What's The Best Way To Learn How To Use Armitage For Metasploit?

1.	What's The Best Way To Learn How To Use Armitage For Metasploit?
Answer» There are a lot of resources on both Armitage and Metasploit AVAILABLE to you. Here's a recommended order for you: Armitage Lecture. This is a video from the SecurityTube Metasploit Framework Expert series. This video describes Armitage in a pretty succinct way. Armitage and Metasploit Training. This 2011 course goes through Armitage and Metasploit, step-by-step. It's very old and I consider the material quite dated, but it's worth WATCHING if you want to get the basics down. Hacking Linux with Armitage. This article will take you through the entire network attack process using Armitage and the freely available Metasploitable virtual machine as a target. I recommend reading this article and reproducing each step in it. Get in through the backdoor: Post-exploitation with Armitage. MANY folks ask me how to hack a modern operating system (e.g., Windows 7) using Armitage. This article in Hakin9 will show you how to do this. You'll need to download the PDF of this issue to read the article. The Armitage Manual. Technically you should read this first. But, if you didn't--I'll forgive you. This manual is a reference for Armitage. It doesn't give context like these other resources do. Still, you should read it to understand what Armitage can do and the technical details of setting up different features. This manual is always accurate with the latest version of Armitage. Metasploit Unleashed. This is a free course offered by the Offensive Security folks. To be really effective with Armitage, you'll need to understand Metasploit. This course takes you through a lot of what Metasploit can do. As a penetration tester, I find tools give me about 15% of what I need. The rest of my work is problem solving, system administration, and luck. If you want to learn how to hack, don't neglect these skills either. Here are a few other recommended items: De-ICE Pen Test LiveCD. These CDs are self-contained scenarios requiring you to use problem solving and Linux knowledge to penetration test a fake company. Keep in mind, the answers are not obvious. Penetration Testing and Vulnerability Analysis. This is a great course at NYU-Poly that will help you understand hacking from the perspective of the EXPLOIT developer. OWASP WebGoat Project. This is a LiveCD environment with several web application attack scenarios. It will guide you through the very basics of conducting a web application assessment. If you get through all of the above and you want to take things to the next level: Advanced Threat Tactics (2015). This is a 9-part course with nearly six hours of material on modern red team operations with the COBALT Strike product. Cobalt Strike started life as a derivative of Armitage, but now it's a stand-alone platform that does not use the Metasploit Framework. If you want to emulate a quiet actor with a long-term presence in a network, Cobalt Strike is the toolset to do it. There are a lot of resources on both Armitage and Metasploit available to you. Here's a recommended order for you: As a penetration tester, I find tools give me about 15% of what I need. The rest of my work is problem solving, system administration, and luck. If you want to learn how to hack, don't neglect these skills either. Here are a few other recommended items: If you get through all of the above and you want to take things to the next level:

Answer»

There are a lot of resources on both Armitage and Metasploit AVAILABLE to you. Here's a recommended order for you:

Armitage Lecture. This is a video from the SecurityTube Metasploit Framework Expert series. This video describes Armitage in a pretty succinct way.
Armitage and Metasploit Training. This 2011 course goes through Armitage and Metasploit, step-by-step. It's very old and I consider the material quite dated, but it's worth WATCHING if you want to get the basics down.
Hacking Linux with Armitage. This article will take you through the entire network attack process using Armitage and the freely available Metasploitable virtual machine as a target. I recommend reading this article and reproducing each step in it.
Get in through the backdoor: Post-exploitation with Armitage. MANY folks ask me how to hack a modern operating system (e.g., Windows 7) using Armitage. This article in Hakin9 will show you how to do this. You'll need to download the PDF of this issue to read the article.
The Armitage Manual. Technically you should read this first. But, if you didn't--I'll forgive you. This manual is a reference for Armitage. It doesn't give context like these other resources do. Still, you should read it to understand what Armitage can do and the technical details of setting up different features. This manual is always accurate with the latest version of Armitage.
Metasploit Unleashed. This is a free course offered by the Offensive Security folks. To be really effective with Armitage, you'll need to understand Metasploit. This course takes you through a lot of what Metasploit can do.

As a penetration tester, I find tools give me about 15% of what I need. The rest of my work is problem solving, system administration, and luck. If you want to learn how to hack, don't neglect these skills either. Here are a few other recommended items:

De-ICE Pen Test LiveCD. These CDs are self-contained scenarios requiring you to use problem solving and Linux knowledge to penetration test a fake company. Keep in mind, the answers are not obvious.
Penetration Testing and Vulnerability Analysis. This is a great course at NYU-Poly that will help you understand hacking from the perspective of the EXPLOIT developer.
OWASP WebGoat Project. This is a LiveCD environment with several web application attack scenarios. It will guide you through the very basics of conducting a web application assessment.

If you get through all of the above and you want to take things to the next level:

Advanced Threat Tactics (2015). This is a 9-part course with nearly six hours of material on modern red team operations with the COBALT Strike product. Cobalt Strike started life as a derivative of Armitage, but now it's a stand-alone platform that does not use the Metasploit Framework. If you want to emulate a quiet actor with a long-term presence in a network, Cobalt Strike is the toolset to do it.

There are a lot of resources on both Armitage and Metasploit available to you. Here's a recommended order for you:

If you get through all of the above and you want to take things to the next level:

What's The Best Way To Learn How To Use Armitage For Metasploit?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment