Cybersecurity Master's Program

Become a Cybersecurity Engineer from scratch - learn to professionally hack, design and
implement secure network solutions to protect against cyberattacks.
The Cybersecurity Master's program includes Certified Ethical Hacking (CEH v11),
CompTIA Security+, CompTIA CySA+ and CompTIA PenTest+.
www.nwkings.com | www.learn.nwkings.com

Certified Ethical Hacking (CEH v11):

Become a Certified Ethical Hacker – learn to check online networks for
vulnerabilities.

Module 1 Introduction to Ethical Hacking Module 2 Foot Printing and Reconnaissance

 Network scanning techniques

1.
 Fundamentals of key issues in information security
 Countermeasures

1.
 Basics of ethical hacking
 Information security controls
 Relevant laws
 Standard procedures

Module 3 Scanning Networks Module 4 Enumeration

 Learn various enumeration techniques

1.
 Network scanning techniques

1.  Countermeasures
 Border Gateway Protocol (BGP)
 Network File Sharing (NFS) exploits
 Associated countermeasures

Module 5 Vulnerability Analysis Module 6 System Hacking

 Learn hacking methodologies

1.
 Learn to identify security loopholes

1.  Communication infrastructure
 End systems
 Steganography
 Steganalysis attacks
 Covering tracks
 Discover network vulnerabilities

Module 7 Malware Threats Module 8 Sniffing

 Learn about packet-sniffing techniques

1.
 Different types of malwares

1.  Trojans
 Viruses
 How to use them
 Discover network vulnerabilities
 Countermeasures to defend against sniffing attacks
 Worms
 System auditing for malware attacks
 System auditing for malware analysis
 Countermeasures
 Module 9 Social Engineering Module 10 Denial-of-Service

 Social engineering concepts  Denial of Service (DoS)

1.
 Techniques
 Identify theft attempts 1.  Distributed DoS (DDoS)
 Tools to audit a target
www.nwkings.com | www.learn.nwkings.com
 Audit human-level vulnerabilities  Device DoS
 Social engineering countermeasures  DDoS countermeasures & protections

Module 11 Session Hijacking Module 12 Evading IDS, Firewalls and Honeypots

 Introduction to firewall

1.
 Understand hijacking techniques

1.  Discover network-level session management

 Authentication
 Intrusion detection system
 Honeypot evasion techniques
 Countermeasures
 Authorization
 Cryptographic weaknesses
 Associated countermeasures

Module 13 Hacking Web Servers Module 14 Hacking Web Applications

 Web application attacks

1.
 Web server attacks

1.  Comprehensive attack methodology

 Audit vulnerabilities in web server infrastructure
 Audit vulnerabilities

 Countermeasures

Module 15 SQL Injection Module 16 Hacking Wireless Networks

 Wireless encryption

1.
 SQL injection attack techniques

1.  Injection detection tools

 Countermeasures to detect SQL injection attempts
 Wireless hacking methodologies
 Tools
 Wi-Fi security tools

www.nwkings.com | www.learn.nwkings.com
 Module 17 Hacking Mobile Platforms Module 18 IoT Hacking

 Mobile platform attack vectors  Secure & defend Internet of Things (IoT)

4.
 Android vulnerability exploits
 Mobile security guidelines & tools
1.  Secure & defend Operational Technology (OT)
devices
www.nwkings.com | www.learn.nwkings.com
 Threats to IoT and OT platforms

Module 19 Cloud Computing Module 20 Cryptography

 Cryptography and ciphers

1.
 Container technologies

1.  Serverless computing
 Cloud-based threats
 Public-key infrastructure
 Cryptography attacks
 Cryptanalysis tools
 Cloud security techniques and tools

www.nwkings.com | www.learn.nwkings.com
 CompTIA Security+:
Become a Security Administrator – install, administer and troubleshoot an
organization's security solutions.

Module 1 Network Security Module 2 Compliance and Operational Security

Network Devices and Other Technologies Risk-Related Concepts

1.
Explain the importance of risk related concepts.

1.
Implement security configuration parameters on
network devices and other technologies.
 Control types  Riskavoidance/transferen

 False positives ce/acceptance/mitigation

 Firewalls  NIDS and NIPS
False negatives /deterrence
 Routers  Protocol analyzers 
 Risks associated with
 Spam filter  Importance of policies in
 Switches cloud computing and
 UTM security reducing risk
 Load balancers virtualization
appliances  Risk calculation
 Proxies  Recovery time objective
 Web application  Quantitative vs. Qualitative and recovery point
 Web security gateways
firewall vs. Network Vulnerabilities
 VPN concentrators
 objective
 Threat factors
 Probability/threat likelihood

Network Security

2.
Given a scenario, use secure network administration
principles.

Integrating Systems and Data

 Rule-based management  Flood guards

2.
Summarize the security implications of
 Firewall rules  Loop protection
integrating systems and data with third
 VLAN management  Implicit deny
 Network separation
parties.
 Secure router configuration
 Log analysis
 Access control lists
 Unified threat  On-boarding/off-boarding  Unauthorized data
 Port security
management  business partners sharing
 802.1x Data ownership
 Social media networks and/or 

applications  Data backups

 Follow security policy
 Interoperability agreements
and procedures
Network Design  Privacy considerations
 Review agreement

3.
Explain network design elements and components.  Risk awareness
requirements to
 Quantitative vs. Qualitative
verify compliance and
 DMZ  Telephony performance
 Subnetting  NAC standards
 VLAN  Virtualization
 Cloud computing
 NAT
 Layered security/defense in
 Remote access Risk Mitigation Strategies
depth

3.
Given a scenario, implement appropriate risk mitigation
strategies.

Common Protocols  Change management

4.
Given a scenario, implement common protocols and  Incident management
services.  User rights and permissions reviews
 Perform routine audits
 Protocols  OSI relevance  Enforce policies and procedures to prevent data loss
 Ports or theft
 Enforce technology controls

Troubleshoot Security

5.
Given a scenario, troubleshoot security issues related
to wireless networking.

 WPA  Disable SSID broadcast

 WPA2  TKIP
 WEP  CCMP

 EAP  Antenna placement

 Power level controls
 PEAP
 Captive portals
 LEAP
 Antenna types
 MAC filter

www.nwkings.com | www.learn.nwkings.com
 Module 2 Securing the Cloud Module 3 Threats and Vulnerabilities

Forensic Procedures Malware

4.
Given a scenario, implement basic forensic
procedures.
1. Explain types of malwares.

www.nwkings.com | www.learn.nwkings.com
 Adware  Backdoors
 Order of volatility  Screenshots  Logic bomb
 Virus
 Witnesses  Botnets
 Capture system image  Spyware
 Track man hours and  Ransomware
 Network traffic and logs  Trojan
expense  Polymorphic malware
 Capture video  Rootkits
 Chain of custody  Armored virus
 Record time offset
 Big Data analysis
 Take hashes

Attacks

2.
Response Procedures
Summarize various types of attacks.

5.
Summarize common incident response
procedures.
 Spoofing  DNS poisoning
www.nwkings.com | www.learn.nwkings.com
 Spam  Wireless attacks
 Mitigation steps  Application attacks
 Phishing
 Reporting
 Pharming
 Data breach
 Damage and loss control

Mitigation Techniques
Security 3. Analyze a scenario and select the appropriate
type of mitigation and deterrent techniques.

6. www.nwkings.com | www.learn.nwkings.com
Explain the importance of security related awareness
and training.
 Monitoring system logs  Security posture
 Hardening  Reporting
 Security policy training and procedures
 Network security  Detection controls vs.
 Role-based training
Prevention controls
 Data labeling, handling and disposal
 User habits
 New threats and new security trends/alerts
 Use of social networking and P2P Security Threats

4. Given a scenario, use appropriate tools and

techniques to discover security threats and
www.nwkings.com | www.learn.nwkings.com
vulnerabilities.
Physical Security

7.
Compare and contrast physical security and
 Interpret results of security assessment tools
environmental controls.
 Tools
 Risk calculations
 Environmental controls
 Assessment types
 Physical security
 Assessment technique
 Control types

Risk Management Penetration Testing

8.
Summarize risk management best practices. 5. Explain the proper use of penetration testing
versus vulnerability scanning.
www.nwkings.com | www.learn.nwkings.com
 Business continuity concepts
 Fault tolerance  Penetration testing

 Disaster recovery concepts  Vulnerability scanning

 Black box
 White box
 Gray box

www.nwkings.com | www.learn.nwkings.com
 Module 5 Application, Data and Host Security Module 6 Access Control and Identity Management

Application Security Authentication Services

1.
Explain the importance of application security Compare and contrast the function and purpose of

1. controls and techniques. authentication services.

 Fuzzing  RADIUS
 Secure coding concepts  TACACS+
 Cross-site scripting prevention  Kerberos
 Application hardening  LDAP
 NoSQL databases vs. SQL databases  XTACACS
 Server-side vs. Client-side validation  SAML
 Secure LDAP

Mobile Security Concepts

Summarize mobile security concepts and
Authorization/ Access Control
2. technologies.

2.
Given a scenario, select the appropriate
authentication, authorization or access control.
 Device security
 Application security
 Identification vs. Authentication vs. Authorization
 BYOD concerns
 Authorization
 Authentication
 Authentication factors
 Identification
Host Security
 Federation
Given a scenario, select the appropriate solution to
 Transitive trust/ authentication

3. establish host security.

 Operating system security and settings

 OS hardening
 Anti-malware Security Controls

3.
 Patch management Install and configure security controls when
 Host-based firewalls performing account management, based on best
 Hardware security practices.
 Host software baselining
 Virtualization  Mitigate issues associated with users
 Account policy enforcement
 Group-based privileges
 User-assigned privileges
Data Security  User access reviews
Implement the appropriate controls to ensure data  Continuous monitoring

4. security.

 Cloud storage
 SAN
 Handling Big Data
 Data encryption
 Hardware-based encryption devices
 Data in transit, data at rest, data in use
 Data policies
 ACL

Mitigate Security Risks

Compare and contrast alternative methods to

5. mitigate security risks in static environments.

 Environments
 SCADA
 Methods

www.nwkings.com | www.learn.nwkings.com
 Module 3 Cryptography

Cryptography Concepts

1.
Given a scenario, utilize general
cryptography concepts.

 Symmetric vs. Asymmetric

 Session keys
 In-band vs. Out-of-band key exchange
 Fundamental differences
 Encryption methods
 Transport encryption
 Hashing
 Key escrow
 Steganography
 Digital signatures
 Use of proven technologies
 Ephemeral key
 Elliptic curve and quantum cryptography

Cryptographic Methods

2.
Given a scenario, use appropriate
cryptographic methods.

 WEP vs. WPA/WPA2 and  Blowfish

pre-shared key  PGP/GPG
 MD5  Twofish
 RIPEMD  DHE
 AES  ECDHE

 DES  CHAP
 PAP
 3DES
 Comparative strengths and
 HMAC
performance of algorithms
 RSA
 Use of algorithms/protocols
 Diffie-Hellman
with transport encryption
 RC4  SSL
 One-time pads  TLS
 NTLM  IPSec
 NTLMv2  SSH
 HTTPS
 Cipher suites
 Key stretching

Certificate Management

3.
Given a scenario, use appropriate PKI,
certificate management and associated
components.

 Certificate authorities and digital

certificates
 PKI
 Recovery agent
 Public key
 Private key
 Registration
 Key escrow
 Trust models

www.nwkings.com | www.learn.nwkings.com
 CompTIA CySA+:
Become a Security Analyst – monitor, prevent, and stop attacks on private data.

Module 1 Threat Management Module 2 Compliance and Operational Security

Procedures/common tasks Tools

1.  Topology discovery  Email harvesting 1.  SIEM

 Packet analyzer
 Resource monitoring tool
 Netflow analyzer
 OS fingerprinting  Social media profiling
 Social engineering  IDS
 Service discovery
 DNS harvesting
 Packet capture
 Phishing
 Log review
 Application aware Network segmentation
 Router/firewall ACLs

2.
devices
review
 System isolation
 Jump box

Variables
Honeypot
2.  Wireless vs. wired
 Virtual vs. physical 3.  Endpoint security  ACLs

 Internal vs. external  Group policies  Sinkhole

 On-premises vs. cloud

Hardening

Tools 4.  Mandatory Access Control  Blocking unused

3.
(MAC) ports/services
 NMAP  HIDS/NIDS  Compensating controls  Patching
 Host scanning  Firewall rule-based and

 Network mapping logs

 NETSTAT
 Syslog Network Access Control (NAC)

5.
 Vulnerability scanner
 Packet analyzer
 Time-based  Role-based
 IDS/IPS
 Rule-based  Location-based

Point-in-time data analysis Penetration testing

4.  Packet analysis
 Protocol analysis
 Netflow analysis 6.  Rules of engagement
 Timing
 Exploitation
 Wireless analysis  Communication
 Traffic analysis  Scope  Reporting
 Authorization

Data correlation and analytics Reverse engineering

5.  Anomaly analysis
 Trend analysis
7.  Isolation/sandboxing  OEM documentation
 Hardware  Software/malware
 Availability analysis  Source authenticity of  Fingerprinting/hashing
 Heuristic analysis hardware  Decomposition
 Behavioral analysis  Trusted foundry

Training and exercises

Data output

6.  Firewall logs
8.  Red team
 Blue team
 Packet captures
 White team
 NMAP scan results
 Event logs
 Syslogs Risk evaluation

9.
 IDS report

 Technical control review  High

 Operational control review  Medium
 Technical impact and  Low
likelihood

www.nwkings.com | www.learn.nwkings.com
 Module 2 Compliance and Operational Security Module 3 Cyber Incident Response

Identification of requirements Threat classification

10.  Regulatory environments

 Corporate policy
 Asset inventory
 Critical
1.  Known threats vs. unknown threats
 Zero day
 Data classification  Non-critical  Advanced persistent threat

Establish scanning frequency

11. Factors contributing to incident severity and

2.
 Risk appetite  Technical constraints prioritization
 Regulatory requirements  Workflow

 Scope of impact  Information (PII)

 Downtime  Personal Health Information

Configure tools to perform scans  Recovery time (PHI)
according to specification  Data integrity  Payment card information

12.  Economic
 Intellectual property
 Corporate confidential
 Determine scanning criteria  Types of data  System process criticality
 Accounting data
 Sensitivity levels  Server-based vs. agent-  Types of data
 Mergers and acquisitions
 Vulnerability feed based  Personally Identifiable
 Scope  Tool updates/plug-ins
 SCAP
 Credentialed vs. non-
 Permissions and access
credentialed
Forensics kit

13.
Execute scanning 3.  Digital forensics workstation  Tamper-proof seals
 Write blockers  Documentation/forms
 Cables  Chain of custody form
 Generate reports  Automated vs. Manual distribution
 Drive adapters  Incident response plan
 Wiped removable media  Incident form
 Cameras  Call list/escalation list
Remediation
 Crime tape

14.  Prioritizing
 Criticality
 SLAs
 Organizational
governance
 Difficulty of implementation Forensic investigation suite
Business process

4.
 Communication/change control 
 Sandboxing/testing
interruption
 Imaging utilities  Mobile device forensics
 Degrading functionality
 Inhibitors to remediation  Analysis utilities  Password crackers
 Ongoing scanning
 MOUs  Chain of custody  Cryptography tools
 Continuous monitoring
 Hashing utilities  Log viewers
 OS and process analysis
Analyze reports from a vulnerability scan

15.  Review and interpret scan results  Identify exceptions

 Identify false positives  Prioritize response actions Communication with Stakeholders for

5.
incident response process

Validate results and correlate data points  HR

16.  Compare to best practices or  Review related logs &/

 Legal
 Marketing
compliance  or other data sources  Management
 Reconcile results  Determine trends

Common vulnerabilities found in targets Purpose of communication process

17.  Servers  Management interface 6.  Limit communication to trusted parties
 Endpoints Mobile devices
  Disclosure based on regulatory/ legislative
 Network infrastructure  Interconnected networks requirements
 Network appliances  Virtual Private Networks (VPNs)
 Prevent inadvertent release of information
 Virtual infrastructure  Industrial Control Systems (ICSs)
 Virtual hosts  Secure method of communication
 SCADA devices
 Virtual networks

www.nwkings.com | www.learn.nwkings.com
 Module 3 Cyber Incident Response Module 4 Security Architecture and Tool Sets

Role-based responsibilities Regulatory compliance and frameworks

7.  Technical  Law enforcement

 Retain incident response provider
1.  NIST
 ISO
 Management
 COBIT
 SABSA
 TOGAF
Common network-related symptoms
 ITIL

8.  Bandwidth consumption
 Beaconing
Policies
 Irregular peer-to-peer communication
 Rogue devices on the network
 Scan sweeps
2.  Password policy
 Acceptable use policy
 Unusual traffic spikes
 Data ownership policy
 Data retention policy
 Account management policy
Common-host related symptoms  Data classification policy

9.  Processor consumption
 Memory consumption
 Malicious processes
 Unauthorized changes Controls

3.
 Drive capacity consumption  Unauthorized privileges
 Unauthorized software  Data exfiltration  Control selection based on criteria
 Organizationally defined parameters
 Physical controls
 Logical controls
Common application-related symptoms
 Administrative controls

10.  Anomalous activity

 Introduction of new accounts
 Unexpected output Procedures

4.
 Unexpected outbound communication
 Service interruption  Continuous monitoring
 Memory overflows  Evidence production
 Patching
 Compensating control development
 Control testing procedures
Containment techniques
 Manage exceptions

11.  Segmentation
 Isolation
 Removal
 Reverse engineering
 Remediation plans

Verifications and quality control

Eradication techniques
5.
12.
 Audits

 Sanitization  Secure disposal  Evaluations

 Reconstruction/reimage  Assessments
 Maturity model
 Certification

Validation

13.  Patching  Scanning

Security issues associated with context-based

6.
 Permissions  Verify logging/communication to authentication
security monitoring
 Time
 Location
 Frequency
Correlative actions
 Behavioral

14.  Lessons learned report

 Certification

 Change control process

 Update incident response plan

www.nwkings.com | www.learn.nwkings.com
 Module 4 Security Architecture and Tool Sets

Security issues associated with identities Best practices during software development

7.  Personnel  Services
 Roles
14.  Security requirements definition
 Security testing phases
 Endpoints
 Applications  Static code analysis
 Servers
 Web app vulnerability scanning
 Fuzzing
 Use interception proxy to crawl application
Security issues associated with identities  Manual peer reviews

8.
repositories  User acceptance testing
 Stress test application
 Directory services  Security regression testing
 TACACS+  Input validation
 RADIUS

Secure coding best practices

15.
Security issues associated with federation &

9.
single sign-on  OWASP
 SANS
 Manual vs. automatic provisioning/de-provisioning  Center for Internet Security
 Self-service password reset  System design recommendations
 Benchmarks

Exploits Preventive

10.  Impersonation
 Man-in-the-middle
16.  IPS
 Sourcefire
 Session hijack  Snort
 Cross-site scripting  Bro
 Privilege escalation  HIPS
 Rootkit  Firewall
 Cisco
 Palo Alto
Security data analytics  Check Point

11.
 Antivirus
 Data aggregation and correlation  Anti-malware
 Trend analysis  EMET
 Historical analysis  Web proxy
 Web Application Firewall (WAF)
 ModSecurity
 NAXSI
Manual review
 Imperva

12.  Firewall log

 Syslogs
 Authentication logs
 Event logs

Defense in depth

13.  Personnel training

 Cross training
 Succession planning
 Processes
 Automated reporting
 Security appliances
 Outsourcing (Security as a Services, Cryptography)
 Network design
 Network segmentation

www.nwkings.com | www.learn.nwkings.com
 Module 3 Security Architecture and Tool Sets

Collective

17.  SIEM
 Network scanning
 NMAP
 Vulnerability scanning
 Packet capture
 Command line/IP utilities
 Netstat
 Ping
 Ipconfig/ifconfig
 Nslookup/dig
 OpenSSL
 Sysinternals
 IDS/HIDS
 Bro

Analytical

18.  Vulnerability scanning

 Monitoring tools
 MRTG
 Nagios
 Cacti

Interception proxy

19.  Burp Suite

 Zap
 Vega

Exploit

20.  Interception proxy

 Exploit framework
 Metasploit
 Nexpose
 Fuzzers
 Untidy
 Peach fuzzer
 Microsoft SDL File/Regex Fuzzer

Forensics

21.  Forensic suites

 EnCase
 Password cracking
 John the Ripper
 FTK  Cain & Abel
 Helix  Imaging
 Sysinternals  DD
 Cellebrite
 Hashing
 MD5sum
 SHAsum

www.nwkings.com | www.learn.nwkings.com
 CompTIA PenTest+:
Become a Penetration Tester – learn to perform simulated cyberattacks on a company's computer systems and networks.

Module 1 Planning and Scoping

Importance of planning for an engagement Target selection

1.  Understand target audience

 Rules of engagement
 Budget
 Impact analysis and
5.  Targets
 Internal
 Considerations
 White-listed vs. black-
 On-site vs. off-site listed
 Communication escalation remediation timelines
 External  Security exceptions
path  Disclaimers
 First-party vs. third-party  IPS/WAF whitelist
 Resources and requirements  Point-in-time
hosted  NAC
 Confidentiality of findings assessment
 Physical  Certificate pinning
 Known vs. Unknown  Comprehensiveness
 Users  Company's policies
 Technical constraints
 SSIDs
 Applications

Support Resources

2.  WSDL/WADL  XSD Strategy

 SOAP project file
 SDK documentation
 Sample application
requests 6.  Black box vs. white box vs. gray box
 Swagger document  Architectural diagrams

Risk acceptance

7.
Key legal concepts

3.
 Tolerance to accept
 Contracts  Local and national
 Scheduling
 SOW government restrictions
 Scope creep
 MSA  Corporate policies
 Threat actors
 NDA  Written authorization
 Adversary tier
 Environmental  Obtain signature from proper
 Insider threats
differences signing authority
 Capabilities
 Export restrictions  Third-party provider
 Intent
authorization when necessary
 Threat models

Importance of scoping an engagement properly Compliance-based assessments

4.  Types of assessment
 Goals-based/objectives based
8.  Rules to complete assessment
 Password policies
 Compliance-based
 Data isolation
 Red team
 Key management
 2. Special scoping considerations
 Limitations
 Premerger
 Limited network access
 Supply chain
 Limited storage access

9.
Clearly defined objectives based on regulations

www.nwkings.com | www.learn.nwkings.com
 Module 2 Information Gathering and Vulnerability Identification

Information gathering using appropriate

Considerations of vulnerability scanning

1. techniques
5.  Time to run scans www.nwkings.com | www.learn.nwkings.com
 Scanning  Applications
 Protocols used
 Enumeration  Services
 Network topology
 Hosts  Tokens
 Bandwidth limitations
 Networks  Social networking sites
 Query throttling
 Domains  Packet crafting
 Fragile systems/non-traditional assets
 Users  Packet inspection
 Groups  Fingerprinting
 Network shares  Cryptography
 Web pages
Analyze vulnerability scan results

6.  Asset categorization www.nwkings.com | www.learn.nwkings.com

Eavesdropping  Adjudication

2.  RF communication monitoring
 False positives
 Prioritization of vulnerabilities
 Sniffing  Common themes
 Wired  Vulnerabilities
 Wireless  Observations
 Decompilation  Lack of best practices
 Debugging
 Open-Source Intelligence Gathering

Use information to prepare for exploitation

Sources of research 7. www.nwkings.com | www.learn.nwkings.com

 Map vulnerabilities to potential exploits

3.  CERT
 Prioritize activities in preparation for penetration
test
 NIST
 JPCERT
 CAPEC
 Full disclosure Describe common techniques to complete

8.
 CVE
attack
 CWE

 ross-compiling code
 Exploit modification
 Exploit chaining
Perform vulnerability scan  Proof-of-concept development (exploit

4.  Credentialed vs. non-credentialed

development)
 Social engineering
 Types of scans  Credential brute forcing
 Discovery scan  Dictionary attacks
 Full scan  Rainbow tables
 Stealth scan  Deception
 Compliance scan
 Container security
 Application scan
 Dynamic vs. static analysis
Weaknesses related to specialized systems

9.  ICS
 SCADA
 Mobile
 IoT
 Embedded
 Point-of-sale system
 Biometrics
 Application containers

www.nwkings.com | www.learn.nwkings.com
 Module 3 Attacks and Exploits

Social engineering attacks Authentication

1.  Phishing  Business email compromise 9.  Credential brute forcing

 Spear phishing  Interrogation  Session hijacking
 SMS phishing  Impersonation  Redirect
 Voice phishing  Shoulder surfing  Default credentials
 Whaling  USB key drop  Weak credentials
 Elicitation  Kerberos exploits

Motivation techniques Authorization

2. 

Authority
Scarcity
10.  Parameter pollution
 Insecure direct object reference
 Social proof
 Urgency
 Likeness
 Fear
Cross-site scripting (XSS)

Network-based vulnerabilities
11.  Stored/persistent
 Reflected

3.  Name resolution exploits  SMTP exploits

 DOM

 NETBIOS name service  FTP exploits

 LLMNR  DNS cache poisoning
SMB exploits Pass the hash
Cross-site request forgery (CSRF/XSRF)

12.
 
 SNMP exploits
 Clickjacking  Cookie manipulation
 Security misconfiguration  File inclusion
 Directory traversal  Local
Man-in-the-middle  Remote

4.  ARP spoofing
 Replay
Unsecure code practices
Relay

13.

 SSL stripping
 Comments in source code  Unauthorized use of
 Downgrade
 Lack of error handling functions/unprotected
 Overly verbose error handling APIs

5.
 Hidden elements
DoS/ stress test
 Lack of code signing

6. NAC bypass Exploit local host vulnerabilities

14.  OS vulnerabilities  Linux

7.
 Windows  Android
NAC bypass  Mac OS  iOS

Unsecure service and protocol

Application-based vulnerabilities

8.  Injections
15. configurations

 Privilege escalation  Unsecure file/folder

 SQL
 Linux-specific permissions
 HTML
 Command  SUID/SGID programs  Keylogger

 Code  Windows-specific Cpassword  Scheduled tasks

 Exploitable services  Kernel exploits

www.nwkings.com | www.learn.nwkings.com
 Module 3 Attacks and Exploits Module 4 Penetration Testing Tools

Sandbox escape
Nmap to conduct information

16.  Shell upgrade 1. gathering exercises

www.nwkings.com | www.learn.nwkings.com
 Target input file (-iL)
 VM
 Container  SYN scan (-sS) vs. full connect  Timing (-T)
scan (-sT)  Output parameters

 Port selection (-p)  oA

 Service identification (-sV)  oN

Physical device security  OS fingerprinting (-O)  oG

17.
 Disabling ping (-Pn)  oX

 Cold boot attack

 JTAG debug
 Serial console
Use cases of tools

2.  Reconnaissance  Evasion
Post-exploitation techniques  Enumeration  Decompilation

18.  Lateral movement

 Vulnerability scanning
 Credential attacks
 Forensics
 Debugging
 RPC/DCOM  Persistence  Software assurance
 PS remoting/WinRM  Configuration compliance (Fuzzing, SAST, DAST)
 SMB
 RDP
 Apple Remote Desktop
 VNC Tools
 X-server forwarding
 Telnet
3.  Scanners
 SSH  Credential testing tools
 RSH/Rlogin  Debuggers
 Software assurance
 OSINT
 Wireless
Persistence  Web proxies

19.  Scheduled jobs

 Social engineering tools (SET,
BeEF)
 Scheduled tasks  Remote access tools
 Daemons  SSH
 Back doors  NCAT
 Trojan  NETCAT
 New user creation  Proxychains

20. Covering your tracks

Networking tools

4.  Wireshark
 Hping

www.nwkings.com | www.learn.nwkings.com
 Module 4 Penetration Testing Tools Module 5 Reporting and Communication

Mobile tools
Report writing and handling

5.  Drozer 1.  Normalization of data www.nwkings.com | www.learn.nwkings.com

 Risk rating
 APKX
 Written report of findings and  Conclusion
 APK studio
remediation  Risk appetite
 Executive summary  Storage time for report
 Methodology  Secure handling and

MISC  Findings and remediation disposition of reports

6.
 Metrics and measures

 SearchsploiT
 Powersploit
 Responder
Post-report delivery

2.
 Impacket
 Empire
 Metasploit framework
www.nwkings.com | www.learn.nwkings.com
 Post-engagement cleanup  Client acceptance
 Removing shells  Lessons learned
 Removing tester-created  Follow-up actions/retest
credentials  Attestation of findings
 Removing tools
Analyse tool output or data related to

7. penetration testing

 Password cracking
Mitigation strategies

3.
 Pass the hash
 Setting up a bind shell
 Getting a reverse shell
 Solutions www.nwkings.com | www.learn.nwkings.com
 Unnecessary open
 People services
 Proxying a connection
 Process  Remediation
 Uploading a web shell
 Technology  Randomize
 Injections
 Findings credentials/LAPS
 Shared local administrator  Minimum password
credentials requirements/password
Analysis basic script  Weak password complexity filters

8.
 Plain text passwords  Encrypt the passwords
 No multifactor  Implement multifactor
 Logic
 Looping
authentication authentication
 SQL injection  Sanitize user
 Flow control
 I/O
input/parameterize
 File vs. Terminal vs. Network
queries
 System hardening
 Subsitutions
 Variables
 Common operations
 String operations
 Comparisons
Importance of
 Error handling
 Arrays
4. communication during
penetration www.nwkings.com | www.learn.nwkings.com
 Encoding/decoding

 Communication path  Situational awareness

 Communication triggers  De-escalation
 Critical findings  De-confliction
 Stages  Goal reprioritization
 Indicators of prior
compromise
 Reasons for communication

www.nwkings.com | www.learn.nwkings.com
https://www.youtube.com/c/NetworkkingsOrgtraining/featured

https://in.linkedin.com/company/networkkings

https://www.nwkings.com/

[email protected]

+918130537300

Network kings IT services Private Limited,

Chandigarh Citi Center , VIP Road, SCO 41-43, B
Block 4th oor, Zirakpur, Chandigarh

Network kings 60 Parrotta Drive Toronto ON

M9M Oe5

www.nwkings.com | www.learn.nwkings.com

https://www.facebook.com/Networkkingss/

https://www.instagram.com/network.kings/