Module 1 – Planning and Scoping Penetration Tests

• Scope and Negotiate a Pen Test Engagement
• Prepare for a Pen Test Engagement

Module 2 – Conducting Passive Reconnaissance

• Gather Background Information
• Prepare Background Findings for Next Steps

Module 3 – Performing Non-Technical Tests

• Perform Social Engineering Tests

• Perform Physical Security Tests on Facilities

Module 4 – Conducting Active Reconnaissance

• Scan Networks
• Enumerate Targets
• Scan for Vulnerabilities
• Analyse Basic Scripts

Module 5 – Analysing Vulnerabilities

• Analyse Vulnerability Scan Results
• Leverage Information to Prepare for Exploitation

Module 6 – Penetrating Networks

• Exploit Network-Based Vulnerabilities
• Exploit Wireless and RF-Based Vulnerabilities
• Exploit Specialised Systems

Module 7 – Exploiting Host-Based Vulnerabilities

• Exploit Windows-Based Vulnerabilities
• Exploit *Nix-Based Vulnerabilities

Module 8 – Testing Applications

• Exploit Web Application Vulnerabilities
• Test Source Code and Compiled Apps

Module 9 – Completing Post-Exploit Tasks

• Use Lateral Movement Techniques
• Use Persistence Techniques
• Use Anti-Forensics Techniques

Module 10 – Analysing and Reporting Pen Test Results

• Analyse Pen Test Data
• Develop Recommendations for Mitigation Strategies
• Write and Handle Reports