After many months of effort, my first Pluralsight course, Introduction to Penetration Testing Using Metasploit is now available. Here is the official course description:

Metasploit is one of the most widely used tools for penetration testing, providing powerful attack simulations, security assessment management, and more. In this course, Introduction to Penetration Testing Using Metasploit, you’ll learn to use Metasploit to enumerate available services, identify potential weaknesses, test vulnerabilities through exploitation, and gather evidence for reporting. First, you’ll see how to install and configure the Metasploit Framework and several supporting tools on Kali Linux. Next, you’ll explore how exploits and payloads work together to gain access to systems. Finally, you’ll look at how Metasploit Framework releases are made available and how to maintain the latest version of the Framework. By the end of this course, you’ll have a better understanding of how to use Metasploit to quickly assess the security posture of systems and networks to reduce risk.

I received terrific support from the Pluralsight team in creating this course. They are very active in communicating, listening, and work with their authors. They have tools and a process for getting courses out the door. I was surprised by this attention to authors and to the details most of all.

Why Metasploit?

Why start with a course on the Metasploit Framework? I thought that this might be a good topic to tackle in my first course. Realizing that the Metasploit Framework is not the only tool for penetration testing, I felt that it is the most common tool that people start using to learn. There are a lot of books, tutorials, and courses that start with it too. The Metasploit Framework has had years of development behind it, a company that supports it, and is continually evolving as well. The same can’t be said for most other tools in penetration testing. A good number are open source but have little active development since the support efforts are provided by a small team or a single person.

Why another Metasploit course?

There is a lot of training material out there already. Since the Framework has been around a long time, a lot of it is pretty old and dated. The Framework continues to advance and the training material has not always kept up.

One thing I found in looking through other courses and content is that the Framework has changed and a lot of the information out there is no longer correct. For example, the msfcli, msfencode, and msfpayload commands don’t exist any more. Their functionality has been merged into other tools. I had to spend a lot of time explaining these changes because most students are going to find the old documentation that doesn’t match the current state of the Framework.

Why Kali Linux?

Kali Linux is so far the best distribution for security tools under Linux right now. We have had other security tool distributions before, but Kali has the right support and training behind it. If all goes well, it should be the primary security professional tool for the foreseeable future. We have used it a lot in workshops and training sessions with the Greater Lafayette Security Professionals group, and it’s been easy to get those sessions started when everyone has the same tool set from which to work.

Links

• Pluralsight
• Introduction to Penetration Testing Using Metasploit (Pluralsight course)
• Rapid7‘s Metasploit Site
• Kali Linux