Excitement is mounting as the debut of Penetration Testing with BackTrack (PWB) v3.0 comes closer. We received MANY emails asking us for more information about the new versions of the Videos and Labs. I’ll try to sum up the changes in this blog post. So, what’s *really* new?
Possibly the biggest change in the course. The PWB labs have been completely restructured and have tripled in size. A much more realistic corporate environment has been simulated with four separate vulnerable subnets. Modern OS’s and vulnerability vectors have been added, while still maintaining the basic lab structure from PWB v2.0. We’ve added many “Client simulating” features in the network to make the network come “alive”.Client Side attacks, Cross Site Scripting, uber Tunneling tricks, are all now a necessity in order to get to your goals. If you thought Bob was bad, wait till you meet Niky, Jeff, Joe, Carrie, Kevin, Nina and Sean. Penetration Testing has NEVER been so fun.
In PWB v3.0 we introduce a new format for the student documentation and reporting process. Students connect to our labs as “local attackers” and must compromise victim servers on all the different department networks. The final report (as well as the OSCP challenge report) will now be presented as an official penetration test report. A template for this report is provided together with the course materials.
The PWB videos were re-recorded from scratch, now featuring BackTrack 4. The videos are over 8:30 hours long, with several new modules introduced, and several old ones removed.
What was added (partial list):
- Services – Setting up a FTP server
- Information Gathering – Maltego
- Google Hacking – New examples
- SNMP, SMB information gathering modules refreshed
- Port Scanning – NMAP NSE, PBNJ
- Buffer Overflows – New introduction to Buffer overflows (win32)
- Buffer Overflows – New Linux Buffer Overflow module
- File Transfers – Modules refreshed, new method added.
- Client Side Attacks – Modules updated with new vulnerabilities
- SSH Tunneling – Module *greatly* enhanced, pretty funky stuff.
- Password Attacks – Module refreshed, NTLM, rainbowtable and GPU cracking.
- Web Application Attacks – Whole new module covering XSS, LFI/RFI, SQLi in both PHP/MySQL and MSSQL environments.
What was removed:
- Outdated commands / tools related to BackTrack 3
- Port Scanning – Unicornscan (remains in lab guide)
- Buffer Overflows – Wingate Example (replaced)
- Metasploit – Kernel Payloads
- Metaspoit – db_autopwn
- Client Side Attacks – MS06-001 (oudated, replaced)
- Password attacks – Physical access attacks (remains in lab guide)
- Core Impact Module – (remains in lab guide)
We are honestly excited about this new release, and are eagerly waiting to hear the renewed sounds of torment from our students. What more could we ask for?
Also, a new sample demo of the PWB video has been uploaded on the Offsec website.