in Linux (12:04)
Privilege Escalation with dirty c0w vulnerability in Linux OS (11:02)
Privilege Escalation with Hot Potato technique in Windows OS (12:44)
Privilege Escalation with Always Install Elevated in Windows OS (2:59)
BypassUAC with Metasploit (2:40)
Post Exploitation with windows command (9:02)
Pivoting network (4:09)
Pivoting network with autoroute command in Metasploit (4:37)
Pivoting network with SSH (5:00)
Pivoting network with proxychains (3:54)
Post exploitation with Metasploit – Part 1 (9:46)
Post exploitation with Metasploit – Part 2 (7:39)
Privilege Escalation with MS16-032 (Powershell) (3:25)
Post exploitation – using Mimikatz in Metasploit (2:20)
Basic Windows Privilege Escalation
Powershell – Reverse TCP Shell (1:51)
OSX Post-Exploitation
Post Exploitation in Linux with Mimipenguin & Swap_digger (5:08)

Section 10: Reporting

Section 11: Play Ground

Lab 1 – Part 1 (10:53)
Lab 1 – Part 2 (12:38)
Lab 2 – Part 1 (10:59)
Lab 2 – Part 2 (18:46)
Vulnerability Lab01 (11:55)
Lab – hack drupal (Droopy) (26:51)
Shadow Broker Toolkit Demo (18:47)