The Penetration Testing Process
Easy
1 Sections
This module teaches the entire penetration testing process and its stages, which will be discussed in detail as this will be an essential part of our work. We cover many aspects of the role of a penetration tester in a penetration test, explained and illustrated with detailed examples. The module also covers pre-engagement steps like the criteria for establishing a contract with a client for a penetration testing engagement.
Getting Started
Fundamental
23 Sections
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.
Introduction to Metasploit Framework
Easy
1 Sections
The Metasploit Framework is an open-source set of tools used for network enumeration, identifying and testing security vulnerabilities, payload creation, exploitation, and post-exploitation activities. Since Metasploit is open-source, penetration testers and even blue team members can use it to probe networks and applications for flaws and vulnerabilities through ready-made code and custom code.
Shells and Payloads
Medium
1 Sections
Understanding the correct type of payload to use or the functions of different shells can be the difference between getting discovered during a penetration test or moving on undetected. This module will cover many different methods of establishing a shell on a host and creating payloads to match your victim's applications and architecture.
Reconnaissance
Easy
1 Sections
This module covers techniques for footprinting the most commonly used services in enterprise and business IT infrastructures. Footprinting is an essential part of any penetration test or security audit to identify and prevent information disclosure. It examines the individual services and tries to obtain as much information from them as possible.
Network Enumeration with Nmap
Easy
12 Sections
Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.
Vulnerability Assessment
Easy
1 Sections
This module contains an introduction to Vulnerability Assessment and the related frameworks. Students will review the differences between vulnerability assessments and penetration tests, how to carry out a vulnerability assessment, how to interpret vulnerability assessment results, and how to deliver an effective vulnerability assessment report.
Attacking Common Services
Medium
9 Sections
Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service internally and externally to ensure that they are not introducing security threats. This module will cover how to enumerate each service and test it against known vulnerabilities and exploits with a standard set of tools.
Active Directory Enumeration and Attacks
Medium
1 Sections
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface. To be successful as penetration testers and information security professionals in general, we must have a firm grasp of tactics and techniques for enumerating and attacking common AD flaws and misconfigurations.
Using Web Proxies
Easy
15 Sections
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.
Login Brute Forcing
Easy
11 Sections
Learn how to brute force logins for various types of services and create custom wordlists based on your target.
Attacking Web Applications with Ffuf
Easy
13 Sections
This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.
Cross-Site Scripting (XSS) Fundamentals
Easy
1 Sections
Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to execute arbitrary JavaScript code within the target's browser and result in total web application compromise if chained with other vulnerabilities. This module will teach you how to identify XSS vulnerabilities and exploit them.
Other Web Attacks
Medium
1 Sections
As the popularity of web applications keeps increasing, so does the number and types of web attacks web applications are vulnerable to. Many of the most common web attacks have been covered in previous modules. This module covers other common web vulnerabilities, such as IDOR and XXE. You will be shown how to identify, exploit, and prevent each of them through various methods.
File Inclusion / Directory Traversal
Medium
7 Sections
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.
SQL Injection Fundamentals
Medium
17 Sections
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.
SQLMap Essentials
Easy
11 Sections
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.
Command Injections
Medium
12 Sections
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify and exploit command injection vulnerabilities and how to use various filter bypassing techniques to avoid security mitigations.
Unrestricted File Upload
Medium
1 Sections
Unrestricted file upload vulnerabilities are among the most critical web vulnerabilities, as they can enable attackers to upload malicious files and execute arbitrary commands on the back-end server. This module will discuss the basics of identifying and exploiting unrestricted file upload vulnerabilities and how to evade basic security restrictions in place to achieve arbitrary file uploading.
Attacking Common Web & Intranet Applications
Medium
1 Sections
Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by developers and sysadmins, and more. It's common to find the same applications across many different environments. While an application may not be vulnerable in one environment, it may be misconfigured or unpatched in the next. It is important as an assessor to have a firm grasp of enumerating and attacking the common applications discussed in this module.
Linux Privilege Escalation
Easy
15 Sections
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and resources to move closer to the assessment's overall goal. There are many ways to escalate privileges. This module aims to cover the most common methods emphasizing real-world misconfigurations and flaws that we may encounter in a client environment. The techniques covered in this module are not an exhaustive list of all possibilities and aim to avoid extreme "edge-case" tactics that may be seen in a Capture the Flag (CTF) exercise.
Windows Privilege Escalation
Medium
30 Sections
After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can further our access in the environment. Enumeration is the key to privilege escalation. When you gain initial shell access to the host, it is important to gain situational awareness and uncover details relating to the OS version, patch level, any installed software, our current privileges, group memberships, and more. Windows presents an enormous attack surface and, being that most companies run Windows hosts in some way, we will more often than not find ourselves gaining access to Windows machines during our assessments. This covers common methods while emphasizing real-world misconfigurations and flaws that we may encounter during an assessment. There are many additional "edge-case" possibilities not covered in this module. We will cover both modern and legacy Windows Server and Desktop versions that may be present in a client environment.
File Transfers
Medium
8 Sections
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging tools commonly available across all versions of Windows and Linux systems.
Pillaging
Medium
1 Sections
Pillaging is the process of obtaining information from a compromised system. It can be personal information, corporate blueprints, credit card details or passwords, and other credentials. These may help in gaining further access to the network or in completing goals defined in the pre-engagement process of penetration testing. This data may be stored in a wide range of different applications, services, and device types, which may require specific tools to obtain them.
Password Attacks
Medium
1 Sections
Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for weak, easy-to-remember passwords that can often be cracked offline and used to further our access. We will encounter passwords in many forms during our assessments. We must understand the various ways they are stored, how they can be retrieved, methods to crack weak passwords, ways to "replay" passwords that cannot be cracked, and hunting for weak/default password usage.
Pivoting, Tunneling & Port Forwarding
Medium
1 Sections
Once a foothold is gained during assessments, it may be in scope to move laterally and vertically within a target network. Using one compromised machine to access another is called pivoting and allows us to access networks and resources that are not directly accessible to us through the compromised host. Port forwarding accepts the traffic on a given IP address and port and redirects it to a different IP address and port combination. Tunneling is a technique that allows us to encapsulate traffic within another protocol so that it looks like a benign traffic stream.
AD Lateral Movement Fundamentals
Medium
1 Sections
Once an initial foothold is gained during Active Directory penetration testing assessments, we usually look for ways to move laterally within a target network. Many techniques can be used for lateral movement, including credential theft and reuse, using protocols for system management and administration, remote exploits, password guessing attacks, and more. This module showcases various Active Directory lateral movement techniques that can be used depending on the technologies present within the host and network.
Documentation & Reporting
Easy
1 Sections
Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presented to a broad audience within the target organization. We must take detailed notes and be very organized in our documentation, which will help us in the event of an incident during the assessment. This will help ensure that our reports contain enough detail to illustrate the impact of our findings properly.
Attacking Enterprise Networks
Medium
1 Sections
We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless of the size, and be able to work through each phase of the penetration testing process to reach our goal. This module will guide students through a simulated penetration testing engagement, from start to finish, with an emphasis on hands-on testing steps that are directly applicable to real-world engagements.
