Duration 5 days – 35 hrs
Overview.
The Certified Penetration Testing (CPENT) training course is an immersive five-day program designed to provide participants with the skills and knowledge necessary to perform advanced penetration testing. The course covers various phases of penetration testing, including planning, reconnaissance, scanning, exploitation, post-exploitation, and reporting. Participants will engage in hands-on labs and real-world scenarios to practice their skills and techniques in a controlled environment.
Objectives
- Understand the principles and methodologies of penetration testing.
- Learn advanced techniques for network, web application, and wireless penetration testing.
- Develop practical skills in exploiting vulnerabilities and gaining access to systems.
- Gain experience in post-exploitation techniques and maintaining access.
- Prepare comprehensive penetration testing reports with actionable recommendations.
Audience
- Security Professionals
- Penetration Testers
- Network Administrators
- System Administrators
- IT Managers
- Anyone interested in pursuing a career in penetration testing
Pre- requisites
- Basic understanding of networking and information security principles.
- Familiarity with operating systems (Windows, Linux).
- Prior experience in security testing or network administration is advantageous but not required.
Course Content
Day 1: Introduction to Penetration Testing and Planning
Morning Session:
- Introduction to Penetration Testing
- Overview of Penetration Testing
- Penetration Testing Methodologies
- Legal and Ethical Considerations
- Penetration Testing Phases
- Planning and Preparation
- Defining Scope and Rules of Engagement
Afternoon Session:
- Reconnaissance and Information Gathering
- Passive and Active Reconnaissance Techniques
- Tools for Information Gathering
- Social Engineering Techniques
- Practical Lab: Reconnaissance
- Hands-On Exercises on Reconnaissance Techniques
Day 2: Scanning and Enumeration
Morning Session:
- Network Scanning Techniques
- Understanding Network Scanning
- Tools for Network Scanning (Nmap, Nessus, etc.)
- Vulnerability Scanning
- Identifying Vulnerabilities in Networks and Systems
- Analyzing Scan Results
Afternoon Session:
- Enumeration Techniques
- Enumerating Network Resources and Services
- Tools for Enumeration (Netcat, SNMP, etc.)
- Practical Lab: Scanning and Enumeration
- Hands-On Exercises on Scanning and Enumeration Techniques
Day 3: Exploitation Techniques
Morning Session:
- Exploiting Network Vulnerabilities
- Exploiting Common Network Vulnerabilities
- Tools for Exploitation (Metasploit, Exploit-db, etc.)
- Web Application Penetration Testing
- Identifying and Exploiting Web Application Vulnerabilities
- Tools for Web Application Testing (Burp Suite, OWASP ZAP, etc.)
Afternoon Session:
- Wireless Network Penetration Testing
- Techniques for Wireless Network Exploitation
- Tools for Wireless Testing (Aircrack-ng, Kismet, etc.)
- Practical Lab: Exploitation
- Hands-On Exercises on Exploitation Techniques
Day 4: Post-Exploitation and Maintaining Access
Morning Session:
- Post-Exploitation Techniques
- Techniques for Privilege Escalation
- Methods for Maintaining Access to Compromised Systems
- Lateral Movement and Pivoting
- Moving Laterally Across Networks
- Pivoting Techniques
Afternoon Session:
- Data Exfiltration Techniques
- Techniques for Extracting Data from Target Systems
- Tools for Data Exfiltration
- Practical Lab: Post-Exploitation
- Hands-On Exercises on Post-Exploitation Techniques
Day 5: Reporting and Practice Exam
Morning Session:
- Penetration Testing Reporting
- Writing Comprehensive Penetration Testing Reports
- Providing Actionable Recommendations
- Effective Communication with Stakeholders
- Presenting Findings to Technical and Non-Technical Audiences
Afternoon Session:
- Practice Exam and Review
- Simulated Penetration Testing Exam
- Review and Feedback
- Course Wrap-Up and Q&A Session
- Review of Key Concepts
- Open Discussion and Q&A