External Penetration Testing
About Course
External Penetration Testing
Description
This course introduces students or security professionals to the External Penetration Testing concepts associated with black box pentesting. We encourage you to take this course if you are a complete beginner in Advance External Penetration Testing world. This course uses a custom-developed vulnerable External Penetration Testing to demonstrate how, web vulnerabilities can be identified and exploited. This course teaches you how to identify a variety of Advance web vulnerabilities lies in the Server-side, Client-side.
Introduction
– What is External Penetration Testing
– Phases of External Penetration Testing
– Checklist to perform External Penetration Testing
Dealing with a Client
1. Create a ROE for client
2. Complete the Signing Process
3. Be available for kick off meetings
Information Gathering / Recon / OSINT
– Collect all Internal IP’s
– Do Port Scanning
– Collect Employees Information through Open Source
– Collect Employees Email Addresses
– Look For Password Leaks on GitHub
– Look For Sensitive Information in Activity / Commit history
– Look into Stack Trace error or Leaks Any Server Information
– Look For Lower Versions of Server or Whatever technology they use to find CVE’s
– Fuzz the Parameters or Perform Directory Brute Forcing to Find Sensitive Information
– Use Google Dorks to Find Secrets like AWS Bucket or Azure AD
– Collect JWT Tokens, Email Addresses , IP Addresses , User’s Unsubscribe Tokens and many more through Wayback Urls
Exploitation
– Perform Vulnerability Scanning
– Look for gaining access of admin panels
– Check for Weak Password Policy
– Try to gain Internal access through Open Ports
– Try to enumerate accounts on login, signup, password reset functions etc.
– Perform Brute force attacks on login portals
– Look For Security Misconfigurations like : Clickjacking, SPF/DMARC, CORS and many more..
Write Professional Reports
– Write about your company
– Give a brief description about when you started the project and when you ended.
– Create a Index of report
-. Make a severity chart with beautiful colours
– Start the report writing with sequence & priority wise
– Follow the steps to write a report
Benefits
- Get ISO Certified Certification
- Get Advance Bug Bounty Hunter Badge ( ID CARD )
- Live Targets to hunt
Trainer
Mayank Gandhi
Course Content
Introduction to External Penetration Testing
-
Join WhatsApp Group
00:00