Course Description
You don’t need to be an expert pen tester to identify security risks or confirm vulnerabilities with the aid of Metasploit Pro. Geared toward security professionals who have little to no Metasploit Pro and penetration testing experience, this two-day interactive class provides the necessary knowledge to jumpstart your use of the product.
For flexible and accessible learning, this course is offered both virtually and on-site at your facility. The virtual class is hosted remotely on a Rapid7 lab and features simulated exercises—including project creation, host discovery, service port and operating system identification, various exploitation methods, evidence collection, and report creation—against a set of target hosts. Customers who participate in on-site trainings will apply their learned skills in hands-on scenarios in their own environment.
All participants will have access to the Metasploit Pro Certified Specialist Exam as part of their training program; go from being the student to the master and leverage the knowledge gained from class to become certified.
What You'll Learn
Metasploit Pro
- Product overview and key feature descriptions
Navigating the GUI
- Intro and demonstration of the web interface (GUI)
- Working with projects for penetration testing
Network Scanning
- Active scanning
- Network/device enumeration
- Importing vulnerability scan data from other products
Exploitation Techniques
- Gaining access to hosts using targeted exploits, automated exploitation, and brute-force attacks
Maintaining Access and Privilege Escalation
- Alternative access techniques and privilege escalation methods, including client-side exploits, local system access, and persistence
Web Application Testing
- Using Metasploit’s web application vulnerability scanning and exploitation capabilities
Social Engineering
- Utilizing Metasploit Pro to simulate drive-by attacks and spear phishing in order to identify user awareness training gaps
Quick Start Wizards and MetaModules
- Intro to built-in wizards (for quick penetration tests, web app testing, and campaigns)
- Intro to MetaModules, which simplify testing by automating common, complicated security tests
Reporting
- Standard and custom reporting of progress, results, and collected evidence
- Data exports for archival or backups
Day 1
The first day of class provides an introduction to Metasploit Pro and focuses on key foundational knowledge upon which you will build throughout the course. Emphasis will be placed on the Metasploit Pro console, project workflow, various modules and payloads, and exploitation techniques. You will gain practical, hands-on experience in the following areas:
- Metasploit Pro Introduction
- A Discussion of Workflow And Methodology
- Navigating the GUI
- Metasploit Tasks
- Discovering Targets
- Importing Scan Data
- An Overview of Exploits Modules
- Basic Exploitation Techniques
- Password Brute Force Exploitation Technique
- Pass-The-Hash Exploitation Technique
- Pivot Attacks
- An Overview of Payload Modules
- An Overview of Command Shell/Meterpreter Payloads
Day 2
After mastering the knowledge and skills covered in Day 1, you will cover additional exploitation techniques, identification and exploitation of web application vulnerabilities, social engineering campaigns, and report generation. Day 2 will be comprised of the following:
- Post-Exploitation Techniques
- Maintaining Access and Privilege Escalation
- Web Application Testing/Exploitation
- Social Engineering Campaigns
- Quick Start Wizards, Task Chains and MetaModules
- Reporting
Prerequisites
Ideally, attendees should have the following:
- Experience with Windows® and Linux Operating Systems
- Basic knowledge of network protocols
- Basic vulnerability management system knowledge
- Knowledge of penetration testing concepts