Karan Bansal holds computer science and engineering from IIT Kanpur. He has been worked as a Security Researcher at Product Security Team of Citrix Systems. He designed a 'Distributed Idle State Fuzzing System' for the enterprise and the project was presented in c0c0n 2014. He has also worked at FireEye where he designed a vulnerability scanner tool for windows machine. He was also speaker & trainer at DEFCON Lucknow 2016 conference.
In this course, we'll learn about exploiting one of the weakest aspects of most computing environments: passwords. You'll custom-compile John the Ripper to optimize its performance in cracking passwords. You'll look at the amazingly full-featured Cain tool, running it to crack sniffed Windows authentication messages. We'll see how Rainbow Tables really work to make password cracking much more efficient, all hands-on. And we'll cover powerful "pass-the-hash" attacks, leveraging Metasploit, the Meterpreter, and more. We then turn our attention to web application pen testing, covering the most powerful and common web app attack techniques with hands-on labs for every topic we address. We'll cover finding and exploiting cross-site scripting (XSS), cross-site request forgery (XSRF), command injection, and SQL injection flaws in applications such as online banking, blog sites, and more.
- What is Penetration Testing?
- Pentesting Model
- Password Cracking with John the Ripper
- Sniffing and Cracking Windows Authentication Exchanges Using Cain
- Using Rainbow Tables to Maximum Effectiveness
- Pass-the-Hash Attacks with Metasploit and More
- Finding and Exploiting Cross-Site Scripting
- Cross-Site Request Forgery
- SQL Injection
- Leveraging SQL Injection to Perform Command Injection
- Maximizing Effectiveness of Command Injection TestingWhat is Penetration Testing?
- Custom Compiling and Leveraging John the Ripper to Crack Passwords
- Sniffing Windows NTLM Authentication and Cracking It with Cain
- Rainbow Table Attacks with Ophcrack
- Pass-the-Hash Attacks with Metasploit and the Meterpreter
- Scanning Web Servers with Nikto
- Using the ZAP Proxy to Manipulate Custom Web Applications
- Exploiting Cross-Site Request Forgery Vulnerabilities
- Attacking Cross-Site Scripting Flaws
- Leveraging Command Injection Flaws
- Exploiting SQL Injection Flaws to Gain Shell Access of Web Targets
- Penetration Testing with Kali Linux