Virtual Academy by PurpleSynapz™

How to use this course

Red Teaming Building Blocks

Lab settings and Requirements

Lab settings in VirtualBox

Create your own pen-testing lab - step by step procedure

Overview Of Top Red Teaming Tools

Assessment to Introduction to Red Team Essentials

Red Team Testing Phases

Reconnaissance and Hands-On: GoogleDorks

Reconnaissance and Hands-On: Default Passwords

Reconnaissance and Hands-On: Web Server

Reconnaissance and Hands-On: Maltego for information

Reconnaissance and Hands-On: RedHawk for information

Scanning and Hands-On: Network Discovery

Scanning and Hands-On: Ettercap for network scan

Scanning and Hands-On: NMap

Scanning and Hands-On: Simple bash script for ping sweep using search engine

Scanning and Hands-On: Simple bash script for ping sweep

Scanning and Hands-On: Port Scanning

Scanning and Hands-On: Scanning Types

Vulnerability Scanning Setup: OpenVAS tool

GVM (Greenbone Vulnerability Management) installation on kali Linux 2020 and latest versions.

Lab tips for Installing GVM openvas and updating latest vulnerabilities database

Performing a vulnerability scan using OpenVAS

Vulnerability Scanning Setup: OpenVAS report

Vulnerability Scanning Setup: Nessus tool

Vulnerability Analysis and Penetration Testing (VAPT) Assessment Report Sample

Vulnerability Analysis and Penetration Testing (VAPT) Sample Questionnaire

Vulnerability Analysis and Penetration Testing (VAPT) Summary Report Sample

Sample Web application VAPT report

VAPT pre-engagement with clients

Assessment to Introduction to VAPT

Exploiting Existing Vulnerabilities: On Server

Exploiting Existing Vulnerabilities: Critical vulnerability in Windows 7 found in report

Metasploit Framework (MSF): Introduction

Metasploit Framework (MSF): Software Architecture

Metasploit Framework (MSF): Understanding payloads

Understanding a Real Scenario: Introduction

Understanding a Real Scenario: Windows Static NAT for hacking

Configuring & Running an Exploit: Metasploit Reverse Shell

Understanding Meterpreter shell: Meterpreter usage

Understanding Meterpreter shell: Meterpreter usage privilege escalation

Understanding Meterpreter shell: Persistence

Understanding Meterpreter shell: Process Migration

Understanding Meterpreter shell: Keylogger

Understanding Meterpreter shell: Changing user password and firewall settings

Understanding Meterpreter shell: Clearing tracks

What is Pass the Hash Attack?

17.Pass the Hash Attack (Lab)

Pivoting: What is it?

Pivoting (Lab)

Assessment of Exploiting Vulnerabilities

Introduction to Post Exploitation

Introduction to Privilege Escalation

Privilege Escalation on Linux systems

Privilege Escalation Labs: MS2 privilege escalation distcc vuln

Privilege Escalation Labs: Using Kernel Exploit

Privilege Escalation on Windows Systems: Windows Privilege Escalation

Privilege Escalation on Windows Systems: Local Privilege Escalation Exploit Suggester

What is Persistence?

Persistence Module in Meterpreter (Lab)

Different ways of maintaining Persistence: Using backdoor

Different ways of maintaining Persistence: Using post module

Meterpreter for Post-Exploitation: Post module reference

Post exploitation Gathering and Managing Modules

Perform a Simple DNS tunneling Lab

Assessment for Post Exploitation ( Maintaining Access )

Anonymity tools and services: Introduction to Anonymity and confidentiality

Configuring proxy chains for anonymity: Using KaliTorify (Lab)

Configuring proxy chains for anonymity: Using proxy chain configuration

Assessment for maintaining anonymity and confidentiality

Introduction to Password Cracking: Password Attacks

Introduction to Password Cracking: Password hashes of Windows system

Introduction to Password Cracking: Password hashes of Linux system

Introduction to Password Cracking: Some password cracking tools

Introduction to Password Cracking: Gathering password hashes from victims

Offline password cracking using John the Ripper

Password Cracking using Ophcrack

Online SSH password cracking using Hydra

Cracking the password of a Web app: Using Hydra HTTP Login Brute Force

Brute force attack using Burp Suite Dynamic Brute Force

Passwords while sniffing the traffic: Using Ettercap

Unhiding hidden passwords in Google Chrome

Cracking Wi-Fi passwords: Introduction

Cracking Wi-Fi passwords: Sample documentation

Assessment for Password attacks

Malware threats: Introduction and types

Malware threats: Life cycle of a virus

Malware threats: Virus (Lab)

Malware threats: Worms

Malware threats: Trojans

Malware threats Ransomware Lab: Dissecting a Ransomware

Malware threats Ransomware Lab: WannaCry Demonstration

Malware threats Ransomware Lab: Hidden Tear Open-Source Ransomware

Malware threats Ransomware Lab: Hidden Tear Encryption

Malware threats Ransomware Lab: Hidden Tear Decryption

Malware threats Ransomware Lab: Hidden Tear Analysis (Lab)

Malware threats Open-Source Labs: theZoo (Lab)

Assessment for Cyber Malware Threats

Social Engineering Terminologies

Tools For Creating Malwares for Phishing

Social Engineering Toolkit (SET) for Phishing (x264)

Embedding malware in Firefox Add-ons

Embedding Malware in PDF Files (x264)

Exploit Adobe reader software vulnerability: Social Engineering attack - Lab Document

Creating a malicious Office document payload

Creating undetectable payloads for Phishing Attacks: FatRat

Creating undetectable payloads for Phishing Attacks: Veil

Creating undetectable payloads for Phishing Attacks: Veil detection in VirusTotal

Android mobile platform attack using phishing

Sending fake emails and other online services for phishing

Steganography for hiding a malicious payload: Introduction

Steganography for hiding a malicious payload: Lab

Assessment for Social Engineering Attacks

WireShark usage and its advantages in offensive security

ARP Cache Poisoning using Ettercap detection

SSL decryption

Traffic analysis for confirming successful attack: Brute Force Attack Analysis

Traffic analysis for confirming successful attack: SYN Flood DDoS

Assessment for WireShark for Offensive Security

Overview of OSI Layer-wise attacks

Overview of OSI Layer-wise remedies

Security Tuning Fundamentals

Multi-layered threat prevention approach and protections - Part 1

Assessment for Important Remedies and Protections

Approaching Web App Pen Testing Engagement and configuring Burp Suite

Command Injection Attacks

File Inclusion Attacks

File Upload Attacks

Exploiting Broken Authentications

Reflected, Stored & DOM-based XSS (Cross Site Scripting) attacks

XML Injection

Exploiting applications with vulnerable components

Sample Report Template for web application Vulnerabilities and Remediation

Assessment for Web Application Penetration Testing

Scenario 1: Understand the importance of Reconnaissance phase of attack .Crate a blue print of attack using OSINT.

Scenario 2: Reconnaissance tools

Scenario 3: Vulnerabilities scanning using Nessus.

Scenario 4: Exploiting 4 known vulnerabilities

Scenario 5: Need to Learn Linux commands and usage for privilege escalation techniques

Scenario 6: VAPT task on third party free Vulnerable Machines

Scenario 7: Practice how to find and exploit SQL Injection vulnerability

Scenario 8 : Practice how to find and exploit File upload vulnerability

Scenario 9: Understanding about GET flood (DOS) attack

Scenario 10: Creating Malicious PDF file and understanding it's execution while the defender is on.

Scenario 11: Antivirus Evasion

Scenario 12: Hacking and forensic investigation

Scenario 13: Malicious traffic analysis

Scenario 14: List out and implement top 10 CIS recommendation for drive by compromise attack .

Scenario 15: Perform best security practices on your server

Scenario 16: Server Security Hardening

Scenario 17 : Operationalizing MITRE ATT&CK framework

Scenario 18: Performing a VAPT on live website

Scenario 19: Perform a real VAPT for this 2 live websites.

Some of the free online resources for practical web application testing

What Malicious Hackers do? Basic awareness by Murali

VAPT using Open Source Tools

How Buffer Overflow Vulnerability is Exploited?

Basics of Wireshark tool

Dissecting a simple open source Ransomware

Cyber kill chain

MITRE ATT&CK framework

How to kickstart your Cybersecurity Career after this course ?