Course Content

This document outlines the topics that will be covered in a course on penetration testing. It introduces concepts like vulnerability assessment, the OWASP top 10, and web penetration testing. It then covers setting up an environment with Kali Linux and virtualization software. Next, it provides a crash course on Linux fundamentals and core web pentesting concepts. The document outlines training on the Burp Suite tool and reconnaissance methodologies. It then covers various hacking techniques like brute force attacks, command injection, SQL injection and cross-site scripting. The course materials also include sections on tools like Nmap, Metasploit, Wireshark and forensics analysis. It concludes with modules on automation, reporting and interview preparation.

Uploaded by

Guru

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

142 views6 pages

Course Content

Uploaded by

Guru

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Welcome to the world of Penetration Testing

 Course Introduction
 Why Web Penetration Testing?
 Types of Hackers
 Disclaimer for this course
 What is Vulnerability?
 What is VAPT?
 What is Owasp top 10
 Scope & Duties of Web Pentester in InfoSec Companies
 Goals for Resume Building in Web Pentesting
 How much and where can I make money from bug bounty?

Setting up an environment
 Things to cover in this section
 Grabbing Required downloadable resources for this section
 Learning Virtualization with Virtual Box
 Setting up & Walkthrough of Vbox modules
 Introduction & History of Linux
 Why Kali Linux?
 Installing Kali Linux
 Tweaks to Run Kali Linux Smoothly Part 1
 Tweaks to Run Kali Linux Smoothly Part 2
 Updating and Upgrading Kali Linux with Debian packages

Linux Fundamentals Crash Course

 Introduction to command prompt
 Accessing system & Network Related commands
 Ip Config & Bridge network
 Linux file system and Structure
 Introduction to root
 Absolute and relative paths
 Directory listing attributes
 Playing with file and directories
 Different file types in Linux
 Wildcard commands
 Understanding files and Directory permissions
 File permission commands
 Help commands, auto completion and arrow keys
 Piping process
 Linux file editors
 Switching user with sudo module
 System utility commands (Date, Uptime, Hostname, Uname etc)
 Installing softwares
 Github clone to run tools
 Compiling python
 Compiling java
Core fundamentals for web pentesting
 What is an Ip address?
 What is protocol? HTTP & HTTPS
 Subdomain & Domain name
 What are ports?
 Path & Query component in URL
 Parameters and Fragment
 Explaining verbs, What is GET method?
 What is Post Method?
 What is Put Method?
 Delete & Head Method
 Connect & Options
 Trace & Patch
 How does an API works?
 HTTPS Status code part 1
 HTTPS Status code part 2

Complete Burpsuite module training

 What is Burp Suite?
 Burp CA Certificate for SSL/TLS
 Burp Project Type : New, Existing & Temp
 Burp Suite Proxy
 Burpsuite Intruder
 Burpsuite Scanner
 Burp suite Repeater
 Burp Suite Sequencer
 Burp Suite Decoder
 Burp Suite Comparer
 What are Payloads? Simple List, Runtime file, Custom iterator
 Payload type : Character Substitution, Case Modification, Recursive grep
 Payload Type : Illegal Unicode, Character Blocks, Numbers
 Payload Types : Dates, Brute Forcer, Null Payloads, Character Frobber
 Payload types : Bit Flipper, Username Generator, ECB Block Shuffler
 Burp Suite Extender
 Burp Suite Extensions
 BApp Store
 Burp Suite APIs
 Burp Suite Options
 Engagement Tools
 Http History Analyser
 Connect Burp to Android for Testing Android Apps

Reconnaissance Methodology
 DNS Records with Virustotal
 HTTP Status Recon
 Subdomain enumeration
 Aquatone
 Shodan Research
 Directory Bruteforcing
 Digging into the past with WayBack Machine
 Certificate Transparency Crt
 Wappalyzer for Technology Identification
 Netcraft Active Cyber Defence
Getting started with Testing environment
 What is DVWA?
 Getting started by Creating Database & User for lab
 Configuring DVWA
 DVWA Error Solving

Brute force & Command Injection

 Brute force technique part 1
 Brute force technique part 2
 What is Command Injection & CI Low level breach
 Command Injection: Breaching Medium Level Security
 Command Injection: Breaching High Level Security
 Command Injection Mitigation & Secure Code writing logic
 Remote Code Execution Incident Report Study

Insecure Session Management & Cookie Manipulating Flaw

 Insecure Session Management & Cookie Manipulating Flaw
 Insecure JSON Parsing

Cross Site Request Forgery

 What is Cross Site Request Forgery? CSRF Part 1
 CSRF: Part 2 (Designing Custom CSRF Form)
 CSRF: Execution of Custom form and Mitigation Technique
 CSRF: Automated form via Burpsuite
 CSRF Incident Report Study

File Upload Vulnerability

 What is File Upload Vulnerability? Breaching Low Level
 Breaching Medium Level
 Breaching High Level & Mitigation
 File Upload Incident Report Study

File Inclusion Vulnerability

 Local & Remote File Inclusion (Low Level)
 LFI & RFI (Medium & High Level)
 LFI & RFI Incident Report Study
SQL Injection
 SQL Injection Master Lab & What is Database?
 SQL Fundamentals
 What is ID, Joining & Breaking the query in SQL
 Selecting Vulnerable Column & Fetching Database Name
 Dumping Database

Boolean Based & SQL Automation

 Boolean Based Queries & Fundamentals
 Boolean Based demonstration
 Automation With SQL Map

Cross Site Scripting

 Reflecting XSS
 Stored XSS
 Dom Bases XSS
 Exploring Innovative method for executing XSS via Case Studies

Increasing Difficulty with WebGoat

 Gathering Pre-Requisites for Webgoat
 Configuring Webgoat in Windows

Token Exploitation
 What is JSON Web Token? (JWT)
 JWT : JSON Web Token Hijacking with SQL Injection
 JWT Payment Gateway Manipulation

Password Reset EndPoint

 Password Reset Endpoint
 Creating and Exploiting Password Reset Link

Path Traversal
 Path Traversal - Bypass File Upload Fix 1
 Path Traversal - Bypass File Upload Fix 2
 Path Traversal - Retrieving Files

SQL String Based

 String SQL Injection Part 1
 String SQL Injection Part 2
 Delete Data & Retrieve Data from Tables
 SQL Login Attack

HTML Tempering & XXE

 HTML Tampering explained with Execution
 XXE : What is XXE Injection?
 XXE Injection Content Type Manipulation
 Blind XXE Injection
Insecure Direct Object Reference
 What is IDOR?
 Data Extraction via IDOR
 Account Hijacking via IDOR

Advance CSRF & SSRF

 Login CSRF
 SSRF Explained
 SSRF - Request Manipulation to display User

Bonus Attacks
 Vulnerable Components - Exploiting CVE
 Meta Data Sanitization
 Client-Side Filtering

Wireshark
 OSI Model Layer
 Split of Concentration
 Application layer
 Presentation Later
 Session layer
 Top Layer vs
 Transport Layer
 Network Layer
 Data link Layer
 Physical Layer
 Host Communication
 Encapsulation
 TCPIP vs OSI Model
 Wireshark Filters & Data Capture

Nmap
 Nmap Basics, Target Specification & Port States
 Nmap Scanning & Ping Scanning
 Nmap Scan Techniques with SYN, Connect, UDP, SCTP, TCP, ACK &
Window
 Nmap Scan Techniques Part 2 : Null, Fin, XMAS, Maimon, IDLE Scan &
IP Protocol
 Nmap Performance, Firewall & IDS Evasion
Exploits
 What is metasploit?
 How port scanning can help us in exploiting machines?
 How to Configure Exploits?
 Executing Eternal Blue exploit on Windows Machine
 Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3
 Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3
Forensics
 Analysis - Registry, Email and Browser Artifacts
 Analysis - PDF Files and Page Files
 Malware File Analysis
 USB Forensics - Detection and Investigation
 Meta Data Analysis - MS Office Files
 Meta Data Analysis - Image Files
 Memory Forensics using FTK Imager and Volatility3 tool overview
 Volatility3 - Memory File Analysis and Infected system file

Final Module
 Pentsting with Automated tools : Owasp Zap
 Httrack & Wpscan
 What is Accunetix?
 Accunetix Practical Scanning
 How to Make POC (Proof of Concept)
 How to make a VAPT (Vulnerability Assessment & Penetration Testing
Report) report : Part 1
 VAPT Part 2
 How to get Job Ready and CV guide
 What to learn next?
 Final Closure

Interview Prep
 Mock Interview: Level 1
 Mock Test Paper (Practical Skill Based): Level 2
 Group Discussion Round: Level 3
 Resume Building

Advanced Pentesting and Forensics
No ratings yet
Advanced Pentesting and Forensics
15 pages
Certified Penetration Testing 3 Month
No ratings yet
Certified Penetration Testing 3 Month
4 pages
Free Course: Website Hacking Basics
No ratings yet
Free Course: Website Hacking Basics
15 pages
Penetration Testing With Backtrack Syllabus
No ratings yet
Penetration Testing With Backtrack Syllabus
9 pages
Web App Penetration Testing Course
No ratings yet
Web App Penetration Testing Course
10 pages
Cyber Security & Penetration Testing Course Outline - 2023
No ratings yet
Cyber Security & Penetration Testing Course Outline - 2023
6 pages
Web App Penetration Testing Course
No ratings yet
Web App Penetration Testing Course
10 pages
Master Penetration Testing and Red Teaming
No ratings yet
Master Penetration Testing and Red Teaming
22 pages
Network Penetration Testing Course
No ratings yet
Network Penetration Testing Course
10 pages
Web Application Penetration Testing
No ratings yet
Web Application Penetration Testing
6 pages
Network Security Training Course
No ratings yet
Network Security Training Course
10 pages
Network Penetration Testing Course Online 1720400534
No ratings yet
Network Penetration Testing Course Online 1720400534
10 pages
Professional Ethical Hacker Course Outline: Module 00 - Setup Lab
No ratings yet
Professional Ethical Hacker Course Outline: Module 00 - Setup Lab
10 pages
Ethical Hacking Training Overview
No ratings yet
Ethical Hacking Training Overview
2 pages
Penetration Testing 1
No ratings yet
Penetration Testing 1
10 pages
Bug Bounty Topics
No ratings yet
Bug Bounty Topics
11 pages
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
100% (1)
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
6 pages
Network Penetration Testing Course
No ratings yet
Network Penetration Testing Course
12 pages
Advance Ethical Hacking Bug Bounty Hunting & Penetration Testing PDF
No ratings yet
Advance Ethical Hacking Bug Bounty Hunting & Penetration Testing PDF
17 pages
2nd Month Web Pentesting Tools
No ratings yet
2nd Month Web Pentesting Tools
4 pages
Student Profiles and Ethical Hacking Syllabus
No ratings yet
Student Profiles and Ethical Hacking Syllabus
15 pages
Advance Penetration Testing Kali Linux Training
0% (1)
Advance Penetration Testing Kali Linux Training
4 pages
Cyber Security Greens Syllabus
No ratings yet
Cyber Security Greens Syllabus
35 pages
Cyber Security Course Syllabus
No ratings yet
Cyber Security Course Syllabus
37 pages
Web PenTest Techniques Guide
No ratings yet
Web PenTest Techniques Guide
1 page
Icc
No ratings yet
Icc
14 pages
Practical Ethical Hacking - The Complete Course TCM Security, Inc
No ratings yet
Practical Ethical Hacking - The Complete Course TCM Security, Inc
1 page
DCSC Topics
No ratings yet
DCSC Topics
7 pages
Cyb3r SeCur1Ty
No ratings yet
Cyb3r SeCur1Ty
4 pages
Penetration Testing Interview Questions
No ratings yet
Penetration Testing Interview Questions
3 pages
New Brochure - Apt
No ratings yet
New Brochure - Apt
10 pages
Web Application Penetration Testing Guide
No ratings yet
Web Application Penetration Testing Guide
33 pages
Cyber Security
No ratings yet
Cyber Security
5 pages
Road
No ratings yet
Road
1 page
Programming Languages: Goals
No ratings yet
Programming Languages: Goals
1 page
Cybersecurity 2
No ratings yet
Cybersecurity 2
41 pages
Bug Bounty Course Contents
No ratings yet
Bug Bounty Course Contents
6 pages
Hacking - Course Outline
No ratings yet
Hacking - Course Outline
4 pages
Advanced Ethical Hacking Diploma Course
No ratings yet
Advanced Ethical Hacking Diploma Course
33 pages
Web Application Penetration Testing Guide
No ratings yet
Web Application Penetration Testing Guide
60 pages
Penetration Testing With Kali Linux - 5 Days
50% (2)
Penetration Testing With Kali Linux - 5 Days
9 pages
Ethical Hacking & IT Training Courses
No ratings yet
Ethical Hacking & IT Training Courses
10 pages
GPEN GIAC Certified Penetration Tester All-in-One Exam Guide 1st Edition Raymond Nutting Sample
No ratings yet
GPEN GIAC Certified Penetration Tester All-in-One Exam Guide 1st Edition Raymond Nutting Sample
87 pages
Session 2 VU21997
No ratings yet
Session 2 VU21997
48 pages
Web Security & Pentesting Basics Course
No ratings yet
Web Security & Pentesting Basics Course
4 pages
1 Year Cyber Security Diploma Course
No ratings yet
1 Year Cyber Security Diploma Course
8 pages
Prog Dep Technique
No ratings yet
Prog Dep Technique
8 pages
Perform A Web Penetration Test
No ratings yet
Perform A Web Penetration Test
197 pages
OWASP Top 10 Lab Manual
No ratings yet
OWASP Top 10 Lab Manual
14 pages
Network Pentesting
No ratings yet
Network Pentesting
5 pages
Professional Bug Hunting & Advanced Web Application Course
No ratings yet
Professional Bug Hunting & Advanced Web Application Course
17 pages
Cybersecurity Workshop for IT Pros
No ratings yet
Cybersecurity Workshop for IT Pros
9 pages
CPTE: Certified Penetration Testing Engineer: (5 Days)
No ratings yet
CPTE: Certified Penetration Testing Engineer: (5 Days)
5 pages
Cyber Security Module
No ratings yet
Cyber Security Module
8 pages
Yuyu Gasy
No ratings yet
Yuyu Gasy
6 pages
Ethical Hacker Roadmap by ChatGPT
No ratings yet
Ethical Hacker Roadmap by ChatGPT
4 pages
Linux Security Thesis
100% (2)
Linux Security Thesis
6 pages
DesktopUtility Installation Guide
No ratings yet
DesktopUtility Installation Guide
17 pages
3rd Quarter ICTgrade 10
No ratings yet
3rd Quarter ICTgrade 10
5 pages
Oss Licenses
No ratings yet
Oss Licenses
20 pages
Writing in The Computer Science Field
100% (2)
Writing in The Computer Science Field
6 pages
Web-N Server 2.0 Designer Guide
No ratings yet
Web-N Server 2.0 Designer Guide
47 pages
Android Radio Button and Group Example
No ratings yet
Android Radio Button and Group Example
5 pages
Agile E1
55% (89)
Agile E1
4 pages
Ramashish Resume
No ratings yet
Ramashish Resume
1 page
XRC Basic
No ratings yet
XRC Basic
136 pages
Software Testing Tools
100% (2)
Software Testing Tools
8 pages
Cloud Computing Virtualization Question Paper With Answers
No ratings yet
Cloud Computing Virtualization Question Paper With Answers
5 pages
Building A Windows Live CD From Blackram
No ratings yet
Building A Windows Live CD From Blackram
12 pages
E-Wallet: Definition and Process Flow
No ratings yet
E-Wallet: Definition and Process Flow
22 pages
HyperForm Tutorials
No ratings yet
HyperForm Tutorials
262 pages
CYDOCS Brochure
No ratings yet
CYDOCS Brochure
8 pages
Excel First Class
No ratings yet
Excel First Class
14 pages
Flight & Sensor Control Management System: Leica FCMS
No ratings yet
Flight & Sensor Control Management System: Leica FCMS
6 pages
Wordpress Notes
No ratings yet
Wordpress Notes
22 pages
Aiogram PDF
No ratings yet
Aiogram PDF
245 pages
Digtal Door Lock System
No ratings yet
Digtal Door Lock System
4 pages
Web Scraping Using Python: A Step by Step Guide: September 2019
0% (1)
Web Scraping Using Python: A Step by Step Guide: September 2019
7 pages
PCConsoleTOC POL
No ratings yet
PCConsoleTOC POL
19 pages
Advanced Calc Spreadsheet Guide
No ratings yet
Advanced Calc Spreadsheet Guide
42 pages
Installation-SAPGUI For Windows For V740
No ratings yet
Installation-SAPGUI For Windows For V740
15 pages
BRKSEC 3697 Reference
No ratings yet
BRKSEC 3697 Reference
417 pages
Basic Clarity Getting Started
No ratings yet
Basic Clarity Getting Started
56 pages
C Programming Tutorial Week 2 Guide
No ratings yet
C Programming Tutorial Week 2 Guide
8 pages
CworksPlus User Guide
No ratings yet
CworksPlus User Guide
248 pages
Class Ix Artifical Inteligents Pt-1 Ak
No ratings yet
Class Ix Artifical Inteligents Pt-1 Ak
3 pages