As mentioned in my first post Inspiring the Next Generation with INE and the eJPT - Part 1/8 About Bootcamp I am hosting a Hacker Bootcamp this summer for 10 lucky students!
As a reminder, to get started with all of this course material is free (with INE Starter Pass INE | Checkout), and more information about the eJPT certification can be found here eJPT Certification - eLearnSecurity
For a quick summary of what is below please see our high-level schedule:
Here is the detailed schedule so that you can emulate this bootcamp for yourself and see what we will be up to this summer.
Week 1: Setup lab environment, perform Lab 0 Lab 0 - Beginner Series on Prepping for Your 1st INE CyberSec Lab, get familiar with Linux.
-
This week is all about preparing yourself for the rest of the bootcamp, and understanding how to connect to the INE Lab environment.
-
To brush up on Linux, the students will be playing OverTheWire Bandit OverTheWire: Bandit but you could also supplement with TryHackMe’s excellent Linux Fundamentals Course TryHackMe | Linux Fundamentals
Week 2: Getting started in Penetration Testing Prerequisites
In Week 2 of bootcamp we will be using the INE Course material to learn the penetration testing lifecycle, basics about HTTP(S), and how to “Find the Secret Server”. In the “Penetration Testing Prerequisites” section we are skipping the “Web Applications” Section, as we will come back to that in the later lessons when we do more web app pentesting. We are also having our first Guest Speaker who will be having a QnA Session with the students.
Read and Watch the Content from the following sections in Penetration Testing Prerequisities:
- Introduction
- Networking
- Penetration Testing Lifecycle
Perform the following labs:
- HTTP(S) Traffic Sniffing
- Find the Secret Server
- Data Exfiltration
Week 3: Information Gathering/OSINT
Here we are moving on to the “Penetration Testing Basics” section of the Penetration Testing Student course materials. Unfortunately, we don’t have time to hit the “Penetration Testing: Preliminary Skill and Programming” section of the course materials, but if you want to learn that material, feel free!
We are starting Week #3 with the most important part of a penetration test: Info Gathering!
Read and Watch the Content from the following sections in Penetration Testing Basics:
- Information Gathering (this section incorporates alot of useful information for pentesting including OSINT, subdomain enum, and the reasons why info gathering is important)
Perform the Following Labs:
- Subdomain Enumeration
Week 4: Footprinting/Recon/Nmap
In week 4 we will be getting into some more common tools like nmap, masscan, and understanding why we need to port scan. Week 4 will also introduce our second guest speaker for QnA to the bootcamp participants.
Read and Watch the Content from the following sections in Penetration Testing Basics:
-
Footprinting and Scanning
-
Vulnerability Assessment
Perform the following labs:
-
Nmap
-
Nessus
Week 5: Web App Pentesting
In week 5 we will be focusing entirely on web app pentesting, using Burp Suite, and going back to “Penetration Prerequisites” so that we can touch on the basics of Burp Suite and how the web works!
- Read and Watch the Content from the following sections in Penetration Testing Prerequisites:
- Web Applications - this will give students an overview of web apps, how they work and how to use the basics of Burp Suite
Read and Watch the Content from the following sections in Penetration Testing Basics:
- Web Attacks
Perform the following labs:
- Burp Suite Basics (from Penetration Testing Prerequisites)
- Burp Suite (from Penetration Testing Prerequisites)
- Dirbuster (from Penetration Testing Basics)
- Cross Site Scripting (from Penetration Testing Basics)
- SQL Injection (from Penetration Testing Basics)
Week 6: Exploitation
Finally in Week 6 we are getting to true exploitation of network-based targets! Students should now have a great grounding in penetration testing to be able to start popping some shells! Week 6 is also when we will have our 3rd speaker who will do a QnA session with the students.
Read and Watch the Content from the following sections in Penetration Testing Basics:
- System Attacks
- Network Attacks
Perform the following Labs:
- Bruteforce/Password Cracking
- Null Sessions
- ARP Poisoning
- Metasploit
Week 7: Black Box Labs and Career Advice
My intention for week 7 is that it would be a fairly relaxed week for the bootcamp participants so that they can deload the brain before the eJPT exam, re-organize their notes and try their hand at the blackbox labs. Those labs are definitely harder than the exam, but it will give them a good perspective on what is next in penetration testing.
Read and Watch the Content from the following sections in Penetration Testing Basics:
- Next Steps/Career Advice
Perform the following Labs:
- Blackbox 1, 2, and 3
Week 8: Take the eJPT Exam
Finally, we have reached the end of the road and it’s time to take the eJPT exam! Give yourself up to 3 days to take your time on the exam, and pass it with flying colors! In our real bootcamp, we are dedicating Sunday, Monday, Tuesday, and Wednesday for the students to take the exam, and in the last 3 days we will be having mock interviews to help the students improve their resumes, and to improve their interviewing skills.
I hope you enjoyed this blog post and can implement this schedule for yourself to stay disciplined with the Penetration Testing Student course materials, and so that you may consider offering a similar bootcamp for your own students!
Peace,
Aaron