Penetration Testing with Kali Linux (PWK) Training in Republic of the Philippines

  • Learn via: Classroom / Virtual Classroom / Online
  • Duration: 5 Days
  • Price: Please contact for booking options
We can host this training at your preferred location. Contact us!

Penetration Testing with Kali (PWK) is a pen testing course designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment.

Please note, there is an optional 24 hour lab based certification exam available to delegates who have sat this course. This exam leads to the Offensive Security Certified Professional (OSCP) certification and must be booked directly with Offensive Security.

Penetration Testing with Kali Linux is a foundational course, but still requires students to have certain knowledge prior to attending the online class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.

  • Penetration Testing with Kali Linux
  • Penetration Testing: What You Should Know
  • Getting Comfortable with Kali Linux
  • The Essential Tools
  • Passive Information Gathering
  • Active Information Gathering
  • Vulnerability Scanning
  • Buffer Overflows
  • Win32 Buffer Overflow Exploitation
  • Linux Buffer Overflow Exploitation
  • Working with Exploits
  • File Transfers
  • Privilege Escalation
  • Client Side Attacks
  • Web Application Attacks
  • Password Attacks
  • Port Redirection and Tunneling
  • The Metasploit Framework
  • Bypassing Antivirus Software
  • Assembling the Pieces: Penetration Test Breakdown

0 Penetration Testing: What You Should Know

  • 0.1 About Kali Linux
  • 0.2 About Penetration Testing
  • 0.3 Legal
  • 0.4 The megacorpone.com Domain
  • 0.5 Offensive Security Labs
  • 0.5.1 VPN Labs Overview
  • 0.5.2 Lab Control Panel
  • 0.5.3 Reporting 


1. Getting Comfortable with Kali Linux

  • 1.1 Finding Your Way around Kali
  • 1.1.1 Booting Up Kali Linux
  • 1.1.2 The Kali Menu
  • 1.1.3 Find, Locate, and Which
  • 1.1.4 Exercises
  • 1.2 Managing Kali Linux Services
  • 1.2.1 Default root Password
  • 1.2.2 SSH Service
  • 1.2.3 HTTP Service
  • 1.2.4 Exercises
  • 1.3 The Bash Environment
  • 1.4 Intro to Bash Scripting
  • 1.4.1 Practical Bash Usage – Example 1
  • 1.4.2 Practical Bash Usage – Example 2
  • 1.4.3 Exercises


2. The Essential Tools

  • 2.1 Netcat
  • 2.1.1 Connecting to a TCP/UDP Port
  • 2.1.2 Listening on a TCP/UDP Port
  • 2.1.3 Transferring Files with Netcat
  • 2.1.4 Remote Administration with Netcat
  • 2.1.5 Exercises
  • 2.2 Ncat
  • 2.2.1 Exercises
  • 2.3 Wireshark
  • 2.3.1 Wireshark Basics
  • 2.3.2 Making Sense of Network Dumps
  • 2.3.3 Capture and Display Filters
  • 2.3.4 Following TCP Streams
  • 2.3.5 Exercises
  • 2.4 Tcpdump
  • 2.4.1 Filtering Traffic
  • 2.4.2 Advanced Header Filtering
  • 2.4.3 Exercises


3. Passive Information Gathering

  • 3.1 Open Web Information Gathering
  • 3.1.1 Google
  • 3.1.2 Google Hacking
  • 3.1.3 Exercises
  • 3.2 Email Harvesting
  • 3.2.1 Exercise
  • 3.3 Additional Resources
  • 3.3.1 Netcraft
  • 3.3.2 Whois Enumeration
  • 3.3.3 Exercise
  • 3.4 Recon-­‐ng


4. Active Information Gathering

  • 4.1 DNS
  • 4.1.1 Interacting with a DNS Server
  • 4.1.2 Automating Lookups
  • 4.1.3 Forward Lookup Brute Force
  • 4.1.4 Reverse Lookup Brute Force
  • 4.1.5 DNS Zone Transfers
  • 4.1.6 Relevant Tools in Kali Linux
  • 4.1.7 Exercises
  • 4.2 Port Scanning
  • 4.2.1 TCP CONNECT / SYN Scanning
  • 4.2.2 UDP Scanning
  • 4.2.3 Common Port Scanning Pitfalls
  • 4.2.4 Port Scanning with Nmap
  • 4.2.5 OS Fingerprinting
  • 4.2.6 Banner Grabbing/Service Enumeration
  • 4.2.7 Nmap Scripting Engine (NSE)
  • 4.2.8 Exercises
  • 4.3 SMB Enumeration
  • 4.3.1 Scanning for the NetBIOS Service
  • 4.3.2 Null Session Enumeration
  • 4.3.3 Nmap SMB NSE Scripts
  • 4.3.4 Exercises
  • 4.4 SMTP Enumeration
  • 4.4.1 Exercise
  • 4.5 SNMP Enumeration
  • 4.5.1 MIB Tree
  • 4.5.2 Scanning for SNMP
  • 4.5.3 Windows SNMP Enumeration Example
  • 4.5.4 Exercises


5. Vulnerability Scanning

  • 5.1 Vulnerability Scanning with Nmap
  • 5.2 The OpenVAS Vulnerability Scanner
  • 5.2.1 OpenVAS Initial Setup
  • 5.2.2 Exercises


6. Buffer Overflows

  • 6.1 Fuzzing
  • 6.1.1 Vulnerability History
  • 6.1.2 DEP and ASLR
  • 6.1.3 Interacting with the POP3 Protocol
  • 6.1.4 Exercises


7. Win32 Buffer Overflow Exploitation

  • 7.1 Replicating the Crash
  • 7.2 Controlling EIP
  • 7.2.1 Binary Tree Analysis
  • 7.2.2 Sending a Unique String
  • 7.2.3 Exercises
  • 7.3 Locating Space for Your Shellcode
  • 7.4 Checking for Bad Characters
  • 7.4.1 Exercises
  • 7.5 Redirecting the Execution Flow
  • 7.5.1 Finding A Return Address
  • 7.5.2 Exercises
  • 7.6 Generating Shellcode with Metasploit
  • 7.7 Getting a Shell
  • 7.7.1 Exercises
  • 7.8 Improving the Exploit
  • 7.8.1 Exercises


8. Linux Buffer Overflow Exploitation

  • 8.1 Setting up the Environment
  • 8.2 Crashing Crossfire
  • 8.2.1 Exercise
  • 8.3 Controlling EIP
  • 8.4 Finding Space for Our Shellcode
  • 8.5 Improving Exploit Reliability
  • 8.6 Discovering Bad Characters
  • 8.6.1 Exercises
  • 8.7 Finding a Return Address
  • 8.8 Getting a Shell
  • 8.8.1 Exercise


9. Working with Exploits

  • 9.1 Searching for Exploits
  • 9.1.1 Finding Exploits in Kali Linux
  • 9.1.2 Finding Exploits on the Web
  • 9.2 Customizing and Fixing Exploits
  • 9.2.1 Setting Up a Development Environment
  • 9.2.2 Dealing with Various Exploit Code Languages
  • 9.2.3 Exercises


10. File Transfers

  • 10.1 Anti-Virus Software
  • 10.2 File Transfer Methods
  • 10.2.1 The Non-­‐Interactive Shell
  • 10.2.2 Uploading Files
  • 10.2.3 Exercises


11. Privilege Escalation

  • 11.1 Privilege Escalation Exploits
  • 11.1.1 Local Privilege Escalation Exploit in Linux Example
  • 11.1.2 Local Privilege Escalation Exploit in Windows Example
  • 11.2 Configuration Issues
  • 11.2.1 Incorrect File and Service Permissions
  • 11.2.2 Think like a Network Administrator
  • 11.2.3 Exercises


12. Client Side Attacks

  • 12.1 Know Your Target
  • 12.1.1 Passive Client Information Gathering
  • 12.1.2 Active Client Information Gathering
  • 12.1.3 Social Engineering and Client Side Attacks
  • 12.1.4 Exercises
  • 12.2 MS12‐037 Internet Explorer 8
  • 12.2.1 Setting up the Client Side Exploit
  • 12.2.2 Swapping Out the Shellcode
  • 12.2.3 Exercises
  • 12.3 Java Signed Applet Attack
  • 12.3.1 Exercises


13. Web Application Attacks

  • 13.1 Essential Iceweasel Add-­‐ons
  • 13.2 Cross Site Scripting (XSS)
  • 13.2.1 Browser Redirection and IFRAME Injection
  • 13.2.2 Stealing Cookies and Session Information
  • 13.2.3Exercises
  • 13.3 File Inclusion Vulnerabilities
  • 13.3.1 Local File Inclusion
  • 13.3.2 Remote File Inclusion
  • 13.4 MySQL SQL Injection
  • 13.4.1 Authentication Bypass
  • 13.4.2 Enumerating the Database
  • 13.4.3 Column Number Enumeration
  • 13.4.4 Understanding the Layout of the Output
  • 13.4.5 Extracting Data from the Database
  • 13.4.6 Leveraging SQL Injection for Code Execution
  • 13.5 Web Application Proxies
  • 13.5.1 Exercises
  • 13.6 Automated SQL Injection Tools
  • 13.6.1 Exercises


14. Password Attacks

  • 14.1 Preparing for Brute Force
  • 14.1.1 Dictionary Files
  • 14.1.2 Key-space Brute Force
  • 14.1.3 Pwdump and Fgdump
  • 14.1.4 Windows Credential Editor (WCE)
  • 14.1.5 Exercises
  • 14.1.6 Password Profiling
  • 14.1.7 Password Mutating
  • 14.2 Online Password Attacks
  • 14.2.1 Hydra, Medusa, and Ncrack
  • 14.2.2 Choosing the Right Protocol: Speed vs. Reward
  • 14.2.3 Exercises
  • 14.3 Password Hash Attacks
  • 14.3.1 Password Hashes
  • 14.3.2 Password Cracking
  • 14.3.3 John the Ripper
  • 14.3.4 Rainbow Tables
  • 14.3.5 Passing the Hash in Windows
  • 14.3.6 Exercises


15. Port Redirection and Tunneling

  • 15.1 Port Forwarding/Redirection
  • 15.2 SSH Tunneling
  • 15.2.1 Local Port Forwarding
  • 15.2.2 Remote Port Forwarding
  • 15.2.3 Dynamic Port Forwarding
  • 15.3 Proxychains
  • 15.4 HTTP Tunneling
  • 15.5 Traffic Encapsulation
  • 15.5.1 Exercises


16. The Metasploit Framework

  • 16.1 Metasploit User Interfaces
  • 16.2 Setting up Metasploit Framework on Kali
  • 16.3 Exploring the Metasploit Framework
  • 16.4 Auxiliary Modules
  • 16.4.1 Getting Familiar with MSF Syntax
  • 16.4.2 Metasploit Database Access
  • 16.4.3 Exercises
  • 16.5 Exploit Modules
  • 16.5.1 Exercises
  • 16.6 Metasploit Payloads
  • 16.6.1 Staged vs Non-­‐Staged Payloads
  • 16.6.2 Meterpreter Payloads
  • 16.6.3 Experimenting with Meterpreter
  • 16.6.4 Executable Payloads
  • 16.6.5 Reverse HTTPS Meterpreter
  • 16.6.6 Metasploit Exploit Multi Handler
  • 16.6.7 Revisiting Client Side Attacks
  • 16.6.8 Exercises
  • 16.7 Building Your Own MSF Module
  • 16.7.1 Exercise
  • 16.8 Post Exploitation with Metasploit
  • 16.8.1 Meterpreter Post Exploitation Features
  • 16.8.2 Post Exploitation Modules
  • B10B7B11B12


17.Bypassing Antivirus Software

  • 17.1 Encoding Payloads with Metasploit
  • 17.2 Crypting Known Malware with Software Protectors
  • 17.3 Using Custom/Uncommon Tools and Payloads
  • 17.4 Exercise


18. Assembling the Pieces: Penetration Test Breakdown

  • 18.1 Phase 0 – Scenario Description
  • 18.2 Phase 1 – Information Gathering
  • 18.3 Phase 2 – Vulnerability Identification and Prioritization
  • 18.3.1 Password Cracking
  • 18.4 Phase 3 – Research and Development
  • 18.5 Phase 4 – Exploitation
  • 18.5.1 Linux Local Privilege Escalation
  • 18.6 Phase 5 – Post-­‐Exploitation
  • 18.6.1 Expanding Influence
  • 18.6.2 Client Side Attack against Internal Network
  • 18.6.3 Privilege Escalation Through AD Misconfigurations
  • 18.6.4 Port Tunneling
  • 18.6.5 SSH Tunneling with HTTP Encapsulation
  • 18.6.6 Looking for High Value Targets
  • 18.6.7 Domain Privilege Escalation
  • 18.6.8 Going for the Kill


Contact us for more detail about our trainings and for all other enquiries!

Upcoming Trainings

Join our public courses in our Republic of the Philippines facilities. Private class trainings will be organized at the location of your preference, according to your schedule.

06 January 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
06 January 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
02 February 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
02 February 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
02 March 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
15 March 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
02 March 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
15 March 2025 (5 Days)
Quezon City, Manila, Davao City
Classroom / Virtual Classroom
Penetration Testing with Kali Linux (PWK) Training Course in Philippines

The Philippines, officially the Republic of the Philippines, is an island country of Southeast Asia. The island country is located in the western Pacific Ocean, and consists of approximately 7.640 islands. And those islands are categorized under three main geographical divisions: Mindanao, Luzon and Visayas. Manila is the capital city of the Philippines and the resort island in the Western Visayas region, Boracay is one of the most popular vacation spots.

The climate of the Philippines is tropical and monsoonal. From May to October, rain-bearing winds blow from the southwest while drier winds come from the northeast from November to February. That's why the best time to visit the Philippines is during the dry season between November and April.

Discover a wealth of IT courses tailored to your needs, encompassing programming, software development, business skills, data science, cybersecurity, cloud computing and virtualization. Let our experienced instructors guide you through hands-on training and offer valuable insights at any location of your preference within Philippines.
By using this website you agree to let us use cookies. For further information about our use of cookies, check out our Cookie Policy.