“If I had eight hours to chop down a tree, I’d spend the first six of them sharpening my axe.”
This course is ideal for penetration testers, security enthusiasts and network administrators. The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
Its best-known sub-project is the open source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive and related research.
The Metasploit Project is well known for its anti-forensic and evasion tools, some of which are built into the Metasploit Framework.
This training course is part of six-month program:
|Application deadline||14 November 2014, at 16:00|
|(This course has ended)|
Choosing and configuring an exploit (code that enters a target system by taking advantage of one of its bugs; about 900 different exploits for Windows, Unix/Linux and Mac OS X systems are included);
Optionally checking whether the intended target system is susceptible to the chosen exploit;
Choosing and configuring a payload (code that will be executed on the target system upon successful entry; for instance, a remote shell or a VNC server);
Choosing the encoding technique so that the intrusion-prevention system (IPS) ignores the encoded payload;
Executing the exploit
This modular approach – allowing the combination of any exploit with any payload – is the major advantage of the Framework. It facilitates the tasks of attackers, exploit writers and payload writers.
Metasploit runs on Unix (including Linux and Mac OS X) and on Windows. The Metasploit Framework can be extended to use add-ons in multiple languages.
To choose an exploit and payload, some information about the target system is needed, such as operating system version and installed network services. This information can be gleaned with port scanning and OS fingerprinting tools such as Nmap. Vulnerability scanners such as Nexpose or Nessus can detect target system vulnerabilities. Metasploit can import vulnerability scan data and compare the identified vulnerabilities to existing exploit modules for accurate exploitation.
Metasploit Basics and Framework Organization
Server and Client Side Exploitation
Meterpreter – Extensions and Scripting
Database Integration and Automated Exploitation
Post Exploitation Kung-Fu – Exploring the system, Privilege escalation, Log deletion and AV / Firewall bypass
Token stealing and impersonation, Backdoors and Rootkits, Pivoting and Port forwarding, Railgun and Custom Scripting, Backdoor an Executable
Writing Metasploit Modules – Auxiliary and Exploit
Exploit research with Metasploit- Buffer Overlows, SEH etc.
Social Engineering Toolkit (SET) and Armitage
Scenario Based Hacking using Metasploit
Knowledge in Linux Systems (LINUX 101), Network Architecture ,Basics of Programming. and daily computer skills .
Post Exploitation Kung-Fu
Post Exploitation Privilege Escalation
Killing AV and Disabling Firewall
Stdapi and Priv Extensions
Token Stealing and Incognito
Espia and Sniffer Extensions
Post Exploitation Backdoors
Pivoting after Post Exploitation
Port Forwarding as part of Post Exploitation
Client Side Exploits
Backdoors and Rootkits in Post Exploitation
Exploit Research with Metasploit
Railgun Adding Functions
Railgun Adding New DLLs
Meterpreter API Basics
Meterpreter Scripting - Migrate Clone
Meterpreter Scripting - Process Name Search
Social Engineering Toolkit Java Applet
Drinor Selmanaj has experience in cyber security. He has been working with FLOSSK for 2 years now he is one of many contributors in Kosovo in many open source projects, he has been doing workshops around Kosovo in data security, also being a FLOSSKie he has been maintaining the network of the SFK (Software Freedom Kosova) the annual conference about open source in Kosovo. His expertise are networks and computer security. While on workdays he is the CEO of HelloWorld, a company which is focused on application development. His passion about computer security and networks never stops. He will be showing some awesome stuff at advanced cyber security training.
Saturday & Sunday, starting 17:00 - 20:00
November 15 - December 7
Innovation Centre Kosovo; Rexhep Mala str. 28A, 10000, Prishtina
firstname.lastname@example.org; 049 765 567
Drinor Selmanaj is a lecturer, entrepreneur and information security specialist from Kosovo.
He has spent his years consulting, auditing, and hardening IT-infrastructures in companies and organizations across the region.
As a lecturer, he has established a Penetration Testing programme at ICK which seeks to hone the skills of young technology enthusiasts looking into entering the field of cybersecurity.
His entrepreneurial spirit led him to found a software development company called “Hello World!” centered around creating secure and highly functional digital products for local companies and businesses.
He is the CTO and co-founder of “Sentry L.L.C” - one of the first companies in Kosovo to regionally offer products and an extensive list of services in information security.
As a citizen of Kosovo and a member of various hacker communities, Drinor is able to see both the needs of legitimate businesses as well as the needs of a darker digital underground.
© ICK — Innovation Centre Kosovo