Certified Penetration Testing Professional (CPENT) (exame incluído)

Module 1: Introduction to Penetration Testing and Methodologies

Lessons:

• Principles and Objectives of Penetration Testing
• Penetration Testing Methodologies and Frameworks
• Best Practices and Guidelines for Penetration Testing
• Role of Artificial Intelligence in Penetration Testing
• Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Module 2: Penetration Testing Scoping and Engagement

Lessons:

• Penetration Testing: Pre-engagement Activities
• Key Elements Required to Respond to Penetration Testing RFPs
• Drafting Effective Rules of Engagement (ROE)
• Legal and Regulatory Considerations Critical to Penetration Testing
• Resources and Tools for Successful Penetration Testing
• Strategies to Effectively Manage Scope Creep

Module 3: Open-Source Intelligence (OSINT)

Lessons:

• Collect Open-Source Intelligence (OSINT) on Target’s Domain Name
• Collect OSINT About Target Organization on the Web
• Perform OSINT on Target’s Employees
• OSINT Using Automation Tools
• Map the Attack Surface

Labs:

• Collect OSINT on Target’s Domain Name, Web, and Employees
• Collect OSINT Using Automation Tools
• Identify and Map Attack Surface

Module 4: Social Engineering Penetration Testing

Lessons:

• Social Engineering Penetration Testing Concepts
• Off-Site Social Engineering Penetration Testing
• On-Site Social Engineering Penetration Testing
• Document Findings with Countermeasure Recommendations

Labs:

• Sniff credentials using the Social-Engineer Toolkit (SET)

Module 5: Web Application Penetration Testing

Lessons:

• Web Application Footprinting and Enumeration Techniques
• Techniques for Web Vulnerability Scanning
• Test for Vulnerabilities in Application Deployment and Configuration
• Techniques to Assess Identity Management, Authentication, and Authorization Mechanisms
• Evaluate Session Management Security
• Evaluate Input Validation Mechanisms
• Detect and Exploit SQL Injection Vulnerabilities
• Techniques for Identifying and Testing Injection Vulnerabilities
• Exploit Improper Error Handling Vulnerabilities
• Identify Weak Cryptography Vulnerabilities
• Test for Business Logic Flaws in Web Applications
• Evaluate Applications for Client-Side Vulnerabilities

Labs:

• Perform Website Footprinting
• Perform Web Vulnerability Scanning Using AI
• Perform Various Attacks on Target Web Application

Module 6: API and Java Web Token Penetration Testing

Lessons:

• Techniques and Tools to Perform API Reconnaissance
• Test APIs for Authentication and Authorization Vulnerabilities
• Evaluate the Security of JSON Web Tokens (JWT)
• Test APIs for Input Validation and Injection Vulnerabilities
• Test APIs for Security Misconfiguration Vulnerabilities
• Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
• Test APIs for Security of GraphQL Implementations
• Test APIs for Business Logic Flaws and Session Management

Labs:

• Perform API Reconnaissance Using AI
• Scan and Identify Vulnerabilities in APIs
• Exploit Various Vulnerabilities to Gather Information on the Target Application

Module 7: Perimeter Defense Evasion Techniques

Lessons:

• Techniques to Evaluate Firewall Security Implementations
• Techniques to Evaluate IDS Security Implementations
• Techniques to Evaluate the Security of Routers
• Techniques to Evaluate the Security of Switches

Labs:

• Identify and Bypass a Firewall
• Evade Perimeter Defenses Using Social-Engineer Toolkit (SET)
• Perform WAF Fingerprinting

Module 8: Windows Exploitation and Privilege Escalation

Lessons:

• Windows Pen Testing Methodology
• Techniques to Perform Reconnaissance on a Windows Target
• Techniques to Perform Vulnerability Assessment and Exploit Verification
• Methods to Gain Initial Access to Windows Systems
• Techniques to Perform Enumeration with User Privilege
• Techniques to Perform Privilege Escalation
• Post-Exploitation Activities

Labs:

• Exploit Windows OS Vulnerability
• Exploit and Escalate Privileges on a Windows Operating System
• Gain Access to a Remote System
• Exploit Buffer Overflow Vulnerability on a Windows Machine

Module 9: Active Directory Penetration Testing

Lessons:

• Architecture and Components of Active Directory
• Active Directory Reconnaissance
• Active Directory Enumeration
• Exploit Identified Active Directory Vulnerabilities
• Role of Artificial Intelligence in AD Penetration Testing Strategies

Labs:

• Explore the Active Directory Environment
• Perform Active Directory Enumeration
• Perform Horizontal Privilege Escalation and Lateral Movement
• Retrieve Cached Active Directory Credentials

Module 10: Linux Exploitation and Privilege Escalation

Lessons:

• Linux Exploitation and Penetration Testing Methodologies
• Linux Reconnaissance and Vulnerability Scanning
• Techniques to Gain Initial Access to Linux Systems
• Linux Privilege Escalation Techniques

Labs:

• Perform Reconnaissance and Vulnerability Assessment on Linux
• Gain Access and Perform Enumeration
• Identify Misconfigurations for Privilege Escalation

Module 11: Reverse Engineering, Fuzzing, and Binary Exploitation

Lessons:

• Concepts and Methodology for Analyzing Linux Binaries
• Methodologies for Examining Windows Binaries
• Buffer Overflow Attacks and Exploitation Methods
• Concepts, Methodologies, and Tools for Application Fuzzing

Labs:

• Perform Binary Analysis
• Explore Binary Analysis Methodology
• Write an Exploit Code
• Reverse Engineering a Binary
• Identify and Debug Stack Buffer Overflows
• Fuzzing an Application

Module 12: Lateral Movement and Pivoting

Lessons:

• Advanced Lateral Movement Techniques
• Advanced Pivoting and Tunneling Techniques to Maintain Access

Labs:

• Perform Pivoting
• Perform DNS Tunneling and HTTP Tunneling

Module 13: IoT Penetration Testing

Lessons:

• Fundamental Concepts of IoT Pentesting
• Information Gathering and Attack Surface Mapping
• Analyze IoT Device Firmware
• In-depth Analysis of IoT Software
• Assess the Security of IoT Networks and Protocols
• Post-Exploitation Strategies and Persistence Techniques
• Comprehensive Pentesting Reports

Labs:

• Perform IoT Fireware Acquisition, Extraction, Analysis, and Emulation
• Probe IoT Devices

Module 14: Report Writing and Post-Testing Actions

Lessons:

• Purpose and Structure of a Penetration Testing Report
• Essential Components of a Penetration Testing Report
• Phases of a Pen Test Report Writing
• Skills to Deliver a Penetration Testing Report Effectively
• Post-Testing Actions for Organizations

Labs:

• Generate Penetration Test Reports