CPT - Certified Penetration Tester

1. What is Information Security?
   CIA Triad
   AAA
   Hacking Phases
   Ethical Hacking Concepts
   Understanding common terms in hacking
   Vulnerability Assessment
   Penetration Testing
   Concept of Red Teaming/Blue Teaming
   Information Security Controls & Policies

2 -Network Fundamentals
3 -OS basics
4 -Kali Linux

• Understanding the target audience
• Rules of engagement
• Communication escalation path
• Resources and requirements
• Budget
• Impact analysis and remediation timelines
• Disclaimers
• Technical constraints
• Support resources

1 – Footprinting

2 – Reconnaissance

3 – Intelligence Gathering

• Google Dorking
• Shodan
• Public Information & Information Leakage DNS
• Analysis & DNS Brute Forcing
• Discover network hosts
• Port scanning
• Enumerate listening services
• Discover vulnerable attack surface

1 – Focused penetration testing

• Compromise vulnerable hosts
• exploiting missing software patches
• Using Metasploit to exploit an unpatched system
• Using the Meterpreter shell payload
• Generating custom shellcode for Exploit-DB exploits
• Deploy custom executable payloads
• Access remote management interface
• DOS Attack Penetration Testing
• Sniffing & Spoofing
• Intrusion Detection System
• Firewall
• Network Device Security Audit

2 – Post-Exploitation and Privilege escalation

• Harvesting credentials from .dot files
• Tunneling through SSH connections
• Automating SSH pubkey authentication with bash
• Scheduling a reverse callback using cron
• Escalating privileges with SUID binaries
• Maintaining persistent Meterpreter access
• Harvesting domain-cached credentials
• Extracting clear-text credentials from memory
• Searching the filesystem for credentials in
• configuration files
• Using Pass-the-Hash to move laterally

1 – Web basics

• Basic concepts of web applications, working principle
• HTML basics
• Difference between static and dynamic website
• HTTP protocol Understanding
• Intro to REST
• HTTP Request & Response Headers
• What is a cookie
• HTTP Proxy
• Server and client side with example
• What is a session
• Different types encoding

2 – Web application Penetration testing tools

• DirBuster
• Wfuzz
• Nikto
• wpscan
• Burp Suite
  • Proxy module
  • Target and spider module
  • Intruder attack types and Payload settings
  • Repeater module
  • Sequencer and scanner module

3 – Mapping application

• Spidering
• Discover hidden directories and files
• Identify application entry points
• Identify client and server technology
• Identify server technology using banner grabbing

4 – Common Website Security Attacks

• Injection
• Broken authentication and session management
• Cross-site scripting
• Insecure direct object reference
• Security misconfiguration
• Sensitive data exposure
• Missing functional level access controls
• Cross-site request forgery
• Using components with known vulnerabilities
• Unvalidated redirects and forwards
• XML external entities
• A closer look at all owasp top 10 vulnerabilities

5 – Database Attacks

• SQL injection
• injection error based
• Double query injection
• Blind injection boolean based
• Blind injection time based
• Dumping DB using sqlmap
• Post parameter injection
• Injection in insert query
• Cookie based injection
• Bypassing blacklist filters
• Bypassing WAF
• NoSQL injection
• Xpath injection
• LDAP injection

• Wireless Security Overview
• Introduction 802.11 Standard
• Aircrack-ng Kungfu
• EvilTwin Attack
• Wireless Security Tools
• Best Practices for Wireless & Wireless Enterprise Security

• Killing active shell connections
• Removing unnecessary user accounts
• Deleting miscellaneous files
• Reversing configuration changes
• Closing backdoors

• Executive summary
• Engagement methodology
• Attack narrative
• Technical observations