System Infrastructure Penetration Testing - SIPT

Course Prerequisite(s)

Please note that this course has the following prerequisites which must be completed before it can be accessed
OWASP TOP 10

About Course

System Infrastructure Penetration Testing (SIPT) involves evaluating the security of an organization’s IT infrastructure, including servers, networks, and workstations, to identify vulnerabilities that could be exploited by attackers. This type of testing helps ensure that the systems are resilient against potential threats and compliant with security policies and regulations.

Course Content

Introduction to System Infrastructure Penetration Testing

Overview of Penetration Testing
00:00
Definition and objectives
00:00
Ethical and legal considerations
00:00
Difference between vulnerability assessment and penetration testing
00:00
Types of Penetration Testing
00:00
Black box, white box, and grey box testing
00:00
Internal vs. external penetration
00:00
Basics of Networking
00:00
OSI and TCP/IP models
00:00
IP addressing and subnetting
00:00
Network devices and their functions
00:00
Network Protocols
00:00
Common protocols (HTTP, HTTPS, FTP, SSH, etc.)
00:00
Protocol vulnerabilities
00:00

Threat Landscape and Vulnerabilities

Penetration Testing Methodology

Penetration Testing Tools

Active Directory Overview

Active Directory Lab Build

Attacking Active Directory:Initial Attack Vectors

Attacking Active Directory:Post-Compromise Enumeration

Attacking Active Directory:Post-Compromise Attacks Part B

Compromised the Domain – Next Levels

Additional Active Directory Attacks

Active Directory Case Studies

Reporting and Remediation

Case Studies and Practical Labs

Final Project

Final Test

Student Ratings & Reviews

No Review Yet

Course Prerequisite(s)

About Course

Course Content

Introduction to System Infrastructure Penetration Testing

Overview of Penetration Testing

Definition and objectives

Ethical and legal considerations

Difference between vulnerability assessment and penetration testing

Types of Penetration Testing

Black box, white box, and grey box testing

Internal vs. external penetration

Basics of Networking

OSI and TCP/IP models

IP addressing and subnetting

Network devices and their functions

Network Protocols

Common protocols (HTTP, HTTPS, FTP, SSH, etc.)

Protocol vulnerabilities

Threat Landscape and Vulnerabilities

Understanding Threats

Types of threats (internal, external, persistent, etc.)

Common attack vectors

Identifying Vulnerabilities

Software vulnerabilities

Hardware vulnerabilities

Configuration vulnerabilities

Penetration Testing Methodology

Planning and Scoping

Defining scope and objectives

Rules of engagement and legal considerations

Reconnaissance

Passive and active information gathering

OSINT (Open Source Intelligence)

Identifying targets and mapping the network

Scanning

Network scanning techniques (Nmap, Nessus)

Vulnerability scanning

Identifying open ports and services

Exploitation

Exploit development and deployment

Common exploitation tools (Metasploit, Cobalt Strike)

Privilege escalation techniques

Post-Exploitation

Maintaining access

Lateral movement

Data exfiltration

Penetration Testing Tools

Enumeration Tools

Nmap

Netcat

Enum4linux

Exploitation Tools

Metasploit Framework

Exploit-DB

Post-Exploitation Tools

Mimikatz

Bypassing Security Controls

Firewalls

Intrusion Detection Systems (IDS)

Intrusion Prevention Systems (IPS)

Web Application Penetration Testing

OWASP Top Ten

SQL injection, XSS, CSRF

Burp Suite

Wireless Penetration Testing

Wi-Fi attacks

Bluetooth vulnerabilities

Wireless security best practices

Active Directory Overview

Introduction to Active Directory Overview

Physical Active Directory Components

Logical Active Directory Components

Active Directory Lab Build

Lab Overview and requirements

Lab Build – (Cloud Alternative)

Downloading Necessary ISOs

Setting Up the Domain Controller

Setting Up the User Machines

Setting Up Users, Groups, and Policies

Joining our Machines to the Domain