Course Review: InSEC Techs Metasploit training

Enroll for $110.

Nothing really original here. There are a lot of similar courses available, and I didn’t find anything that really separates this from other courses. Generally I would recommend that you work through this or this, rather than spend the money on this course. Also I should mention that Cybrary has some options that are better than this, IMO. There is mention that the course will follow the PTES standard, but I really did not see it.

OK, on to the review………..

Auxiliary Modules: We do one scan. One SYN scan of Meatsploitable. No other types of port scans, no other port scanning tools that we can import into MSF.  No specific auxiliary modules like SNMP, SMTP, SMB, FTP, SSH, etc. just one lowly port scan.

From there we went into Exploits right away, with specific modules on excellent exploits, good ranking exploits, and normal ranking exploits. All in all, there were 4 videos that discussed the exploit ranking system. Yikes! I can understand how someone might take a little time to understand that concept. Not 4 videos, especially when I am paying for the course. (disclosure: I didn’t actually pay for this, it was purchased for me.) (Also note: all of a sudden we have a windows machine we are attacking. No mentioned of that in setting up a lab. Not even the free temp machines you can use found here.

The only form of vulnerability analysis was running a Nessus scan, and then importing it into MSF. In the exploit ranking videos, they show using the exploits, with no indication of how they knew to run that specific exploit. I get it, that it is a staged environment, this is still something you should teach a new learner.

On changing the MAC attributes, I am not certain. I was taught it is the MACE attributes.

There are tons of videos on building a payload, and running it. One for with a firewall and one, without. One for PDF files, one for Word files, etc. etc. However, there is only a single lesson on what to do once you have access to the host, and this was with Armitage. No command line ideas, only how to do it in a GUI. Nothing on how to look for information on the host to further exploit the network and environment. Nothing on how to find important files, places to look for passwords, or even how to perform a privilege escalation attack if needed to further exploit a host. These are all important items to know when using metasploit.

Final Verdict: Stay Away

There are other courses that are better than this.