Metasploit is most commonly known for its epic pwnage of network and service level vulnerabilities. What you may not know is that same epic pwnage can be leveraged exploiting web application vulnerabilities. By leveraging the ability to custom build Metasploit modules or tools using the framework the power of Metasploit is only limited by the imagination of the user. “Into The Worm Hole: Metasploit For Web PenTesting” will build on prior knowledge of Metasploit and help elevate the tester’s skills and abilities by working hands-on building a custom scanner, using Metasploit to exploit Web Vulnerabilities, and learn to use Metasploit for phishing, XSS, and other web application vulnerabilities.
See the full outline (PDF) for additional information.
About the Instructor
Kizz MyAnthia is an InfoSec specialist whose qualifications include an in-depth understanding of security principles and practices; C|EH, MCSE+Security designations; and detailed knowledge of security tools, technologies and development. Seven years of security experience in the creation and deployment of solutions protecting networks, systems and information assets for diverse companies and organizations, with over 10 years overall in the industry.
Title: Into the Worm Hole: Metasploit for Web PenTesting
Outline: PDF
Outline: PDF
Prerequisites: This is an Intermediate level class and attendees should understand what Metasploit is and how to use it. A knowledge of Ruby is extremely beneficial, but some scripting experience or skill (any language) is recommended.
Class Requirements: This class requires all attendees to bring a computer with a functioning installation of Metasploit; a Kali or BT5 VM is recommended, but not required. All commands and lessons will be executed on Kali Linux. If an attendee chooses to use MS Windows MSF Installation or other OS they must know if there may be syntax differences, etc, NO SUPPORT WILL BE OFFERED.
