rootsh3ll Labs is an online, gamified cybersecurity platform that helps professionals acquire and improve their penetration testing skills by providing real-world vulnerable environment within browser.
Our goal with rootsh3ll Labs Pentesting Professional program is to take you from an absolute beginner to a vulnerability assessment and penetration testing expert, by practice and performance.
After completing all the labs you’ll gain proficiency in vulnerability assessment and exploiting loopholes in computer systems.
By the end of the Pentesting Pro course, you’ll be in a good position to configure secure applications and networks, crack C|EH, OSCP and work as a security consultant.
There are no written tests or fill-in-the-blanks homework. You’ll be solving multiple challenges per lab.
Security professionals are more in demand than ever; whether you’re looking to move up as a security researcher or make a switch to the security field, you will get your money’s worth.
That’s it. The labs are served through browser as a kali-linux instance. You just need to login to the dashboard, start a lab and play.
What to expect
You will be finding bugs on day one. Your success in this course is only dependent upon completing the assigned lab, due to the depth and breadth covered.
If you start to get in the weeds or just have some questions, our support team will be available to help you out and get you back on track. You’ll also have access to private forums for students, and Since I am not a super-busy person you can expect prompt responses from me as well, via email/chat.
- Basic understanding of Linux Command line
- Basic TCP/IP knowledge
- A Laptop/Desktop
- Your favourite browser
Excited enough? Let me show you the content we will cover in the course
Table of Contents
- Target audience
- Skills acquired
- Frequently Asked Questions
Penetration testing tools and techniques
We start with an introduction to the basic yet most common penetration testing tools. Each lab would give you a brief introduction about the tool and a hint to get started with the lab. That’ll help you in having a strong foothold on the fundamentals of pentesting tools and techniques.
Moving towards the end of this module you’ll learn more about techniques using basic linux utilities which proves to be highly useful during pentesting engagements.
- Nmap essentials
- Netcat essentials 101
- Netcat essentials – File Transfer
- Intro to Metasploit
- Brute-forcing tools
- Text searching and manipulation
- Tcpdump Essentials
Network Penetration Testing
You’ll learn how to perform detailed reconnaissance on the target network infrastructure, adjacent subnets and perform exploitation on the vulnerable nodes.
Our hands-on labs will equip you to scan target networks using best-of-breed tools. Lab will come preinstalled with the tools required to complete a lab. You’ll dive deep into post-exploitation, password attacks, and web apps, pivoting through the target machine to the adjacent subnet. Majority of attacks simulate real-world bad guys to emphasize the importance of defense in depth.
- Network Reconnaissance
- Live Network Traffic Analysis
- Network Vulnerability Assessment
- Exploiting SSH Servers
- MySQL Vulnerability Exploitation
- Nginx Insecure Configuration – File Traversal
- Apache File Upload Vulnerability
- NetCat Tunneling Released
- Private-hosted Server Exploitation
Wireless Network Penetration Testing
As an attacker, Breaking the WLAN Authentication is one thing and actually getting some useful information out of the network is another. Which leads us to exploit into the network and fetching information out of it. There are numerous ways to achieve that. We’ll focus on the most effective ones. The ones which, hopefully, will stay longer and work for the next few years at least.
- Monitor Mode Basics
- Capture WEP Network’s Password
- WPA2-Personal Cracking
- WPA2 Network Exploitation
- Advanced Network Exploitation
- WPA3 Reconnaissance
- Hacking Remote WiFi
- Preferred Network List Attacks
Web Application Penetration Testing
This module will cover OWASP Top 10 vulnerability labs followed by additional labs on most common web vulnerabilities as mentioned below.
After the OWASP top 10 is covered, all the labs will focus on CVE vulnerabilities exploitable my Metasploit.
- SQL Injection Attack – Basic
- XSS Attacks
- LFI Vulnerabilities
- RFI Vulnerabilities
- RCE-based Vulnerability
- WordPress Exploitation
Exploitation with metasploit
- Metasploit Essentials
- Meterpreter Basics
- Post Exploitation Attacks
- Meterpreter based Pivoting
- Local Privilege escalation
- Remote Privilege escalation
Who should join
- General security practitioners
- Penetration testers
- Ethical hackers
- Web application developers
- Website designers and architects
What you’ll learn
- Conduct detailed reconnaissance on networks, web applications and wireless environments using available information sources and build a technical and organisational understanding of the target environment
- Utilize the Nmap scanning tool to conduct comprehensive network sweeps, port scans, Operating System fingerprinting, and version scanning to develop a map of target environments
- Choose and properly execute Nmap Scripting Engine scripts to extract detailed information from target systems
- Analyze the output of scanning tools to manually verify findings and perform false positive reduction
- Utilise the Windows and Linux command lines to plunder target systems for vital information that can further overall penetration test progress, establish pivots for deeper compromise, and help determine business risks
- Configure the Metasploit exploitation tool to scan, exploit, and then pivot through a target environment in-depth
- Conduct comprehensive password attacks against an environment, including automated password guessing (while avoiding account lockout), traditional password cracking, rainbow table password cracking, and pass-the-hash attacks
We are offering 2 packages to choose from
1. Penetration Testing Professional Essentials – $129
2. Penetration Testing Professional Complete – $149
In case you are being forced to pay VAT on the payment page, please reach out to us on email@example.com and we’ll get that resolved with you.
With Penetration Testing Professional Essentials you get 4 months of platform access
With Penetration Testing Professional Complete you get 4 months of platform access + Solution/Walkthrough (.PDF)
A Solution will be served in PDF format. It covers the supporting theory from a beginner’s perspective, tools used in the lab, working of the attack and step-by-step walkthrough.
Choose what works best for you.
Frequently Asked Questions
Who are you and why are you doing this?
I’m Hardeep Singh, co-founder of rootsh3ll Labs, and a wireless security consultant with nearly 6 years of experience in the field.
The reason I’m doing this is that I absolutely love the security industry and having more people in the field makes it more exciting and makes the world a better place. Whether you stay in software development or become a security consultant, you will be making software safer and more secure for all of us.
How are the labs served?
Labs are accessible from your browser via rootsh3ll Labs platform. Labs are on-demand and privately hosted for you.
You can test the preview labs on https://labs.rootsh3ll.com
In addition to this, you’ll receive an outline of what the class covered and anything else that may help you along with your coursework.
What do I get for completing the course?
You will receive a unique certificate upon successful completion of the course — cryptographically signed, of course!
I have a question that isn’t covered. How can I get in touch?
Ask in the comments below or feel free to shoot me an email at firstname.lastname@example.org with any questions you may have. We look forward to speaking with you!