Provided by

Enquire about this course

About the course

Duration:5 Days


Tech type:PerformancePlus


Price from:£5,300 ex VAT 

Special Notices
QA is proud to be the UK official partner with Offensive Security.

Penetration Testing with Kali Linux (PWK) is the foundational course at Offensive Security, new live training dates in the UK for 2020.

Overview Prerequisites Course Topics Course Outline Related Courses
Penetration Testing with Kali (PWK) is a pen testing course, updated in Feb 2020, designed for network administrators and security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This unique penetration testing training course introduces students to the latest ethical hacking tools and techniques, including remote, virtual penetration testing labs for practicing the course materials. Penetration Testing with Kali Linux simulates a full penetration test from start to finish, by injecting the student into a target-rich, diverse, and vulnerable network environment.

Please note, there is an optional 24 hour lab based certification exam available to delegates who have sat this course. This exam leads to the Offensive Security Certified Professional (OSCP) certification and must be booked directly with Offensive Security.

What’s New for 2020


  • Modules
  • Active Directory Attacks
  • PowerShell Empire
  • Introduction to Buffer Overflows
  • Bash Scripting
  • Labs: 3 dedicated student virtual machines (Windows 10 client, Active Directory domain controller, Debian client), more shared lab machines
  • New target network to facilitate a hands-on walkthrough demonstrating a complete penetration testing exercise
  • Extra mile exercises


All existing modules were updated, most notably:

  • Passive Information Gathering
  • Win32 Buffer Overflows
  • Privilege Escalation
  • Client-Side Attacks
  • Web Application Attacks
  • Port Redirection and tunnelling
  • The Metasploit Framework
  • Updates to existing machines’ OS and attack vectors

Penetration Testing with Kali Linux is a foundational course, but still requires students to have certain knowledge prior to attending the online class. A solid understanding of TCP/IP, networking, and reasonable Linux skills are required. Familiarity with Bash scripting along with basic Perl or Python is considered a plus.

Penetration Testing with Kali Linux: General Course Information
Getting Comfortable with Kali Linux
Command Line Fun
Practical Tools
Bash Scripting
Passive Information Gathering
Active Information Gathering
Vulnerability Scanning
Web Application Attacks
Introduction to Buffer Overflows
Windows Buffer Overflows
Linux Buffer Overflows
Client-Side Attacks
Locating Public Exploits
Fixing Exploits
File Transfers
Antivirus Evasion
Privilege Escalation
Password Attacks
Port Redirection and Tunnelling
Active Directory Attacks
The Metasploit Framework
PowerShell Empire
Assembling the Pieces: Penetration Test Breakdown
Trying Harder: The Labs
Available course

1 Penetration Testing with Kali Linux: General Course Information

About The PWK Course
Overall Strategies for Approaching the Course
Obtaining Support
About Penetration Testing
The and Sandbox.local Domains
About the PWK VPN Labs
About the OSCP Exam
Wrapping Up
2 Getting Comfortable with Kali Linux

2.1 Booting Up Kali Linux
2.2 The Kali Menu
2.3 Kali Documentation
2.4 Finding Your Way Around Kali
2.5 Managing Kali Linux Services
2.6 Searching, Installing, and Removing Tools
2.7 Wrapping Up
3 Command Line Fun

3.1 The Bash Environment
3.2 Piping and Redirection
3.3 Text Searching and Manipulation
3.4 Editing Files from the Command Line
3.5 Comparing Files
3.6 Managing Processes
3.7 File and Command Monitoring
3.8 Downloading Files
3.9 Customizing the Bash Environment
3.10 Wrapping Up
4 Practical Tools

4.1 Netcat
4.2 Socat
4.3 PowerShell and Powercat
4.4 Wireshark
4.5 Tcpdump
4.6 Wrapping Up
5 Bash Scripting

5.1 Intro to Bash Scripting
5.3 If, Else, Elif Statements
5.4 Boolean Logical Operations
5.5 Loops
5.6 Functions
5.7 Practical Examples
5.8 Wrapping Up
6 Passive Information Gathering

6.1 Taking Notes
6.2 Website Recon
6.3 Who is Enumeration
6.4 Google Hacking
6.5 Netcraft
6.6 Recon-ng
6.7 Open-Source Code
6.8 Shodan
6.9 Security Headers Scanner
6.10 SSL Server Test
6.11 Pastebin
6.12 User Information Gathering
6.13 Social Media Tools
6.14 Stack Overflow
6.15 Information Gathering Frameworks
6.16 Wrapping Up
7 Active Information Gathering

7.1 DNS Enumeration
7.2 Port Scanning
7.3 SMB Enumeration
7.4 NFS Enumeration
7.5 SMTP Enumeration
7.6 SNMP Enumeration
7.7 Wrapping Up
8 Vulnerability Scanning

8.1 Vulnerability Scanning Overview and Considerations
8.2 Vulnerability Scanning with Nessus
8.3 Vulnerability Scanning with Nmap
8.4 Wrapping Up
9 Web Application Attacks

9.1 Web Application Assessment Methodology
9.2 Web Application Enumeration
9.3 Web Application Assessment Tools
9.4 Exploiting Web-based Vulnerabilities
9.5 Extra Miles
9.6 Wrapping Up
10 Introduction to Buffer Overflows

10.1 Introduction to the x Architecture
10.2 Buffer Overflow Walkthrough
10.3 Wrapping Up
11 Windows Buffer Overflows

11.1 Discovering the Vulnerability
11.2 Win Buffer Overflow Exploitation
11.3 Wrapping Up
12 Linux Buffer Overflows

12.1 About DEP, ASLR, and Canaries
12.2 Replicating the Crash
12.3 Controlling EIP
12.4 Locating Space for Our Shellcode
12.5 Checking for Bad Characters
12.6 Finding a Return Address
12.7 Getting a Shell
12.8 Wrapping Up
13 Client-Side Attacks

13.1 Know Your Target
13.2 Leveraging HTML Applications
13.3 Exploiting Microsoft Office
13.4 Wrapping Up
14 Locating Public Exploits

14.1 A Word of Caution
14.2 Searching for Exploits
14.3 Putting It All Together
14.4 Wrapping Up
15 Fixing Exploits

15.1 Fixing Memory Corruption Exploits
15.2 Fixing Web Exploits
15.3 Wrapping Up
16 File Transfers

16.1 Considerations and Preparations
16.2 Transferring Files with Windows Hosts
16.3 Wrapping Up
17 Antivirus Evasion

17.1 What is Antivirus Software
17.2 Methods of Detecting Malicious Code
17.3 Bypassing Antivirus Detection
17.4 Wrapping Up
18 Privilege Escalation

18.1 Information Gathering
18.2 Windows Privilege Escalation Examples
18.3 Linux Privilege Escalation Examples
18.4 Wrapping Up
19 Password Attacks

19.1 Wordlists
19.2 Brute Force Wordlists
19.3 Common Network Service Attack Methods
19.4 Leveraging Password Hashes
19.5 Wrapping Up
20 Port Redirection and tunnelling

20.1 Port Forwarding
20.2 SSH tunnelling
20.3 PLINK.exe
20.4 NETSH
20.5 HTTP Tunnelling Through Deep Packet Inspection
20.6 Wrapping Up
21 Active Directory Attacks

21.1 Active Directory Theory
21.2 Active Directory Enumeration
21.3 Active Directory Authentication
21.3.5 Low and Slow Password Guessing
21.4 Active Directory Lateral Movement
21.5 Active Directory Persistence
21.6 Wrapping Up
22 The Metasploit Framework

22.1 Metasploit User Interfaces and Setup
22.2 Exploit Modules
22.3 Metasploit Payloads
22.4 Building Our Own MSF Module
22.5 Post-Exploitation with Metasploit
22.6 Metasploit Automation
22.7 Wrapping Up
23 PowerShell Empire

23.1 Installation, Setup, and Usage
23.2 PowerShell Modules
23.3 Switching Between Empire and Metasploit
23.4 Wrapping Up
24 Assembling the Pieces: Penetration Test Breakdown

24.1 Public Network Enumeration
24.2 Targeting the Web Application
24.3 Targeting the Database
24.4 Deeper Enumeration of the Web Application Server
24.5 Targeting the Database Again
24.6 Targeting Poultry
24.7 Internal Network Enumeration
24.8 Targeting the Jenkins Server
24.9 Targeting the Domain Controller
24.10 Wrapping Up
25 Trying Harder: The Labs

25.1 Real Life Simulations
25.2 Machine Dependencies
25.3 Cloned Lab Machines
25.4 Unlocking Networks
25.5 Routing
25.6 Machine Ordering & Attack Vectors
25.7 Firewall / Routers / NAT
25.8 Passwords


There are currently no new dates advertised for this course

Related article

Read the latest edition of Cyber Pulse: Law enforcement takes down global cybercrime VPN services Safe-Inet; European Medicines Agency Covid-19