PWK: The Ultimate Guide to Penetration Testing with Kali Linux and OSCP in 2020
PWK: All New for 2020 Offensive Security OSCP
If you are interested in penetration testing or ethical hacking, you have probably heard of PWK (Penetration Testing with Kali Linux) and OSCP (Offensive Security Certified Professional). These are the flagship course and certification from Offensive Security, the leading provider of hands-on cybersecurity training. PWK teaches you the skills and techniques of penetration testing using Kali Linux, the most popular operating system for hackers. OSCP tests your ability to apply those skills in a real-world scenario by challenging you to hack into a network of live machines in a safe lab environment.
PWK: All New for 2020 | Offensive Security | OSCP
PWK and OSCP are widely recognized as some of the most comprehensive and rigorous courses and certifications in the industry. They are not for the faint-hearted or the inexperienced. They require a lot of dedication, practice, research, and creativity. They also reward you with a lot of knowledge, confidence, respect, and opportunities. Many employers look for OSCP holders when hiring penetration testers or security analysts.
But as technology evolves, so do the challenges and threats that penetration testers face. That's why Offensive Security has overhauled PWK for 2020. The new version of the course has more than doubled the amount of content and added more lab machines to provide you with even more practice and experience. It also covers new topics such as Active Directory attacks, PowerShell Empire, buffer overflows, etc. It also updates all the existing modules to reflect the latest tools and techniques.
In this article, we will give you an overview of what's new and updated in PWK for 2020. We will also give you some tips and resources to help you prepare for the course and the exam. Whether you are a beginner or an experienced penetration tester, you will find something useful and interesting in this article. So let's get started!
Bash scripting is one of the most essential skills for any penetration tester. Bash is a command-line interpreter that allows you to execute commands and scripts on Linux systems. It is also the default shell for Kali Linux, the operating system that you will use throughout PWK. Bash scripting can help you automate tasks, manipulate data, interact with tools, and exploit vulnerabilities.
While PWK still recommends having some experience with Bash scripting prior to starting the course, it has expanded and separated the Bash scripting module to ensure students get even more time with Bash. The module covers the basics of Bash syntax, variables, operators, loops, functions, etc. It also shows you how to write basic Bash scripts for common tasks such as port scanning, password cracking, file transfer, etc.
Some examples of Bash scripts that you will learn in this module are:
A script that takes a list of IP addresses as input and performs a ping sweep on them.
A script that takes a list of domain names as input and performs DNS enumeration on them.
A script that takes a list of usernames and passwords as input and performs a brute force attack on a web application.
These scripts are not meant to replace the existing tools that perform these tasks, but rather to help you understand how they work and how to customize them for your needs. You will also learn how to use tools like curl, wget, nc, openssl, etc. within your scripts to enhance their functionality.
Introduction to Buffer Overflows
Buffer overflows are one of the most common and dangerous types of vulnerabilities that affect software applications. A buffer overflow occurs when an application tries to store more data than it can fit in a fixed-size memory location (buffer). This can cause the data to overwrite adjacent memory locations, which can lead to unexpected behavior or even code execution.
Buffer overflows are often exploited by hackers to gain control over a vulnerable application or system. By crafting malicious input that triggers a buffer overflow, they can inject their own code into the memory and execute it. This can allow them to bypass security mechanisms, escalate privileges, or create backdoors.
PWK introduces you to the principles behind buffer overflow attacks and how to exploit them. The module covers the basics of the x86 architecture, program memory, and CPU registers. It also shows you how to use tools like gdb, pattern_create, pattern_offset, etc. to analyze and debug buffer overflow vulnerabilities. You will learn how to identify buffer overflows in binary applications using fuzzing techniques. You will also learn how to create shellcode using Metasploit or manually and how to inject it into vulnerable applications using various methods such as return-to-libc, jump-to-esp, etc.
The module provides you with several examples of buffer overflow exploits for Windows and Linux applications. You will also have the opportunity to practice your skills on dedicated lab machines that contain vulnerable applications for you to exploit.
Active Directory Attacks
Active Directory (AD) is a directory service that provides centralized authentication and authorization for Windows-based networks. It stores information about users, computers, groups, policies, etc. in a hierarchical structure called a domain. AD is widely used by organizations to manage their network resources and security.
However, AD can also be a lucrative target for hackers who want to compromise a network or steal sensitive data. By exploiting vulnerabilities or misconfigurations in AD, they can gain access to domain credentials, escalate privileges, move laterally across the network, or even take over the entire domain.
PWK teaches you how to enumerate and attack AD domains using various tools and techniques. The module covers the basics of AD architecture, components, protocols, etc. It also shows you how to perform Kerberos and NTLM attacks, such as Kerberoasting, AS-REP Roasting, Pass-the-Hash, Pass-the-Ticket, etc. You will learn how to use tools like BloodHound, Mimikatz, CrackMapExec, Impacket, etc. to perform these attacks. You will also learn how to perform lateral movements using techniques such as remote code execution (RCE), remote procedure call (RPC), Windows Management Instrumentation (WMI), Server Message Block (SMB), etc.
PowerShell Empire is a post-exploitation framework that leverages the power of PowerShell to execute commands and scripts on remote Windows systems. PowerShell is a scripting language and a command-line shell that is built into Windows and can be used to perform various administrative and security tasks. PowerShell Empire uses PowerShell agents that communicate with a central server using encrypted channels. The agents can run in memory without needing powershell.exe, making them stealthy and hard to detect.
PWK introduces you to PowerShell Empire and how to use it to assist with local privilege escalation and lateral movements. The module covers the basics of PowerShell Empire architecture, installation, and usage. It also shows you how to use PowerShell Empire modules to perform various tasks such as enumeration, persistence, credential dumping, keylogging, etc. You will learn how to use tools like PowerView, PowerUp, PowerSploit, etc. within PowerShell Empire to enhance its functionality.
Penetration testing is not only about knowing the theory and concepts, but also about knowing how to use the right tools for the right tasks. There are many tools available for penetration testing, each with its own features and capabilities. Some tools are general-purpose and can be used for various stages of penetration testing, while others are more specialized and focused on specific tasks or techniques.
PWK teaches you how to use some of the most practical and popular tools for penetration testing. The module covers how to use tools for scanning, enumeration, exploitation, post-exploitation, web application testing, password cracking, etc. It also shows you how to customize and optimize tools for different scenarios and environments.
Some examples of tools that you will learn in this module are:
Nmap: A network scanner that can perform port scanning, service detection, OS fingerprinting, vulnerability scanning, etc.
Metasploit: A framework that can automate various tasks such as exploitation, payload generation, shellcode injection, post-exploitation, etc.
Burp Suite: A web application testing tool that can intercept and modify HTTP requests and responses, perform spidering, fuzzing, scanning, etc.
SQLmap: A tool that can automate the detection and exploitation of SQL injection vulnerabilities in web applications.
Hydra: A tool that can perform brute force attacks on various protocols and services such as FTP, SSH, Telnet, HTTP, etc.
Passive Information Gathering
Passive information gathering, also known as Open Source Intelligence (OSINT), is a technique where no direct contact with the target is made for gathering information. All the information is obtained through public sources such as websites, social media, search engines, etc. Passive information gathering is important because it can reveal a lot of useful information about the target without raising any suspicion or alerting any security mechanisms.
PWK teaches you how to perform passive information gathering using various tools and techniques. The module covers how to gather information from public sources such as domain registrars, DNS servers, web archives, etc. It also shows you how to use tools such as theHarvester, Recon-ng, Shodan, etc. to automate and enhance the information gathering process. You will learn how to find information such as IP addresses, subdomains, email addresses, usernames, open ports, services, vulnerabilities, etc.
Privilege escalation is the act of exploiting a bug, a design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resources that are normally protected from an application or user. Privilege escalation can allow an attacker to perform unauthorized actions such as deleting files, viewing private information, or installing malware. Privilege escalation is a common way for attackers to gain initial access or expand their foothold on a target system or network.
PWK teaches you how to identify and exploit common privilege escalation vectors on Windows and Linux systems. The module covers how to use tools such as LinEnum, WinPEAS, Sherlock, etc. to enumerate system information and find potential vulnerabilities. You will learn how to exploit various types of privilege escalation vulnerabilities such as misconfigured services, weak file permissions, unpatched software, etc. You will also learn how to use tools such as Metasploit, Incognito, PsExec, etc. to leverage your privileges and maintain access.
Client Side Attacks
Client side attacks are attacks that target the user's browser or device rather than the server or application. Client side attacks can exploit vulnerabilities in the browser, plugins, extensions, or web applications that run on the client side. Client side attacks can also use social engineering techniques to trick the user into downloading or executing malicious content.
PWK teaches you how to perform client side attacks using various tools and techniques. The module covers how to create and deliver malicious payloads to target clients using techniques such as phishing, drive-by download, browser helper objects, etc. You will learn how to use tools such as MSFvenom, Veil-Evasion, SET, etc. to generate and obfuscate payloads that can bypass antivirus and firewall detection. You will also learn how to use tools such as Metasploit, BeEF, etc. to interact with and control compromised clients.
Web Application Attacks
Web application attacks are attacks that target web applications or websites that run on the server side. Web application attacks can exploit vulnerabilities in the web application code, logic, or configuration to perform unauthorized actions such as data theft, defacement, or denial of service. Web application attacks can also use social engineering techniques to trick the user into providing sensitive information or credentials.
PWK teaches you how to perform web application attacks using various tools and techniques. The module covers how to identify and exploit common web application vulnerabilities such as SQL injection, cross-site scripting (XSS), path traversal, local file inclusion (LFI), etc. You will learn how to use tools such as SQLmap, XSSer, Nikto, etc. to automate and enhance the web application testing process. You will also learn how to use tools such as Burp Suite, ZAP, etc. to intercept and modify HTTP requests and responses.
Port Redirection and Tunneling
Port redirection and tunneling are techniques that allow you to create and use port redirection and tunneling techniques to bypass network restrictions or access hidden services. Port redirection is the process of forwarding a network port from one network node to another. Tunneling is the process of encapsulating one protocol within another protocol, creating a secure or covert communication channel.
PWK teaches you how to create and use port redirection and tunneling techniques using various tools and methods. The module covers how to use tools such as SSH, Plink, Proxychains, etc. to create and use port redirection and tunneling techniques. You will learn how to use SSH local, remote, and dynamic port forwarding to forward ports between different machines. You will also learn how to use Proxychains to chain multiple proxies and tunnel your traffic through them.
Metasploit Framework is a framework that can automate various tasks such as exploitation, payload generation, shellcode injection, post-exploitation, etc. Metasploit Framework is one of the most popular and powerful tools for penetration testing. It contains a large collection of modules that can be used to test and exploit various vulnerabilities on different platforms and applications.
PWK teaches you how to use Metasploit Framework effectively and efficiently. The module covers how to use Metasploit modules for scanning, enumeration, exploitation, post-exploitation, etc. It also shows you how to create custom Metasploit modules and payloads using Ruby and Assembly languages. You will learn how to use tools such as msfconsole, msfvenom, msfdb, etc. to interact with Metasploit Framework.
Conclusion and FAQs
PWK is a comprehensive and challenging course that teaches you the skills and techniques of penetration testing using Kali Linux. It covers a wide range of topics such as Bash scripting, buffer overflows, Active Directory attacks, PowerShell Empire, web application attacks, port redirection and tunneling, Metasploit Framework, etc. It also prepares you for the OSCP exam, which tests your ability to apply your knowledge and skills in a real-world scenario.
By completing PWK and OSCP, you will gain a lot of knowledge, confidence, respect, and opportunities in the field of cybersecurity. You will also join a community of passionate and supportive professionals who share your interest and enthusiasm for hacking. Whether you are a beginner or an experienced penetration tester, PWK and OSCP will challenge you and help you grow as a hacker.
Here are some frequently asked questions about PWK and OSCP:
How long does it take to complete PWK and OSCP?
There is no definitive answer to this question, as it depends on your prior knowledge, experience, learning pace, and availability. However, most students take between 3 to 6 months to complete the course and pass the exam.
How much does it cost to enroll in PWK and OSCP?
The cost of enrollment varies depending on the duration of lab access that you choose. The minimum duration is 30 days, which costs $999 USD. The maximum duration is 90 days, which costs $1349 USD. The exam fee is included in the enrollment fee.
What are the prerequisites for PWK and OSCP?
PWK and OSCP do not have any formal prerequisites, but they do require a solid understanding of basic networking concepts, Linux commands, and scripting languages. They also require a lot of dedication, practice, research, and creativity. You can find more information about the recommended skills and knowledge here.
What are the benefits of PWK and OSCP?
PWK and OSCP are widely recognized as some of the most comprehensive and rigorous courses and certifications in the industry. They provide you with practical skills and experience that can help you advance your career as a penetration tester or security analyst. They also demonstrate your passion and commitment to learning and improving yourself as a hacker.
Where can I find more information about PWK and OSCP?
You can find more information about PWK and OSCP on the official website of Offensive Security. You can also check out their blog, YouTube channel, Twitter account, etc. for updates and tips. You can also join their forums or Slack channel to interact with other students and instructors.