CYB 4721 - Applied Penetration Testing

2 lecture hours 2 lab hours 3 credits

• Explain the roles and responsibilities of penetration testers and ethical hackers in securing modern systems
• Assess the ethical and legal considerations of penetration testing and formulate strategies to ensure compliance
• Plan and scope a penetration test, including target identification, rules of engagement, and risk considerations
• Conduct footprinting to gather preliminary information about a target system using passive and active techniques
• Perform network scanning to identify live hosts, open ports, and services using industry-standard tools
• Enumerate system components to discover users, shares, and configurations that may be vulnerable
• Utilize attack frameworks (e.g., Metasploit, Cobalt Strike) to identify potential attack surfaces and plan exploitation strategies
• Demonstrate exploitation and obfuscation techniques to gain access and maintain persistence on target systems
• Discuss post-exploitation activities, including privilege escalation, lateral movement, and data exfiltration
• Analyze vulnerabilities discovered during testing and assess their impact on system security
• Compare and contrast various penetration testing tools and techniques, evaluating their effectiveness in different scenarios
• Develop remediation and mitigation strategies to address identified vulnerabilities and strengthen system defenses
• Produce a professional penetration testing report that documents findings, methodologies, and recommendations
• Collaborate effectively in a team-based penetration testing engagement, demonstrating communication and coordination skills
• Acquire and apply new knowledge, tools, or techniques independently to address unfamiliar challenges encountered during penetration testing engagements.

• Core networking knowledge
  • TCP/IP fundamentals (IP addressing, subnetting, routing)
  • OSI model layers and common protocols (HTTP, DNS, FTP, SSH)
  • Network services and ports (well-known ports, service identification)
  • Packet analysis basics (e.g., Wireshark usage)
  • Firewall and IDS/IPS concepts
  • Networking commands
    • ping, curl, wget for connectivity checks
    • Using netcat for simple TCP/UDP communication
• Operating systems
  • Linux fundamentals (command line, file system navigation, permissions)
    • Navigation (cd, ls, pwd)
    • File operations (cp, mv, rm, touch, cat, less)
    • Permissions (chmod, chown)
  • Input/output redirection
    • Redirecting output (>, >>)
    • Piping (|) and using tools like grep, awk, sed for filtering
  • Process control
    • Running background jobs (&)
    • Checking process status (ps, kill)
  • Permissions and execution
    • Making scripts executable (chmod +x)
    • Running scripts with arguments (./script.sh arg1 arg2)
  • System administration tasks (creating users, managing processes)
  • Scripting basics (Bash)
• Security foundations
  • Basic cybersecurity principles (CIA triad, threat models)
  • Common vulnerabilities (e.g., buffer overflow, SQL injection, XSS)
  • Authentication and authorization concepts
  • Encryption basics (symmetric vs. asymmetric, hashing)
• Tools and environments
  • Familiarity with virtualization (e.g., VirtualBox, VMware)
  • Basic use of network scanning tools (e.g., Nmap)
  • Exposure to Linux security tools (e.g., netcat, tcpdump)
• Programming/scripting (recommended)
  • Writing Bash shell script to automate repetitive tasks
  • Basic Python for automation and scripting
  • Understanding of regular expressions for pattern matching

• Penetration testing fundamentals

  • Roles and responsibilities of penetration testers and ethical hackers
  • Penetration testing phases and methodologies (e.g., Flaw Hypothesis, OSSTMM)
  • Rules of engagement and scoping a penetration test
  • Risk considerations and compliance requirements

• Legal and ethical considerations

  • Laws and regulations governing penetration testing
  • Responsible disclosure practices
  • Ethical usage of penetration testing tools and techniques

• Reconnaissance and information gathering

  • Open Source Intelligence (OSINT)
  • Passive and active footprinting techniques
  • Identifying vulnerabilities from documentation and source code analysis

• Scanning and enumeration

  • Network scanning (hosts, ports, services)
  • Vulnerability scanning and interpretation
  • Enumeration of users, shares, and configurations

• Attack surface discovery and exploitation

  • Understanding attack families and vulnerability flaws
  • Attack vectors and exploitation strategies
  • Obfuscation techniques and persistence mechanisms

• Attack frameworks and tools

  • MITRE ATT&CK and ATLAS frameworks
  • Metasploit, Cobalt Strike, Kali Linux, and other industry-standard tools
  • Custom scripts and automation in penetration testing

• Post-exploitation activities

  • Privilege escalation and lateral movement
  • Data exfiltration techniques
  • Maintaining access and persistence

• Analysis and reporting

  • Assessing vulnerability impact and risk
  • Comparing and evaluating tools and techniques
  • Developing remediation and mitigation strategies
  • Professional penetration testing reports (structure, clarity, compliance)

• Team-based engagement and professional skills

  • Collaboration and communication in penetration testing teams
  • Coordinating multi-role engagements (red team/blue team)
  • Independent learning and adapting to unfamiliar challenges

• Setting up the penetration testing environment

  • Install and configure Kali Linux and essential tools
  • Overview of virtualized lab environment and safety practices

• Rules of engagement and scoping

  • Define scope, targets, and risk considerations
  • Draft a sample penetration testing agreement

• Open Source Intelligence (OSINT)

  • Gather information using passive reconnaissance tools (e.g., Maltego, Recon-ng)
  • Analyze publicly available data for attack surface discovery

• Passive and active footprinting

  • Perform DNS enumeration, WHOIS lookups, and banner grabbing
  • Use tools like Nmap for active footprinting

• Network scanning and service detection

  • Identify live hosts, open ports, and services
  • Use Nmap advanced scanning techniques and scripts

• Vulnerability scanning

  • Run vulnerability scans using tools like OpenVAS or Nessus
  • Interpret scan results and prioritize findings

• Enumeration techniques

  • Enumerate users, shares, and configurations
  • Use tools like enum4linux, SMB enumeration, and LDAP queries

• Attack surface discovery

  • Map attack vectors based on reconnaissance and enumeration
  • Use MITRE ATT&CK framework for categorizing tactics

• Exploitation with Metasploit

  • Launch exploits against vulnerable services
  • Gain initial access and establish a foothold

• Obfuscation and persistence

  • Apply techniques to maintain access (e.g., backdoors, privilege escalation)
  • Use evasion tactics against IDS/firewalls

• Post-exploitation activities

  • Perform lateral movement and data exfiltration
  • Demonstrate privilege escalation techniques

• Comparative tool analysis

  • Evaluate multiple tools for scanning, exploitation, and reporting
  • Discuss effectiveness and limitations in different scenarios

• Reporting and documentation

  • Create a professional penetration testing report
  • Include methodology, findings, risk assessment, and remediation recommendations

• Team-based penetration test

  • Conduct a collaborative engagement simulating a real-world scenario
  • Assign roles (e.g., lead tester, documentation, exploitation) and coordinate efforts