What is penetration testing?

Pentesting vs vulnerability scanning

Types of pentests (black-box, white-box, gray-box)

Legal and ethical considerations (laws, consent, NDAs)

Penetration testing phases overview (PTES model)

Common Network Security Terms

What is Asset., Vulnerability, Exploit, Threat, Attack, Risk

Zero-Day Attack , Pivoting Countermeasures.

Type of Virus, Identify Malware, Virus, Adware, Trojan,

Worms, Spyware, Rootkits, Keyloggers, Scareware, DOS, DDOS, Logic Bomb,

What is Cyber Security, what is hacking Type of Hacker, Read Team and Blue Team, Black-Box vs Grey-Box vs White-Box Penetration Testing,

what is CIA, Type of Cyber Security, Zero Trust Architecture.

Setting up a safe pentesting lab (VMware/EVE-ENG/GNS3/PNETLAB)

Installing Kali Linux / Parrot OS

Using vulnerable machines (Metasploitable, DVWA, TryHackMe, Hack The Box)

Information about Linux and kali Linux

Login and change Password kali Linux

Login and change password Parrot

Finding Your Way Around Kali and Linux Filesystem

Man Pages and Linux commands

Linux Text Editor nano, Leafpad Mousepad

Kali Linux Searching tools locate, find

Update and upgraded kali Linux and Installing and removing tools in kali Linux

Managing kali Linux Services SSH, HTTP, RDP

Transfer file Between Kali Linux and Windows

Passive information gathering

Explain Footprinting and Reconnaissance Concept

Demonstrate Footprinting through Search Engines

Demonstrate Footprinting through internet Research Services

Demonstrate Footprinting through Social Networking Sites

Use Different Techniques for Whois Footprinting

Use Different Techniques for DNS Footprinting

Use Different Techniques for Network and Email Footprinting

Demonstrate Footprinting through Social Engineering

Automate Footprinting Tasks using Advanced tools and AI

Explain Footprinting Countermeasures

WHOIS, DNS records, Google dorking

Shodan, Censys, Recon-ng

LinkedIn/email scraping & metadata analysis

Target profiling and documentation

Active information Gathering with Links

Explain Network Scanning Concepts

Demonstrate Various Scanning Techniques for Host Discovery

Demonstrate Various Scanning Techniques for Port and Service Discovery

Demonstrate Various Scanning Techniques for OS Discovery

Demonstrate Various Techniques for Scanning Beyond IDS and Firewall

Explain Network Scanning Countermeasures

Explain Enumeration Concepts

Demonstrate Different Techniques For Active Directory Enumeration

Demonstrate Different Techniques for SNMP, SMTP, DNS, SMB, NFS, NTP, NetBIOS Enumeration

Explain Enumeration Countermeasures

Learn about the various system hacking methodologies—including Hacking Windows Password without any Software,

using IOS, kali Linux, brute-force attack, Responder and some tools.

Bypass Windows 10, 11 with USB

Cracking password what Jon the Ripper and Hashcat.

ZIP Password Cracking PowerPoint Cracking.

Hacking and Cracking Windows 7, 8, 10, 11, Windows Server 2016, 2018, 2022.

Ubuntu Linux, Red hat, kali Linux, Webserver.

covering tracks—used to discover.

Learn social engineering concepts and techniques, including how to

identify theft attempts, audit human-level vulnerabilities, and suggest

Psychological manipulation and phishing

Summarize Social Engineering

Explain Various Human-based Social Engineering Techniques

Explain Various Computer-based Social Engineering Techniques

Explain Various Mobile-Based Social Engineering Techniques

Web-based Social Engineering

Explain Social Engineering Countermeasures

Red team phishing campaigns

Track find the location of people

Social Engineering Toolkit

Brut-Force on Social Media Pages

Phishing through Site

Phishing with kali Linux tools

Auto-Run USB

Used professional method crying viruses to the target

Defense: security awareness training

social engineering countermeasures.

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities

as well as countermeasures to defend against sniffing attacks.

Passive and Active Sniffing

Sniffing Tools: Wireshark,

Sniffing Tools: Ettercap, Ettercap, Sniffing Tools: Tcpdump

Sniffing Tools: Aircrack-ng

Sniffing Tools: Burp Suite

DHCP Starvation and Rouge Attack

ARP Poisoning and Spoofing Attack and DNS Spoofing

MAN-IN-THE-MIDDLE (MITM)

Learn about different Denial of Service (DoS) and Distributed DoS

(DDoS) attack techniques, as well as the tools used to audit a target and

devise DoS and DDoS countermeasures and protections.

Ping of Death and ICMP Flooding

Smurf Attack Metasploit and Hping3

TCP Flooding Attack

CDP Flooding Attack

MAC Spoofing Attack

MAC Flooding Attack

Buffer Overflow

Understand different types of wireless technologies, including encryption, threats, hacking methodologies, hacking tools, Wi-Fi security tools, and countermeasures.

Wireless encryption standards

Access point Configuration and setup.

Wired Equivalent Privacy (WEP) Security and Cracking

Wi-Fi Protected Access (WPA) Security and Cracking

Wi-Fi Protected Access || (WPA2) Security and Cracking

Wi-Fi Protected Access ||| (WPA3) Security and Cracking

Capturing handshakes and cracking WPA2

Airmon-ng, Airodump-ng Tools, Aireplay-ng

Evil twin and rogue access point attacks

Tools: Aircrack-ng, Kismet, Wifite

Wireless defense mechanisms

Types of password attacks (brute force, dictionary, rainbow tables)

Tools: Hydra, John the Ripper, Hashcat

Cracking hashes (MD5, SHA, NTLM)

Wordlist generation and manipulation (CeWL, Crunch)

Creating Wordlist with Crunch

Using world fastest Cracking tools hashcat basic to Advanced

Manual vs automated exploitation

Exploit-DB and searchsploit

Using Metasploit Framework

Metasploit framework database and Managing Workspaces

Import Nmap Scan In Metasploit

msfvenom basic to advacned

Creating reverse shells and Bind shells

Common exploits: buffer overflow, RCE, file inclusion

Combine with listeners in Metasploit using exploit/multi/handler.

Use tools like Veil, Shellter, or Obfuscator-LLVM for AV evasion.

System control and information gathering

Privilege escalation (Linux and Windows

Escalating Privileges by Exploiting Client Side Vulnerabilities

New Session for full Access

Add User to Administrators Group

Gaining Access with SMB Port 445

Lifetime Access Windows Persistence

Windows10, 11 Server 2019 Persistence

Armitage Tools

Payload creation (malicious documents)

Gathering hashdump and Cracking

Credential dumping (Mimikatz, LaZagne)

Pivoting and lateral movement

Maintaining access (backdoors, persistence)

Understanding HTTP and web app structure

OWASP Top 10: XSS, SQLi, CSRF, etc.

Burp Suite workflows

Exploiting authentication and session flaws

Vulnerability testing tools (Nikto, sqlmap, etc.)

Session Hijacking

Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Session Hijacking with Remember me

Session Hijacking with Cookies

Session Hijacking Cross-Site Scripting (XSS)

Session Hijacking with ZAP

Session Hijacking Burp Suite

Learn different cloud computing concepts, such as container technologies and server less computing, various cloud computing threats, attacks, hacking methodology, and cloud security techniques and tools.

Download install and configure ownCloud.

Setup Shearing file

Create Group

Create users

Test Security.

Learn about encryption algorithms, cryptography tools, Public Key Infrastructure (PKI), email encryption, disk encryption, cryptography attacks, and cryptanalysis tools.

Cryptography Concepts

Caesar Cipher Encrypting algorithm

Cryptography Terminologies

Describe Hash Massage Digest (DM5)

Secure Hash Algorithm (SHA)

Hash Message Authentication Code (HMAC)

Symmetric and Asymmetric Encryption

Creating Encryption

Learn Mobile platform attack vector, android and iOS hacking

Mobile device management, mobile security guidelines, and security tools.

Creating Payload for android APK

Create Trojan with android APK

AppMon: Real-Time Monitoring of App Behavior

Needle: Modular Android Penetration Testing

Metasploit Fretwork

Evil-Droid, Msfvenom, The fatrat

Learn how to identify security loopholes in a target organization’s

network, communication infrastructure, and end systems.

Different types of vulnerability assessment and vulnerability assessment tools.

Tools: Nessus, OpenVAS, Burp Suite, Nmap scripts

Interpreting scan results

Risk ratings (CVSS)

Common Vulnerabilities and Exposures CVE

Prioritizing targets for exploitation

MITRE ATTA&CK Framework

OWASP top 10

Cyber Kill Chain

Unified Kill Chain

Documenting findings clearly

Report Writing for Penetration Testers

Reproducing exploitation steps

Prioritizing issues by impact

Executive summary writing

Technical vs business communication

Virtual Private Networks Allows individual users to securely connect to a private network from a remote location.

Remote Access VPN

SSL, IPSec

Site-to-Site VPN

IPSec (most common)

GRE (Generic Routing Encapsulation)

Download and install and configure Firewall

Cisco ASA Firewall vs Cisco Firepower (Next-Generation Firewall)

super useful for anyone getting into network security, pentesting, or cybersecurity architecture.

Next-Gen IPS (NGIPS) — detects & blocks threats

Application-layer filtering

URL filtering & content control

Malware protection (AMP)

Security Intelligence feeds (block malicious IPs, URLs, domains)

Basic Bash Script

Variable in Bash Script

Bash Script Arguments

Bash Script Reading User input

IF, ELSE, ELIF Statements

Boolean Logical Operations

Computer Variables

Loop, For Loops, While Loops

Functions

Creating Project with help of AI

DOS Attack Project

🔍 1. Information Gathering

1. Nmap Port scanning, service detection

2. Netcat Network utility (read/write over TCP/UDP)

3. Recon-ng Web-based recon framework

4. theHarvester Emails, subdomains, hosts

5. Maltego Link analysis and data mining

6. Shodan Search engine for internet-connected devices

7. FOCA Metadata extraction

8. DNSenum DNS information enumeration

9. Sublist3r Subdomain enumeration

📦 2. Vulnerability Scanning

11. Nessus Comprehensive vulnerability scanner

12. OpenVAS Open-source vulnerability scanner

13. Nikto Web server vulnerability scanning

14. Nmap (NSE) Scriptable network scans

15. Burp Suite (Scanner) Web app vuln detection (Pro)

💥 3. Exploitation Frameworks

16. Metasploit Exploit development and execution

17. BeEF Browser exploitation

18. SQLMap SQL injection automation

19. Commix Command injection testing

20. Exploit-DB Database of public exploits

🧬 4. Password Cracking & Bruteforce

21. Hydra Network service brute-forcer

22. John Password cracking tool

23. Hashcat GPU-accelerated hash cracker

24. Medusa Fast brute-forcer

25. CeWL Custom wordlist generator

🌐 5. Web Application Testing

26. Burp Suite Intercept/modify HTTP traffic

27. OWASP ZAP Open-source web app scanner

28. Wapiti Web app vulnerability scanner

29. XSStrike XSS detection and fuzzing

30. Nikto Web server scanner (again, yes!)

🛰️ 6. Wireless Attacks

31. Aircrack-ng Wi-Fi key cracking

32. Kismet Wireless network sniffer

33. Wifite Automated WPA/WEP attacks

34. Reaver WPS brute-force

35. Fluxion WPA social engineering attacks

👣 7. Post-Exploitation & Lateral Movement

36. Mimikatz Credential harvesting (Windows)

37. Empire PowerShell post-exploitation

38. CrackMapExec AD enumeration & attacks

39. BloodHound AD privilege escalation mapping

40. Nishang PowerShell scripts for pentesting

👻 8. Social Engineering & Phishing

41. Social-Engineer Toolkit (SET) Phishing, cloning, payload delivery

42. Gophish Phishing simulation tool

43. Evilginx2 Advanced phishing (bypass 2FA)

44. King Phisher Campaign management & delivery

45. ShellPhish Termux phishing toolkit (educational use only)

🖥️ 9. Container / Cloud Security

46. Trivy Container image scanning

47. ScoutSuite AWS, Azure, GCP auditing

48. Prowler AWS security best practices

49. Kube-hunter Kubernetes vulnerability scanner

50. CloudSploit Cloud configuration auditing

CompTIA Security Plus

Certified Ethical Hacker (CEHv13)

CompTIA PenTest+

Certified Information Systems Auditor (CISA)

Certified Expert Penetration Tester (CEPT)

Certified penetration testing professional (CPENT)

Offsec Certified Professional PWK (OSCP)

CISSP - Certified Information Systems Security Professional