Course Content

This document outlines the topics that will be covered in a course on penetration testing. It introduces concepts like vulnerability assessment, the OWASP top 10, and web penetration testing. It then covers setting up an environment with Kali Linux and virtualization software. Next, it provides a crash course on Linux fundamentals and core web pentesting concepts. The document outlines training on the Burp Suite tool and reconnaissance methodologies. It then covers various hacking techniques like brute force attacks, command injection, SQL injection and cross-site scripting. The course materials also include sections on tools like Nmap, Metasploit, Wireshark and forensics analysis. It concludes with modules on automation, reporting and interview preparation.

Uploaded by

Guru

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

41 views

Course Content

Uploaded by

Guru

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 6

Welcome to the world of Penetration Testing

 Course Introduction
 Why Web Penetration Testing?
 Types of Hackers
 Disclaimer for this course
 What is Vulnerability?
 What is VAPT?
 What is Owasp top 10
 Scope & Duties of Web Pentester in InfoSec Companies
 Goals for Resume Building in Web Pentesting
 How much and where can I make money from bug bounty?

Setting up an environment
 Things to cover in this section
 Grabbing Required downloadable resources for this section
 Learning Virtualization with Virtual Box
 Setting up & Walkthrough of Vbox modules
 Introduction & History of Linux
 Why Kali Linux?
 Installing Kali Linux
 Tweaks to Run Kali Linux Smoothly Part 1
 Tweaks to Run Kali Linux Smoothly Part 2
 Updating and Upgrading Kali Linux with Debian packages

Linux Fundamentals Crash Course

 Introduction to command prompt
 Accessing system & Network Related commands
 Ip Config & Bridge network
 Linux file system and Structure
 Introduction to root
 Absolute and relative paths
 Directory listing attributes
 Playing with file and directories
 Different file types in Linux
 Wildcard commands
 Understanding files and Directory permissions
 File permission commands
 Help commands, auto completion and arrow keys
 Piping process
 Linux file editors
 Switching user with sudo module
 System utility commands (Date, Uptime, Hostname, Uname etc)
 Installing softwares
 Github clone to run tools
 Compiling python
 Compiling java
Core fundamentals for web pentesting
 What is an Ip address?
 What is protocol? HTTP & HTTPS
 Subdomain & Domain name
 What are ports?
 Path & Query component in URL
 Parameters and Fragment
 Explaining verbs, What is GET method?
 What is Post Method?
 What is Put Method?
 Delete & Head Method
 Connect & Options
 Trace & Patch
 How does an API works?
 HTTPS Status code part 1
 HTTPS Status code part 2

Complete Burpsuite module training

 What is Burp Suite?
 Burp CA Certificate for SSL/TLS
 Burp Project Type : New, Existing & Temp
 Burp Suite Proxy
 Burpsuite Intruder
 Burpsuite Scanner
 Burp suite Repeater
 Burp Suite Sequencer
 Burp Suite Decoder
 Burp Suite Comparer
 What are Payloads? Simple List, Runtime file, Custom iterator
 Payload type : Character Substitution, Case Modification, Recursive grep
 Payload Type : Illegal Unicode, Character Blocks, Numbers
 Payload Types : Dates, Brute Forcer, Null Payloads, Character Frobber
 Payload types : Bit Flipper, Username Generator, ECB Block Shuffler
 Burp Suite Extender
 Burp Suite Extensions
 BApp Store
 Burp Suite APIs
 Burp Suite Options
 Engagement Tools
 Http History Analyser
 Connect Burp to Android for Testing Android Apps

Reconnaissance Methodology
 DNS Records with Virustotal
 HTTP Status Recon
 Subdomain enumeration
 Aquatone
 Shodan Research
 Directory Bruteforcing
 Digging into the past with WayBack Machine
 Certificate Transparency Crt
 Wappalyzer for Technology Identification
 Netcraft Active Cyber Defence
Getting started with Testing environment
 What is DVWA?
 Getting started by Creating Database & User for lab
 Configuring DVWA
 DVWA Error Solving

Brute force & Command Injection

 Brute force technique part 1
 Brute force technique part 2
 What is Command Injection & CI Low level breach
 Command Injection: Breaching Medium Level Security
 Command Injection: Breaching High Level Security
 Command Injection Mitigation & Secure Code writing logic
 Remote Code Execution Incident Report Study

Insecure Session Management & Cookie Manipulating Flaw

 Insecure Session Management & Cookie Manipulating Flaw
 Insecure JSON Parsing

Cross Site Request Forgery

 What is Cross Site Request Forgery? CSRF Part 1
 CSRF: Part 2 (Designing Custom CSRF Form)
 CSRF: Execution of Custom form and Mitigation Technique
 CSRF: Automated form via Burpsuite
 CSRF Incident Report Study

File Upload Vulnerability

 What is File Upload Vulnerability? Breaching Low Level
 Breaching Medium Level
 Breaching High Level & Mitigation
 File Upload Incident Report Study

File Inclusion Vulnerability

 Local & Remote File Inclusion (Low Level)
 LFI & RFI (Medium & High Level)
 LFI & RFI Incident Report Study
SQL Injection
 SQL Injection Master Lab & What is Database?
 SQL Fundamentals
 What is ID, Joining & Breaking the query in SQL
 Selecting Vulnerable Column & Fetching Database Name
 Dumping Database

Boolean Based & SQL Automation

 Boolean Based Queries & Fundamentals
 Boolean Based demonstration
 Automation With SQL Map

Cross Site Scripting

 Reflecting XSS
 Stored XSS
 Dom Bases XSS
 Exploring Innovative method for executing XSS via Case Studies

Increasing Difficulty with WebGoat

 Gathering Pre-Requisites for Webgoat
 Configuring Webgoat in Windows

Token Exploitation
 What is JSON Web Token? (JWT)
 JWT : JSON Web Token Hijacking with SQL Injection
 JWT Payment Gateway Manipulation

Password Reset EndPoint

 Password Reset Endpoint
 Creating and Exploiting Password Reset Link

Path Traversal
 Path Traversal - Bypass File Upload Fix 1
 Path Traversal - Bypass File Upload Fix 2
 Path Traversal - Retrieving Files

SQL String Based

 String SQL Injection Part 1
 String SQL Injection Part 2
 Delete Data & Retrieve Data from Tables
 SQL Login Attack

HTML Tempering & XXE

 HTML Tampering explained with Execution
 XXE : What is XXE Injection?
 XXE Injection Content Type Manipulation
 Blind XXE Injection
Insecure Direct Object Reference
 What is IDOR?
 Data Extraction via IDOR
 Account Hijacking via IDOR

Advance CSRF & SSRF

 Login CSRF
 SSRF Explained
 SSRF - Request Manipulation to display User

Bonus Attacks
 Vulnerable Components - Exploiting CVE
 Meta Data Sanitization
 Client-Side Filtering

Wireshark
 OSI Model Layer
 Split of Concentration
 Application layer
 Presentation Later
 Session layer
 Top Layer vs
 Transport Layer
 Network Layer
 Data link Layer
 Physical Layer
 Host Communication
 Encapsulation
 TCPIP vs OSI Model
 Wireshark Filters & Data Capture

Nmap
 Nmap Basics, Target Specification & Port States
 Nmap Scanning & Ping Scanning
 Nmap Scan Techniques with SYN, Connect, UDP, SCTP, TCP, ACK &
Window
 Nmap Scan Techniques Part 2 : Null, Fin, XMAS, Maimon, IDLE Scan &
IP Protocol
 Nmap Performance, Firewall & IDS Evasion
Exploits
 What is metasploit?
 How port scanning can help us in exploiting machines?
 How to Configure Exploits?
 Executing Eternal Blue exploit on Windows Machine
 Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3
 Microsoft Windows 10 (1903/1909) - 'SMBGhost' SMB3
Forensics
 Analysis - Registry, Email and Browser Artifacts
 Analysis - PDF Files and Page Files
 Malware File Analysis
 USB Forensics - Detection and Investigation
 Meta Data Analysis - MS Office Files
 Meta Data Analysis - Image Files
 Memory Forensics using FTK Imager and Volatility3 tool overview
 Volatility3 - Memory File Analysis and Infected system file

Final Module
 Pentsting with Automated tools : Owasp Zap
 Httrack & Wpscan
 What is Accunetix?
 Accunetix Practical Scanning
 How to Make POC (Proof of Concept)
 How to make a VAPT (Vulnerability Assessment & Penetration Testing
Report) report : Part 1
 VAPT Part 2
 How to get Job Ready and CV guide
 What to learn next?
 Final Closure

Interview Prep
 Mock Interview: Level 1
 Mock Test Paper (Practical Skill Based): Level 2
 Group Discussion Round: Level 3
 Resume Building

Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming
From Everand
Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming
Matthew Hickey
3/5 (3)
Blockchain Unconfirmed Transaction Hack Script
100% (2)
Blockchain Unconfirmed Transaction Hack Script
4 pages
Gerenciador de Cpe Genieacs
No ratings yet
Gerenciador de Cpe Genieacs
15 pages
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
100% (1)
67Hrs - The Complete Cyber Security Bundle - Beginner To Advanced
6 pages
Advance Ethical Hacking Course Contents Updated
No ratings yet
Advance Ethical Hacking Course Contents Updated
11 pages
CCST EH WAP Course Modules
No ratings yet
CCST EH WAP Course Modules
9 pages
Visual Basic R 6 0 Internet Programming.9780471314981.28786
No ratings yet
Visual Basic R 6 0 Internet Programming.9780471314981.28786
406 pages
Ethical Hacking Modules
No ratings yet
Ethical Hacking Modules
21 pages
Usenixsec 05
No ratings yet
Usenixsec 05
36 pages
Mastering Metasploit
From Everand
Mastering Metasploit
Nipun Jaswal
No ratings yet
Ethical Hacking and Cyber Security - IIT Roorkee
No ratings yet
Ethical Hacking and Cyber Security - IIT Roorkee
4 pages
Cybersecurity
No ratings yet
Cybersecurity
10 pages
Application Security Penetration Testing
No ratings yet
Application Security Penetration Testing
1 page
Advance Penetration Testing Kali Linux Training
0% (1)
Advance Penetration Testing Kali Linux Training
4 pages
CICSA Brochure
100% (1)
CICSA Brochure
32 pages
Ethical Hacking Online Course Brochure
No ratings yet
Ethical Hacking Online Course Brochure
8 pages
Cybersecurity Roadmap (Offensive + Defensive)
No ratings yet
Cybersecurity Roadmap (Offensive + Defensive)
15 pages
Red Team
No ratings yet
Red Team
10 pages
Ben Clark, Nick Downer - RTFM_ Red Team Field Manual v2-Independently Published (2022)
No ratings yet
Ben Clark, Nick Downer - RTFM_ Red Team Field Manual v2-Independently Published (2022)
204 pages
Download Complete Kali Linux 2 Assuring Security by Penetration Testing Third Edition Gerard Johansen Lee Allen Tedi Heriyanto Shakeel Ali PDF for All Chapters
100% (5)
Download Complete Kali Linux 2 Assuring Security by Penetration Testing Third Edition Gerard Johansen Lee Allen Tedi Heriyanto Shakeel Ali PDF for All Chapters
65 pages
BurpSuite Pro Presentation X
No ratings yet
BurpSuite Pro Presentation X
34 pages
Web Penetration Testing Roadmap (1)
No ratings yet
Web Penetration Testing Roadmap (1)
11 pages
ECSA Course Outline
No ratings yet
ECSA Course Outline
27 pages
Contents
No ratings yet
Contents
7 pages
Digital Pakistan Cybersecurity Hands-On Training - Day 2
No ratings yet
Digital Pakistan Cybersecurity Hands-On Training - Day 2
49 pages
Icc
No ratings yet
Icc
14 pages
A Closer Look On C&C Panels: Seminar On Practical Security Tandhy Simanjuntak
No ratings yet
A Closer Look On C&C Panels: Seminar On Practical Security Tandhy Simanjuntak
39 pages
Immediate download CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001) 1st Edition ebooks 2024
100% (3)
Immediate download CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001) 1st Edition ebooks 2024
65 pages
Prof - Cyber Security - Course Content
No ratings yet
Prof - Cyber Security - Course Content
34 pages
OWASP Asia 2008 Steven
No ratings yet
OWASP Asia 2008 Steven
58 pages
Web Penetration Testing Roadmap
No ratings yet
Web Penetration Testing Roadmap
7 pages
Burp Suit Tips
67% (3)
Burp Suit Tips
105 pages
Immediate download CompTIA PenTest Study Guide Exam PT0 002 2nd Edition David Seidl ebooks 2024
100% (9)
Immediate download CompTIA PenTest Study Guide Exam PT0 002 2nd Edition David Seidl ebooks 2024
37 pages
Network Security
No ratings yet
Network Security
59 pages
Contents
No ratings yet
Contents
9 pages
Web API Development for the Absolute Beginner 1st Edition Irina Dominte instant download
No ratings yet
Web API Development for the Absolute Beginner 1st Edition Irina Dominte instant download
54 pages
Instant Download Gray Hat C A Hacker S Guide To Creating and Automating Security Tools 1st Edition Brandon Perry PDF All Chapter
100% (4)
Instant Download Gray Hat C A Hacker S Guide To Creating and Automating Security Tools 1st Edition Brandon Perry PDF All Chapter
62 pages
burpsuit handson part1,2,3,4,5(thoery) - Copy (2)
No ratings yet
burpsuit handson part1,2,3,4,5(thoery) - Copy (2)
5 pages
Burp Suite Training Guide(thoery)
No ratings yet
Burp Suite Training Guide(thoery)
6 pages
Session 3
No ratings yet
Session 3
63 pages
EC-Council - Certified Security Analyst: Course Introduction Student Introduction
No ratings yet
EC-Council - Certified Security Analyst: Course Introduction Student Introduction
30 pages
Bruteforce With Selenium, XXE Through Request Smuggling
No ratings yet
Bruteforce With Selenium, XXE Through Request Smuggling
16 pages
Category Sub-Category Status: Pre-Scan Analysis
No ratings yet
Category Sub-Category Status: Pre-Scan Analysis
53 pages
PYTHON04 Nikos Kapetanos Build An IoT SaaS Using Python
No ratings yet
PYTHON04 Nikos Kapetanos Build An IoT SaaS Using Python
33 pages
Interview Questions
No ratings yet
Interview Questions
4 pages
SAMARX
No ratings yet
SAMARX
59 pages
PDF
100% (1)
PDF
444 pages
[FREE PDF sample] CompTIA PenTest Study Guide Exam PT0 002 2nd Edition David Seidl ebooks
100% (4)
[FREE PDF sample] CompTIA PenTest Study Guide Exam PT0 002 2nd Edition David Seidl ebooks
37 pages
New Brochure - Apt
No ratings yet
New Brochure - Apt
10 pages
Certified Information Security Expert (CISE Level 1 v2) Detailed Course Module
No ratings yet
Certified Information Security Expert (CISE Level 1 v2) Detailed Course Module
18 pages
Dot Net
No ratings yet
Dot Net
29 pages
Cyber Security
No ratings yet
Cyber Security
3 pages
Learn Web Application Penetration Testing - Codelivly
No ratings yet
Learn Web Application Penetration Testing - Codelivly
14 pages
Edit Screenshot 2024
No ratings yet
Edit Screenshot 2024
20 pages
Course Overview - Cyber Security
No ratings yet
Course Overview - Cyber Security
2 pages
Group Dwndnew - Syllabus
No ratings yet
Group Dwndnew - Syllabus
26 pages
Web security tools and methodologie
No ratings yet
Web security tools and methodologie
4 pages
Hack2Secure Web Application Security Testing Workshop LiveOnline
No ratings yet
Hack2Secure Web Application Security Testing Workshop LiveOnline
5 pages
Buy ebook Web API Development for the Absolute Beginner 1st Edition Irina Dominte cheap price
100% (4)
Buy ebook Web API Development for the Absolute Beginner 1st Edition Irina Dominte cheap price
50 pages
Visual Basic 6.0 Internet Programming
100% (1)
Visual Basic 6.0 Internet Programming
406 pages
burpsuit handson part1,2,3,4,5(thoery) - Copy
No ratings yet
burpsuit handson part1,2,3,4,5(thoery) - Copy
5 pages
The Art of Mac Malware, Volume 1: The Guide to Analyzing Malicious Software
From Everand
The Art of Mac Malware, Volume 1: The Guide to Analyzing Malicious Software
Patrick Wardle
4/5 (1)
Ims SBC Paper
No ratings yet
Ims SBC Paper
13 pages
Cits RPL Certificate Vishwanath
100% (1)
Cits RPL Certificate Vishwanath
1 page
Cyber Security Incident Report
No ratings yet
Cyber Security Incident Report
16 pages
Social Delima Slides
No ratings yet
Social Delima Slides
12 pages
Identity Server 4
No ratings yet
Identity Server 4
238 pages
Online Provider of 15-Hour Theoretical Driving Course
0% (1)
Online Provider of 15-Hour Theoretical Driving Course
9 pages
EasyOutsource Audit - Presentation
No ratings yet
EasyOutsource Audit - Presentation
26 pages
E-Commerce CH 3 (Part 3)
No ratings yet
E-Commerce CH 3 (Part 3)
33 pages
GlobalProtect Admin Guide v6.0
No ratings yet
GlobalProtect Admin Guide v6.0
180 pages
Web Client - Quick Start 7.20
No ratings yet
Web Client - Quick Start 7.20
56 pages
January in A Nutshell: FREE Lesson Plan
No ratings yet
January in A Nutshell: FREE Lesson Plan
3 pages
Divi - The Ultimate WordPress Theme & Visual Page Builder
No ratings yet
Divi - The Ultimate WordPress Theme & Visual Page Builder
64 pages
LESSON 4 - Imaging and Design For Online Environment
100% (1)
LESSON 4 - Imaging and Design For Online Environment
26 pages
Hehe
No ratings yet
Hehe
34 pages
Automation Final Edit
No ratings yet
Automation Final Edit
14 pages
Eset Keys 16 June Vmtricks
No ratings yet
Eset Keys 16 June Vmtricks
3 pages
Sample of Technical Report
No ratings yet
Sample of Technical Report
8 pages
Multi-Cloud Red Team - Pt.1: Joas Antonio
No ratings yet
Multi-Cloud Red Team - Pt.1: Joas Antonio
18 pages
Zendesk Integration Manual ENG
No ratings yet
Zendesk Integration Manual ENG
8 pages
Resume Sample
No ratings yet
Resume Sample
1 page
Chapter 01
No ratings yet
Chapter 01
19 pages
UAV-assisted Distributed Blockchain Technology To Secure The IoTs From DDoS
No ratings yet
UAV-assisted Distributed Blockchain Technology To Secure The IoTs From DDoS
2 pages
Fortigate Ha 56 PDF
100% (1)
Fortigate Ha 56 PDF
305 pages
A Detailed Analysis of The Gafgyt Malware Targeting IoT Devices
No ratings yet
A Detailed Analysis of The Gafgyt Malware Targeting IoT Devices
38 pages
TCU To DUG CABLE
No ratings yet
TCU To DUG CABLE
1 page
Contacts PDF
100% (1)
Contacts PDF
2 pages
Exercises 4 (Repaired)
No ratings yet
Exercises 4 (Repaired)
4 pages
Ericsson - Guide To 5G Network Security
100% (1)
Ericsson - Guide To 5G Network Security
20 pages