CAST 611 - Advanced Penetration Testing | AKTINA IT

CAST 611 - Advanced Penetration Testing

  • Course Overview
  • Course Outline
  • Course Arrangements

 AKTINA is an EC-Council Accredited Training Center (ATC), authorised to offer its official courses and exams.


  •  Information Security Professionals
  •  Penetration Testers
  •  IT Auditors
At Course Completion: 

After completing this course, students will be able to understand:

  • Advanced Scanning method
  • Attacking from the Web
  • Client Side Pen-testing
  • Attacking from the LAN
  • Breaking out of Restricted Environments
  •  Bypassing Network-Based IDS/IPS
  •  Privilege Escalation
  •  Post-Exploitation
  • What it really takes to break into a highly secured organization from the outside
  • Proven methods on how to move around the network without being detected by IDS/IPS
  • Best practices that are applied for mitigating or circumventing common security implementations such as Locked Down desktops, GPOs, IDSs/IPSs/WAFs, among others

Pen-testing “High Security environments” such as government agencies, financial institutions, and other key installations


1. Information gathering and OSINT







•Enumeration of DNS with fierce

•Internet registrars and whois

•Enumeration with the Harvester


•Google Hacking Database


•Cloud Scanning with Shodan



2. Scanning

•Scanning with the Nmap tool

◦Scan for live systems

◦Scan for open ports

◦Identify services


◦Output the scanner results in an XML format for display

•Scanning with autoscan

•Scanning with Netifera

•Scanning with sslscan

•Scanning and Scripting with Hping3

•Building a Target Database


RANGE: Live Target Range Challenge Level One (πρακτικήεξάσκηση)


3. Enumeration

•Enumerating Targets

•Enumerating SNMP

•Using the nmap scripting engine

•Enumerating SMB

•OS Fingerprinting


4. Vulnerability Analysis

•Vulnerability Sites

•Vulnerability Analysis with OpenVAS

•Vulnerability Analysis with Nessus

•Firewalls and Vulnerability Scanners

•Vulnerability Analysis of Web Applications



◦SQL Injection


•Vulnerability Scanning with W3AF

•Vulnerability Scanning with Webshag

•Vulnerability Scanning with Skipfish

•Vulnerability Scanning with Vega

•Vulnerability Scanning with Proxystrike

•Vulnerability Scanning with Owasp-zap

RANGE: Live Target Range Challenge Level Two (πρακτική εξάσκηση)


5. Exploitation

•Exploit Sites

•Manual Exploitation

◦Scanning the target

◦Identifying vulnerabilities

◦Finding exploit for the vulnerability

◦Prepare the exploit

◦Exploit the machine

•Exploitation with Metasploit

◦Scan from within Metsaploit

◦Locate an exploit, and attempt to exploit a machine

•Exploiting with Armitage

◦Scan from within Armitage

◦Managing targets in Armitage

◦Exploiting targets with Armitage

•Exploitation with SET

◦Setup SET

◦Access compromised web site using Java attack vector

◦Gain user-level access to the latest Windows machines

◦Perform privilege escalation

◦Gain system-level access to the latest Windows machines

◦Extract data with scraper

◦Extract data with winenum

◦Analyze the pilfered data

◦Kill the antivirus protection


6. Post Exploitation

•Conduct local assessment

◦Conduct the scanning methodology against the machine

◦Identify vulnerabilities

◦Search for an exploit

◦Compile the exploit

◦Attempt to exploit the machine

◦Migrate the exploit to another process

◦Harvest information from an exploited machine

◦Capture and crack passwords

◦Copy files to and from an exploited machine


RANGE: Live Target Range Challenge Four (πρακτικήεξάσκηση)


7. Data Analysis and Reporting

•Compiling Data in MagicTree

◦Take tool output and store it in a usable form

•Compiling Data in Dradis

◦Storing OpenVAS results

•Developing a Professional Report

◦Identify the components of a report.

Cover Page

Table of Contents

Executive Summary

Host Table

Summary of findings

Detailed Findings



•Reviewing findings and creating report information

◦Conducting systematic analysis

Validation and verification






•Reviewing sample reports

•Creating a custom report


8. Advanced Techniques

•Scanning against defenses




•Exploitation through defenses

◦Source port configuration

•Detecting Load Balancing



•Detecting Web Application Firewalls


•Evading Detection

◦Identifying the threshold of a device

◦Slow and controlled scanning

◦Obfuscated exploitation payloads

•Exploit writing

◦Writing custom exploits

◦Exploit writing references



Practical Phase One

•External penetration testing


Practical Phase two

•External and Internal testing


Practical Phase Three

•Internal testing



Dates and Times: 
Dec 15, 18, 19, 20, 21 at 4:00 - 9:05 p.m.
Duration (Hours): 

AKTINA Training Center
20 Loukis Akritas street, 1st floor
2064 Strovolos
(behind Kykko secondary schools)


Newsletter Subscription

Subscribe with your email address to stay up to date.

Find a Course

Go to top