Pentesting with Metasploit

March 17, 2014 (at 9:30 a.m.)

This workshop will cover all steps and typical tasks of a penetration test using the Metasploit framework. All steps will be illustrated using different Metasploit functionality — starting with modules gathering information leading to extracting information using several compromised systems in the post-exploitation phase. Everything you learn will be wrapped up by challenge we prepared for you — including several real-world system that have to be hacked. If you want to take a deep dive into Metasploit, this workshop will fit your needs!

Agenda

Introduction to Metasploit
Basic Usage
Information Gathering

Exploitation
Server attacks
Client-Side attacks
Payloads
Meterpreter
Post Exploitation
Wrap-up Challenge

Requirements:

Bring your own laptop (including vmware player, able to run two virtual systems at the same time).
You must be able to install software on the laptop.
You must be able to deactivate Antivirus on the device as some modules of Metasploit will be detected and blocked by it.
Your host system must be able to use both wired and wireless network at the same time.

Florian Grunow

Florian Grunow is a security analyst at ERNW. He holds a Master of Science degree in computer science with a focus on software engineering and medical devices.

Niklaus Schiess

Niklaus Schiess is a Security Analyst at ERNW focussing on application and network security. He has vast experience in assessing complex, large-scale network infrastructures, protocols, and applications. Besides conducting penetration tests for ERNW, he spends quite some time participating in capture the flag hacking contests.

Agenda

Exploitation

Requirements:

Florian Grunow

Niklaus Schiess