Certified Penetration Testing

Upskilling Course, 80 Academic Hours

Comprehensive Cybersecurity Training with an Offensive Security Focus

To protect computer networks and digital assets, you sometimes need to be on the offense, and try penetrating them to uncover vulnerabilities. This comprehensive cybersecurity training course focuses on various aspects of offensive security. It covers infrastructure, application, and wireless security penetration test methods and techniques that can help build a career in cybersecurity in the fields of system pentesting, infrastructure pentesting, cybersecurity, web application pentesting, and cyber operations.

By enrolling in this course, you'll explore all the avenues of penetration testing, gaining a competitive edge and developing the capabilities to perform various security assessments seamlessly.

Who Is This Course For?

  • Security analysts 
  • Network and security engineers 
  • Ethical hackers 
  • IT managers 
  • Cyber investigators 
  • Penetration testers
  • Vulnerability assessors


  • Knowledge of TCP/IP 
  • Basic knowledge of Windows and Linux command lines

Learning Objectives

  • Understanding the essentials of computer networks and architecture 
  • Leveraging Linux for ethical hacking practices 
  • Learning about privacy and anonymity 
  • Familiarization with Open-Source Intelligence (OSINT) 
  • Advanced protocol enumerations and scanning 
  • Identifying and assessing vulnerabilities 
  • Cracking passwords and secure access 
  • Hacking organizational systems, networks, and applications 
  • Evaluating post-exploitations 
  • Inspecting packets precisely 
  • Performing active sniffing attacks

What You'll Get...

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include: GIAC Penetration Tester (GPEN) with CyberLive and GIAC Web Application Penetration Tester (GWAPT).

Cyber certifications

Relevant Cybersecurity certifications

Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.
The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.
Nadav Nachmias Head of Cybersecurity Programs

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

Course Syllabus

Module 1: Getting Started with Fundamentals (6 Theoretical Hours, 5 Practical Hours)

  • What is Information Security? 
    • CIA Triad 
    • Authentication, Authorization, and Accounting (AAA)
    • Hacking Phases 
    • Ethical Hacking Concepts 
    • Understanding Common Hacking Terms 
    • Vulnerability Assessment 
    • Penetration Testing 
    • Concept of Red Teaming/Blue Teaming 
    • Information Security Controls and Policies 
  • OS and Network Basics 
  • Kali Linux

Module 2: Information Gathering Best Practices (7 Theoretical Hours, 8 Practical Hours)

  • Footprinting
  • Reconnaissance 
  • Intelligence Gathering 
    • Google Dorking 
    • Shodan 
    • Public Information and Information Leakage DNS 
    • Analysis and DNS Brute Forcing 
    • Discover Network Hosts 
    • Port Scanning 
    • Enumerate Listening Services 
    • Discover Vulnerable Attack Surfaces

Module 3: – Network and Infrastructure Penetration Testing (10 Theoretical Hours, 14 Practical Hours)

  • Focused Penetration Testing 
    • Compromise Vulnerable Hosts 
    • Exploiting Missing Software Patches 
    • Using Metasploit to Exploit an Unpatched System 
    • Using the Meterpreter Shell Payload 
    • Generating Custom Shellcode for Exploit-DB Exploits 
    • Deploy Custom Executable Payloads 
    • Access Remote Management Interface 
    • DOS Attack Penetration Testing 
    • Sniffing and Spoofing 
    • Intrusion Detection System 
    • Firewall 
    • Network Device Security Audit 
  • Post-Exploitation and Privilege Escalation 
    • Harvesting Credentials from .dot Files 
    • Tunneling through SSH Connections 
    • Automating SSH Pubkey Authentication with Bash 
    • Scheduling a Reverse Callback Using Cron 
    • Escalating Privileges with SUID Binaries 
    • Maintaining Persistent Meterpreter Access 
    • Harvesting Domain-Cached Credentials 
    • Extracting Clear-Text Credentials from Memory 
    • Searching the Filesystem for Credentials in Configuration Files 
    • Using Pass-the-Hash to Move Laterally

Module 4: Web Application Pentesting (10 Theoretical Hours, 9 Practical Hours)

  • Web Basics 
    • Basic Concepts of Web Applications, Working Principles 
    • HTML Basics 
    • Difference Between Static and Dynamic Websites 
    • Understanding HTTP Protocols 
    • Intro to Representational State Transfer (REST) 
    • HTTP Request and Response Headers 
    • What Is a Cookie? 
    • HTTP Proxy 
    • Server and Client Side with Example 
    • What Is a Session? 
    • Different Types of Encoding 
  • Web Application Penetration Testing Tools 
    • DirBuster 
    • Wfuzz 
    • Nikto 
    • wpscan 
    • Burp Suite 
    • Proxy Module 
    • Target and Spider Module 
    • Intruder Attack Types and Payload Settings 
    • Repeater Module 
    • Sequencer and Scanner Module 
  • Common Website Security Attacks 
    • Injection 
    • Broken Authentication and Session Management 
    • Cross-Site Scripting 
    • Insecure Direct Object Reference 
    • Security Misconfiguration 
    • Sensitive Data Exposure 
    • Missing Functional Level Access Controls 
    • Cross-Site Request Forgery 
    • Using Components with Known Vulnerabilities 
    • Unvalidated Redirects and Forwards 
    • XML External Entities 
    • A Closer Look at the 10 Ten Owasp Vulnerabilities 
  • Database Attacks 
    • SQL Injection 
    • Error-Based Injection
    • Double Query Injection 
    • Boolean-Based Blind Injection 
    • Time-Based Blind Injection 
    • Dumping DB Using SQLMap

Module 5: Wireless Pentest (3 Theoretical Hours, 3 Practical Hours)

  • Wireless Security Overview 
  • Introduction to the 802.11 Standard 
  • Aircrack-ng Kungfu 
  • EvilTwin Attack 
  • Wireless Security Tools 
  • Best Practices for Wireless and Wireless Enterprise Security

Module 6: Post-Engagement Cleanup (2 Theoretical Hours, 3 Practical Hours)

  • Killing Active Shell Connections 
  • Removing Unnecessary User Accounts 
  • Deleting Miscellaneous Files 
  • Reversing Configuration Changes 
  • Closing Backdoors

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.