Mastering Metasploit (CS8504)

This course is a guide to penetration testing using Metasploit and covers its complete development. It will help you clearly understand the creation process of various exploits and modules and develop approaches to writing custom functionalities into the Metasploit framework.

This course covers a number of techniques and methodologies that will help you learn and master the Metasploit framework.

You will also explore approaches to carrying out advanced penetration testing in highly secured environments, and a hands-on approach will help you understand everything you need to know about Metasploit.

Attend our Cybersecurity courses at our training center in Belgrade, live online (virtual classroom) or on-site (private training).
Special pricing can be applied upon registration (multiple participants from your company, government sector, nonprofit organizations, etc.) – contact us to learn more.

Public class

Training duration: 
3 days / 21 hours

Private class

On-site / Online
Minimum no. of participants: 3
3 days / 21 hours
Price on request
Serbian or English
Training plan: 

Module 1: Approaching a Penetration Test Using Metasploit

  • Setting up the environment
  • Mounting the environment
  • Conducting a penetration test with Metasploit
  • The dominance of Metasploit
  • Summary

Module 2: Reinventing Metasploit

  • Ruby – the heart of Metasploit
  • Developing custom modules
  • Breakthrough meterpreter scripting
  • Working with RailGun
  • Summary

Module 3: The Exploit Formulation Process

  • The elemental assembly primer
  • The joy of fuzzing
  • Building up the exploit base
  • Finalizing the exploit
  • The fundamentals of a structured exception handler
  • Summary

Module 4: Porting Exploits

  • Porting a Perl-based exploit
  • Porting a Python-based exploit
  • Porting a web-based exploit
  • Summary

Module 5: Offstage Access to Testing Services

  • The fundamentals of SCADA
  • SCADA torn apart
  • Securing SCADA
  • Database exploitation
  • VOIP exploitation
  • Post-exploitation on Apple iDevices
  • Summary

Module 6: Virtual Test Grounds and Staging

  • Performing a white box penetration test
  • Generating manual reports
  • Performing a black box penetration test
  • Summary

Module 7: Sophisticated Client-side Attacks

  • Exploiting browsers
  • File format-based exploitation
  • Compromising XAMPP servers
  • Compromising the clients of a website
  • Bypassing AV detections
  • Conjunction with DNS spoofing
  • Attacking Linux with malicious packages
  • Summary

Module 8: The Social Engineering Toolkit

  • Explaining the fundamentals of the social engineering toolkit
  • Attacking with SET
  • Providing additional features and further readings
  • Summary

Module 9: Speeding Up Penetration Testing

  • Introducing automated tools
  • Fast Track MS SQL attack vectors
  • Automated exploitation in Metasploit
  • Fake updates with the DNS-spoofing attack
  • Summary

Module 10: Visualizing with Armitage

  • The fundamentals of Armitage
  • Scanning networks and host management
  • Exploitation with Armitage
  • Post-exploitation with Armitage
  • Attacking on the client side with Armitage
  • Scripting Armitage
  • Summary
  • Further reading
  • One year access to the class recording
  • Access to the lab environment during the training
  • Course material accessible in electronic format
  • Certificate of attendance