Blog
Mar 11, 2010
PWB v3.0 – Offensive Security Online Training at its Best
Our flagship course, Penetration Testing with BackTrack is about to go to v3.0
3 min read
PWB v.3.0
Excitement is mounting as the debut of Penetration Testing with BackTrack (PWB) v3.0 comes closer. We received MANY emails asking us for more information about the new versions of the Videos and Labs. I’ll try to sum up the changes in this blog post. So, what’s *really* new?
Online Labs
Possibly the biggest change in the course. The PWB labs have been completely restructured and have tripled in size. A much more realistic corporate environment has been simulated with four separate vulnerable subnets. Modern OS’s and vulnerability vectors have been added, while still maintaining the basic lab structure from PWB v2.0. We’ve added many “Client simulating” features in the network to make the network come “alive”.Client Side attacks, Cross Site Scripting, uber Tunneling tricks, are all now a necessity in order to get to your goals. If you thought Bob was bad, wait till you meet Niky, Jeff, Joe, Carrie, Kevin, Nina and Sean. Penetration Testing has NEVER been so fun.
Reporting
In PWB v3.0 we introduce a new format for the student documentation and reporting process. Students connect to our labs as “local attackers” and must compromise victim servers on all the different department networks. The final report (as well as the OSCP challenge report) will now be presented as an official penetration test report. A template for this report is provided together with the course materials.
Courseware
The PWB videos were re-recorded from scratch, now featuring BackTrack 4. The videos are over 8:30 hours long, with several new modules introduced, and several old ones removed.
What was added (partial list):
- Services – Setting up a FTP server
- Information Gathering – Maltego
- Google Hacking – New examples
- SNMP, SMB information gathering modules refreshed
- Port Scanning – NMAP NSE, PBNJ
- Buffer Overflows – New introduction to Buffer overflows (win32)
- Buffer Overflows – New Linux Buffer Overflow module
- File Transfers – Modules refreshed, new method added.
- Client Side Attacks – Modules updated with new vulnerabilities
- SSH Tunneling – Module *greatly* enhanced, pretty funky stuff.
- Password Attacks – Module refreshed, NTLM, rainbowtable and GPU cracking.
- Web Application Attacks – Whole new module covering XSS, LFI/RFI, SQLi in both PHP/MySQL and MSSQL environments.
What was removed:
- Outdated commands / tools related to BackTrack 3
- Port Scanning – Unicornscan (remains in lab guide)
- Buffer Overflows – Wingate Example (replaced)
- Metasploit – Kernel Payloads
- Metaspoit – db_autopwn
- Client Side Attacks – MS06-001 (oudated, replaced)
- Password attacks – Physical access attacks (remains in lab guide)
- Core Impact Module – (remains in lab guide)
We are honestly excited about this new release, and are eagerly waiting to hear the renewed sounds of torment from our students. What more could we ask for?
Also, a new sample demo of the PWB video has been uploaded on the Offsec website.
Cybersecurity leader resources
Sign up for the Secure Leader and get the latest info on industry trends, resources and best practices for security leaders every other week
Latest from OffSec
Enterprise Security
Red Team vs Blue Team in Cybersecurity
Learn what a red team and blue team in cybersecurity are, pros and cons of both, as well as how they work together.
Dec 13, 2024
13 min read
Enterprise Security
Building a Future-Ready Cybersecurity Workforce: The OffSec Approach to Talent Development
Learn all about our recent webinar “Building a Future-Ready Cyber Workforce: The OffSec Approach to Talent Development”.
Dec 13, 2024
4 min read
Enterprise Security
How to Become the Company Top Cyber Talent Wants to Join
Become the company cybersecurity talent wants to join. Learn how to attract, assess, and retain experts with strategies that set you apart.
Dec 4, 2024
5 min read