پیش نیازها:
- هر رایانه ای (MAC / Windows / Linux) کار خواهد کرد
- مبانی فناوری رایانه
- هیچ برنامه ای مورد نیاز نیست
- Virtual Box - رایگان
- هیچ پیش نیازی برای این دوره وجود ندارد
این دوره برای چه کسی است؟
- افرادی که به دنبال کسب درآمد از طریق BUG BOUNTIES هستند
- دانشجویانی که به دنبال گسترش دانش خود در زمینه امنیت فناوری اطلاعات هستند
- تبدیل به یک تستر نفوذ پر درآمد شوید
- توسعه وب سایت های امن و محصولات ایمن

در این دوره با موارد زیر آشنا خواهید شد:
Must have basics for a Penetration Tester
Introduction to the course
What is pentesting and why it is important
Average earnings of pentesters
White hat, black box and vulnerabilities
Proxy, virtual box and OS
Grabbing the tools
Installation and configuration of lab for pentesting
Installation of Virtual Box
Installation of attacker - Kali
windows Update - Installation for windows users
Tour to Virtual Box and installing advance settings
Tools required for labs
Installing Metasploitable on Virtual Box
Windows XP installation in Virtual Box
Tour to our attacker machine
Tour to Pentesting tools and updating the machine
UPDATE - optional linux section. Just basics yet important part of all linux
Bash shell and navigation in linux
Files and files permission in linux
Case study, directories and files with VIM and NANO
Manipulation of file data
Grep, piping and sudo in linux
Gathering information to perform pentesting
Up and running with TOR and dark net
Anonymity using proxychains
Changing your MAC for tests
DNSEnum Information Gathering
Zone Transfer Vulnerability
Dumping information with dig
DnsTracer and quick look to wireshark
Is Dimitry still a good option
Finding emails, subdomain and generating reports
Assignment and recon-ng
Learning about Nmap, Nikto, OpenVas and report genrating
Tweaking our labs for future labs
Nmap study and assignments to evaluate
Solution to assignment and port scans
Taking advantage of known Vulnerability and metasploit
Scanning with Nikto
OpenVas Installation and configuration
Generating and analyzing pentesting reports
Performing a Penetration Testing on a client
Getting NDA signed, permissions and scope of testing
Information gathering about client machine
Attacking the machine with msfconsole
Exploiting another vulnerability
Sniffing the traffic with wireshark and get the password
Nmap scripting engine and distcc
Web Application Penetration Testing
Getting started with Web Application Pentesting
Installing test bed for web application pentesting
Installing Vega, firefox addons and Brute force attacks
Exploring the command injection Vulnerability
Reflected and Stored XSS ie Cross Site scripting
DOM based XSS and learning resource
Google Reward Program that gives 7500 dollars for XSS
Cross site request forgery Vulnerability
Reference to further 6 hour free sql injection course, shells and defacing
Automation of Web Application pentesting
Web application Pentesting automation with Vega
Automation of SQL Injection Attack with SQLMAP
Automation with OWASP-ZAP
Scanning Wordpress sites for Vulnerabilities
Paid options for Automation of Web App Pentesting
Wep App Pentesting Challenge
A pentesting challenge that will help in getting Bug Bounties
Hint for solving the challenge
Getting started with metasploit Framework
Introduction to metasploit and it's architecture
Msfconsole and Exploits type
Setting up msf database and meterpreter
Armitage and meterpreter
Social Engineering toolkit and Client side exploits
Wireless Pentesting
Before we even get started into wireless pentesting
Understanding our wireless card
Cracking WEP and WPA 2 with fern
Airmon-ng with wireshark and airodump-ng in action
EvilTwin with Airbase-ng and deauth attack with aireplay-ng
Thanks for taking the course and future updates
Thanks and other free resources to learn
UPDATE - Password attacks
Basics of Password attacks and Crunch password generators
Cracking linux password with john