Course Syllabus

Penetration Testing and Ethical Hacking

Course Description and Goals

Course Description: Our Penetration Testing and Ethical Hacking course will introduce
you to a variety of attack types, including password cracking, DDoS, SQL injection,
session hijacking, social engineering, and other hacking techniques. The course also
covers an introduction to ethical hacking concepts, as well as web server and web
application hacking. There are optional labs for this ethical hacking course that help
students gain the hands-on hacking skills necessary to be successful on the job.

Connect with Our Instructor: Bill Price [email protected]

Recommended Target Audience: Built for those who want to move into pentesting or
blue teaming fields; Ideal for those who want to learn how to protect your network from
malicious hackers by exploiting networks.

Recommended Course Prerequisites: Recommended for individuals that have a minimum

of two years of professional experience and information security or a related field; Have a
fundamental understanding of networking and operating systems.

Course Goals: By the end of this course, learners should be able to:
❏ Understand the mindset of a hacker.
❏ To properly assess the strength of an organization’s cybersecurity posture.
❏ To be able to gather information, perform scanning and enumeration, and show
how an adversary could hack into your systems.
❏ To be able to utilize the tools and utilities taught in this course to ethically gain
information, determine vulnerabilities, and exploit weaknesses in an organization’s
security posture.
❏ To confidently assist in the obtaining of pentest certifications, blue teaming and
ethical hacking roles.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
Optional Labs: These labs are inluded to help you practice what you learn. You will still
earn a certificate of completion regardless of whether or not you complete the labs.
● Lesson 1.6: Ethical Hacking Concepts
● Lesson 2.4: Footprinting & Reconnaissance - Part 1
● Lesson 2.5: Footprinting & Reconnaissance - Part 2
● Lesson 3.4: Network Resource Discovery Methods - Part 1
● Lesson 3.5: Network Resource Discovery Methods - Part 2
● Lesson 4.4: NetBIOS, SNMP & LDAP Network Enumeration
● Lesson 4.5: NTP, DNS & Other Network Enumeration Techniques &
Countermeasures
● Lesson 5.3: Vulnerability Assessment Tools and Techniques
● Lesson 6.4: System Hacking & Manipulation
● Lesson 7.5: Implementing Malware Concepts
● Lesson 8.2: Network Sniffing Techniques & Attacks
● Lesson 9.2: Social Engineering Exploits
● Lesson 10.2: Denial of Services Techniques & Attacks
● Lesson 11.3: Session Hijacking Implementation & Prevention
● Lesson 13.2: Compromising Web Servers
● Lesson 13.3: Web Application Exploitation Concepts
● Lesson 14.2: Web Application Exploitation Attacks - Part 1
● Lesson 14.3: Web Application Exploitation Attacks - Part 2
● Lesson 15.2: Compromising SQL Injection Attacks
● Lesson 16.2: Exploiting Wireless Vulnerabilities
● Lesson 17.2: Compromising & Exploiting Mobile Devices
● Lesson 18.3: Compromising IoT & OT Platforms
● Lesson 19.2: Introduction to Cloud Computing Vulnerabilities
● Lesson 20.3: Cryptographic Concepts, Implementation & Detection

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
 Course Quick Outline

Module 1 | Introduction to Ethical Hacking

Lesson 1.1: Learn, Practice, Prove
Lesson 1.2: Course Introduction
Lesson 1.3: Information Security Overview
Lesson 1.4: Cyber Kill Chain Concepts
Lesson 1.5: Hacking and Ethical Hacking Concepts
Lesson 1.6: Ethical Hacking Concepts [lab]
Lesson 1.7: Information Security Controls, Laws, and Standards

Module 2 | Footprinting and Reconnaissance

Lesson 2.1: Footprinting Concepts
Lesson 2.2: Footprinting Through Different Services
Lesson 2.3: Network Footprinting
Lesson 2.4: Footprinting & Reconnaissance - Part 1 [lab]
Lesson 2.5: Footprinting & Reconnaissance - Part 2 [lab]

Module 3 | Scanning Networks

Lesson 3.1: Network Scanning Concepts
Lesson 3.2: Host, Port, and Service Discovery
Lesson 3.3: OS Discovery, Scanning Beyond IDS and Firewall
Lesson 3.4: Network Resource Discovery Methods - Part 1 [lab]
Lesson 3.5: Network Resource Discovery Methods - Part 2 [lab]

Module 4 | Enumeration
Lesson 4.1: Enumeration Concepts
Lesson 4.2: NetBIOS Enumeration and SNMP Enumeration
Lesson 4.3: LDAP, NTP, NFS, SMTP, and DNS Enumeration
Lesson 4.4: NetBIOS, SNMP & LDAP Network Enumeration [lab]
Lesson 4.5: NTP, DNS & Other Network Enumeration Techniques &
Countermeasures [lab]

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
Module 5 | Vulnerability Analysis
Lesson 5.1: Vulnerability Assessment Concepts
Lesson 5.2: Vulnerability Assessment Solutions and Tools
Lesson 5.3: Vulnerability Assessment Tools and Techniques [lab]

Module 6 | System Hacking

Lesson 6.1: System Hacking Concepts, Gaining Access, and Cracking Passwords
Lesson 6.2: Vulnerability Exploitation and Escalating Privileges
Lesson 6.3: Maintaining Access, Executing Applications, Hiding Files, and Clearing
Logs
Lesson 6.4: System Hacking & Manipulation [lab]

Module 7 | Malware Threats

Lesson 7.1: Malware Concepts
Lesson 7.2: APT and Trojans
Lesson 7.3: Virus and Worms
Lesson 7.4: Malware Analysis and Countermeasures
Lesson 7.5: Implementing Malware Concepts [lab]

Module 8 | Sniffing
Lesson 8.1: Sniffing
Lesson 8.2: Network Sniffing Techniques & Attacks [lab]

Module 9 | Social Engineering

Lesson 9.1: Social Engineering
Lesson 9.2: Social Engineering Exploits [lab]

Module 10 | Denial-of-Service
Lesson 10.1: DoS/DDoS
Lesson 10.2: Denial of Services Techniques & Attacks [lab]
Lesson 10.3: Study Break

Module 11 | Session Hijacking

Lesson 11.1: Session Hijacking

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
 Lesson 11.2: Session Hijacking Countermeasures
Lesson 11.3: Session Hijacking Implementation & Prevention [lab]

Module 12 | Evading IDS, Firewalls, and Honeypots

Lesson 12.1: Evading IDS, Firewalls, and Honeypots

Module 13 | Hacking Web Servers

Lesson 13.1: Webserver Concepts, Attacks, Attack Methodology, and
Countermeasures
Lesson 13.2: Compromising Web Servers [lab]
Lesson 13.3: Web Application Exploitation Concepts [lab]

Module 14 | Hacking Web Applications

Lesson 14.1: Hacking Web Applications
Lesson 14.2: Web Application Exploitation Attacks - Part 1 [lab]
Lesson 14.3: Web Application Exploitation Attacks - Part 2 [lab]

Module 15 | SQL Injection

Lesson 15.1: SQL Injection
Lesson 15.2: Compromising SQL Injection Attacks [lab]

Module 16 | Hacking Wireless Networks

Lesson 16.1: Hacking Wireless Networks
Lesson 16.2: Exploiting Wireless Vulnerabilities [lab]

Module 17 | Hacking Mobile Platforms

Lesson 17.1: Hacking Mobile Platforms
Lesson 17.2: Compromising & Exploiting Mobile Devices [lab]

Module 18 | IoT and OT Hacking

Lesson 18.1: IoT Hacking
Lesson 18.2: OT Hacking
Lesson 18.3: Compromising IoT & OT Platforms [lab]

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
Module 19 | Cloud Computing
Lesson 19.1: Cloud Computing Hacking
Lesson 19.2: Introduction to Cloud Computing Vulnerabilities [lab]

Module 20 | Cryptography
Lesson 20.1: Cryptography
Lesson 20.2: Encryption and Cryptographic Attacks
Lesson 20.3: Cryptographic Concepts, Implementation & Detection [lab]
Lesson 20.4: Penetration Testing and Ethical Hacking Practice Test

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
 Course Extended Outline

Module 1 | Introduction to Ethical Hacking

The student will learn the basics of Information Security, security controls, and
laws and standards that are important to the ethical hacker. The student will also
learn the ethical hacking methodology and get introduced to two hacking models -
The Cyber Kill Chain and The Mitre ATT&ck Matrix.

Module 2 | Footprinting and Reconnaissance

The Footprinting and Reconnaissance module introduces the student to the

process of gaining information about the target using various sources. Some of the
topics cover:
● Techniques and tools in footprinting and reconnaissance
● Website footprinting
● Footprinting through social network sites
● The critical pre-attack phase of the ethical hacking process
● DNS footprinting
● Countermeasure

Module 3 | Scanning Networks

This module will instruct the student on network scanning methods of obtaining
network information about hosts, ports, etc. and running services by scanning the
networks and their ports. Some of the topics covered are:
● Network scanning techniques and countermeasures
● Scanning tools and techniques
● Scanning beyond IDS and firewall
● Banner grabbing

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7
Module 4 | Enumeration

The enumeration module explores gathering information further by initiating active

connections with the target systems. Through these active connections, direct
queries are generated to gain more information to help identify the system’s attack
points.

Module 5 | Vulnerability Analysis

Vulnerability Analysis module includes discovering weaknesses in an environment,

any design flaws, and other security concerns that can cause an Operating
System, application, or website to be misused.

Module 6 | System Hacking

The System Hacking module will instruct the student on the methodological
approach of system hacking, bypassing access controls and policies by cracking
passwords or social engineering attacks that will enable an attacker to access the
system.

Module 7 | Malware Threats

In this module, the student will learn the basic concept of malware and the
components used in malware and its analysis. The student will also learn different
types of malware, including viruses, worms, trojans, ransomware, botnet, Adware,
Spyware, Rootkits, and Fileless malware. You will get a basic overview of Trojan
construction kits.

Module 8 | Sniffing

In this module, the student will learn the concepts of Sniffing and monitoring
different types of traffic, either protected or unprotected. Using sniffing, the
student will understand how an attacker can gain information that might be helpful
for further attacks and can cause trouble for the victim.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
8
Module 9 | Social Engineering

In this module, the student will learn the non-technical method of obtaining
information - Social Engineering. Social engineering techniques are used to
manipulate people into performing actions or sharing confidential information and,
when used by an outsider, gets them sensitive information.

Module 10 | Denial-of-Service

This module focuses on Denial-of-Service (DoS) and Distributed Denial-of-Service

(DDoS) attacks. It includes an explanation of different DoS and DDoS attacks,
attacking techniques, the concept of Botnets, attacking tools, and
countermeasures and strategies used for defending against these attacks.

Module 11 | Session Hijacking

In this module, the student will learn the hijacking of sessions by intercepting the
communication between hosts - Session Hijacking. The student will further learn
the types of attacks used with session hijacking, such as a "Man-in-the-Middle"
attack.

Module 12 | Evading IDS, Firewalls, and Honeypots

In this module, the student will learn the techniques used by attackers to evade
detection in a network. The module will provide the student with an in-depth look
at how IDS/IPS systems, firewalls, and honeypots operate, how to evade them,
and, more importantly, countermeasures to protect a network from attackers.

Module 13 | Hacking Web Servers

This module will discuss web server vulnerabilities, techniques and tools for
attacking them, and mitigation methods.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
9
Module 14 | Hacking Web Applications

This module will introduce the student to web applications, their architecture, how
to footprint these applications, attack methods and techniques, and how to secure
them.

Module 15 | SQL Injection

This module covers Structured Query Language (SQL) Injection. SQL Injection is a
popular and complex method of attack on web services, applications, and
databases. By the end of this module, the student will understand SQL injection
types, methodology, and defense techniques.

Module 16 | Hacking Wireless Networks

This module will discuss the concept of wireless networks, threats and
vulnerabilities, attacks on wireless technologies, and some defense techniques.

Module 17 | Hacking Mobile Platforms

In this module, the student will the vulnerabilities of the iOS and Android mobile
operating systems, different SMS and Bluetooth attacks, rooting and jailbreaking
methods and tools, threats of BYOD, and the types of tools attackers use.

Module 18 | IoT and OT Hacking

This module provides an overview to the student of the IoT and OT architecture,
attack types, and countermeasures to protect against attacks.

Module 19 | Cloud Computing

In this module, the student will get an overview of different cloud deployment
models, different types of cloud computing, serverless computing, and will get an
overview of container technologies.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.

10
Module 20 | Cryptography

In this module, the student will learn concepts and methods of carrying out
encryption and hashing to protect the integrity of data. The student will learn
about different tools used to create encryption algorithms and hashes, along with
the techniques used to study cryptography.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
11