Module-1 Assessment Methodology
• Information Gathering (Reconnaissance)
• Locate Endpoints on a Network
• Footprinting and Scanning
• Detect open ports and services available on a target.
• Determine the operating system used by the target.
• Extract company-related information from publicly available sources.
• Collect email addresses from public sources.
• Gather technical details and information from publicly accessible sources.
• Enumeration
• Extract network-related data from files located on the target system.
• Collect system-specific information from the target.
• Retrieve user account details present on the target system.
• Vulnerability Assessment
• Recognize vulnerabilities present within services.
• Assess and determine the criticality or impact of identified vulnerabilities based on available information.
Module-2 Network and Host Auditing
• Auditing Fundamentals
• Network Auditing
• Host based Auditing
Module-3 Network and Host Penetration Testing
• Host/System based attacks
• Network based attacks
• Perform attempts to guess passwords through brute-force methods and crack hashed passwords.
• The Metasploit Framework (MSF)
• Exploit Database
• Exploitation of Vulnerabilities
• Move files to and from the target system.
• Retrieve hash or password data from the target.
• Recognize and alter exploits as needed.
• Post-Exploitation
• Social Engineering
Module-4 Web Application Penetration Testing
• Introduction to Web
• Introduction to HTTP protocol
• Perform reconnaissance on web applications.
• Discover hidden files and directories.
• Execute a brute-force attack on login pages.
• Vulnerabilities on Web Applications
• OWASP Top 10 Vulnerabilities
• SQL Injection
• XSS (Cross-Site Scripting)
• Directory Traversal
• File Upload Vulnerabilities
• Authentication Vulnerabilities
• Broken Access Control