Add to collection(s) Add to saved
  1. No category
Uploaded by hibada6638

Lecture0 INT245

advertisement 
INT 245
Penetration testing
Lecture 0
Course details
• LTP – 2 0 2
• Text Books
THE HACKER PLAYBOOK 2: PRACTICAL GUIDE TO PENETRATION TESTING by
PETER KIM, CREATESPACE INDEPENDENT PUBLISHING PLATFORM
• References:
COMPTIA PENTEST+ STUDY GUIDE: EXAM PT0-002, 2ND EDITION by MIKE
CHAPPLE, DAVID SEIDL, WILEY
STAR COURSE
This course is considered as a Star course because it has direct
contribution to the placements of students. It focuses on necessary skills
required for various job profiles in a company.
Course Outcomes
• Through this course students should be able to:
CO1 ::understand rules of engagement for safely conducting the penetration
Testing exercise within an organization
CO2 ::identify various footprinting techniques to enumerate a target
CO3 :: enumerate a vulnerability scan strategy in-line with organizational inscope requirements
CO4 :: demonstrate web application and mobile device exploitation using
different attacks
CO5 :: determine techniques used to conduct system hacking and launch
exploit code for remote access of a target
CO6 :: : illustrate different testing deliverables out of penetration testing
reports and suggest post corrective actions
Program Outcomes as specific to the particular course
• PO-1:Engineering knowledge::Apply the knowledge of mathematics, science, engineering fundamentals, and an engineering
specialization to the solution of complex engineering problems.
• PO-2: Problem analysis::Identify, formulate, research literature, and analyze complex engineering problems reaching substantiated
conclusions using first principles of mathematics, natural sciences, and engineering sciences.
• PO-3:Design/development of solutions::Design solutions for complex engineering problems and design system components or
processes that meet the specified needs with appropriate consideration for the public health and safety, and the cultural, societal, and
environmental considerations.
• PO-4:Conduct investigations of complex problems::Use research-based knowledge and research methods including design of
experiments, analysis and interpretation of data, and synthesis of the information to provide valid conclusions.
• PO-5: Modern tool usage::Create, select, and apply appropriate techniques, resources, and modern engineering and IT tools
including prediction and modeling to complex engineering activities with an understanding of the limitations
• PO-8:Ethics::Apply ethical principles and commit to professional ethics and responsibilities and norms of the engineering practice.
• PO-9:Individual and team work::Function effectively as an individual, and as a member or leader in diverse teams, and in
multidisciplinary settings.
• PO-12: Life-long learning::Recognize the need for, and have the preparation and ability to engage in independent and life-long
learning in the broadest context of technological change.
• PO-13: Competitive Skills::Ability to compete in national and international technical events and building the competitive spirit
Revised Bloom’s Taxonomy
The course
contents
List of practicals
• Introduction to Nmap: Basic commands of Nmap, System scanning using nmap,
interpretation of gathered information using nmap
• Vulnerability Scanning: System vulnerability scanning, identification of
vulnerabilities
• Introduction to Metasploit: Introduction to the tool, basic commands for
searching, selection, parameter configurations and deployment of exploits
• System Exploitation: Exploitation of Windows XP system using known
vulnerabilities
• Spoofing: Exploiting systems using IP Spoofing and Mac Spoofing
• Cross Site Scripting (XSS): Introduction to cross site scripting, identification of
websites vulnerable to cross site scripting
• XSS vulnerabilities identification: Identification of XSS vulnerabilities in the
websites and the way they could be exploited
• XSS Exploitation: Exploitation of XSS vulnerabilities using javascript
• SQL Injection: Introduction to SQL injection, Automated SQL injection using
SQLmap
• Manual SQL Injection: Demonstration of manual SQL injection attacks
Relevant resources
•
•
•
•
•
Microsoft Word - NetCat_Intro.doc (tue.nl)
Metasploit Course | Cybrary
Scanning and Enumeration with NMAP Course | Cybrary
Web Application Penetration Testing Course by Cydefe | Cybrary
https://s3-us-west-2.amazonaws.com/stationx-publicdownload/nmap_cheet_sheet_0.6.pdf
• What is SQL Injection? Tutorial & Examples | Web Security Academy
(portswigger.net)
• https://davidbombal.com/wireshark-tutorial-installation-andpassword-sniffing/
• https://www.exploit-db.com/google-hacking-database
Course Assessment Model
• Marks break up
•
•
•
•
•
Attendance
CA
MTE
ETE
Total
5%
25%
20%
50%
100%
Three Class test – One before MTE and Two after MTE
CA 1-MCQs based questions-30 marks objective type questions carrying 1 mark each with no
negative marking
CA 2- BYOD practical-Based on CompTIA Pentest+ certification (one
Practical question, job-
evaluation -15 marks and viva -15 marks )
CA 3- BYOD practical-30 Marks practical test. (Generating integrated Penetration testing report
on information gathering phase[5marks],scanning phase[10marks], exploiting the target [10 marks] and
suggesting remediation steps [5marks])
Recommended MOOCs course
Course
Code
Name of
MOOCs/Certifications
LINK
CA BENEFIT
INT245 CompTIA Pentest+
https://www.comptia.org/certifications/pentest
Full course exempted
Beingcert Certified
INT245 Pentest Professional
https://www.beingcert.com/Certification/certifiedpentest-professional
All CAs +MTE
exempted
INT245
C|PENT(Certified Penetration
testing Professional)
INT245
Cyber Security and
Privacy
https://www.eccouncil.org/train-certify/certifiedpenetration-testing-professional-cpent/
https://onlinecourses.nptel.ac.in/noc23_cs127/preview
Full course exempted
One CA exempted
Career prospects of Penetration Tester
• Application Penetration Tester
• Cyber Security Penetration Tester
• Network Penetration Tester
• Remote Penetration Tester
Related documents
Comptia Test Sheet
Comptia Test Sheet
Cybersecurity announcement
Cybersecurity announcement
Inputs on the "Draft guidelines for determination of baseline
Inputs on the "Draft guidelines for determination of baseline
A Comparison Study of Open Source Penetration Testing Tools
A Comparison Study of Open Source Penetration Testing Tools
Web Security: Deep Dive
Web Security: Deep Dive
Penetration testing slides
Penetration testing slides
Demystifying Penetration Testing for the Enterprise
Demystifying Penetration Testing for the Enterprise
Download
advertisement