rootsh3ll Labs is an online, gamified cybersecurity platform that helps professionals acquire and improve their penetration testing skills by providing real-world vulnerable environment within browser.
Our goal with rootsh3ll Labs Pentesting Professional program is to take you from an absolute beginner to a vulnerability assessment and penetration testing expert, by practice and performance.
After completing all the labs you’ll gain proficiency in vulnerability assessment and exploiting loopholes in computer systems.
By the end of the Pentesting Pro course, you’ll be in a good position to configure secure applications and networks, crack C|EH, OSCP and work as a security consultant.
There are no written tests or fill-in-the-blanks homework. You’ll be solving multiple challenges per lab every week as practical homework.
Security professionals are more in demand than ever; whether you’re looking to move up as a security researcher or make a switch to the security field, you will get your money’s worth.
That’s it. The labs are served through browser as a kali-linux instance. You just need to login to the dashboard, start a lab and play.
What to expect
You will be finding bugs on day one. You can expect 2-4 hours of coursework in the week following each class. Your success in this course is only dependent upon completing the assigned lab, due to the depth and breadth covered.
If you start to get in the weeds or just have some questions, our support team will be available to help you out and get you back on track. You’ll also have access to private forums for students, and Since I am not a super-busy person you can expect prompt responses from me as well, via email/chat.
- Basic understanding of Linux Command line
- Basic TCP/IP knowledge
- A Laptop/Desktop
- Your favourite browser
What to expect
As mentioned before, you will be finding bugs on day one. You can expect 4-8 hours of learning time in a week. Your success is highly dependent upon completing the assigned labs in a timely fashion, due to the depth and breadth covered.
If you start to get in the weeds or just have some questions, we’ll be available to help you out and get you back on track. You’ll also have access to private forums for students, and you can expect prompt responses from us via email/chat too.
Excited enough? Let me show you the content we will cover in the course
Table of Contents
Penetration testing tools and techniques
We start with an introduction to the basic yet most common penetration testing tools. Each lab would give you a brief introduction about the tool and a hint to get started with the lab. That’ll help you in having a strong foothold on the fundamentals of pentesting tools and techniques.
Moving towards the end of this module you’ll learn more about techniques using basic linux utilities which proves to be highly useful during pentesting engagements.
- Nmap essentials
- Netcat essentials
- Intro to Metasploit
- Brute-forcing tools
- Text searching and manipulation
Network Penetration Testing
You’ll learn how to perform detailed reconnaissance on the target network infrastructure, adjacent subnets and perform exploitation on the vulnerable nodes.
Our hands-on labs will equip you to scan target networks using best-of-breed tools. Lab will come preinstalled with the tools required to complete a lab. You’ll dive deep into post-exploitation, password attacks, and web apps, pivoting through the target machine to the adjacent subnet. Majority of attacks simulate real-world bad guys to emphasize the importance of defense in depth.
- Live network traffic analysis
- Network vulnerability assessment
- SSH attacks
- MySQL, nginx, apache vulnerability exploitation
- Router hacking
- LAN hacking
- Infrastructure pentesting
- Port pivoting
- Private-hosted web app exploitation
Web Application Penetration Testing
This module will cover OWASP Top 10 vulnerability labs followed by additional labs on most common web vulnerabilities as mentioned below.
After the OWASP top 10 is covered, all the labs will focus on CVE vulnerabilities exploitable my Metasploit.
- SQL injection
- Xss attacks
- LFI/RFI vulnerabilities
- RCE code based vulnerabilities
- Vulnerable WordPress
- Metasploit for web vulnerability
Wireless Penetration Testing
As an attacker, Breaking the WLAN Authentication is one thing and actually getting some useful information out of the network is another. Which leads us to exploit into the network and fetching information out of it. There are numerous ways to achieve that. We’ll focus on the most effective ones. The ones which, hopefully, will stay longer and work for the next few years at least.
- Monitor mode basics
- Intro to aircrack suite
- WPA2 network exploitation
- Hacking remote wifi
- Bypassing SSID cloaking
- Advanced network pentesting
- WPA3 Reconnaissance
Exploitation with metasploit
- Metasploit essentials
- Meterpreter basics
- Exploiting top-most CVE based vulnerabilities
- Post exploitation
- Meterpreter pivoting
- Privilege escalation
Who should attend
- General security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers and architects
What you’ll learn
- Conduct detailed reconnaissance on networks, web applications and wireless environments using available information sources and build a technical and organisational understanding of the target environment
- Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments
- Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
- Analyze the output of scanning tools to manually verify findings and perform false positive reduction
- Utilise the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
- Configure the Metasploit exploitation tool to scan, exploit, and then pivot through a target environment in-depth
- Conduct comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional password cracking, rainbow table password cracking, and pass-the-hash attacks
We are offering 2 packages to choose from
1. Pentest Pro Essentials – $129
2. Pentest Pro Complete – $149
With Pentest pro essentials you get complete access to the platform for 6 months (4 months course + 2 months full access)
With Pentest Pro Complete you get Pentest Pro essentials + solutions to each lab.
A Solution will be served in PDF format. It covers the supporting theory from a beginner’s perspective, tools used in the lab, working of the attack and step-by-step walkthrough.
Choose what works best for you (pre-order discount applied).
The prices will go up at the time of course launch. You can pre-order today to avail best of the price.
Frequently Asked Questions
Who are you and why are you doing this?
I’m Harry, co-founder of rootsh3ll Labs, and a wireless security consultant, practitioner and a Security Analyst with nearly 6 years of experience in the field.
The reason I’m doing this is that I absolutely love the security industry and having more people in the field makes it more exciting and makes the world a better place. Whether you stay in software development or become a security consultant, you will be making software safer and more secure for all of us.
When will the course begin?
We will start rolling the first lab on April 20th. Post 20th of April you can expect regular labs every week for the total duration of 3 months. Every month you’ll be completing one module, acc. to your pace.
How are the labs served?
Labs are accessible from your browser via rootsh3ll Labs platform. Labs are on-demand and privately hosted for you.
You can test the preview labs on https://labs.rootsh3ll.com
In addition to this, you’ll receive an outline of what the class covered and anything else that may help you along with your coursework.
What do I get for completing the course?
You will receive a unique certificate upon successful completion of the course — cryptographically signed, of course!
I have a question that isn’t covered. How can I get in touch?
Ask in the comments below or feel free to shoot me an email at firstname.lastname@example.org with any questions you may have. We look forward to speaking with you!