Penetration Testing


Penetration testers face with a combination of intrusion detection systems, host-based protection, hardened systems, and analysts that pour over data collected by their security information management systems.

Penetration tests help find flaws in the system to take appropriate security measures to protect the data and maintain functionality. This training will provide the student with a steppingstone on how to use it in practice and take on the complex and task of effectively measuring the entire attack surface of a traditionally secured environment.

Duration: 40 Hours

Target Audience

  • Security Analysts
  • Risk Managers
  • Security Officers
  • System Managers
  • Architects
  • Penetration Testers


  • ThinkCyber Level-1 courses


  • Becoming familiar with Penetration
  • Testing existing security weaknesses
  • Gathering information
  • Bypass security and attack the network


Module 1: Planning and Collecting Information

Before the penetration testing team could start to analyze and conduct a series of tests and attacks, the team needs to gather data to construct a better plan of action. In this module, the student will go through the basics of information gathering and reconnaissance.

  • Passive Information Gathering
    o The OSINT Framework
    o Monitoring Personal and Corporate Blogs
  • Collecting Employee Personal Information
  • Harvesting Organization Emails
    o Google-Dorks
  • Finding Web directories and files
    o Using Brute-Forcing Techniques
    o Brute-Forcing Tools
  • Dirbuster
  • Dirb
    o Identifying Admin Pages
    o XSS and SQL Injections
    o Dictionary Attacks
    o Hybrid Attacks

Module 2: Identifying Vulnerabilities and Security analysis

After gaining the basic information about the network and employees, they can move on to scanning and gathering further intelligence on their target machines and systems. In this module, the students will learn the process of identifying possible exploits and making up an assessment of potential risks.

  • Active Information Gathering
    o NMAP Ports Scanning
  • Port Identification
  • Scanning for OS Version
  • Uncovering Services Versions
  • Aggressive Scanning
    o DNS Enumeration
  • Dig and Host for Basic Queries
  • DNSrecon
  • DNS Zone Transfer
  • Identifying vulnerability and exploits
    o NSE Scripting
    o Banner-Grabbing Methods
    o Vulnerabilities Detection Methods
    o Shodan Search Engine
    o Finding Exploits
  • Common Vulnerabilities and Exposures (CVE)
  • MITRE Database
  • Searchsploit
  • Exploit-Suggested
    o Github Tools
    o Automating the Scanning

Module 3: Gaining Access and Post-Exploitation

In this module, the students will learn to use the knowledge they gained in the first two phases to gain access, either using an existing exploit or by brute-forcing the way into the network. After gaining control of the target, the students will learn to abuse existing services to elevate their permissions.

  • Finding a way in
    o Introduction to Metasploit Framework
  • Auxiliaries and Scanners
  • Exploit and Post-Exploitation
  • Privesc and Shell-Escapes
    o Social Engineering
  • Social Fish
  • SET Toolkit
    o Brute-forcing services
  • CUP and Crunch
  • Hydra Attacks
  • Crowbar
  • Gaining access through Wi-Fi
    o Wi-Fi Basics
  • Four-Way Handshakes
  • Initializing Devices
    o Management and Monitor Modes
    o Gaining Access to the Network
  • Deauthing Targets
  • Capturing the Handshake
  • Handshake Brute-Force Techniques
    o Karma Attack (Evil-Twin)
  • Post Exploitation and Evidence gathering
    o Basic Privilege Escalation
    o Using the Meterpreter Modules
  • Extracting User Credentials
  • Enumerating the Machine
    o Windows and Linux Privesc Basics
  • Enumeration of Services and Process
  • Understanding Permissions
  • Common Techniques
    o Network Pivoting

Module 4: Maintaining-Access and Covering Tracks

While gaining access to a system could be quite easy, maintaining control on the target without being noticed by the System Administrators would be hard. In this module, the students will learn how to use existing components on the network to maintain their control of the network. Also, the students will learn the basics of removing all semblance of detection.

  • Maintaining-Access
    o Backdooring
  • Bind-Shell vs. Reverse-Shell
  • Backdoor-Factory
  • Metasploit Built-in Persistence and Metsvc
    o Advanced Netcat Usage
  • File Transferring
  • Spawning a Shell
    o Abusing Crontab and Bashrc
  • Covering Tracks
    o Camouflaging the Backdoors
    o Detecting Log Collectors
  • Log Tampering
  • AuditPol
  • Elsave
  • Tracks Eraser Pro
    o Restoring the System to Order
  • Researching Security Solutions
    o Creating Research Labs
  • Constructing the Environment
  • Crafting Trojans
  • Understanding AV Mechanism
  • AV Evasion Technics
  • Bypassing Security

Module 5: Penetration Testing Reporting

At last, the students will learn to conduct their reports based on their team findings; the students will present the evidence they have gathered through the previous stages; furthermore, this module will also teach possible fixes to some of the security flaws.

  • Writing Penetration Reports
    o Describing the Information Gathering Process
    o Being Technical and Contextualized
    o Potential Impacts of Existing Vulnerabilities
    o Breaking Down the Risk
    o An Assessment of Potential Data Loss
    o Possible Remediation Options