Bu məzmun hələ Azərbaycanca dilində mövcud deyil — başqa mövcud dildə göstərilir. Mövcuddur: EN
Network Security & Ethical Hacking
Penetration Testing & Ethical Hacking (PEN-200 / OSCP)
Pentest (PEN-200 / OSCP) is a 4-month hands-on cybersecurity training program focused on penetration testing and ethical hacking. Participants learn Linux and Windows privilege escalation, web application security testing, network pivoting, Active Directory exploitation, and OSCP-style attack techniques through practical labs and real-world scenarios. The program prepares learners for the OffSec OSCP certification and professional penetration testing roles.
Kurs haqqında
Penetration Testing (PEN-200 / OSCP) is an advanced cybersecurity training program designed to develop practical ethical hacking and penetration testing skills. Participants learn how to identify vulnerabilities, exploit systems, perform privilege escalation, assess web applications, and secure Active Directory environments through hands-on labs and real-world attack scenarios. The program prepares learners for the OffSec OSCP certification and careers in offensive security and penetration testing.
Nə öyrənəcəksən
- Upon successful completion of this program, participants will be able to:
- Conduct reconnaissance and enumeration using industry-standard tools and techniques.
- Identify and exploit common vulnerabilities in Linux, Windows, and web applications.
- Perform privilege escalation on Linux and Windows systems.
- Use tunneling and pivoting techniques to access internal networks.
- Assess and exploit Active Directory environments.
- Apply penetration testing methodologies in real-world scenarios.
- Document findings and create professional penetration testing reports.
- Prepare for the OffSec OSCP (PEN-200) certification exam with confidence.
İlkin tələblər
- To get the most out of this program, participants should have:
- Basic knowledge of computer networks and operating systems.
- Familiarity with Linux and Windows environments.
- Understanding of fundamental cybersecurity concepts.
- Basic command-line experience (Linux/Windows).
- Strong problem-solving and analytical skills.
Təlim proqramı
- 1 SearchSploit, Exploit-DB, GitHub-dan exploit tapmaq. Python/Bash exploit uyğunlaşdırma. Reverse shell növləri. Shell stabilization (pty, stty).
- 1 LinPEAS ilə enum. sudo -l + GTFOBins. SUID binaries. Cron job abuse. Insecure file permissions.
- 1 Capabilities, NFS misconfig, kernel exploit axtarışı. Credential harvesting (history, config faylları). John + Hashcat, zip2john, ssh2john (raport Target No1-2 əsaslı).
- 1 WinPEAS ilə enum. Service binary hijacking, unquoted service paths, DLL hijacking. icacls, sc qc, accesschk.
- 1 Token impersonation (SeImpersonatePrivilege). PrintSpoofer / GodPotato. Scheduled tasks, registry autoruns. Credential harvesting (SAM, Sticky Notes). xp_cmdshell → PrintSpoofer zənciri (raport Target No4).
- 1 SSH -L (local), -R (remote), -D (dynamic/SOCKS5). Proxychains konfiqurasiyası. socat relay. Daxili şəbəkəyə çatmaq niyə lazımdır.
- 1 Chisel reverse SOCKS5 tunnel (raport Target No4 tam axışı). netsh portproxy, plink.exe. Fayl transfer metodları: certutil, Python HTTP server, SMB share.
- 1 HTTP/HTTPS — request/response, metodlar, status kodlar. Burp Suite: Intercept, Repeater, Intruder. gobuster ilə directory/file enum. Veb servis fingerprinting.
- 1 SQL əsasları, manual aşkarlama. UNION-based, Error-based, Blind (time-based). MSSQL xp_cmdshell ilə OS command execution (raport Target No4). SQLmap OSCP-də qadağandır — hər şey Burp Repeater ilə manual.
- 1 File upload bypass (Content-Type, extension). PHP webshell. LFI — /etc/passwd, log poisoning ilə RCE. Command injection operatorları (;, &&, |, backtick).
- 1 WordPress plugin zəifliyi (gobuster + CVE). Default credentials. zip2john + exiftool + credential spray (raport Target No2 tam axışı). Veb shell → stable shell → privesc vektoru.
- 1 AD strukturu (Domain, DC, OU, GPO, Trust). NTLM + Kerberos axışı. net / PowerView ilə manual enum (user, group, SPN, share). BloodHound giriş.
- 1 Kerberoasting: SPN→TGS→hashcat (-m 13100). AS-REP Roasting: pre-auth disabled→hash. Pass-the-Hash: impacket-psexec / evil-winrm. BloodHound attack path analizi.
- 1 psexec, wmiexec, smbexec, evil-winrm. CrackMapExec ilə credential spray. secretsdump: SAM, LSA, NTDS dump. Domain Admin ilə DC-yə psexec (raport Target No5 tam axışı).
- 1 OSCP formatı: 3 standalone (60pt) + AD set (40pt). Zaman strategiyası. Stuck olduqda nə etmək. Bonus bal (+10pt lab report). Mock imtahan: AD set + 2 standalone.
- 1 Kali Linux quraşdırma, VPN, lab mühiti. Nmap flagları (-p-, -A, -sV, NSE). SMB enum (enum4linux, smbclient).