Penetration Testing with Metasploit (Metasploit資安攻防實務)

1. Teaching Goal: This course will prepare students to face everyday cyberattacks by simulating real-world scenarios. Complete with step-by-step explanations of essential concepts and practical examples, this course will help you gain insights into programming Metasploit modules and carrying out exploitation, as well as building and porting various kinds of exploits in Metasploit. By giving you the ability to perform tests on different services, including databases, IoT, and mobile, this course will help you get to grips with real-world, sophisticated scenarios where performing penetration tests is a challenge. You'll then learn a variety of methods and techniques to evade security controls deployed at a target's endpoint. As you advance, you'll script automated attacks using CORTANA and Armitage to aid penetration testing by developing virtual bots and discover how you can add custom functionalities in Armitage. Following real-world case studies, this book will take you on a journey through client-side attacks using Metasploit and various scripts built on the Metasploit 5.0 framework.
2. Textbook: Nipun Jaswal, "Mastering Metasploit", 4th Edition, Packt Publishing, June 2020.
3. References:
   1. David Kennedy,Jim O’Gorman, Devon Kearns,Mati Aharoni, " Metasploit: The Penetration Tester's Guide", No Starch Press © 2011. (332 pages)
   2. OccupyTheWeb, "Linux Basics for Hackers: Getting Started with Networking, Scripting, and Security in Kali", No Starch Press © 2019. (248 pages)
   3. Gus Khawaja, "Kali Linux Penetration Testing Bible", Wiley-VCH © 2021. (512 pages)
4. Grading Criteria:
   1. Oral Presentation (30%)
   2. Exams (20%)
   3. Participation (10%)
   4. Term Project (40%)

Syllabus

1. Introduction
2. Approaching a Penetration Test Using Metasploit
3. Reinventing Metasploit
4. The Exploit Formulation Process
5. Porting Exploits
6. Testing Services with Metasploit
7. Virtual Test Grounds and Staging
8. Rehearsal (for midterm)
9. Midterm Exam
10. Client-Side Exploitation
11. Metasploit Extended
12. Evasion with Metasploit
13. Metasploit for Secret Agents
14. Visualizing Metasploit
15. Tips and Tricks
16. Final Exam
17. Term Project Presentation (1)
18. Term Project Presentation (2)

Hands-On

1. NCHC CDX 雲端資安攻防平台
2. CDX 3.0 新功能使用教學
   技術支援聯絡窗口：cdx_support@narlabs.org.tw
3. CDX_雲端資安攻防平台 教學影片
4. 雲林科技大學 《網路攻防技術》
   • 《模組 4 資訊安全弱點基本概念》
   • 《模組 5 自動化弱點發現技術》
   • 《模組 6 系統通行碼破解》
   • 《模組 8 弱點利用平台》
   • 《模組 9 Windows-based 弱點利用》
   • 《模組 10 Windows Network 弱點利用》
5. rootme 、hack the box 、hackthesite