Post-exploitation, command-and-control and SOCKS proxying with Metasploit Course

Get to grips with post-exploit challenges.

1 hour, 39 minutes

Course description

You've run the exploit.... Now what? Explore the post-exploitation landscape, including using Meterpreter and dealing with command-and-control and SOCKS proxying.

Syllabus

Command-and-control, SOCKS proxies and pivoting with Metasploit

Video - 00:11:00
How to use the powerful Meterpreter payload to establish command-and-control and convert a compromised Windows target into a "dumb pipe/router".
Post-exploitation with Metasploit Meterpreter

Video - 00:51:00
What post-exploitation is, and how the Meterpreter's powerful features can aid penetration testers and ethical hackers in the post-exploitation phases of a penetration test.
Post-exploitation, command-and-control and SOCKS proxying with Metasploit overview

Video - 00:04:00
Using the open-source Metasploit Framework for post-exploitation activities including endpoint enumeration, privilege escalation, and network pivoting/proxying.
Penetration Testing with Metasploit - 4 - Post-Exploitation with the Meterpreter Lab

Lab - 00:30:00
In this lab, students will apply the concepts called 'Post-Exploitation, Command-and-Control, and SOCKS proxying with Metasploit' and perform the following tasks- We will create Windows malware using msfvenom- Host the malware using Metasploit's 'web_delivery' module and pythons 'http.server' module.- Execute the malware on our Windows target to establish a reverse shell- Upgrade our basic reverse shell to the versatile Meterpreter payload- Use process migration to move to a more stable process that isn't likely to be closed by the victim.- Use the Meterpreter to load additional functionality- Investigate privilege escalation opportunities- Harvest credentials via dumping the local Security Account Manager (SAM) to retrieve password representations (hashes)- Capture keystrokes to collect passwords- Take screenshots- Upload and download files- Modify malware metadata to fool investigators- Enabling wdigest- Load the Mimikatz 'kiwi' meterpreter extension and capture credentials- Clear event logs
Pentesting in metasploit course 4 assessment

Assessment - 6 questions

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments
Start a Free Trial

Plans & pricing

Infosec Skills Personal

$299 / year

Buy Now 7-Day Free Trial
  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo

Award-winning training you can trust