Penetration Testing 10-Day Boot Camp
Infosec’s penetration testing training — delivered in the form of a 10-day, boot-camp style course — is the information security industry’s most comprehensive penetration testing course available.
Become a certified pentester, guaranteed!
- Exam Pass Guarantee (live online)
- 100% Satisfaction Guarantee
- Certified Ethical Hacker (CEH) exam voucher
- PenTest+ exam voucher
- Certified Penetration Tester (CPT) exam voucher
- Certified Expert Penetration Tester (CEPT) exam voucher
- Unlimited practice exam attempts
- Ten days live, expert  security training instruction (live online or in-person)
- Immediate access to Infosec Skills — including a bonus  security training boot camp prep course — from the minute you enroll to 90 days after your boot camp
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee
Hands-on labs
Hundreds of exercises in over 30 separate hands-on labs bring you up to speed with the latest threats to which your organization is most vulnerable. Practice penetration testing in our virtualized environment that simulates a full range of servers and services used in a real company. Learn how to compromise web servers, virtual machines, databases, routers and firewalls, and then put it all together in an unscripted evening Capture the Flag (CTF) exercise.
Nightly capture the flag exercises
CTF exercises are an opportunity for you to practice your hacking skills in a real-world environment. Infosec sets up a mock company that you can freely attack without having to worry about damaging production systems. The purpose of the CTF exercises is to ensure you understand how to apply the skills you learned during the day to a real-world, ethical hacking scenario.
Course benefits
- Gain the in-demand career skills of a professional security tester — learn the methodologies, tools and manual hacking techniques used by penetration testers
- Stay ethical — get hands-on hacking skills in our lab that are difficult to gain in a corporate or government working environment, such as anti-forensics and unauthorized data extraction
- Move beyond automated vulnerability scans and simple security testing into the world of ethical penetration testing and hacking
- More than interesting theories and lecture — get your hands dirty in our cyber range
Training overview
In this 10-day boot camp, you will learn everything there is to know about penetration testing, from the use of network reconnaissance tools to the writing of custom zero-day buffer overflow exploits. The goal of this course is to help you master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or hacking situation.
This penetration testing training course has a significant return on investment: you walk out the door with hacking skills that are highly in demand, as well as up to four certifications:
- Certified Ethical Hacker (CEH)
- CompTIA PenTest+
- Certified Penetration Tester (CPT)
- Certified Expert Penetration Tester (CEPT)
What you’ll learn
- Writing buffer overflow exploits
- dlmalloc Heap Overflow exploits
- Win32 Heap Overflow exploits
- Linux stack overflow exploits
- Defeating non-exec stacks
- Return-to-libc shellcode
- Function pointer overwrites
- Crafting injectable shellcode
- Defeating non-executable stacks
- Linux LKM rootkits
- Windows kernel rootkits
- Reverse engineering training
- Vulnerability development and discovery
- Attacking and blinding IDSs
- Hiding your attacks from IDSs
- Encrypted covert channels
- Global offset table overwrites
- Windows shellcode
- Integer overflows
- Linux shellcode
- “No listening port” Trojans
- A whole day on breaking through enterprise DMZs
- Reconstructing binaries from sniffed traffic
- Circumventing antivirus
- Bi-directional spoofed communication
- Session fixation
- Advanced SQL injection
- Justifying a penetration test to management and customers
- Defensive techniques
Hands-on activities
- Capture the flag exercises every night!
- Writing a stack buffer overflow
- Porting exploits to metasploit modules
- Find socket shellcode
- Writing shellcode for Linux
- Using Ollydbg for Win32 Exploits
- Using IDA Pro for reversing
- Reconstructing sniffed images
- Reverse engineering Windows PE binaries
- Session hijacking
- Passive network analysis
- Exploitation with a remote GUI
- Sniffing SSL encrypted sessions
- Format string exploits
- Heap overflow exploits
- Windows exploits
- Calculating offsets
- Reversing with SoftIce
- OS determination without touching the target
- SQL injection timing attacks
- Port redirection
- ASP source disclosure attacks
- Call-back backdoors
- Encrypted covert channels
- Remote keyloggers
- PHP/MySQL SQL injection
- Inserting malicious code into unix binaries
Who should attend
- Penetration testers
- Security analysts
- Cybersecurity consultants
- Anyone with a desire to learn penetration testing skills!
Prerequisites
- Firm understanding of the Windows Operating System
- Exposure to the Linux Operating System or other Unix-based OS
- Firm understanding of the TCP/IP protocols
- Exposure to network reconnaissance and associated tools (nmap, nessus, netcat)
- Programming knowledge is NOT required
- Desire to learn about ethical hacking, and get great penetration testing training!
Get training resources sent to your inbox
Uh oh!
Hmm. Something’s not right. Please review your contact information or email us for support at [email protected].
Thanks for subscribing!
Want to dive in right now? Check out Infosec’s free cybersecurity education resource center and blog!
Everything you need to become a certified penetration tester
- Exam Pass Guarantee (live online)
- 100% Satisfaction Guarantee
- Certified Ethical Hacker (CEH) exam voucher
- PenTest+ exam voucher
- Certified Penetration Tester (CPT) exam voucher
- Certified Expert Penetration Tester (CEPT) exam voucher
- 10 days live, expert  security training instruction (live online or in-person)
- Security training boot camp prep courseÂ
- Learn by doing with 100s of additional hands-on courses and labs
- 90-day access to all boot camp video replays and materials
- Knowledge Transfer Guarantee

Exam Pass Guarantee
We guarantee you’ll pass your exam on the first attempt. Learn more.
Pentesting training schedule
Infosec’s 10-day pentesting training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared for your exam — and get certified on your first attempt.
-
Before your boot camp
-
Start learning now. You’ll get immediate access to all the content in Infosec Skills, including an in-depth security training prep course, the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
-
-
During your boot camp
-
Day 1 to Day 5
Testing methodologies
- Security testing methodologies
- The ethical hacking profession
- Planning and scoping an engagement
- Legal and compliance considerations
- Ethical hacking methodologies
- Tools of the trade
- Linux overview
- Passive intelligence gathering
- Abusing DNS
- Abusing SNMP
- Security testing methodologies
Network scanning and service identification
- Understanding TCP packets and structuresPassive network discovery and scanning
- TCP scanning
- Using differences in RFC implementations to your advantage
- Scanning through firewalls
- How to prevent the discovery of your reconnaissance activities
- Using zombies to mask network scanning
- Avoiding IDS/IPS detection
- Proper identification of services
- Vulnerability identification
Exploiting vulnerabilities and social engineering techniques
- Vulnerability life cycles
- Types of vulnerabilities
- Flaws in encryption
- Configuration errors
- Buffer overflows
- Stack overflows
- Vulnerability mapping
- Exploit utilization and delivery methods
- Client side exploits
- Server side exploits
- Password security
- Social engineering techniques
- Attacking physical controls
- Hashing
- Rainbow tables
- Attacking Windows password security
- Weaknesses in Windows authentication protocols
- Rainbow tables
SQL injection and attacks
- Use of Trojans
- Redirecting ports to thwart firewall rules
- Avoiding anti-virus detection
- Lateral movement and persistence
- Use of keyloggers
- IDS operations and avoidance
- Encrypting your communications
- Protocol abuse for covert communications
- Creating custom encryption tunneling applications
- E-shoplifting
- XSS attacks
- Cross site forgery
- Circumventing authentication
- SQL injection discovery and exploitation
- SQL data extraction
Scripts for ethical hacking and mitigation strategies
- Sniffing in different environments
- Attack sniffers
- Man-in-the-middle attacks
- Wireless networking
- Shared key authentication weaknesses
- WEP/WPA/WPA2 cracking
- Anti-forensics
- Log modification/deletion
- Rootkits
- Introduction to scripting
- Common script components
- Writing effective reports
- Providing mitigation recommendations
- CEH exam review
- PenTest+ exam review
Day 6 to Day 10
Introduction to Advanced HackingÂ
Overview of current security
Advanced reconÂ
- Stealth strategies
- Evading IDS/IPS
- Passive network recon
- Idle scanning
- Automated metadata gathering
Blinding IDSs
- Intrusion detection overview
- Intrusion prevention
- Blinding IDSs
- Hiding from IDSs
Vulnerability mapping
- Using nessus
- Manual vulnerability discovery
- Mapping client-side vulnerabilities
x86 assembly for exploit developmentÂ
- Computing fundamentals
- CPU registers
- Memory segments
- Assembly instructions
Finding vulnerabilities with debuggers
- Debuggers
- Hardware vs software breakpoints
- Keygens
- Attacking keygen algorithms
- Protections against these attacks
Reversing win32 applications with IDA
- Windows apps
- Breakpointing on APIs
- Breakpointing on messages
- IDA
- IDA FLIRT
- Other IDA features
Fuzzing/fault injection
- Manual fault injecting
- Advances in fault injection
- Attacking complicated protocols
Memory architecture and stack-based overflows
- Memory segments
- Introduction to stack
- Functions and stack
- Programming
SEH exploits
- Introduction
- Structured exception handling
- Controlling SEH chains
- SEH exploit mitigation techniques
- SEHOP
Return oriented programming
- Operating system protections
- What is ROP?
- Why do we need it?
- How do we go about it?
Writing shellcode
- Introduction
- Null Bytes
Egghunters
- What are egghunters
- Why do we need them
- Notable egghunter code
- How do we go about it
- Bonus content
Restricted character set exploitation
- What is restricted character set exploitation
- Bad characters
- Unicode filtering
- Alphanumeric shellcode
Attacking format strings
- Introduction to format strings
- Using format functions
- Format string vulnerability
- Reading the stack
- Reading arbitrary memory addresses
Payloads
- Payload use
- Bind shell
- Reverse connect
- SysCall proxy
- DLL injection
- Advanced exploitation
Metasploit payloads
- Metasploit meterpreter
- Meterpreter scripts
- Windows adduser payload
- Writing metasploit module
Advanced metasploitÂ
- Metasploit framework
- Labs for programming
More advanced metasploitÂ
- Metasploit framework
- Auxiliary modules
- Post exploitation
Compressors and encryptors
- Background on packers
- Why use a packer
- How a packer works
- Strategies for defeating packers
- Removing the packer with SofIce and ProcDump
- The JMP EIP trick
- Deleting the encryptor code segment
Advanced client side exploits
- Client side vs server side
- Why client side is popular
- The advanced persistent threat
- Anatomy of a client side attack
- Types of defenses
Attacking network-based protocols
- Attacking ARP
- Attacking SSL
- Traffic manipulation
Exploiting web apps
- Web app scanning
- Tools for tracking vulnerabilities
- Manual investigation
Web application hacking
- OWASP top 10
- Eshoplifting
- Deconstructing Java
- Manipulating GETs
- Manipulating POSTs
- Attacking Cookies
SQL injection in MS SQL
- SQL command structure
- Discovering vulnerable apps
- Circumventing authentication
- Attacking availability
- Inserting data
- Retrieving data
- Deleting data
- Local system access
SQL injection in MySQL
- Introduction
- SQL injection in string fields
- Circumventing strings
- Attacking the application
CD & DVD-ROM protections
- Common CD check routines
- Cracking CD checks
- A commercial protection scheme- SafeDisc
- Cracking SafeDisc
-
-
After your boot camp
-
Your Infosec Skills access extends 90 days past your boot camp, so you can take additional time to prepare for your security training exams, get a head start on your next certification goal or start earning CPEs.
-