OSCP_PEN-200.pdf
(
48975 KB
)
Pobierz
Penetration Testing with Kali Linux
Penetration Testing with Kali Linux
OffSec
57145360
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
1
Penetration Testing with Kali Linux
Copyright © 2023 OffSec Services Limited
All rights reserved. No part of this publication, in whole or in part, may be reproduced,
copied, transferred or any other right reserved to its copyright owner, including
photocopying and all other copying, any transfer or transmission using any network or
other means of communication, any broadcast for distant learning, in any form or by any
means such as any information storage, transmission or retrieval system, without prior
written permission from the author.
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
2
Penetration Testing with Kali Linux
Table of Contents
1
2
Copyright .................................................................................................................................................. 15
Penetration Testing with Kali Linux: General Course Information ................................................ 16
2.1
Getting Started with PWK ........................................................................................................... 16
PWK Course Materials ............................................................................................................ 16
Student Mentors and Support ............................................................................................... 17
Setting up Kali ........................................................................................................................... 18
Connecting to the PWK Lab ................................................................................................... 19
A Model of Increasing Uncertainty ....................................................................................... 22
Learning Modules..................................................................................................................... 23
Demonstration Module Exercises ......................................................................................... 23
Applied Module Exercises ...................................................................................................... 24
Capstone Module Exercises .................................................................................................. 24
Assembling the Pieces ............................................................................................................ 24
Challenge Labs 1-3 .................................................................................................................. 24
Challenge Labs 4-6 .................................................................................................................. 25
Getting Started: Optional Ramp-up Modules ...................................................................... 26
Enumeration and Information Gathering............................................................................. 26
Web Application and Client Side Attacks ............................................................................ 27
Other Perimeter Attacks ......................................................................................................... 28
Privilege Escalation and Lateral Movement........................................................................ 28
Active Directory......................................................................................................................... 29
Challenge Lab Preparation ..................................................................................................... 29
2.1.1
2.1.2
2.1.3
2.1.4
2.2
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.3
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.4
3
3.1
How to Approach the Course ..................................................................................................... 22
Summary of PWK Learning Modules ....................................................................................... 26
Wrapping Up .................................................................................................................................. 29
The Practice of Cybersecurity .................................................................................................... 30
Challenges in Cybersecurity ................................................................................................... 30
A Word on Mindsets ................................................................................................................ 31
On Emulating the Minds of our Opponents......................................................................... 32
The Evolution of Attack and Defense ................................................................................... 33
Risks, Threats, Vulnerabilities, and Exploits ........................................................................ 34
Threat Actor Classifications................................................................................................... 36
Introduction To Cybersecurity.............................................................................................................. 30
3.1.1
3.1.2
3.1.3
3.2
3.2.1
3.2.2
3.2.3
Threats and Threat Actors .......................................................................................................... 33
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
3
Penetration Testing with Kali Linux
3.2.4
3.3
3.3.1
3.3.2
3.3.3
3.3.4
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.5
3.5.1
3.5.2
3.6
3.6.1
3.6.2
3.6.3
3.7
4
4.1
Recent Cybersecurity Breaches ............................................................................................ 38
Confidentiality ........................................................................................................................... 41
Integrity ...................................................................................................................................... 42
Availability .................................................................................................................................. 43
Balancing the Triad with Organizational Objectives .......................................................... 43
Security Principles.................................................................................................................... 44
Security Controls and Strategies .......................................................................................... 45
Shift-Left Security ..................................................................................................................... 46
Administrative Segmentation ................................................................................................ 46
Threat Modelling and Threat Intelligence ............................................................................ 47
Table-Top Tactics .................................................................................................................... 47
Continuous Patching and Supply Chain Validation ........................................................... 48
Encryption .................................................................................................................................. 48
Logging and Chaos Testing ................................................................................................... 49
Laws and Regulations ............................................................................................................. 50
Standards and Frameworks................................................................................................... 52
Cybersecurity Career Opportunities: Attack ........................................................................ 54
Cybersecurity Career Opportunities: Defend ...................................................................... 55
Cybersecurity Career Opportunities: Build .......................................................................... 56
The CIA Triad ................................................................................................................................. 40
Security Principles, Controls, and Strategies........................................................................... 44
Cybersecurity Laws, Regulations, Standards, and Frameworks ......................................... 49
Career Opportunities in Cybersecurity ...................................................................................... 54
What’s Next? .................................................................................................................................. 57
Learning Theory ............................................................................................................................ 58
What We Know and What We Don’t ..................................................................................... 59
Memory Mechanisms and Dual Coding .............................................................................. 59
The Forgetting Curve and Cognitive Load ........................................................................... 61
Digital vs. Print Materials ........................................................................................................ 63
Expecting the Unexpected ...................................................................................................... 64
The Challenges of Remote and Asynchronous Learning ................................................. 64
The Demonstration Method ................................................................................................... 65
Learning by Doing .................................................................................................................... 66
4
Effective Learning Strategies ............................................................................................................... 58
4.1.1
4.1.2
4.1.3
4.2
4.2.1
4.2.2
4.2.3
4.3
4.3.1
4.3.2
Unique Challenges to Learning Technical Skills ..................................................................... 63
OffSec Training Methodology .................................................................................................... 65
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
Penetration Testing with Kali Linux
4.3.3
4.3.4
4.4
4.4.1
4.4.2
4.4.3
4.4.4
4.5
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.6
4.6.1
4.6.2
4.6.3
4.7
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
5
5.1
Facing Difficulty ........................................................................................................................ 67
Contextual Learning and Interleaving .................................................................................. 68
What is Executable Permission? ........................................................................................... 69
Going Deeper: Encountering a Strange Problem ............................................................... 71
One Potential Solution ............................................................................................................. 73
Analyzing this Approach ......................................................................................................... 75
Cornell Notes ............................................................................................................................ 78
Retrieval Practice ..................................................................................................................... 79
Spaced Practice........................................................................................................................ 79
The SQ3R Method .................................................................................................................... 80
The Feynman Technique ........................................................................................................ 80
Dealing with Stress .................................................................................................................. 82
Knowing When You’re Ready ................................................................................................. 83
Practical Advice for Exam Takers ......................................................................................... 84
Creating a Long Term Strategy ............................................................................................. 85
Use Time Allotment Strategies.............................................................................................. 85
Narrowing our Focus ............................................................................................................... 86
Pick a Strategy .......................................................................................................................... 87
Find a Community of Co-Learners ........................................................................................ 87
Study Your Own Studies ......................................................................................................... 88
Case Study: chmod -x chmod .................................................................................................... 68
Tactics and Common Methods ................................................................................................. 77
Advice and Suggestions on Exams ........................................................................................... 81
Practical Steps .............................................................................................................................. 85
Report Writing for Penetration Testers .............................................................................................. 90
Understanding Note-Taking........................................................................................................ 90
Penetration Testing Deliverables .......................................................................................... 90
Note Portability ......................................................................................................................... 91
The General Structure of Penetration Testing Notes ........................................................ 91
Choosing the Right Note-Taking Tool .................................................................................. 94
Taking Screenshots ................................................................................................................. 97
Tools to Take Screenshots .................................................................................................... 99
Purpose of a Technical Report ............................................................................................ 101
Tailor the Content................................................................................................................... 102
Executive Summary ............................................................................................................... 103
5
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.2
5.2.1
5.2.2
5.2.3
Writing Effective Technical Penetration Testing Reports ................................................... 101
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
Plik z chomika:
panrusiu
Inne pliki z tego folderu:
OSWE.zip
(1775616 KB)
BHIS - Advanced Red Team Operations BootCamp - 2023(1).zip
(1891520 KB)
Pentester_Academy_Python_For_Pentesters.zip
(1427489 KB)
PA - Attacking and Defending Azure AD Cloud - Beginner's Edition.zip
(5933292 KB)
Sektor7 - Malware Development Intermediate Course.zip
(2933526 KB)
Inne foldery tego chomika:
- ❎ Diagnostyka Pojazdów
Pliki dostępne do 01.06.2025
Pliki dostępne do 21.01.2024
###SERIALE (SF)
[FreeCourseSite.com] Udemy - The Complete Ethical Hacking Masterclass Beginner To Expert
Zgłoś jeśli
naruszono regulamin