Penetration Testing and Vulnerability Assessment

Virtual Lab and Online Classroom

The Penetration Testing course utilizes a cloud-based laboratory environment. The virtual lab is accessed through a cloud-service provider, Skytap. In order to complete the labs, please ensure the computer you use for this course can connect to the Skytap lab. To test your connectivity with Skytap, please visit

Additionally, synchronous course lectures are given once a week for a two-hour period through a Webex session. Please plan your schedule accordingly to ensure attendance at the weekly lectures.

Emphasis on Open Source Tools

The focus is on the use of open source tools, especially the Metasploit Framework. Specific tools used in the course include: BackTrack, Nmap, Wireshark, Metasploit, Vistumbler, BurpSuite, Nessus, Cain and Abel, Nikto, Aircrack-ng Suite, John the Ripper, SET (Social Engineer Toolkit)

Penetration Testing I Subject Areas

Topic areas covered in Penetration Testing I include:

  • Introduction to Penetration Testing and Lab Familiarization
  • Intelligence Gathering and Vulnerability Scanning
  • Network Vulnerabilities and Analysis
  • Windows Vulnerabilities
  • Linux Vulnerabilities
  • Exploitation
  • The Meterpreter
  • Client-side Exploits
Penetration Testing II Subject Areas

Topic areas covered in Penetration Testing II include:

  • Defeating Cryptography
  • Social Engineering
  • Wireless Attacks
  • Web Application Attacks
  • Application of Tools
  • Pen Test Simulation I
  • Pen Test Simulation 2
Course Materials

Students will need to purchase their own textbooks for this course. The following textbooks will be used: Metasploit:

  1. The Penetration Tester’s Guide - Kennedy, O'Gorman, Ahroni, Kearns, - No Starch Press; 1 edition (July 22, 2011) - ISBN-10: 159327288X (“Metasploit”)
  2. Managing a Network Vulnerability Assessment – Peltier, Peltier, Blackley – Auerbach – ISBN0-8493-1270-1 (“Managing”)