Course Syllabus
Penetration Testing and Ethical Hacking
Course Description and Goals
Course Description: Our Penetration Testing and Ethical Hacking course will introduce
you to a variety of attack types, including password cracking, DDoS, SQL injection,
session hijacking, social engineering, and other hacking techniques. The course also
covers an introduction to ethical hacking concepts, as well as web server and web
application hacking. There are optional labs for this ethical hacking course that help
students gain the hands-on hacking skills necessary to be successful on the job.
Connect with Our Instructor: Bill Price [email protected]
Recommended Target Audience: Built for those who want to move into pentesting or
blue teaming fields; Ideal for those who want to learn how to protect your network from
malicious hackers by exploiting networks.
Recommended Course Prerequisites: Recommended for individuals who have a
minimum of two years of professional experience and information security or a related
field and have a fundamental understanding of networking and operating systems.
Course Goals: By the end of this course, learners should be able to:
❏ Understand the mindset of a hacker.
❏ To properly assess the strength of an organization’s cybersecurity posture.
❏ To be able to gather information, perform scanning and enumeration, and show
how an adversary could hack into your systems.
❏ To be able to utilize the tools and utilities taught in this course to ethically gain
information, determine vulnerabilities, and exploit weaknesses in an organization’s
security posture.
❏ To confidently assist in the obtaining of pentest certifications, blue teaming, and
ethical hacking roles.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
1
Course Quick Outline
Module 1 | Introduction to Ethical Hacking
Lesson 1.1: Learn, Practice, Prove
Lesson 1.2: Course Introduction
Lesson 1.3: Information Security Overview
Lesson 1.4: Cyber Kill Chain Concepts
Lesson 1.5: Hacking and Ethical Hacking Concepts
Lesson 1.6: Information Security Controls, Laws, and Standards
Module 2 | Footprinting and Reconnaissance
Lesson 2.1: Footprinting Concepts
Lesson 2.2: Footprinting Through Different Services
Lesson 2.3: Network Footprinting
Module 3 | Scanning Networks
Lesson 3.1: Network Scanning Concepts
Lesson 3.2: Host, Port, and Service Discovery
Lesson 3.3: OS Discovery, Scanning Beyond IDS and Firewall
Module 4 | Enumeration
Lesson 4.1: Enumeration Concepts
Lesson 4.2: NetBIOS Enumeration and SNMP Enumeration
Lesson 4.3: LDAP, NTP, NFS, SMTP, and DNS Enumeration
Module 5 | Vulnerability Analysis
Lesson 5.1: Vulnerability Assessment Concepts
Lesson 5.2: Vulnerability Assessment Solutions and Tools
Module 6 | System Hacking
Lesson 6.1: System Hacking Concepts, Gaining Access, and Cracking Passwords
Lesson 6.2: Vulnerability Exploitation and Escalating Privileges
Lesson 6.3: Maintaining Access, Executing Applications, Hiding Files, and Clearing
Logs
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
Module 7 | Malware Threats
Lesson 7.1: Malware Concepts
Lesson 7.2: APT and Trojans
Lesson 7.3: Virus and Worms
Lesson 7.4: Malware Analysis and Countermeasures
Module 8 | Sniffing
Lesson 8.1: Sniffing
Module 9 | Social Engineering
Lesson 9.1: Social Engineering
Module 10 | Denial-of-Service
Lesson 10.1: DoS/DDoS
Module 11 | Session Hijacking
Lesson 11.1: Session Hijacking
Lesson 11.2: Session Hijacking Countermeasures
Module 12 | Evading IDS, Firewalls, and Honeypots
Lesson 12.1: Evading IDS, Firewalls, and Honeypots
Module 13 | Hacking Web Servers
Lesson 13.1: Webserver Concepts, Attacks, Attack Methodology, and
Countermeasures
Module 14 | Hacking Web Applications
Lesson 14.1: Hacking Web Applications
Module 15 | SQL Injection
Lesson 15.1: SQL Injection
Module 16 | Hacking Wireless Networks
Lesson 16.1: Hacking Wireless Networks
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
Module 17 | Hacking Mobile Platforms
Lesson 17.1: Hacking Mobile Platforms
Module 18 | IoT and OT Hacking
Lesson 18.1: IoT Hacking
Lesson 18.2: OT Hacking
Module 19 | Cloud Computing
Lesson 19.1: Cloud Computing Hacking
Module 20 | Cryptography
Lesson 20.1: Cryptography
Lesson 20.2: Encryption and Cryptographic Attacks
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
Course Extended Outline
Module 1 | Introduction to Ethical Hacking
The student will learn the basics of Information Security, security controls, and
laws and standards that are important to the ethical hacker. The student will also
learn the ethical hacking methodology and get introduced to two hacking models -
The Cyber Kill Chain and The Mitre ATT&ck Matrix.
Module 2 | Footprinting and Reconnaissance
The Footprinting and Reconnaissance module introduces the student to the
process of gaining information about the target using various sources. Some of the
topics cover:
● Techniques and tools in footprinting and reconnaissance
● Website footprinting
● Footprinting through social network sites
● The critical pre-attack phase of the ethical hacking process
● DNS footprinting
● Countermeasure
Module 3 | Scanning Networks
This module will instruct the student on network scanning methods of obtaining
network information about hosts, ports, etc. and running services by scanning the
networks and their ports. Some of the topics covered are:
● Network scanning techniques and countermeasures
● Scanning tools and techniques
● Scanning beyond IDS and firewall
● Banner grabbing
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
Module 4 | Enumeration
The enumeration module explores gathering information further by initiating active
connections with the target systems. Through these active connections, direct
queries are generated to gain more information to help identify the system’s attack
points.
Module 5 | Vulnerability Analysis
Vulnerability Analysis module includes discovering weaknesses in an environment,
any design flaws, and other security concerns that can cause an Operating
System, application, or website to be misused.
Module 6 | System Hacking
The System Hacking module will instruct the student on the methodological
approach of system hacking, bypassing access controls and policies by cracking
passwords or social engineering attacks that will enable an attacker to access the
system.
Module 7 | Malware Threats
In this module, the student will learn the basic concept of malware and the
components used in malware and its analysis. The student will also learn different
types of malware, including viruses, worms, trojans, ransomware, botnet, Adware,
Spyware, Rootkits, and Fileless malware. You will get a basic overview of Trojan
construction kits.
Module 8 | Sniffing
In this module, the student will learn the concepts of Sniffing and monitoring
different types of traffic, either protected or unprotected. Using sniffing, the
student will understand how an attacker can gain information that might be helpful
for further attacks and can cause trouble for the victim.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
Module 9 | Social Engineering
In this module, the student will learn the non-technical method of obtaining
information - Social Engineering. Social engineering techniques are used to
manipulate people into performing actions or sharing confidential information and,
when used by an outsider, gets them sensitive information.
Module 10 | Denial-of-Service
This module focuses on Denial-of-Service (DoS) and Distributed Denial-of-Service
(DDoS) attacks. It includes an explanation of different DoS and DDoS attacks,
attacking techniques, the concept of Botnets, attacking tools, and
countermeasures and strategies used for defending against these attacks.
Module 11 | Session Hijacking
In this module, the student will learn the hijacking of sessions by intercepting the
communication between hosts - Session Hijacking. The student will further learn
the types of attacks used with session hijacking, such as a "Man-in-the-Middle"
attack.
Module 12 | Evading IDS, Firewalls, and Honeypots
In this module, the student will learn the techniques used by attackers to evade
detection in a network. The module will provide the student with an in-depth look
at how IDS/IPS systems, firewalls, and honeypots operate, how to evade them,
and, more importantly, countermeasures to protect a network from attackers.
Module 13 | Hacking Web Servers
This module will discuss web server vulnerabilities, techniques and tools for
attacking them, and mitigation methods.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7
Module 14 | Hacking Web Applications
This module will introduce the student to web applications, their architecture, how
to footprint these applications, attack methods and techniques, and how to secure
them.
Module 15 | SQL Injection
This module covers Structured Query Language (SQL) Injection. SQL Injection is a
popular and complex method of attack on web services, applications, and
databases. By the end of this module, the student will understand SQL injection
types, methodology, and defense techniques.
Module 16 | Hacking Wireless Networks
This module will discuss the concept of wireless networks, threats and
vulnerabilities, attacks on wireless technologies, and some defense techniques.
Module 17 | Hacking Mobile Platforms
In this module, the student will the vulnerabilities of the iOS and Android mobile
operating systems, different SMS and Bluetooth attacks, rooting and jailbreaking
methods and tools, threats of BYOD, and the types of tools attackers use.
Module 18 | IoT and OT Hacking
This module provides an overview to the student of the IoT and OT architecture,
attack types, and countermeasures to protect against attacks.
Module 19 | Cloud Computing
In this module, the student will get an overview of different cloud deployment
models, different types of cloud computing, serverless computing, and will get an
overview of container technologies.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
8
Module 20 | Cryptography
In this module, the student will learn concepts and methods of carrying out
encryption and hashing to protect the integrity of data. The student will learn
about different tools used to create encryption algorithms and hashes, along with
the techniques used to study cryptography.
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
9