19

Lessons

120h

Duration

English

Language

OBJECTIVE

Upon completion of all three modules, students will have a thorough understanding of
penetration testing and red teaming, equipped with practical experience in using advanced tools and techniques.

Learning Path

MODULE 1 - Beginner

Introduce students to basic penetration testing concepts, methodologies, and tools.

  • What is Penetration Testing?
  • Differences Between Penetration Testing and Red Teaming
  • Legal and Ethical Considerations
  • Penetration Testing Methodologies (OSSTMM, PTES, OWASP)
  • Virtualization and Lab Setup (VMware, VirtualBox)
  • Introduction to Kali Linux
  • Installing and Configuring Security Tools
  • Setting Up a Target Environment (Metasploitable, DVWA)
  • Passive vs. Active Reconnaissance
  • Open Source Intelligence (OSINT)
  • Network Scanning and Enumeration (Nmap, Netcat)
  • Web Reconnaissance (Whois, Shodan)
  • Identifying Vulnerabilities
  • Using Vulnerability Scanners (Nessus, OpenVAS)
  • Manual Vulnerability Analysis
  • Prioritizing Vulnerabilities
  • Exploitation Fundamentals
  • Exploit Development Basics
  • Introduction to Metasploit Framework
  • Gaining Initial Access
  • Maintaining Access
  • Privilege Escalation Techniques
  • Covering Tracks
  • Writing Penetration Testing Reports
  • Conducting Reconnaissance on a Target Network
  • Performing Vulnerability Scans
  • Basic Exploitation using Metasploit
  • Post-Exploitation Tasks and Cleanup

MODULE 2 - intermediate

Build on foundational knowledge and delve deeper into advanced penetration
testing techniques and tools.

  • Bypassing Firewalls and Intrusion Detection Systems (IDS)
  • Network Sniffing and Traffic Analysis (Wireshark, tcpdump)
  • Man-in-the-Middle (MITM) Attacks
  • Exploiting Network Services (SMB, RDP)
  • Deep Dive into OWASP Top 10
  • SQL Injection and Cross-Site Scripting (XSS)
  • Session Hijacking and Cross-Site Request Forgery (CSRF)
  • Web Application Firewalls (WAF) Evasion Techniques
  • Wireless Network Fundamentals
  • Wi-Fi Encryption and Authentication
  • Cracking Wireless Networks (WEP, WPA/WPA2)
  • Attacking Wireless Clients
  • Principles of Social Engineering
  • Phishing and Spear Phishing Attacks
  • Pretexting and Impersonation Techniques
  • Physical Security and Red Teaming
  • Buffer Overflow Exploits
  • Shellcode Development
  • Exploiting Web and Network Applications
  • Advanced Metasploit Techniques
  • Advanced Privilege Escalation
  • Lateral Movement Techniques
  • Persistence Mechanisms
  • Data Exfiltration Methods
  • Advanced Network and Web Application Testing
  • Exploiting Wireless Networks
  • Conducting Social Engineering Campaigns
  • Developing and Using Custom Exploits

MODULE 3 - ADVANCED

Equip students with the skills and knowledge required to conduct comprehensive
red team operations and sophisticated penetration tests.

  • Differences Between Red Teaming and Penetration Testing
  • Red Team Planning and Execution
  • Understanding Blue Team Tactics
  • Developing Red Team Strategies
  • Simulating Advanced Persistent Threats (APTs)
  • Adversary Emulation
  • Using Threat Intelligence in Red Teaming
  • Custom Attack Simulations
  • Evading Modern Security Solutions (EDR, SIEM)
  • Advanced Anti-Forensics Techniques
  • Bypassing Two-Factor Authentication (2FA)
  • Exploiting Misconfigurations in Cloud Environments
  • Developing Custom Tools and Scripts
  • Automation in Red Team Operations
  • Using Programming Languages (Python, PowerShell)
  • Leveraging Existing Tools (Empire, Cobalt Strike)
  • Working in Red Teams
  • Effective Communication with Stakeholders
  • Comprehensive Reporting Techniques
  • Developing Actionable Recommendations
  • Purple Teaming Concepts
  • Coordinating with Blue Teams
  • Sharing Intelligence and Insights
  • Improving Organizational Security Posture
  • Real-World Red Team Engagement Simulation
  • Full Scope Penetration Testing
  • Developing and Delivering a Red Team Report
  • Peer Review and Presentation