Metasploit is one of the major tools used by security researchers and security administrators when it comes to testing security or verifying the operation of intrusion detection/prevention systems. It is also used by penetration testers when trying to circumvent defences and to insert payloads into compromised systems. Everyone dealing with the implementation of security measures is well advised to learn how Metasploit works, how it can be extended and how it can be used to its full potential. Point and click is a nice theory, but when it comes to information security you probably want to know what you are really doing. We therefore invite you to take a look at this workshop held at DeepSec 2012:
In the Penetration Testing with Metasploit training you will learn hands on skills that come in to play on real pentests. The class focuses on using Metasploit and supporting tools in each phase of penetration testing. Students will study multiple ways of exploiting both Windows and GNU/Linux systems from both a network and application perspective. Jumping off of basic topics we will cover advanced pentesting skills such as social engineering and client side attacks. We will study the basics of exploit development, fuzzing and developing an exploit for a vulnerable application from scratch, and then porting the exploit into a working Metasploit module. This class is ideal for anyone who wants to brush up on the skills that work on real pentests as well as seasoned pentesters who would like to add the Metasploit Framework to their arsenal.
The training is conducted by Georgia Weidman. She is a penetration tester, security researcher, and trainer. Georgia holds a Master of Science degree in computer science, secure software engineering, and information security as well as holding CISSP, CEH, NIST 4011, and OSCP certifications. Her work in the field of smartphone exploitation has been featured in print and on television internationally.