Exploitation: Evading Detection and Bypassing Countermeasures
This course addresses one of the most commonly overlooked areas of the pen testing process, evasion and countermeasure bypass. This course shows you how to remain undetected and penetrate deeper into systems and networks for maximum effectiveness.
What you'll learn
You have been provided with a fairly open scope and not many limitations other than the fact that the customer is expecting results. Generally, this means to show your value, you need to have some hacked data along with a set of security remediation recommendations without tipping off the Globomantics customer's security operations team. In this course, Exploitation: Evading Detection and Bypassing Countermeasures, you'll learn how to go undetected and penetrate deeper into systems and networks for maximum effectiveness. First, you'll learn how to remain anonymous during all phases of the kill chain. Next, you'll discover how to bypass network and application firewalls. Then, you'll learn how to sneak past intrusion detection systems and honeypots. Finally, you'll learn circumventing application security controls and how to fool anti-virus software. By the end of this course, you'll have learned how to use numerous hands-on tools and techniques to craft surgical exploits that will allow you to penetrate deeper into sanctioned networks and remain completely undetected throughout the process.
Table of contents
- IDS Detection Engines 4m
- Obfuscation Techniques 5m
- MSFVenom Encoding Demonstration 4m
- Payload Encryption Using the Veil-evasion Framework 5m
- Evasion with Polymorphism, Insertion, and Fragmentation Techniques 8m
- Packet Fragmentation Using Fragroute 4m
- DoS and Protocol Ambiguity 4m
- ICMP Tunneling Utilizing PTunnel 2m
- Honeypot Distribution - Honeydrive 3m
- Kippo SSH Honeypot Demonstration 5m
- Detecting Honeypots Using NMap - Lesson Summary 2m
- Circumventing Application Security Controls 2m
- XSS 5m
- ZAP and BeEF Demonstration 3m
- Reflected XSS Demonstration 4m
- Hooking Browsers with BeEF Demonstration 3m
- Persistent XSS Demonstration 2m
- SQL Injection 2m
- SQL Injection Lab Environment Overview 1m
- First Order SQL Injection Demonstration 1m
- Collecting Traffic Using ZAP for SQLMap 2m
- SQLMap Demonstration 6m
- Anonymous and Evasive XSS and SQL Injection 3m
- Circumventing Application Security Controls - Lesson Summary 2m
About the author
Chad has been in the Cyber Security industry for over 15 years. He's taught Microsoft Engineering courses as a Certified trainer. He's managed teams of security engineers and analysts for an Internet banking provider and he's been an information security consultant working for companies including SAP, Microsoft and Oracle. Over the past 15 years he's held numerous certifications including CISSP, CCNP, MCSE and MCDBA certifications.