• Objective: To understand lab environment and gain lab setup capabilities.

• Key Topics:

➢ Virtualization platform concepts.

➢ Installation of VMware Workstation and VirtualBox.

➢ Installation of Kali Linux and basic configuration.

➢ Network settings for virtual machines.

• Objective: To understand Linux fundamentals and basic operations.

• Key Topics:

➢ Introduction to Linux fundamentals.

➢ User creation and management.

• Objective: To understand Linux fundamentals and basic operations.

• Key Topics:

➢ File operations (creating, deleting, moving, permissions).

➢ Basic Linux networking commands and concepts.

• Objective: To understand Linux fundamentals and basic operations.

• Key Topics:

➢ Package management (apt, yum, dnf).

➢ Other essential Linux commands (grep, find, ssh, scp, etc.).

• Objective: Understand information security, processes, frameworks, and concepts.

• Key Topics:

➢ Cybersecurity fundamentals.

➢ CIA Triad (Confidentiality, Integrity, Availability).

• Objective: Understand information security, processes, frameworks, and concepts.

• Key Topics:

➢ Attacks, threats, and vulnerabilities.

➢ Attack approaches.

• Objective: Understand information security, processes, frameworks, and concepts.

• Key Topics:

➢ Cyber Kill Chain.

➢ MITRE ATT&CK Framework.

➢ Cybersecurity Frameworks & Compliances (e.g., NIST, ISO 27001 - overview

• Objective: Understand what penetration testing is, standards, methodology, and

techniques.

• Key Topics:

➢ Penetration Testing Concept.

➢ Penetration Testing Methods (Black-box, White-box, Grey-box).

• Objective: Understand what penetration testing is, standards, methodology, and

techniques.

• Key Topics:

➢ Rules of Engagement.

➢ Scoping of penetration tests.

➢ Communication during penetration tests.

• Objective: To gain capabilities for Open Source Intelligence (OSINT) gathering and

correlation.

• Key Topics:

➢ OSINT Frameworks and details (e.g., Maltego, Shodan, Google Dorking).

• Objective: To gain capabilities for Open Source Intelligence (OSINT) gathering and

correlation.

• Key Topics:

➢ Information Gathering Techniques from the Internet (e.g., Whois, DNS records,

public archives).

• Objective: Understand network scanning techniques and tactics.

• Key Topics:

➢ Network Scanning Concepts.

➢ Different Scanning Techniques (e.g., Ping Scan, Port Scan, Stealth Scan).

• Objective: Understand network scanning techniques and tactics.

• Key Topics:

➢ Network Scan Using Nmap.

➢ TCP, UDP, and Reverse Scanning with Nmap.

• Objective: Understand network scanning techniques and tactics.

• Key Topics:

➢ Scanning Hosts behind a Firewall with Nmap.

➢ Nmap Scripts (NSE) and arguments.

• Objective: Understand various protocols, services, and better enumeration to

gather more close information.

• Key Topics:

➢ Enumeration Concepts.

➢ Enumeration Methods.

➢ DNS Enumeration.

➢ SMTP Enumeration.

• Objective: Understand various protocols, services, and better enumeration to

gather more close information.

• Key Topics:

➢ FTP Enumeration.

➢ SMB Enumeration.

➢ NFS Enumeration.

➢ HTTP Enumeration and so on (e.g., SNMP, SSH).

• Objective: Understand industry standard vulnerability assessment process and

achieve hands-on skill.

• Key Topics:

➢ Vulnerability Assessment Concepts.

➢ Vulnerability Assessment tools (e.g., Nessus, OpenVAS - introduction).

• Objective: Understand industry standard vulnerability assessment process and

achieve hands-on skill.

• Key Topics:

➢ Automated Scanning.

➢ Manual Scanning techniques.

➢ Reporting (basic overview for VA).

• Objective: To gain exploitation knowledge and understand deeply on exploitation

and bypass security control.

• Key Topics:

➢ Exploitation Concepts.

➢ Reverse Shell & Bind Shell.

• Objective: To gain exploitation knowledge and understand deeply on exploitation

and bypass security control.

• Key Topics:

➢ Exploitation Methods and Techniques.

➢ Exploitation Demonstration (4-5 boxes)

• Objective: Transfer files to the target system.

• Key Topics:

➢ Transfer files in Windows systems (e.g., PowerShell, SMB).

➢ Transfer files in Linux systems (e.g., scp, wget, netcat).

• Objective: Escalate low-level user privilege to root user.

• Key Topics:

➢ Linux privilege Enumeration techniques.

➢ Kernel Exploits for privilege escalation.

• Objective: Escalate low-level user privilege to root user.

• Key Topics:

➢ File permission Exploits.

➢ Application Version Exploits.

• Objective: Escalate low-level user privilege to root user.

• Key Topics:

➢ LD_Preload Escalation.

➢ Cron Job Escalation and so on (e.g., SUID/SGID, sudo misconfigurations).

• Objective: Escalate low-level user to administrator user.

• Key Topics:

➢ Windows Privilege Enumeration.

➢ Service Exploits.

➢ Unquoted Service Path.

• Objective: Escalate low-level user to administrator user.

• Key Topics:

➢ DLL Hijacking.

➢ Startup App Escalation.

➢ Schedule Task Escalation.

• Objective: Escalate low-level user to administrator user and attack one machine

from another.

• Key Topics:

➢ SeImpersonate Escalation.

➢ Network Pivoting via Metasploit (basic concepts).

• Objective: Understand web pentest concepts and gain capabilities to gather useful

information on target sites.

• Key Topics:

➢ Concept of Web Pentesting.

➢ Scoping for web pentesting.

➢ Banner Grabbing.

➢ Subdomain Enumeration.

• Objective: Discover web servers and file structures and understand web hacking

methodologies.

• Key Topics:

➢ Directory Busting.

➢ Crawling/Spidering.

➢ Web pentesting techniques and methodology.

• Objective: Gain hands-on skill to operate the well-known tool Burp Suite.

• Key Topics:

➢ Burp Suite introduction.

➢ Proxy configuration and usage.

➢ Intruder functionality.

➢ Repeater functionality.

➢ BappStore (extensions).

➢ Burp Collaborator (basic concept).

• Objective: Understand SQL injection and exploitation.

• Key Topics:

➢ SQL injection concept.

➢ Error-Based SQL injection.

➢ Blind SQL Injection.

➢ Automated SQL injection (e.g., SQLMap).

➢ Authentication Bypass via SQL injection.

• Objective: Gain knowledge of different web vulnerabilities and exploitation

techniques.

• Key Topics:

➢ Introduction to OWASP Top 10.

➢ IDOR (Insecure Direct Object References).

➢ Broken Access Control (general concept).

• Objective: Gain knowledge of different web vulnerabilities and exploitation

techniques.

• Key Topics:

➢ Cross-Site Scripting (XSS) - reflected, stored, DOM.

➢ Shell via XSS (e.g., BeEF framework).

➢ Cross-Site Request Forgery (CSRF).

• Objective: Gain knowledge of different web vulnerabilities and exploitation

techniques.

• Key Topics:

➢ File Upload Bypass techniques.

➢ Reverse Shells via web vulnerabilities.

➢ Web Shells (creating and using).

• Objective: Perform automated web assessment.

• Key Topics:

➢ Automated Assessment with Burp Suite Scanner.

➢ Automated Assessment with Acunetix (introduction).

• Objective: Demonstrate A to Z walkthrough of intentionally vulnerable machines.

• Key Topics:

➢ Introduction to vulnerable machine walkthroughs.

➢ Methodology for approaching vulnerable machines (e.g., enumeration,

exploitation, post-exploitation).

• Objective: Hands-on experience with intentionally vulnerable machines.

• Key Topics:

➢ Walkthrough of a vulnerable machine.

• Objective: Hands-on experience with intentionally vulnerable machines.

• Key Topics:

➢ Walkthrough of a vulnerable machine.

• Objective: Hands-on experience with intentionally vulnerable machines.

• Key Topics:

➢ Walkthrough of a vulnerable machine.

• Objective: Understand briefly about mobile app pentesting.

• Key Topics:

➢ High-Level concepts about mobile application pentesting (iOS/Android

differences).

➢ OWASP Mobile Top 10 (overview).

• Objective: Understand briefly about mobile app pentesting.

• Key Topics:

➢ Automated tools like MobSF (Mobile Security Framework) walkthrough.

➢ Dynamic testing concepts for mobile apps.

• Objective: Understand briefly about mobile app pentesting.

• Key Topics:

➢ Mobile App network traffic analysis (e.g., Burp Suite for mobile).

➢ Proxying mobile traffic.

• Objective: Understand briefly about API and API pentesting.

• Key Topics:

➢ API penetration testing concept brief (REST, SOAP).

➢ Tools introduction for API testing (e.g., Postman, OpenAPI/Swagger).

• Objective: Understand briefly about API and API pentesting.

• Key Topics:

➢ Sample API test cases and common API vulnerabilities (e.g., broken

authentication, mass assignment).

• Objective: Understand briefly Wireless hacking and techniques.

• Key Topics:

➢ Wireless Penetration Test Concepts and threats (e.g., WEP, WPA/2/3).

➢ Common wireless attacks (e.g., deauthentication attacks).

• Objective: Understand briefly Wireless hacking and techniques.

• Key Topics:

➢ WiFi Password Cracking techniques (e.g., Aircrack-ng, Hashcat).

➢ Evil Twin Attack concept and demonstration.

• Objective: Understanding report writing concepts, report types, and report

management.

• Key Topics:

➢ Penetration Testing Reporting best practices.

➢ Executive Summary Report structure.

➢ Technical Report structure.

• Objective: Understanding report writing concepts, report types, and report

management.

• Key Topics:

➢ Reporting Generation Tools (e.g., Dradis, customized templates).

➢ Report Management and remediation tracking.

• Objective: Penetration Testing Project handling in real life, challenges,

improvement scopes.

• Key Topics:

➢ Project handling process for penetration tests (e.g., planning, execution,

post-engagement).

➢ Real-world challenges in penetration testing projects.

• Objective: Penetration Testing Project handling in real life, challenges,

improvement scopes.

• Key Topics:

➢ Essential documents and guidelines for project handling (e.g., SOW, NDA).

➢ Improvement scope and continuous learning in penetration testing.