• To ensure you get the most out of your CIN membership and stay connected with the latest updates, we are asking all members to update their community profiles. Please take a few moments to log in and: • Complete all sections of your profile • Review your current information for accuracy • Enter an alternative email address if desired (CIN requires your valid business email address for your training organization). Keeping your profile up to date helps us better serve you, ensures your account is correctly linked with CompTIA’s CRM, streamlines processes, enhances communication, and guarantees you never miss out on valuable CIN opportunities. Thank you for taking this important step! step!

Penetration testing tools

precious

Well-known member
Apr 22, 2024
999
747
19,876
Lilongwe
I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?
 
I've found that students often struggle with practical applications of pentesting tools. One way I make this easier is by using Kali Linux labs to demonstrate real-world scenarios. For example, I set up a vulnerable machine using Metasploitable and have students practice using Nmap for network discovery and Metasploit for exploitation. I also encourage them to experiment with EvilPDF for embedding payloads into PDFs, which ties in nicely with social engineering topics. Does anyone have tips on simulating phishing attacks for teaching purposes?
my self I also use trytohackme site it is an excellent site and not so expesive
 
All good suggestions above, I'd add Hack the box along with Try hack me and Social Engineering toolkit for more phishing stuff. The GNS3 topology I provided as part of the PenTest+ TTTs allows for hydra and attacks to be run as well and you can even view the logs on the attacked system to teach some red / blue together.
 
  • Like
Reactions: precious
Hi All, Only just joined a bit late to the conversation, I would recommend Cisco Ethical hacker course you get a free VM Kali based with Containers housing other machines, like your DVWA etc, it comes with 34 labs as well and is free for anyone to access https://www.netacad.com/courses/ethical-hacker?courseLang=en-US
Tryhackme is excellent as well
 
Also for exploitable VM's, I came across this
 
  • Like
Reactions: MBA and Jamesz159