Enhance your penetration testing skills to better protect your organization!
The Power Behind Industry Leaders
About Training
Penetration Testing Training is a comprehensive corporate program designed to equip participants with the knowledge of penetration testing methodologies, cyberattack techniques, up-to-date tools, and hands-on experience.
Throughout the course, theoretical knowledge is reinforced with practical exercises, aiming to identify potential vulnerabilities within the organization and secure critical assets against these weaknesses.
By the end of the training, participants will gain the necessary skills to perform penetration tests using globally recognized methodologies. They will also be prepared to take certification exams such as SANS, GPEN, or CEH.
The training is scheduled on weekdays and completed within 5 days. Upon completion, participants receive a wet-signed Privia Security Certificate of Participation
Prerequisites for the Training
Participants are expected to possess certain foundational skills to successfully complete the training. These prerequisites are defined to ensure the training process is efficient and productive:
Basic knowledge of information technology and cybersecurity concepts
Basic understanding of the Windows operating system
Familiarity with Linux or other Unix-based operating systems
Fundamental understanding of TCP/IP protocols
Willingness to learn ethical hacking and receive penetration testing training
Programming knowledge (not mandatory)
Who Should Attend the Training?
Our corporate training program is designed for professionals seeking hands-on training to specialize in cybersecurity.
Information security specialists
Network engineers
Security analysts
Cybersecurity consultants
IT professionals conducting internal penetration tests
Experts aiming to perform professional penetration testing
Curriculum
- 5 Sections
- 113 Lessons
- 5 Days
- Definitions: Threat, Vulnerability, Risk, ExposureAttack Types: Active Attack, Passive Attack, Insider Attack, Outsider Attack Concept of Ethical Hacking and Penetration Testing Types of Ethical Hacking and Penetration Testing: Network Security Testing, Web Application Testing, Client-side Testing, Wireless Security Testing Limitations of Ethical Hacking and Penetration Testing Approaches Alternative Approaches to Identifying Security Vulnerabilities Overview of Testing Methodologies: OSSTMM, NIST 800-42, OWASP, Penetration Testing Framework Ethical Hacking Tools and Exploit Resources Test Environments and Important Considerations During Testing Overview of Ethical Hacking and Penetration Testing Steps Scope and “Rules of Engagement” in Ethical Hacking and Penetration Tests Test Phases to Be Applied During Ethical Hacking and Penetration Tests Reporting Process: Mandatory Information and Critical Points in the Final Report Legal Considerations to Keep in Mind During Testing First Step in Ethical Hacking and Penetration Testing: Information Gathering Asset Enumeration Within Scope Gathering Information via Search Engines and the Web Using Whois IP Block Allocations and Regional Internet Registries (ARIN, RIPE, etc.) DNS Information Gathering (nslookup, Recurse/No-recurse Queries, Dig, Zone Transfer) Information Gathering with Maltego Google Hacking and GHDB (Google Hacking Database)22
- 1.1Attack Types: Active Attack, Passive Attack, Insider Attack, Outsider Attack
- 1.2Concept of Ethical Hacking and Penetration Testing
- 1.3Types of Ethical Hacking and Penetration Testing: Network Security Testing, Web Application Testing,
- 1.4Client-side Testing, Wireless Security Testing
- 1.5Limitations of Ethical Hacking and Penetration Testing Approaches
- 1.6Alternative Approaches to Identifying Security Vulnerabilities
- 1.7Overview of Testing Methodologies: OSSTMM, NIST 800-42, OWASP, Penetration Testing Framework
- 1.8Ethical Hacking Tools and Exploit Resources
- 1.9Test Environments and Important Considerations During Testing
- 1.10Overview of Ethical Hacking and Penetration Testing Steps
- 1.11Scope and “Rules of Engagement” in Ethical Hacking and Penetration Tests
- 1.12Test Phases to Be Applied During Ethical Hacking and Penetration Tests
- 1.13Reporting Process: Mandatory Information and Critical Points in the Final Report
- 1.14Legal Considerations to Keep in Mind During Testing
- 1.15First Step in Ethical Hacking and Penetration Testing: Information Gathering
- 1.16Asset Enumeration Within Scope
- 1.17Gathering Information via Search Engines and the Web
- 1.18Using Whois
- 1.19IP Block Allocations and Regional Internet Registries (ARIN, RIPE, etc.)
- 1.20DNS Information Gathering (nslookup, Recurse/No-recurse Queries, Dig, Zone Transfer)
- 1.21Information Gathering with Maltego
- 1.22Google Hacking and GHDB (Google Hacking Database)
- Scanning Phase and Types of Scans24
- 2.1Tips for the Scanning Stage
- 2.2Use of Sniffers During Scanning, Advantages, and tcpdump
- 2.3Network Scanning Tools (Angry IP and ICMPQuery)
- 2.4Network Trace and Usage of Traceroute
- 2.5Network Scanning with Hping
- 2.6Port Scanning
- 2.7Introduction to Advanced Port Scanning Techniques with Nmap (Packet Trace, Timing, Ping, Traceroute Features)
- 2.8Basic Features of TCP and UDP and Their Impact on Port Scanning
- 2.9TCP Port Scanning Methods with Nmap (Connect Scan, SYN Scan, ACK Scan, FTP Bounce Scan)
- 2.10UDP Port Scanning with Nmap
- 2.11Operating System Detection
- 2.12Active and Passive Methods for OS Detection
- 2.13Version Scanning
- 2.14Version Detection with Amap
- 2.15Vulnerability Scanning
- 2.16Approaches to Vulnerability Scanning
- 2.17Overview of Nmap Scripting Engine (NSE)
- 2.18NSE Script Categories
- 2.19Using NSE
- 2.20Vulnerability Scanning with Nessus
- 2.21Nexpose Installation and Configuration
- 2.22Vulnerability Scanning with Nexpose
- 2.23Overview of Other Vulnerability Scanning Tools
- 2.24User Account Enumeration (via Windows Null Session, Finger, LDAP)
- Exploitation & Privilege Escalation20
- 3.1What is an Exploit?
- 3.2Exploit Categories
- 3.3Server-side Exploits
- 3.4Client-side Exploits
- 3.5Local Privilege Escalation
- 3.6Introduction to Metasploit
- 3.7Metasploit Modules
- 3.8Exploits
- 3.9Payloads
- 3.10Stagers
- 3.11Non-Metasploit Exploits
- 3.12Details of Meterpreter
- 3.13Shell and Terminal Access Dilemma: Issues and Solutions
- 3.14Relay Scenarios with Netcat
- 3.15Post-Exploitation Activities
- 3.16Gathering Additional Data from the Compromised System
- 3.17Remote Command Execution Methods on Windows Systems
- 3.18Using psexec, at, schtasks, sc, wmic
- 3.19Advanced Windows Command-Line Techniques for Ethical Hacking and Penetration Testing
- 3.20Client-Side Exploits: Techniques and Practical Examples for Gaining Access
- Password Attacks24
- 4.1Introduction to Password Cracking and Guessing Techniques
- 4.2Tips for Effective Password Attacks
- 4.3Account Lockout Scenarios in Windows and Linux (Account Policy and PAM)
- 4.4Password Guessing with THC-Hydra
- 4.5Using Pw-inspector
- 4.6Password Hash Formats
- 4.7Password Formats in Windows SAM Database
- 4.8Password Formats in Active Directory
- 4.9NT Hash Algorithm
- 4.10LANMAN Hash Algorithm
- 4.11Challenge/Response Mechanisms in Windows Networks
- 4.12LANMAN Challenge/Response
- 4.13NTLMv1 Challenge/Response
- 4.14Microsoft Kerberos Authentication
- 4.15NTLMv2 Challenge/Response
- 4.16Extracting Password Hashes
- 4.17Password Formats in Linux and Unix Systems
- 4.18Using Pwdump6, Fgdump, and Metasploit Priv Modules
- 4.19Configuration File and Cracking Modes
- 4.20John the Ripper
- 4.21john.pot and john.rec Files
- 4.22Patches, Speed Optimizations, and Distributed Cracking with John
- 4.23Cain as a Password Cracking Tool
- 4.24Cain’s Sniffer Capabilities
- Wireless Networks & Web Applications23
- 5.1Wireless Network Vulnerabilities
- 5.2Hardware Selection for Wireless Security Testing (Wi-Fi Cards, Antennas, GPS)
- 5.3Wireless Network Fundamentals (802.11 b/g Channels, SSID, 802.11 Handshake Steps)
- 5.4Wireless Network Detection Methods (Managed/Monitor Interface Modes)
- 5.5Sniffer Usage in Wireless Networks
- 5.6Wireless Sniffing with Kismet
- 5.7Wireless Discovery with NetStumbler and Cain
- 5.8SSID Cloaking Techniques
- 5.9Cryptographic Attacks on Wireless Networks
- 5.10Wired Equivalent Privacy (WEP): Basics, Operation, and Weaknesses
- 5.11Wi-Fi Protected Access (WPA)
- 5.12Attack Tools for WPA1 and WPA2
- 5.13Aircrack-ng Suite
- 5.14Dictionary Attacks with CoWPAtty
- 5.15Wireless Client Attacks (Airpwn, AirJack, Karma, Karmasploit)
- 5.16Web Applications
- 5.17Introduction to Web Applications
- 5.18Web Server Vulnerabilities and Nikto Scanning Tool
- 5.19Manual Confirmation Examples of Nikto Findings
- 5.20Paros Proxy and Its Features (HTTP Request/Response Capture, Vulnerability Scanning, Request Editor, Hash Calculator)
- 5.21Injection Attacks
- 5.22Cross Site Request Forgery (XSRF)
- 5.23Cross-Site Scripting Attacks (Reflected and Stored XSS)
