You don’t need to be an expert pen tester to identify security risks or confirm vulnerabilities with the aid of Metasploit Pro. Geared toward security professionals who have little to no Metasploit Pro and penetration testing experience, this two-day interactive class provides the necessary knowledge to jumpstart your use of the product.
For flexible and accessible learning, this course is offered both virtually and on-site at your facility. The virtual class is hosted remotely on a Rapid7 lab and features simulated exercises—including project creation, host discovery, service port and operating system identification, various exploitation methods, evidence collection, and report creation—against a set of target hosts. Customers who participate in on-site trainings will apply their learned skills in hands-on scenarios in their own environment.
All participants will have access to the Metasploit Pro Certified Specialist Exam as part of their training program; go from being the student to the master and leverage the knowledge gained from class to become certified.
Prerequisites
Ideally, attendees should have the following:
Experience with Windows® and Linux Operating Systems
Basic knowledge of network protocols
Basic vulnerability management system knowledge
Knowledge of penetration testing concepts
Course objectives
What You'll Learn
Metasploit Pro
Product overview and key feature descriptions
Navigating the GUI
Intro and demonstration of the web interface (GUI)
Working with projects for penetration testing
Network Scanning
Active scanning
Network/device enumeration
Importing vulnerability scan data from other products
Exploitation Techniques
Gaining access to hosts using targeted exploits, automated exploitation, and brute-force attacks
Maintaining Access and Privilege Escalation
Alternative access techniques and privilege escalation methods, including client-side exploits, local system access, and persistence
Web Application Testing
Using Metasploit’s web application vulnerability scanning and exploitation capabilities
Social Engineering
Utilizing Metasploit Pro to simulate drive-by attacks and spear phishing in order to identify user awareness training gaps
Quick Start Wizards and MetaModules
Intro to built-in wizards (for quick penetration tests, web app testing, and campaigns)
Intro to MetaModules, which simplify testing by automating common, complicated security tests
Reporting
Standard and custom reporting of progress, results, and collected evidence
Data exports for archival or backups
Day 1
The first day of class provides an introduction to Metasploit Pro and focuses on key foundational knowledge upon which you will build throughout the course. Emphasis will be placed on the Metasploit Pro console, project workflow, various modules and payloads, and exploitation techniques. You will gain practical, hands-on experience in the following areas:
Metasploit Pro Introduction
A Discussion of Workflow And Methodology
Navigating the GUI
Metasploit Tasks
Discovering Targets
Importing Scan Data
An Overview of Exploits Modules
Basic Exploitation Techniques
Password Brute Force Exploitation Technique
Pass-The-Hash Exploitation Technique
Pivot Attacks
An Overview of Payload Modules
An Overview of Command Shell/Meterpreter Payloads
Day 2
After mastering the knowledge and skills covered in Day 1, you will cover additional exploitation techniques, identification and exploitation of web application vulnerabilities, social engineering campaigns, and report generation. Day 2 will be comprised of the following:
Post-Exploitation Techniques
Maintaining Access and Privilege Escalation
Web Application Testing/Exploitation
Social Engineering Campaigns
Quick Start Wizards, Task Chains and MetaModules
Reporting