Penetration Testing Fundamentals Bootcamp
Published by O'Reilly Media, Inc.
How to get paid to hack for a living
Penetration testing is sometimes called hacking with permission. Testers do what evil people do before they do it so that defenders in the organization can close up vulnerabilities before the real bad guys attempt to break in. The difference between the good guys and the bad guys is that the good guys must test every way in, but the bad guys only need one way in.
Join cybersecurity expert Dean Bushmiller to acquire the necessary skills, abilities, tasks, and knowledge required to perform a penetration test including target building, scanning, vulnerability analysis, and social engineering. You’ll get hands-on with Kali Linux, Nmap, Metasploit, and Metasploitable3 and perform a social engineering exercise. You’ll also get a look at some of the knowledge, skills, and abilities recommended by the National Initiative for Cybersecurity Careers and Studies for the role of vulnerability assessment analyst. By the end of the course, you’ll have gained valuable insight into the future of cybersecurity.
NOTE: With today’s registration, you’ll be signed up for both sessions. Although you can attend each of the sessions individually, we recommend participating in both sessions.
What you’ll learn and how you can apply it
By the end of this live, hands-on two-day series, you’ll understand:
- How to maintain your own pentesting lab environment
- Which tools, operating systems, and virtualization you need to succeed
- Which of the 38 penetration testing certifications you want and how to get it
- The five technical phases of penetration testing
- How to keep your job and stay out of jail as a tester
- What it takes to do the job of an ethical hacker
And you’ll be able to:
- Perform a penetration test
- Build foundational skills in penetration testing
This live event is for you because...
- You’re interested in becoming a vulnerability assessment analyst, penetration tester, blue or red team technician, computer network defense auditor, ethical hacker, risk assessment engineer, or risk assessor.
- You work with vulnerability scanners and want to upskill.
- You are new to the field of cybersecurity and are looking to improve your skills with core tools.
Prerequisites
- A computer with software for the course installed (necessary to take part in hands-on exercises)
- Set up lab (video instructions will be posted within 72 hours of course start date)
- Familiarity with basic cybersecurity and networking concepts
Recommended preparation:
- Download course PDFs
- Explore Vulnerability Assessment Analyst and Pentester (expert playlist)
Recommended follow-up:
- Watch CISSP 8 Domains (video course)
- Watch Certified Ethical Hacker (video course series)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Day 1
Getting started
- Presentation: Class intro; measure your results for reconnaissance of Dean
- Hands-on exercises: Reconnoiter Dean; get to resources; start lab machines
- Group discussion: Career and skills survey; Why do you want this job?
- Q&A
Careers in vulnerability assessment analysis and the 38 certifications
- Presentation: Work role, job titles, certifications, and resume building; 38 penetration testing certifications
- Hands-on exercises: Reconnoiter Expandingsecurity.com; choose your current path
- Group discussion: You want a horizontal job change, but your boss says no
- Q&A
- Break
Starting lab environment
- Presentation: Lab setup
- Hands-on exercise: Start Metasploitable3 and Kali
- Q&A
- Break
Targets
- Hands-on exercises: Reconnoiter Metasploitable3; build a new target
- Presentation: Metasploitable3
- Group discussion: Building a target for the future
- Q&A
- Break
5 phases of penetration testing
- Hands-on exercises: Reconnoiter expsec.us; explore OSINT, discovery, and reconnaissance; collect your data for reporting
- Presentation: What we do; what bad people do
- Group discussion: Tools mapped to phases
- Q&A
- Break
Day 2
Scanning
- Hands-on exercises: Scan yourself from the outside; explore Nmap and Nmap inside Metasploit; collect your data for reporting
- Presentation: What are you really looking for in a scan?; Why do you do it more than once?
- Group discussion: What can you use?; What should you use?
- Q&A
- Break
Vulnerability analysis
- Hands-on exercises: Collect your data for reporting; report vulnerabilities
- Presentation: Research or just blast the victim?
- Group discussion: Zero day, 1 day, and Nth day
- Q&A
- Break
Exploitation
- Hands-on exercises: Explore Autopwn and Metasploit; collect your data for reporting
- Presentation: Metasploit basics and beyond
- Group discussion: Escalation of privilege
- Q&A
- Break
Real social engineering
- Presentation: Success and failure
- Group discussion: Rules of getting Dean’s secret phone number; issues with SET and your lab
- Hands-on exercise: Research your targets after class
- Q&A
- Break
Next steps
- Presentation: Next steps
- Hands-on exercises: Confirm your certification and career objectives
- Q&A
Your Instructor
Dean Bushmiller
Dean Bushmiller consults on cybersecurity, incident response, and penetration testing and is using AI to build and secure learning platforms. He’s been teaching cybersecurity since 1999, has over 1,000 hours of recorded cybersecurity training, and a lifetime instructor approval rating of over 90%. He has also achieved more than 36 major cybersecurity certifications and passed over 100 certification exams.
Dean built the full library of NICE framework knowledge statements, which includes over 600 basic, intermediate, and advanced cybersecurity topics in an easy one-hour online format. Though he’s not a member of the military, he has had the honor to train the US military since 1999. In recognition for outstanding service in the information assurance field, he has received eight mission coins.