Module 1: Planning and Scoping Penetration Tests
- Introduction to Penetration Testing Concepts
- Plan a Pen Test Engagement
- Scope and Negotiate a Pen Test Engagement
- Prepare for a Pen Test Engagement
Module 2: Conducting Passive Reconnaissance
- Gather Background Information
- Prepare Background Findings for Next Steps
Module 3: Performing Non-Technical Tests
- Perform Social Engineering Tests
- Perform Physical Security Tests on Facilities
Module 4: Conducting Active Reconnaissance
- Scan Networks
- Enumerate Targets
- Scan for Vulnerabilities
- Analyze Basic Scripts
Module 5: Analyzing Vulnerabilities
- Analyze Vulnerability Scan Results
- Leverage Information to Prepare for Exploitation
Module 6: Penetrating Networks
- Exploit Network-Based Vulnerabilities
- Exploit Wireless and RF-Based Vulnerabilities
- Exploit Specialized Systems
Module 7: Exploiting Host-Based Vulnerabilities
- Exploit Windows-Based Vulnerabilities
- Exploit *nix-Based Vulnerabilities
Module 8: Testing Applications
- Exploit Web Application Vulnerabilities
- Test Source Code and Compiled Apps
Module 9: Completing Post-Exploit Tasks
- Use Lateral Movement Techniques
- Use Persistence Techniques
- Use Anti-Forensics Techniques
Module 10: Analyzing and Reporting Pen Test Results
- Analyze Pen Test Data
- Develop Recommendations for Mitigation Strategies
- Write and Handle Reports
- Conduct Post-Report-Delivery Activities