Now, let’s dive into the details. We also answer questions for those students who have already purchased PWK at the end.

What’s new in PWK for 2020

Modules

Bash Scripting: While we still recommend having some experience prior to starting the course, we’ve expanded and separated the Bash scripting portion of the Getting Comfortable with Kali Linux module to ensure students get even more time with Bash.

Introduction to Buffer Overflows: This module contains detailed explanation of the principles behind buffer overflow attacks and introduces the student to the x86 architecture, program memory, and CPU registers.

Active Directory Attacks: Learn Kerberos and NTLM attacks, and lateral movements.

PowerShell Empire: This module introduces students to PowerShell Empire and the use of its modules to assist with local privilege escalation and lateral movements.

Other

Dedicated lab machines: You’ll be provided with three dedicated lab machines for the exercises (Windows 10 client, Windows 2016 Active Directory, Debian client).

Labs: New machines are available, increasing the total number to over 70. Moreover, almost all the previous targets have been updated with new operating systems and exploitation vectors. The shared networks now also contain Active Directory with different configurations.

Walkthrough: The previous version of PWK has a theoretical network to demonstrate a full penetration testing scenario. In the update, we’ve developed a hands-on mini-network in which the student will be able to reproduce the steps provided with a book and video walk-through.

Extra exercises: Get more practice with the new exercises under Extra Miles.

What’s updated for 2020

As noted above, the entire course has been updated. The most notable updates are included below.

Modules

Practical Tools: Added PowerShell and PowerCat.

Passive Information Gathering: We cover more OSINT, as well as using Shodan and Pastebin.

Privilege Escalation: We added content on local information gathering techniques, enumerating firewall rules, as well as bypassing UAC and several privilege escalation examples on Windows and Linux.

Client Side Attacks: Learn more about HTA attacks, Microsoft Word macros, object linking and DDE embedding.

Web Application Attacks: A deeper dive on traditional web attack vectors, including exploiting admin consoles, XSS, directory traversal vulnerabilities, SQL injections and more.

Password Attacks: Expanded material for online, offline and in-memory based password attacks.

Port Redirection and Tunneling: New and expanded exercises on tunneling, pivoting, and port redirection. Students will now be able to practice these techniques using their three dedicated virtual machines, before applying their new-found knowledge in the shared labs.

Metasploit: Increased coverage on the Metasploit framework. Covering auxiliary modules, exploits, payloads, scanners, meterpreter, post-exploitation, automation, and more!

Other

Labs: Targets have been updated, so if you need more practice on fresh exercises, we recommend giving these a try.

Download the Syllabus