1. Introduction to Penetration Testing
- What is Penetration Testing?
- Ethical Hacking vs Malicious Hacking
- Goals and Objectives of a Pentest
- Types of Penetration Testing
- Black Box
- White Box
- Gray Box
- Rules of Engagement (RoE)
- Legal and Ethical Considerations
- Standards and Frameworks
- NIST
- PTES
- OWASP
- ISO 27001
2. Information Gathering (Reconnaissance)
Passive Reconnaissance
- Open Source Intelligence (OSINT)
- WHOIS Lookup
- Google Dorking
- Social Media Intelligence
Active Reconnaissance
- DNS Enumeration
- Network Mapping
- Banner Grabbing
Tools
- Maltego
- theHarvester
- Recon-ng
- Shodan
3. Scanning and Enumeration
- Network Scanning Concepts
- Port Scanning Techniques
- Service Identification
- OS Fingerprinting
- Vulnerability Scanning
Tools
- Nmap
- Nessus
- OpenVAS
- Netcat
4. Vulnerability Assessment
- Identifying Security Weaknesses
- CVSS Scoring
- Risk Prioritization
- False Positives vs True Positives
- Patch Management Awareness
5. Exploitation Techniques
- Exploit Fundamentals
- Exploitation Workflow
- Common Network Exploits
- Password Attacks
- Brute Force
- Dictionary
- Credential Stuffing
Tools
- Metasploit Framework
- Hydra
- John the Ripper
- Burp Suite (for web)
6. Web Application Penetration Testing
- OWASP Top 10 Overview
- SQL Injection
- Cross-Site Scripting (XSS)
- CSRF
- Broken Authentication
- Security Misconfiguration
- Session Management Testing
- Input Validation Testing
Tools
- Burp Suite
- OWASP ZAP
- Nikto
- SQLmap
7. Wireless Network Penetration Testing
- Wireless Security Basics
- WPA2/WPA3 Attacks
- Rogue Access Points
- Packet Capture and Analysis
Tools
- Aircrack-ng
- Kismet
- Wireshark
8. Post-Exploitation
- Privilege Escalation
- Maintaining Access
- Pivoting and Lateral Movement
- Data Exfiltration Risks
- Covering Tracks (for awareness, not misuse)
9. Social Engineering
- Phishing Attacks
- Spear Phishing
- Pretexting
- Human Vulnerabilities
- Security Awareness Strategies
10. Reporting and Documentation
- Importance of Accurate Reporting
- Writing a Penetration Test Report
- Executive vs Technical Reports
- Risk Ratings and Recommendations
- Evidence Collection and Screenshots
11. Pentesting Methodologies & Frameworks
- PTES Phases
- Cyber Kill Chain
- MITRE ATT&CK Overview
- Red Team vs Blue Team vs Purple Team
12. Hands-On Labs and Capstone Project
- Simulated Corporate Network Testing
- Web Application Assessment
- Capture-the-Flag (CTF) Exercises
- Full End-to-End Penetration Test
- Final Presentation and Defense
Learning Outcomes
By the end of the course, learners should be able to:
- Perform structured penetration tests
- Identify and exploit common vulnerabilities
- Use industry-standard pentesting tools
- Document findings professionally
- Recommend remediation strategies
Instructor
Adeniyi Salau
CRMNuggets is your go-to platform for insights on Customer Relationship Management (CRM), project management, digital marketing, IT strategies, and business growth tips. Our goal is to help businesses enhance customer experience, optimize processes, and stay ahead with proven strategies and practical guides.
Copyright © 2026 | WordPress Theme by MH Themes