Curriculum
- 24 Sections
- 179 Lessons
- 24 Weeks
Expand all sectionsCollapse all sections
- Week 1Introduction to Penetration Testing8
- 1.1Overview of Penetration Testing60 Minutes
- 1.2Ethical Hacking vs. Malicious Hacking
- 1.3Legal and Ethical Considerations
- 1.4Penetration Testing Methodologies (PTES, OSSTMM, NIST)
- 1.5The Cyber Kill Chain and Attack Lifecycle
- 1.6Understanding Rules of Engagement (RoE)
- 1.7Setting Up a Pentesting Lab
- 1.8Essential Tools for Penetration Testing
- Week 2Penetration Testing Scoping and Engagement8
- 2.1Importance of Scoping in Penetration Testing60 Minutes
- 2.2Defining Scope and Boundaries
- 2.3Understanding Business Requirements and Impact
- 2.4Legal and Compliance Considerations (GDPR, HIPAA, PCI-DSS)
- 2.5Creating a Statement of Work (SOW) and Service Level Agreements (SLA)
- 2.6Risk Assessment and Threat Modeling
- 2.7Gaining Client Consent and Authorization
- 2.8Preparing a Pentesting Engagement Plan
- Week 3Open Source Intelligence (OSINT)8
- 3.1Introduction to OSINT and Its Importance in Pentesting60 Minutes
- 3.2Passive vs. Active OSINT
- 3.3OSINT Frameworks and Methodologies
- 3.4Searching Public Databases and Social Media
- 3.5WHOIS and DNS Enumeration
- 3.6Email Harvesting and Metadata Analysis
- 3.7Dark Web and Underground Forums
- 3.8Automating OSINT with Tools (Maltego, SpiderFoot, Recon-ng)
- week 4Social Engineering Penetration Testing8
- 4.1Psychology Behind Social Engineering
- 4.2Common Social Engineering Attacks (Phishing, Pretexting, Baiting, Tailgating)
- 4.3Physical Security and On-Site Social Engineering
- 4.4Credential Harvesting and Credential Stuffing
- 4.5Identifying Weak Security Awareness Practices
- 4.6Red Team vs. Blue Team Social Engineering Tactics
- 4.7Social Engineering Automation Tools (SET, GoPhish)
- 4.8Defensive Measures Against Social Engineering Attacks
- week 5External Network Penetration Testing8
- 5.1• Understanding External Threat Vectors
- 5.2• Reconnaissance and Enumeration Techniques
- 5.3• Identifying Public-Facing Services and Vulnerabilities
- 5.4• Network Scanning with Nmap and Masscan
- 5.5• Exploiting Publicly Available Services (FTP, SMB, RDP)
- 5.6• Brute-Force and Password Spraying Attacks
- 5.7• Man-in-the-Middle (MITM) and Spoofing Techniques
- 5.8• Reporting External Network Vulnerabilities
- week 6Internal Network Penetration Testing8
- 6.1• Understanding Internal Network Attack Vectors
- 6.2• Active Directory Enumeration and Attacks
- 6.3• Privilege Escalation in Windows and Linux Environments
- 6.4• Lateral Movement and Pivoting Techniques
- 6.5• Exploiting Common Network Services
- 6.6• Using Responder and NTLM Relay Attacks
- 6.7• Bypassing Network Access Control (NAC)
- 6.8• Defensive Measures for Internal Networks
- week 7Perimeter Device Penetration Testing8
- 7.1• Understanding Perimeter Security Devices (Firewalls, IDS/IPS, VPNs)
- 7.2• Identifying Misconfigurations in Firewalls and Proxies
- 7.3• Evading Network Intrusion Detection Systems
- 7.4• VPN Exploitation and Credential Harvesting
- 7.5• Testing Email Security and Anti-Phishing Measures
- 7.6• Firewall Rule Auditing and Bypass Techniques
- 7.7• Attacking Web Application Firewalls (WAFs)
- 7.8• Strengthening Perimeter Security Controls
- week 8Web Application Penetration Testing8
- 8.1• Web Application Pentesting Methodologies (OWASP Top 10)
- 8.2• SQL Injection, XSS, and Command Injection
- 8.3• Session Management and Authentication Attacks
- 8.4• API Security and RESTful API Attacks
- 8.5• Exploiting File Upload and Server-Side Request Forgery (SSRF)
- 8.6• Web Shells and Remote Code Execution (RCE)
- 8.7• Automating Web App Pentesting (Burp Suite, ZAP, Nikto)
- 8.8• Secure Coding Practices and Remediation
- week 9Wireless Penetration Testing8
- 9.1• Understanding Wireless Networks and Security Protocols
- 9.2• Capturing and Cracking Wi-Fi Handshakes (WPA2, WPA3)
- 9.3• Evil Twin and Rogue Access Point Attacks
- 9.4• Attacking Bluetooth, NFC, and RFID Systems
- 9.5• Bypassing MAC Address Filtering and SSID Cloaking
- 9.6• Wireless Packet Analysis with Wireshark and Aircrack-ng
- 9.7• Wardriving and Wi-Fi Geolocation Attacks
- 9.8• Securing Wireless Networks and Best Practices
- week 10IoT Penetration Testing8
- 10.1• IoT Security Risks and Challenges
- 10.2• Identifying IoT Device Vulnerabilities
- 10.3• Reverse Engineering IoT Firmware
- 10.4• Attacking IoT Communication Protocols (MQTT, Zigbee, BLE)
- 10.5• IoT Botnets and Mirai-Like Attacks
- 10.6• Exploiting Weak Default Credentials
- 10.7• Side-Channel and Physical Attacks on IoT Devices
- 10.8• Hardening IoT Devices Against Exploits
- week 11OT/SCADA Penetration Testing7
- 11.1• Industrial Control Systems (ICS) and SCADA Security
- 11.2• Common ICS/SCADA Protocols (Modbus, DNP3, OPC)
- 11.3• Exploiting ICS System Vulnerabilities
- 11.4• Securing Critical Infrastructure Systems
- 11.5• ICS Network Traffic Analysis and Anomaly Detection
- 11.6• Incident Response for ICS/SCADA Attacks
- 11.7• Case Studies on Real-World ICS Exploits
- week 12Cloud Penetration Testing7
- week 13Binary Analysis and Exploitation7
- 13.1• Buffer Overflow and Memory Corruption
- 13.2• Reverse Engineering Binaries
- 13.3• Shellcode Development and Payload Crafting
- 13.4• Fuzzing for Vulnerability Discovery
- 13.5• Advanced Exploitation of Windows and Linux Binaries
- 13.6• Automated Malware Analysis Techniques
- 13.7• Bypassing Modern Exploit Mitigations (DEP, ASLR, etc.)
- week 14Report Writing and Post-Testing Actions7
- 14.1• Importance of Reporting
- 14.2• Structuring a Comprehensive Report
- 14.3• Communicating Findings and Remediation Steps
- 14.4• Legal and Ethical Considerations in Penetration Testing
- 14.5• Creating Executive Summaries for Stakeholders
- 14.6• Developing Post-Testing Action Plans
- 14.7• Presentation and Public Speaking for Security Professionals
- week 15Exploit Development Fundamentals7
- 15.1• Understanding Assembly and Shellcoding
- 15.2• Writing Simple Exploits
- 15.3• Introduction to Return-Oriented Programming (ROP)
- 15.4• Bypassing Anti-Virus and EDR Solutions
- 15.5• Identifying and Exploiting Vulnerable Code Patterns
- 15.6• Debugging Exploits with GDB, WinDbg, and IDA Pro
- 15.7• Writing Polymorphic and Metamorphic Shellcode
- week 16Advanced Exploit Development7
- 16.1• Exploiting Stack and Heap Overflows
- 16.2• Analyzing Malware and Exploit Kits
- 16.3• Heap Spraying and Use-After-Free Exploits
- 16.4• ROP Chain Construction and Bypassing DEP
- 16.5• Windows Kernel Exploitation Techniques
- 16.6• Linux Kernel Vulnerability Exploitation
- 16.7• Developing Custom Exploits for Zero-Day Attacks
- week 17Red Teaming and Adversary Simulation7
- 17.1• Advanced Post-Exploitation Techniques
- 17.2• Persistence and Data Exfiltration
- 17.3• Lateral Movement and Privilege Escalation
- 17.4• Active Directory Attacks for Red Teaming
- 17.5• Building Custom C2 (Command and Control) Infrastructures
- 17.6• Detection Evasion Techniques Against Blue Teams
- 17.7• Automating Red Teaming with Scripts and Tools
- week 18Mobile Application Penetration Testing7
- 18.1• Android and iOS Security Testing
- 18.2• Static and Dynamic Analysis
- 18.3• Reverse Engineering Mobile Apps
- 18.4• Exploiting Insecure API Calls and Authentication
- 18.5• Analyzing and Exploiting Mobile Malware
- 18.6• Bypassing Root/Jailbreak Detection Mechanisms
- 18.7• Mobile App Security Hardening Techniques
- week 19Advanced Active Directory Attacks7
- 19.1• Kerberoasting, Pass-the-Hash, and Golden Ticket Attacks
- 19.2• Credential Dumping and NTLM Relay Attacks
- 19.3• AD Domain Escalation and Forest Attacks
- 19.4• Weaponizing BloodHound for AD Recon
- 19.5• Abusing Group Policy Preferences (GPP)
- 19.6• Bypassing MFA and Conditional Access Policies
- 19.7• Defensive Strategies for AD Security
- week 20Blockchain and Smart Contract Security7
- 20.1• Attacking Smart Contracts and Crypto Wallets
- 20.2• Understanding Solidity Vulnerabilities
- 20.3• Exploiting Reentrancy and Integer Overflow Bugs
- 20.4• Blockchain Forensics and Transaction Tracing
- 20.5• Pentesting Decentralized Applications (dApps)
- 20.6• Decompiling and Analyzing Smart Contract Code
- 20.7• Web3 Security and NFT Exploits
- week 21Capture the Flag (CTF) Challenges7
- 21.1• Hands-on Exploitation Labs
- 21.2• Solving Web Exploitation Challenges
- 21.3• Binary Exploitation CTF Challenges
- 21.4• Reverse Engineering CTF Scenarios
- 21.5• Cryptography and Steganography Challenges
- 21.6• OSINT (Open Source Intelligence) in CTF Competitions
- 21.7• Team-Based Red Team vs. Blue Team CTFs
- week 22Mock Penetration Testing Engagements8
- 22.1• Simulated Red Team vs. Blue Team Exercises
- 22.2• Full-Scope Network Penetration Testing
- 22.3• Reporting and Debriefing of Findings
- 22.4• Customizing Attack Scenarios Based on Industries
- 22.5• Physical and Social Engineering Attack Simulations
- 22.6• Physical and Social Engineering Attack Simulations
- 22.7• Incident Handling and Response in Real-Time
- 22.8• Live Role-Playing as Ethical Hackers and Defenders
- week 23Certification Preparation7
- 23.1• OSCP, CEH, GPEN Exam Tips and Labs
- 23.2• Time Management Strategies for Practical Exams
- 23.3• Hands-on Exploitation and Walkthroughs
- 23.4Developing a Study Plan for Security Certifications
- 23.5Common Mistakes and Pitfalls to Avoid
- 23.6Using Virtual Labs for Hands-on Practice
- 23.7Mock Exams and Practical Exercises
- week 24Final Exam and Career Guidance7
- 24.1Interview Preparation
- 24.2Resume and Portfolio Building
- 24.3Cybersecurity Career Pathways and Specializations
- 24.4Networking with Industry Professionals
- 24.5Building a Personal Brand as a Security Researcher
- 24.6Freelancing and Bug Bounty Hunting as Career Options
- 24.7Final Practical Exam and Certification of Completion