Network Security and Penetration Testing Training
Level
IntermediateDuration
24h / 3 daysDate
Individually arrangedPrice
Individually arrangedNetwork Security and Penetration Testing Training
The Network Security and Penetration Testing training is a comprehensive course that introduces participants to the world of cybersecurity, penetration testing, and network infrastructure protection in a practical way. During the classes, you will learn attack techniques targeting web applications, wireless networks, remote services, as well as SSL/TLS mechanisms and Windows systems. You will also learn how to use dedicated vulnerable-by-design environments (DVWA, Metasploitable2), conduct controlled attacks, and implement effective defense mechanisms.
Who is this training for?
Pentesters and IT security specialists who want to expand their skills-
Network and system administrators responsible for infrastructure security
-
Developers and DevOps teams interested in vulnerability analysis of applications and services
-
People beginning their career in cybersecurity
What You Will Learn
- How to create test environments for penetration testing (Kali Linux, DVWA, Metasploitable2)
- How to detect and exploit web application vulnerabilities (SQLi, XSS, CSRF, LFI, RFI, Command Injection)
- How to conduct attacks on WLAN networks (WEP, WPA/WPA2, WPS, Evil Twin, Rogue AP)
- How to analyze and attack remote access services (VNC, SSH, Samba, RDP)
- How to understand SSL/TLS weaknesses and perform Man-in-the-Middle attacks
- How to exploit vulnerabilities in Windows systems and identify security gaps
- How to implement basic defense mechanisms and incident response strategies
Training Program
Module 1: Creating Test Environments for Penetration Testing
- Introduction to vulnerable-by-design environments
- Configuring Kali Linux as the main pentesting tool
- DVWA (Damn Vulnerable Web Application) – testing web applications
- Metasploitable / Metasploitable2 – environment for testing network services and exploits
Module 2: Web Application Security
- OWASP – Open Web Application Security Project: mission, goals, Top 10
-
Key web application vulnerabilities:
- Path Traversal
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- SQL Injection
- Command Injection
- Cross-Site Scripting (XSS)
- Cookie manipulation & Session Hijacking
- Brute-force attacks
- Cross-Site Request Forgery (CSRF)
- Vulnerabilities in file upload mechanisms
Module 3: Attacks on WLAN Infrastructure
- Introduction to wireless network security
- Monitor mode – packet capturing
- Attacks on protocols: WPS, WEP, WPA/WPA2
- Offensive techniques: Wardriving, Evil Twin attack, Rogue Access Points
Module 4: Attacks on Remote Access Services
-
Example vulnerabilities and attacks using Metasploitable2:
- Samba – unauthorized access to resources
- VNC remote access – session hijacking
- SSH remote access – exploiting weak passwords or known exploits
Module 5: Attacks on SSL/TLS Connections
- Basics of SSL/TLS – purpose and functionality
- Known SSL/TLS attacks: POODLE, SSL Stripping, FREAK, Lucky Thirteen, Raccoon, BEAST
-
Man-in-the-Middle (MITM) attacks:
- Introduction to MITM
- Tools: Bettercap, SSLStrip
- Decrypting SSL/TLS – intercepting encrypted traffic
Module 6: Attacks on Windows System Security
-
Overview of known vulnerabilities and attack scenarios:
- File History service vulnerability
- Critical flaw in Microsoft Outlook
- ZeroLogon – domain controller privilege escalation
- Windows CryptoAPI Spoofing Vulnerability
- Remote Desktop Gateway – RDP attacks over the internet
- SAMBA vulnerability in Windows 7
- Exploiting RDP services – remote desktop session takeover
