Penetration Testing with Kali Linux OffSec

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
24 
2.2.4
Applied Module Exercises 
Here we start to slowly increase the amount of uncertainty. Instead of the learner needing to copy 
exactly
the same steps, the learner now must apply their skills in novel but limited scenarios. 
For example, the previously mentioned Learning Unit on Microsoft Office contains a second 
machine that is slightly modified from the first. The learner needs to use the same type of 
techniques, but the modifications on the second machine will require that the learner adapt to the 
new situation. 
This kind of exercise helps the learner reinforce what they learned in the demonstration, and also 
gives them the opportunity to think outside of the box. 
2.2.5
Capstone Module Exercises 
While demonstration and application exercises are constrained to specific Learning Units, 
Capstone Exercises have a wider scope. In particular they encompass the entire Module. This 
increases the amount of uncertainty present, because the learner may not know which 
techniques or concepts from the module are specifically required to complete the exercise. 
In addition to a Learning Unit on exploiting Microsoft Office, the Client Side Attacks Module also 
contains Learning Units on reconnaissance, and another on Windows Library files. So a capstone 
exercise for this Module might include a directive to attack a specific machine with one of the 
client-side attacks, but it won’t necessarily be clear which one to use without exploration of the 
machine. 
The purpose of Capstone exercises is to provide ample opportunities to actually hack machines 
from beginning to end, but still under relatively constrained parameters. In particular, the learner 
knows the kind of attacks to use, and they know which machines to use them on. 
2.2.6
Assembling the Pieces 
There are 22 Modules in PWK (aside from this introduction and the final module) and for each of 
them the learner will go through the process of: 
1.
Reading and watching the Module and preferably following along 
2.
Completing the Demonstration exercises by copying the input 
3.
Working through the Application exercises by using specific techniques 
4.
Attacking machines from start to finish via the Capstone Exercises 
At this point, learners will be just about ready for the Challenge Labs. The Assembling the Pieces 
Module represents a bridge between the Modules and the Labs. It provides a full walkthrough of a 
small penetration test and allows the learner to follow along with all demonstrated steps. In a 
sense, this Module is the equivalent of a demonstration exercise for the entire set of Challenge 
Labs. 
2.2.7
Challenge Labs 1-3 
There are two types of Challenge Labs. The first three are called 
scenarios
. Each scenario 
consists of a set of networked machines and a short background story that puts those machines 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
25 
in context. Your goal is to obtain access to a Domain Administrator account on an Active 
Directory domain, and compromise as many machines on the network as possible. 
In the same way that Capstone Exercises test the learner on the material of multiple Learning 
Units, so too do these scenarios test the learner on the material of multiple Learning Modules. 
The uncertainty here is high, because you will not know which machines are vulnerable to what 
types of attacks. In addition, each of the three Challenge Labs progressively increase in 
complexity due to additional machines, subnetworks, and attack vectors. 
Further, you will not know that any 

Yüklə

Dostları ilə paylaş: