The ever changing recruitment process of the organizations always challenges candidates; recognized education is not enough in this competitive market, the recruitment process filters the candidates based on formal education, experience, and certification. The corporate hiring process depends on the certification, and you will get an extra edge if you have the right certifications that would be required for a particular job. There are numerous organizations providing the certificate after conducting the assessment test, for example, EC-council, Mile2, Offensive-security and others. Rapid7 is one of the bodies and known for its products; Metasploit, Nexpose, AppSpider, and others.

Metasploit by Rapid7 is the widely deployed penetration testing tool, every organization, and individual penetration tester use Metasploit; it is the world’s largest database of public and tested exploits.

This guide shows the steps that one should get before taking the Metasploit PRO Certified Specialist exam. The exam based on Metasploit PRO and focuses on user interface instead of command line.

Rapid7 Certification and Exam:

The objective of the certificate is to validate individual’s knowledge and skills of the Metasploit. The certificate makes one able to know the process of installing, configuring and operating the Rapid7’s products. It also helps the recruitment managers to judge the skillset of candidates and to select the best amongst them. Exam details:

  • It is an online open-book exam
  • The duration of the exam is 2-hours
  • Student cannot pause or stop the exam
  • You need to get 80% or higher to pass the exam
  • The one purchase is for one attempt only
  • The student will get the certificate of completion after getting the required passing marks

Understanding Metasploit PRO

The exam revolves around Metasploit PRO, so you need to know everything about the Metasploit PRO. It consists of the following components that work together to achieve the penetration testing objective:

  • Metasploit framework
  • Framework modules
  • The services
  • Interfaces (User interface and command line)

The time chart is an essential element of the study plan, if you have taken any ethical hacking training before then, you must have an idea about it. Assess your current schedule, list the important topics to learn and practice, allocate the time for the study, stick to a schedule and evaluate your performance.

Ethical Hacking Training – Resources (InfoSec)

On-site or online training is not enough, the instructor can teach you, but he can’t make you a master; however, the practice can make you a master. So create a test lab, configure Metasploit PRO and practice the course outline:

  • Understand Metasploit architecture and its components
  • Learn the console interface and session manipulation
  • Understand the GUI of Metasploit PRO and its administrative functions
  • Information gathering and footprinting using Metasploit PRO, import, and export function of the data.
  • Integrating Metasploit with other products, for example, Nexpose.
  • Port scanning and vulnerability scanning
  • Launching the exploits, manual and automatic both
  • Client-side exploitation
  • Web application vulnerability scanning using Metasploit PRO
  • Understand the process to test social engineering vulnerabilities, learn how to create the fake pages and how to launch the social engineering campaign.
  • Bypassing the detectors (antivirus, IPS, and IDS)
  • Windows and Unix payloads
  • Maintaining access and backdoors
  • Scripting to customize the meterpreter
  • Standard and customize reporting

Keep in mind that the exam can’t be stopped, and one purchase is for one attempt; make sure you are ready to pass the exam. Stick with the study plan; manage your time effectively, join forums and other relevant online groups to discuss the exam before you actually do it. Learn and understand all the topics and practice them because understanding Metasploit PRO and its functionality will help you to pass the exam.