Offensive unit – Lead pentester (5 days)

Understand the different phases of an intrusion test. Know how to accompany and supervise a technical profile involved in the test. Centralise the information collected and the communication methods. Carry out a detailed analysis of the situation and be able to present a report in a non-technical manner to a management committee

Day 1 morning 

❏ Section 1 – Current context 

❏ Recent statistics 

❏ Terminology 

❏ Principles of information security 

❏ The different phases of an attack 

❏ Definition of a penetration test 

❏ Legal and regulatory aspects of penetration testing 

testing 

❏ Methods and framework for a penetration test 

❏ Section 2 – Framing and objectives 

❏ Identification of objectives 

❏ Definition of the scope 

❏ Tutorials/ ESD Academy pentest framework 

 ❏ Practical Work 1/ Pre-engagement questionnaire 

Day 1 aftermoon 

❏ Resource management and allocation 

❏ Monitoring of test objectives 

❏ Rules of engagement (RoE) 

❏ Practical Work 2/ Drafting of a pre-commitment 

contract 

❏ Section 3 : Preparing your penetration test 

❏ Setting a machine for penetration testing

Automation and scripting 

❏ Known hardware tools

❏ Tutorials/ Rubber Ducky 

❏ Templating de documents 

❏ Tutorials/ Intrusion test monitoring 

❏ Section 4 – Information gathering 

 ❏ Engineering of public sources (OSINT) 

❏Passive and active collection of information on 

the target organisation 

                          ❏ Tutorials/ Présentation des outils d’OSINT 

 ❏ Practical Work 3/ Statement of information &. 

Recognition

Day 2 morning 

❏ Section 5 – Enumeration of infrastructure 

❏ Enumeration of scope 

❏ Escape on secure infrastructure 

❏ Enumeration of protocols 

                       ❏ Tutorials/ Presentation of enumeration tools 

                            ❏ Practical Work 4/ Enumeration of infrastructure 

❏ Section 6 – Vulnerability analysis 

❏ Vulnerability scanning 

❏ Presentation of the different tools

❏ Tutorials/ Presentation OpenVAS 

❏ Known vulnerabilities 

❏ Practical Work 5/ Identification of vulnerabilities 

❏ Section 7 – Exploitation 

❏ Search for Exploits 

Day 2 morning

❏ Presentation of attack tools/frameworks  

❏ Tutorials/ Presentation metasploit 

❏ Deployment and execution of loads 

❏ Practical Work 6/ Exploitation of vulnerabilities 

❏ Passive and active listening of infrastructures 

❏ Bruteforcing 

 

❏ Section 8 – Post-Exploitation 

           ❏ Deactivation of traceability elements 

❏ Elevation of privileges (Methods, tools,

linux vulnerabilities, …)

❏ Study of persistence (ADS, registry, 

task scheduler, services) 

❏ Lateral movements and pivoting

Clearing of traces 

❏ Practical Work 7/ Post-Exploitation and Lateral Movement 

❏ Practical Work 8 (BONUS)/ Exploitation et analyse des données interceptées 

Day 3 morning

❏ Section 9 – Wi-Fi security 

❏ Introduction 

❏ The 802.11 standards 

❏ Security protocols & algorithms 

(WEP/WPS/WPA) 

❏ Methods and attacks on wireless networks 

❏ Tutorials 1/ Presentation of the aircrack-ng suite 

      ❏ Detailed study of the WPA2 (Four Way 

                         Handshake) 

❏ Tutorials 2/ Intrusion Wi-Fi (WPA2) 

❏ Practical Work 1/ Intrusion WI-FI 

❏ Countermeasures and security (WIDS/802.1x) 

❏ Section 10 – Web application security 

❏ Overview of web security 

❏ AppSec references 

❏ Client/server, AJAX, DOM 

❏ HPractical Workractical Work(S) protocol 

❏ The burpsuite tool 

❏ Tutorials 2 / Opening on Burp suite 

Day 3 afternoon

❏ OWASP Top 10 2017 

❏ Injections (SQL, LDAP, code, etc) 

❏ Tutorials/ Manual and automated SQL injection 

❏ Practical Work1/ Injection 

Day 4 morning

❏ Weak authentication 

           ❏ Tutorials/ Bruteforce via burp continued 

❏ Exposure of sensitive datas 

         ❏ Tutorials/ Exposure of sensitive data 

❏ XXE/XPATH 

❏ Tutorials/ XXE 

❏ Weak access controls 

❏ Tutorials/ IDOR / LFI / RFI / CSRF / VERB 

Tampering / SSRF 

❏ Incorrect security configuration

Tutorials / SSRF vulnerability

 Cross-Site Scripting-XSS (Stored/Reflected/DOM 

Based) 

❏ Tutorials / defacing with XSS 

Day  4 afternoon 

❏ Insecure deserialization 

❏ Tutorials / elevation of privilege via serialized cookie 

❏ Vulnerable components 

❏ Tutorials / vulnerability scanning (WPScan, Nikto, Openvas, 

NMAP) and offensive framework (Metasploit) 

Day 5 morning & afternoon 

❏ Section 11 – Analysis and report 

❏ Study and analysis of results 

❏ Putting the results into perspective 

❏ Report writing 

❏ Restitution of deliverables exploitable by a CODIR 

❏ Recommendations, action plan and follow-up 

❏ Practical work: Carrying out a complete intrusion test 

Report