دورة اختبار الاختراق OSCP

1. Penetration Testing Course Content

PRELIMINARY SKILLS (PREREQUISITES & PROGRAMMING)

Module 1: Introduction to Pentesting and Information Security

• Introduction to Information Security
• Information Security Attacks and Information Security Controls
• Hacking Concepts
• Introduction to Penetration Testing
• Lifecycle of a Penetration Test
  • Engagement
  • Information Gathering
  • Footprinting and Scanning
  • Vulnerability Assessment
  • Exploitation and Reporting
• Examples of Vulnerabilities
• Red Team vs. Blue Team
• Capture The Flag (CTF)

Module 2: Networking

• Network Fundamentals
• Types of Networks
• Network Topologies
• The 7 Layers of the OSI Model
  • Layer 7 – Application
  • Layer 6 – Presentation
  • Layer 5 – Session
  • Layer 4 – Transport
  • Layer 3 – Network
  • Layer 2 – Data Link
  • Layer 1 – Physical

Module 3: Bash Scripting

• Introduction to Bash
• Linux Commands
• Linux File Permissions
• Programming using Bash
• Variables and User Input
• Shell Programming – Arithmetic Operators

Module 4: Web Applications

• Introduction to Web Applications
• HTTP Protocol Basics
• HTTP Cookies
• Sessions
• Same Origin Policy
• Burp Suite

PENETRATION TESTING

Module 5: Reconnaissance & Information Gathering

• Information Gathering Introduction
• Types of Information Gathering
• Open-Source Intelligence (OSINT)
• Advanced Google Hacking Techniques
• Search Engines and Advanced Google Search Operators
• Social Networks Information Gathering and Social Engineering
• Public Sites Information Gathering
• Metadata, METAGOOFIL, and theHarvester
• Infrastructure – Domain Enumeration
  • WHOIS
  • DNS Enumeration
  • SHODAN and Maltego
  • Subdomain Enumeration
• The Importance of Information Gathering

Module 6: Footprinting and Scanning

• Network Discovery and Mapping
• Scanning Goals and Types
• Mapping a Network
• Why Map a (Remote) Network
• Network Sweeping
• Ping Sweeping
• Nmap Ping Scan
• Network Fingerprinting
  • Identifying Operating Systems
  • Active Fingerprinting vs. Passive Fingerprinting
• Network Scanning
  • Port Scanning (TCP & UDP)
  • Services Scanning (Nmap, Metasploit, Netcat)

Module 7: Advanced Scanning Techniques

• Wireshark for Penetration Testers
• Firewall / IDS Evasion Techniques
  • Timing Options
  • Fragment Packets
  • Specify a Specific MTU
  • Decoy Scans
  • Source Port Number Specification
  • Append Random Data
  • Send Bad Checksums
  • Idle Zombie Scan

Module 8: Vulnerability Assessment

• Vulnerability Assessment Fundamentals
• Vulnerability Scanners
  • Nessus
  • OpenVAS
  • NMAP Scripting Engine (NSE)
• Manual Testing
• Under the Hood of a Vulnerability Scanner
  • Port Scanning
  • Service Detection
  • Vulnerabilities Database Lookup

Module 9: Network Attacks

9.1 Authentication Cracking

• Brute Force vs. Dictionary Attacks
• Weak and Default Credentials
• Installing Dictionaries
• Authentication Cracking Tools (Hydra)
  • Telnet Attack Example
  • HTTP Basic Auth Attack Example

9.2 Windows Shares

• NetBIOS
• Shares and UNC Paths
• Administrative Shares
• Badly Configured Shares

9.3 Null Sessions

• Enumerating Windows Shares
• Checking for Null Sessions (Windows & Linux)
• Exploiting Null Sessions

9.4 ARP Poisoning

• ARP Poisoning Actors
• Gratuitous ARP Replies
• Forwarding and Mangling Packets
• Local to Remote Man-in-the-Middle
• Dsniff Arpspoof

9.5 Metasploit

• MSFConsole
• Identifying a Vulnerable Service
• Searching for Exploits
• Configuring an Exploit & Payload
• Running an Exploit

9.6 Meterpreter

• Bind and Reverse Shells
• Launching Meterpreter
• Sessions Management
• Information Gathering with Meterpreter
  • System Information
  • Network Configuration
  • Routing Information
  • Current User

9.7 Privilege Escalation

• Bypassing UAC
• Dumping the Password Database
• Exploring the Victim System
• Uploading and Downloading Files
• Running an OS Shell

9.8 Antivirus Evasion

Module 10: Anonymity

• Using Anonymity During Network Testing
• Browsing Anonymously
• HTTP Proxies
• ProxyChains
• Tunneling for Anonymity (SSH Tunneling)

Module 11: System Attacks

11.1 Malware

• Viruses
• Trojan Horses
• Backdoors
• Firewalls vs. Backdoors
• Rootkits & Bootkits
• Adware, Spyware, Greyware
• Keyloggers (Hardware & Software)
• Bots, Ransomware, Data-Stealing Malware
• Worms

11.2 Password Attacks

• Cryptography Basics
• Types of Cryptography
• Password Attacks
  • Dictionary Attacks
  • Brute Force Attacks
  • Hash Cracking (John the Ripper, Ophcrack)
  • Rainbow Tables
  • Pass-the-Hash Attack

11.3 Buffer Overflow

• How Buffer Overflow Attacks Work
• Stack Buffer Overflow
• Buffer Overflow Example

Module 12: Web Attacks

• Web Application Assessment Methodology
• Web Application Assessment Tools
• Web Application Enumeration
• Common Web Application Attacks
  • Cross-Site Scripting (XSS)
  • File Inclusion Vulnerabilities
  • File Upload Vulnerabilities
  • SQL Injections
  • Manual SQL Exploitation
  • Manual and Automated Code Execution

Module 13: Active Directory Attacks

• Introduction to Active Directory
• Active Directory Enumeration (Manual & Automated)
• Identifying Weak Domain Accounts
• AS-REP Roasting (Stealing Kerberos Tickets)
• Lateral Movement Techniques
  • Pass-the-Hash
  • Pass-the-Ticket
• Obtaining Domain Admin Privileges

Module 14: Next Steps

• Career Guidance in Cybersecurity
• Continuing Education Pathways
• Real-World Penetration Testing Scenarios

Module 15: Penetration Testing and Capture the Flag (CTF) Labs

• Practical Hands-on Challenges
• Simulated Penetration Testing Engagements
• CTF-Style Competitions