PentesterAcademy
Courses and Online Labs
Georgia Weidman's Penetration Testing Labs

For years, Georgia Weidman has helped thousands get started with her book Penetration Testing, which teaches the core skills and techniques that every pentester needs.

Now, we've collaborated with Georgia to convert the content into a set of labs and videos. In the videos, Georgia walks you through the scenarios described in the book, taking you step by step through the stages of a pentesting assignment - information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Follow along each scenario with hands-on labs - this is a fully interactive learning experience!

Highlights
  • Updated content from Georgia Weidman in the form of 50 labs and videos
  • Suitable for beginner pentesters
  • Hands-on practice based on scenarios described in Penetration Testing
How It Works
  • Click "Purchase Options" above to purchase lab time (30 or 60 days)
  • Within 48 hours, receive an activation code and start using the labs
  • Note: Access to Georgia Weidman's Penetration Testing Labs is not included with Pentester Academy subscriptions
What You'll Learn
  • Crack passwords and wireless network keys with brute-forcing and wordlists
  • Test web applications for vulnerabilities
  • Pivot from access to one machine to other machines in the network in the post exploitation phase
  • Explore writing your own exploits
Section 1: Information Gathering

Information gathering is considered to be one of the most important phases in penetration testing. As the name suggests, this phase includes gathering information about the target, the target could be systems as well as individuals of the organization.

From an individual's perspective, disclosing some information might not seem relevant enough to facilitate an attack. However, by collecting small pieces of information, an attacker can get hold of enough data to plan and perform an attack.

The more information is known about the target, the greater is the attack surface and the better are the chances of finding vulnerabilities. Therefore it is very important to perform the information gathering phase as effectively as possible.

This module will familiarize you with:

  • Finding information about the target based on DNS and Whois lookup
  • Identifying open ports and services running on the target machine by using tools such as Nmap and netcat
  • Using Nmap and Proxychains to scan a target machine through a proxy

Total labs covered in the module: 7

Section 2: Finding Vulnerabilities

Vulnerable software, common misconfigurations, and weak passwords are some of the most common entry points for an attacker. The next question arises, how does the attacker find these entry points? This is where the information gathered in the previous phase proves to be valuable. Based on the information, additional research and analysis have to be performed to identify the possible vulnerabilities.

The vulnerability databases such as Common Vulnerabilities and Exposures (CVE), National Vulnerability Database (NVD) would help in identifying whether the specific version of software/components are vulnerable or not.

The security community has done an amazing job by creating and maintaining various tools such as Nmap, Metasploit, and Nikto. These tools are very easy to use and provide support to identify publicly known vulnerabilities.

This module will familiarize you with:

  • Identifying vulnerabilities by using Nmap Scripting Engine and Metasploit
  • Scanning the web application and identifying vulnerabilities with Nikto
  • Manually interacting with the services and enumerating the Linux system users

Total labs covered in the module: 6

Section 3: Capturing Traffic

Capturing the local network traffic can provide the attacker with additional information (perhaps even usernames and passwords) which could be useful in the exploitation phase. It can produce a massive amount of potentially useful data

Performing traffic capture can result in thousands of packets being captured in seconds, therefore discovering which traffic is useful might seem difficult. This is where we will learn how to use Wireshark to analyze the captured network traffic and find sensitive information.

This module will familiarize you with:

  • Analyzing HTTP and FTP traffic with Wireshark
  • Applying filters and following protocol streams

Total labs covered in the module: 1

Section 4: Exploitation

Exploitation is every hacker's favorite phase. In this phase, the attacker focuses solely on establishing access to the target by exploiting the vulnerability. In some cases, the vulnerability could be as simple as using the default passwords, and in some cases, the exploitation might require writing a custom exploit

The security community has created exploits for vulnerabilities that otherwise would be very complex to exploit. For most of the vulnerabilities, the exploits are publicly available which makes the task of the attacker easier. Metasploit, the exploitation framework, consists of thousands of exploit modules, and the exploitation with Metasploit is as easier as executing a couple of commands.

This module will familiarize you with:

  • Exploiting vulnerable application and services with Metasploit
  • Manually exploiting vulnerable web application vulnerabilities such as Remote Code Execution, Local File Inclusion, and Arbitrary File Upload.
  • Compromising the target machine by leveraging network services such as FTP

Total labs covered in the module: 9

Section 5: Password Attacks

Complex passwords might be hard to remember, therefore many people, unaware of the risks tend to use easy to remember passwords. In some cases, the password might be related to their name, date of birth, etc, and in some cases, people might use commonly used passwords.

Misconfigurations and out-of-date software can be easily fixed by the client, but the users themselves can’t be patched. And this is where the attacker, instead of targeting the system directly, would try to gain a foothold by exploiting the user's mistake.

Over the years, the security community has curated lists of commonly used passwords. Tools such as crunch, CeWL, are also available to generate wordlist based on specified criteria.

These wordlists can be used to perform dictionary attacks in order to crack passwords.

This module will familiarize you with:

  • Attacking network services with hydra
  • Cracking password hashes with John The Ripper and Hashcat

Total labs covered in the module: 2

Section 6: Post Exploitation

Once an initial foothold is obtained on a machine, the attacker's task is to perform enumeration as effectively as possible. The compromised machine can reveal sensitive information that could be leveraged to escalate privileges or even compromise other machines on the network (Lateral Movement).

In case if the machine is connected to an internal network, the attacker can pivot through the compromised machine to attack other machines on the network.

The attacker can also use persistence techniques to maintain access on the compromised machine. This will allow the attacker to use the machine to perform attacks on other machines in a planned attack on a future date.

This module will familiarize you with:

  • The basics of meterpreter.
  • Finding sensitive files on the compromised machine.
  • Performing reconnaissance with Metasploit Post Exploitation modules
  • Performing vertical privilege escalation and attaining root privileges
  • Performing lateral movement and compromising other machines on the network
  • Attacking machines by pivoting through the compromised machine
  • Maintaining access on the compromised machines

Total labs covered in the module: 11

Section 7: WebApp Security

Web applications are ubiquitous and most enterprises manage their own web applications, some of these applications are used by thousands of users every day. Compromising one such application is all an attacker needs to cause severe damage to the enterprise.

Since users directly interact with web applications, the attack surface is greater. The attacker can inject scripts into the application to fool the users into performing unintended operations such as making payments, downloading malicious files, etc.

Web applications can be leveraged to compromise users which could facilitate further attacks. Therefore, as a pentester, it is important to learn the popular web application attack vectors and how it can be chained to perform severe attacks.

This module will familiarize you with:

  • Analyzing HTTP requests and responses with Burp Suite.
  • Performing Injection attacks such as SQL Injection and Command Injection
  • Automating SQL Injection attack with SQLMap
  • Exploiting Cross-Site Scripting and CSRF vulnerabilities
  • Reading arbitrary files by exploiting Local File Inclusion vulnerability.
  • Leveraging Remote File Inclusion vulnerability to perform Remote Code execution

Total labs covered in the module: 9

Section 8: Wi-Fi Attacks

Wireless communication has undoubtedly made our lives easier, however with wireless, there are its own security concerns. Compared to a wired network, now the attacker no longer needs to be on the premise, an attacker might be sitting on a bench in front of the target organization’s building and accessing the internal network through the wireless access.

Almost every individual and enterprises are using WiFi these days, getting into one such network is all the attacker might need to cause severe damage to the individuals and the organization. Therefore, as a pentester, it is important to learn how to analyze the wireless traffic and identify the weakness which could be leveraged to compromise the network.

This module will familiarize you with:

  • Capturing and analyzing WiFi traffic
  • Cracking the shared key of the WiFi network protected with WEP.
  • Cracking the pre-shared passphrase of WPA2 protected WiFi network.

Total labs covered in the module: 3

Section 9: Buffer Overflows

Buffer is a portion of the computer's memory that is set aside for holding data for temporary purposes. As long as the buffer is large enough to store the data, the program will work correctly.

A buffer overflow occurs when an attacker-controlled input is stored on an undersized buffer, which causes the input to overwrite the data present on the call stack including the function return pointers. By controlling the input, the attacker can overwrite the return pointer to execute their own injected shellcode.

This module will familiarize you with:

  • Debugging programs with GDB
  • Understanding the structure of the stack and CPU registers
  • Hijacking the execution of the process and injecting shellcode
  • Writing a custom script to exploit the vulnerability.

Total labs covered in the module: 2

Georgia Weidman: Entrepreneur, Author, Speaker and Trainer

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the National CyberWatch Center's National Visiting Committee, an Adjunct Professor, and a past New America Cybersecurity Policy Fellow. She presents or conducts training around the world and is regularly featured internationally in media. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah, a graduate of Virginia’s Mach37 cybersecurity accelerator, whose products assess and manage the risk of mobile devices in the enterprise. Georgia was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science; CISSP, CEH, and OSCP certifications; and U.S. Patent #10,432,656 which is foundational to simulated phishing.

Pay with Paypal:
Select Lab Duration
Terms of Purchase:
  • You will receive your lab access within 48 hours of purchase
  • You need a Google account to access to the lab portal as we use login with Google
  • Purchases are non-refundable
  • Access to Georgia Weidman's Penetration Testing Labs is not included with Pentester Academy subscriptions
  • Please email feedback[@]binarysecuritysolutions.com if you have any questions