Course Syllabus

Penetration Testing and Ethical Hacking

Course Description and Goals

Course Description: Our Penetration Testing and Ethical Hacking course will introduce
you to a variety of attack types, including password cracking, DDoS, SQL injection,
session hijacking, social engineering, and other hacking techniques. The course also
covers an introduction to ethical hacking concepts, as well as web server and web
application hacking. There are optional labs for this ethical hacking course that help
students gain the hands-on hacking skills necessary to be successful on the job.

Connect with Our Instructor: Bill Price [email protected]

Recommended Target Audience: Built for those who want to move into pentesting or
blue teaming fields; Ideal for those who want to learn how to protect your network from
malicious hackers by exploiting networks.

Recommended Course Prerequisites: Recommended for individuals who have a

minimum of two years of professional experience and information security or a related
field and have a fundamental understanding of networking and operating systems.

Course Goals: By the end of this course, learners should be able to:
❏ Understand the mindset of a hacker.
❏ To properly assess the strength of an organization’s cybersecurity posture.
❏ To be able to gather information, perform scanning and enumeration, and show
how an adversary could hack into your systems.
❏ To be able to utilize the tools and utilities taught in this course to ethically gain
information, determine vulnerabilities, and exploit weaknesses in an organization’s
security posture.
❏ To confidently assist in the obtaining of pentest certifications, blue teaming, and
ethical hacking roles.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
 Course Quick Outline

Module 1 | Introduction to Ethical Hacking

Lesson 1.1: Learn, Practice, Prove
Lesson 1.2: Course Introduction
Lesson 1.3: Information Security Overview
Lesson 1.4: Cyber Kill Chain Concepts
Lesson 1.5: Hacking and Ethical Hacking Concepts
Lesson 1.6: Information Security Controls, Laws, and Standards

Module 2 | Footprinting and Reconnaissance

Lesson 2.1: Footprinting Concepts
Lesson 2.2: Footprinting Through Different Services
Lesson 2.3: Network Footprinting

Module 3 | Scanning Networks

Lesson 3.1: Network Scanning Concepts
Lesson 3.2: Host, Port, and Service Discovery
Lesson 3.3: OS Discovery, Scanning Beyond IDS and Firewall

Module 4 | Enumeration
Lesson 4.1: Enumeration Concepts
Lesson 4.2: NetBIOS Enumeration and SNMP Enumeration
Lesson 4.3: LDAP, NTP, NFS, SMTP, and DNS Enumeration

Module 5 | Vulnerability Analysis

Lesson 5.1: Vulnerability Assessment Concepts
Lesson 5.2: Vulnerability Assessment Solutions and Tools

Module 6 | System Hacking

Lesson 6.1: System Hacking Concepts, Gaining Access, and Cracking Passwords
Lesson 6.2: Vulnerability Exploitation and Escalating Privileges
Lesson 6.3: Maintaining Access, Executing Applications, Hiding Files, and Clearing
Logs

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
Module 7 | Malware Threats
Lesson 7.1: Malware Concepts
Lesson 7.2: APT and Trojans
Lesson 7.3: Virus and Worms
Lesson 7.4: Malware Analysis and Countermeasures

Module 8 | Sniffing
Lesson 8.1: Sniffing

Module 9 | Social Engineering

Lesson 9.1: Social Engineering

Module 10 | Denial-of-Service
Lesson 10.1: DoS/DDoS

Module 11 | Session Hijacking

Lesson 11.1: Session Hijacking
Lesson 11.2: Session Hijacking Countermeasures

Module 12 | Evading IDS, Firewalls, and Honeypots

Lesson 12.1: Evading IDS, Firewalls, and Honeypots

Module 13 | Hacking Web Servers

Lesson 13.1: Webserver Concepts, Attacks, Attack Methodology, and
Countermeasures

Module 14 | Hacking Web Applications

Lesson 14.1: Hacking Web Applications

Module 15 | SQL Injection

Lesson 15.1: SQL Injection

Module 16 | Hacking Wireless Networks

Lesson 16.1: Hacking Wireless Networks

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
Module 17 | Hacking Mobile Platforms
Lesson 17.1: Hacking Mobile Platforms

Module 18 | IoT and OT Hacking

Lesson 18.1: IoT Hacking
Lesson 18.2: OT Hacking

Module 19 | Cloud Computing

Lesson 19.1: Cloud Computing Hacking

Module 20 | Cryptography
Lesson 20.1: Cryptography
Lesson 20.2: Encryption and Cryptographic Attacks

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
 Course Extended Outline

Module 1 | Introduction to Ethical Hacking

The student will learn the basics of Information Security, security controls, and
laws and standards that are important to the ethical hacker. The student will also
learn the ethical hacking methodology and get introduced to two hacking models -
The Cyber Kill Chain and The Mitre ATT&ck Matrix.

Module 2 | Footprinting and Reconnaissance

The Footprinting and Reconnaissance module introduces the student to the

process of gaining information about the target using various sources. Some of the
topics cover:
● Techniques and tools in footprinting and reconnaissance
● Website footprinting
● Footprinting through social network sites
● The critical pre-attack phase of the ethical hacking process
● DNS footprinting
● Countermeasure

Module 3 | Scanning Networks

This module will instruct the student on network scanning methods of obtaining
network information about hosts, ports, etc. and running services by scanning the
networks and their ports. Some of the topics covered are:
● Network scanning techniques and countermeasures
● Scanning tools and techniques
● Scanning beyond IDS and firewall
● Banner grabbing

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
Module 4 | Enumeration

The enumeration module explores gathering information further by initiating active

connections with the target systems. Through these active connections, direct
queries are generated to gain more information to help identify the system’s attack
points.

Module 5 | Vulnerability Analysis

Vulnerability Analysis module includes discovering weaknesses in an environment,

any design flaws, and other security concerns that can cause an Operating
System, application, or website to be misused.

Module 6 | System Hacking

The System Hacking module will instruct the student on the methodological
approach of system hacking, bypassing access controls and policies by cracking
passwords or social engineering attacks that will enable an attacker to access the
system.

Module 7 | Malware Threats

In this module, the student will learn the basic concept of malware and the
components used in malware and its analysis. The student will also learn different
types of malware, including viruses, worms, trojans, ransomware, botnet, Adware,
Spyware, Rootkits, and Fileless malware. You will get a basic overview of Trojan
construction kits.

Module 8 | Sniffing

In this module, the student will learn the concepts of Sniffing and monitoring
different types of traffic, either protected or unprotected. Using sniffing, the
student will understand how an attacker can gain information that might be helpful
for further attacks and can cause trouble for the victim.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
Module 9 | Social Engineering

In this module, the student will learn the non-technical method of obtaining
information - Social Engineering. Social engineering techniques are used to
manipulate people into performing actions or sharing confidential information and,
when used by an outsider, gets them sensitive information.

Module 10 | Denial-of-Service

This module focuses on Denial-of-Service (DoS) and Distributed Denial-of-Service

(DDoS) attacks. It includes an explanation of different DoS and DDoS attacks,
attacking techniques, the concept of Botnets, attacking tools, and
countermeasures and strategies used for defending against these attacks.

Module 11 | Session Hijacking

In this module, the student will learn the hijacking of sessions by intercepting the
communication between hosts - Session Hijacking. The student will further learn
the types of attacks used with session hijacking, such as a "Man-in-the-Middle"
attack.

Module 12 | Evading IDS, Firewalls, and Honeypots

In this module, the student will learn the techniques used by attackers to evade
detection in a network. The module will provide the student with an in-depth look
at how IDS/IPS systems, firewalls, and honeypots operate, how to evade them,
and, more importantly, countermeasures to protect a network from attackers.

Module 13 | Hacking Web Servers

This module will discuss web server vulnerabilities, techniques and tools for
attacking them, and mitigation methods.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7
Module 14 | Hacking Web Applications

This module will introduce the student to web applications, their architecture, how
to footprint these applications, attack methods and techniques, and how to secure
them.

Module 15 | SQL Injection

This module covers Structured Query Language (SQL) Injection. SQL Injection is a
popular and complex method of attack on web services, applications, and
databases. By the end of this module, the student will understand SQL injection
types, methodology, and defense techniques.

Module 16 | Hacking Wireless Networks

This module will discuss the concept of wireless networks, threats and
vulnerabilities, attacks on wireless technologies, and some defense techniques.

Module 17 | Hacking Mobile Platforms

In this module, the student will the vulnerabilities of the iOS and Android mobile
operating systems, different SMS and Bluetooth attacks, rooting and jailbreaking
methods and tools, threats of BYOD, and the types of tools attackers use.

Module 18 | IoT and OT Hacking

This module provides an overview to the student of the IoT and OT architecture,
attack types, and countermeasures to protect against attacks.

Module 19 | Cloud Computing

In this module, the student will get an overview of different cloud deployment
models, different types of cloud computing, serverless computing, and will get an
overview of container technologies.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
8
Module 20 | Cryptography

In this module, the student will learn concepts and methods of carrying out
encryption and hashing to protect the integrity of data. The student will learn
about different tools used to create encryption algorithms and hashes, along with
the techniques used to study cryptography.

Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
9