Course Outline:

Day-1. The Technical Foundation of Ethical Hacking Professional

o Overview of Ethical Hacking
o How to become an Ethical Hacker
o Essential Knowledge Area for Ethical Hacking
o Introduction to IT Infrastructure:
o Computer & Server Systems
o Network & Network Devices
o Software Systems
o Domain & Domain Hosting
o Web Services & Web Server
o Database & Database Server
o Virtualization and Cloud Platforms
o Malware Fundamentals, etc.

 

Day-2. Home Lab Setup (Virtual)

o Hardware Requirement: Minimum Processor Corei3, RAM 8GB, HDD 512GB
o Installing Oracle Virtual Box or VMWare or Both
o Installing Kali Linux or Parrot Linux or Both
o Vulnerable Windows XP
o Vulnerable Metasploitable-2 (Linux)
o Vulnerable Metasploitable-3 (Windows Server2008R2)
o Vulnerable Metasploitable-3 (Linux Ubuntu)
o OWASP Broken Web Application
o Mr. Robot (Vulnerable WordPress Site)
o Vulnerable Web Application
o Many more Vulnerable Lab
» Lab: Demo Practical

 

Day-3. Introduce Linux, Linux Distributions, Installation, and Command Syntax

o Introduction to Linux Distributions
o Introducing Linux Directories
o Special Introduction with Kali Linux & Parrot_Sec_OS
o Execute & Learn Linux Command
o Gather Systems Information
o Login Users’ information
o File & Folder creation, copy, delete, rename, move, etc.
o Read, Print & See the Listing Contents of the Directory
o Usage Zip, bzip2, gzip & tar for Compressing & Decompressing File & Folder
o Usage find, locate, & which
» Lab: Demo Practical

 

Day-4. Execute and Learn Linux Command and Directory, and File Permission

o User creation, deletion, and password changing.
o Filter & Grep
o Count, Short & Unique
o Service status, start & stop
o Package, Software & Application Install, uninstall & Upgrade
o Database, Repository & System Package upgrade
o File & Folder Permission
o Octal mode permission
o Symbolic mode permission
» Lab: Demo Practical

Day-5. The Technical Foundations of Ethical Hacking

o Introduction to Cybersecurity Concepts
o Historical Cyber Attacks
o Concept of Vulnerability, Threat, Risk, and Impact
o Information Security Principles (CIA Triad)
o Key Elements of Information Security
o Cyber Kill Chain & Attack Methodology
o Security Controls and Hacker Types
o Types of Penetration Testing
o VAPT Lifecycle and Methodologies
o Scope and Approach of VAPT
o Industry Frameworks and Standards
o Benefits of VAPT
o Reporting and Deliverables
» Lab: Demo Practical

 

Day-6. Cryptography, Encryption & Decryption Algorithm

o Overview of Cryptography
o Cryptography Algorithms Classification
o Hash Function
o Symmetric Key Cryptography
o Asymmetric Key Cryptography
o Private & Public Key Encryption
o Encryption & Decryptions Processes
» Lab: Demo Practical

 

Day-7. Footprinting

o Introduction to Footprinting
o Overview of Information Gathering Process
o Tools for Reconnaissance: Nmap, Active Scanners, nslookup, DNSRecon, etc.
o Network Range Discovery and Active Host Identification
o Port Scanning (TCP/UDP) and OS Fingerprinting
o Identifying open port, Protocol, and Version
o Web Application Footprinting Concepts and Types
o Footprinting Methodology and OSINT Framework
o Footprinting through Google hacking Techniques
o Subdomain Discovery (e.g., Sublist3r, Amass)
o Domain and Email Footprinting (e.g., whois, hunter.io)
o Banner Grabbing (e.g., Whatweb, Wappalyzer)
o Enumeration Concepts and Process
o DNS Enumeration (e.g., nslookup, dig)
» Lab: Demo Practical

 

Day-8. Enumeration and Vulnerability Assessment

o Introduction to Enumeration
o Service, Port, OS, Application, etc. Enumeration
o DNS, NetBIOS, SMB, SMTP, Windows, Linux, NNMP Enumeration
o Introduction to Vulnerability Assessment
o Vulnerability Assessment: Research and Analysis
o Tools: Nmap, smbclient, Linux4Enum, nbtscan, Nikto, Nessus, Acunetix, Burp Suite, etc.
o Applying Research Methods to Analyze Industry Trends and Enterprise Impact
o Severity Rating Criteria and CVSS Overview
o CVSS Scoring: Range and Calculation
o Understanding and Using CVE Information
» Lab: Demo Practical

 

Day-9. Network/Systems Hacking and Penetration Testing

o Hacking Lifecycle and System Exploitation Concepts
o Exploits, Payloads, and Shell Types (Bind & Reverse Shell)
o Introduction of Exploit tools: Metasploit Framework
o Exploiting Windows SMB Service for System Access
o Dumping Windows user password Hashes
o Extracting and Cracking the Hashes to Plain Text (Tools: Hashcat)
» Lab: Demo Practical (System Penetration Testing)

 

Day-10. Network/Systems Hacking and Penetration Testing (Continued)

o Windows Services Penetration Testing
o Exploiting Windows Server Applications
o Windows Privilege Escalation Techniques
o APTs and Backdoor Creation for Persistent Access (Maintaining Access)
o Linux Exploitation via FTP and Samba Services
o Dumping Linux user password Hashes
o Extracting and Cracking Linux password to Plain Text (Tools: John the ripper)
» Lab: Demo Practical

 

Day-11. Network/Systems Hacking and Penetration Testing (Continued)

o Linux Systems Penetration Testing Overview
o SSH Brute Force Attacks via Command Line
o Exploiting ProFTPD Services
o Linux Kernel Exploitation
o Linux Privilege Escalation Techniques
» Lab: Demo Practical

 

Day-12. Web Server Penetration Testing, Web Applications, and Database Attacks

o Web Application Fundamentals
o Concept of Web Application Architecture and Workflow
o HTTP Protocol, Request, and Method
o HTTP Status Code
o Web Application Hacking Life Cycle
o OWASP Top-10 Web Security Risks
o Broken Access Control: IDOR, Authentication Bypass, and Privilege Escalation
o Cryptographic Failures Vulnerability Identification and Demonstration
o Broken Access Control: IDOR, Authentication Bypass, and Privilege Escalation
o SQL Injection: Detection (Error-Based, Blind), Payload Execution, and Login Bypass
o SQL Vulnerability, Exploit by SQLMAP and Access the SQL Database
» Lab: Demo Practical

 

Day-13. Web Server Penetration Testing, Web Applications, and Database Attacks (Continue)

o Insecure Design: Brute-force Login Attack using Burp Suite
o Security Misconfiguration: XXE Exploitation to Access System Files
o Vulnerable & Outdated Components: XSS Exploitation
o Identification & Authentication Failures: Session Hijacking and Access Control
» Lab: Demo Practical

 

Day-14. Web Server Penetration Testing, Web Applications, and Database Attacks (Continue)

o Software and data integrity failures: Demonstration DDoS Attack
o Security Logging & Monitoring Failures: Practical Demonstration
o SSRF (Server-Side Request Forgery): Identification and Exploitation
o Exploitation of Virtual Web Servers and Web Applications
» Lab: Demo Practical

 

Day-15. International Lab Introduction for Building Skills and Professional Report Writing.

o Guidelines for Building Skills in Network, System, and Web Penetration Testing
o Introduction to International Practice Labs
o Practical Demos: Network, System, and Web Penetration Testing in Lab Environments
o Prepare a complete, comprehensive VAPT professional report.
o Executive Summary Report
o Details Technical Report
» Lab: Demo Practical