Network Security and Penetration Testing Training
Level
IntermediateDuration
24h / 3 daysDate
Individually arrangedPrice
Individually arrangedNetwork Security and Penetration Testing Training
The Network Security and Penetration Testing training is a comprehensive course that introduces participants to the world of cybersecurity, penetration testing, and network infrastructure protection in a practical way. During the classes, you will learn attack techniques targeting web applications, wireless networks, remote services, as well as SSL/TLS mechanisms and Windows systems. You will also learn how to use dedicated vulnerable-by-design environments (DVWA, Metasploitable2), conduct controlled attacks, and implement effective defense mechanisms.
Who is this training for?
Pentesters and IT security specialists who want to expand their skills-
Network and system administrators responsible for infrastructure security
-
Developers and DevOps teams interested in vulnerability analysis of applications and services
-
People beginning their career in cybersecurity
What You Will Learn
- How to create test environments for penetration testing (Kali Linux, DVWA, Metasploitable2)
- How to detect and exploit web application vulnerabilities (SQLi, XSS, CSRF, LFI, RFI, Command Injection)
- How to conduct attacks on WLAN networks (WEP, WPA/WPA2, WPS, Evil Twin, Rogue AP)
- How to analyze and attack remote access services (VNC, SSH, Samba, RDP)
- How to understand SSL/TLS weaknesses and perform Man-in-the-Middle attacks
- How to exploit vulnerabilities in Windows systems and identify security gaps
- How to implement basic defense mechanisms and incident response strategies
Training Program
-
Module 1: Creating Test Environments for Penetration Testing
- Introduction to vulnerable-by-design environments
- Configuring Kali Linux as the main penetration testing tool
-
DVWA (Damn Vulnerable Web Application)
- Testing web application vulnerabilities
-
Metasploitable / Metasploitable2
- Environment for testing network services and exploits
-
Module 2: Web Application Security
- OWASP – Open Web Application Security Project
- Mission and goals
- OWASP Top 10 overview
- Path Traversal
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- SQL Injection
- Command Injection
- Cross-Site Scripting (XSS)
- Cookie manipulation and Session Hijacking
- Brute-force attacks
- Cross-Site Request Forgery (CSRF)
- Vulnerabilities in file upload mechanisms
-
Module 3: Attacks on WLAN Infrastructure
- Introduction to wireless network security
- Monitor mode and packet capturing
- Attacks on wireless protocols
- WPS
- WEP
- WPA / WPA2
- Offensive wireless techniques
- Wardriving
- Evil Twin attack
- Rogue Access Points
-
Module 4: Attacks on Remote Access Services
- Example vulnerabilities and attacks using Metasploitable2
- Samba
- Unauthorized access to shared resources
- VNC remote access
- Session hijacking
- SSH remote access
- Weak passwords
- Known exploits
-
Module 5: Attacks on SSL/TLS Connections
- Basics of SSL/TLS
- Purpose
- Functionality
- Known SSL/TLS attacks
- POODLE
- SSL Stripping
- FREAK
- Lucky Thirteen
- Raccoon
- BEAST
- Man-in-the-Middle (MITM) attacks
- Introduction to MITM
- Tools: Bettercap, SSLStrip
- Decrypting SSL/TLS traffic
- Intercepting encrypted connections
-
Module 6: Attacks on Windows System Security
- Overview of known Windows vulnerabilities and attack scenarios
- File History service vulnerability
- Critical vulnerability in Microsoft Outlook
- ZeroLogon
- Domain Controller privilege escalation
- Windows CryptoAPI Spoofing Vulnerability
- Remote Desktop Gateway
- RDP attacks over the internet
- SAMBA vulnerability in Windows 7
- Expl
