Certified Penetration Testing

Upskilling Course, 80 Academic Hours

Comprehensive Cybersecurity Training with an Offensive Security Focus

To protect computer networks and digital assets, you sometimes need to be on the offense, and try penetrating them to uncover vulnerabilities. This comprehensive cybersecurity training course focuses on various aspects of offensive security. It covers infrastructure, application, and wireless security penetration test methods and techniques that can help build a career in cybersecurity in the fields of system pentesting, infrastructure pentesting, cybersecurity, web application pentesting, and cyber operations.

By enrolling in this course, you'll explore all the avenues of penetration testing, gaining a competitive edge and developing the capabilities to perform various security assessments seamlessly.

Who Is This Course For?

Security analysts
Network and security engineers
Ethical hackers
IT managers
Cyber investigators
Penetration testers
Vulnerability assessors

Prerequisites

Knowledge of TCP/IP
Basic knowledge of Windows and Linux command lines

Learning Objectives

Understanding the essentials of computer networks and architecture
Leveraging Linux for ethical hacking practices
Learning about privacy and anonymity
Familiarization with Open-Source Intelligence (OSINT)
Advanced protocol enumerations and scanning
Identifying and assessing vulnerabilities
Cracking passwords and secure access
Hacking organizational systems, networks, and applications
Evaluating post-exploitations
Inspecting packets precisely
Performing active sniffing attacks

What You'll Get...

Course presentation as a PDF file
Cheat sheets and useful documentation
“Swiss Army Knife” - 3Gb of IR tools
42 hours of practical learning experience through hands-on activities
A Wawiwa certificate upon successful completion of the course

In addition, you may choose to augment your team’s course to include preparation for relevant cybersecurity industry certification tests, at an additional cost. The cybersecurity certifications that this course can be used to prepare for include: GIAC Penetration Tester (GPEN) with CyberLive and GIAC Web Application Penetration Tester (GWAPT).

Relevant Cybersecurity certifications

Note: An industry certification is neither offered nor guaranteed as part of the course.

Professional Supervisor and Instructors

Supervising all Wawiwa Cyber courses is Mr. Nadav Nachmias, Head of Cybersecurity Programs at Wawiwa.

The course instructors are cybersecurity professionals with hands-on experience as well as training skills. The technical level of the course can be adjusted according to the audience.

Nadav Nachmias

Head of Cybersecurity Programs

Nadav is a Cybersecurity Specialist with over 15 years of experience, focusing on Cybersecurity strategies, architecture, and workforce empowerment. His practical experience made it intuitive for him to develop diverse training programs and materials in several Cybersecurity fields (including Cybersecurity Management, Incident Handling and Response, and Cyber Forensics).

What Do Graduates Have to Say?

"I always found interest in cybersecurity. I had a passion for this huge field that keeps evolving. I looked for courses online, and found that most of them are very hands off, a video running on a website. Then I found Wawiwa’s Cybersecurity program. I registered and throughout the program, actually found myself looking forward to class. It’s a live session, with a lot of practical work, working on real-life cyber tools and experiencing what they can do. The instructors have real-life stories and examples from the field to get points across. It makes the program really exciting!”

Course Syllabus

Module 1: Getting Started with Fundamentals (6 Theoretical Hours, 5 Practical Hours)

What is Information Security?
- CIA Triad
- Authentication, Authorization, and Accounting (AAA)
- Hacking Phases
- Ethical Hacking Concepts
- Understanding Common Hacking Terms
- Vulnerability Assessment
- Penetration Testing
- Concept of Red Teaming/Blue Teaming
- Information Security Controls and Policies
OS and Network Basics
Kali Linux

Module 2: Information Gathering Best Practices (7 Theoretical Hours, 8 Practical Hours)

Footprinting
Reconnaissance
Intelligence Gathering
- Google Dorking
- Shodan
- Public Information and Information Leakage DNS
- Analysis and DNS Brute Forcing
- Discover Network Hosts
- Port Scanning
- Enumerate Listening Services
- Discover Vulnerable Attack Surfaces

Module 3: – Network and Infrastructure Penetration Testing (10 Theoretical Hours, 14 Practical Hours)

Focused Penetration Testing
- Compromise Vulnerable Hosts
- Exploiting Missing Software Patches
- Using Metasploit to Exploit an Unpatched System
- Using the Meterpreter Shell Payload
- Generating Custom Shellcode for Exploit-DB Exploits
- Deploy Custom Executable Payloads
- Access Remote Management Interface
- DOS Attack Penetration Testing
- Sniffing and Spoofing
- Intrusion Detection System
- Firewall
- Network Device Security Audit
Post-Exploitation and Privilege Escalation
- Harvesting Credentials from .dot Files
- Tunneling through SSH Connections
- Automating SSH Pubkey Authentication with Bash
- Scheduling a Reverse Callback Using Cron
- Escalating Privileges with SUID Binaries
- Maintaining Persistent Meterpreter Access
- Harvesting Domain-Cached Credentials
- Extracting Clear-Text Credentials from Memory
- Searching the Filesystem for Credentials in Configuration Files
- Using Pass-the-Hash to Move Laterally

Module 4: Web Application Pentesting (10 Theoretical Hours, 9 Practical Hours)

Web Basics
- Basic Concepts of Web Applications, Working Principles
- HTML Basics
- Difference Between Static and Dynamic Websites
- Understanding HTTP Protocols
- Intro to Representational State Transfer (REST)
- HTTP Request and Response Headers
- What Is a Cookie?
- HTTP Proxy
- Server and Client Side with Example
- What Is a Session?
- Different Types of Encoding
Web Application Penetration Testing Tools
- DirBuster
- Wfuzz
- Nikto
- wpscan
- Burp Suite
- Proxy Module
- Target and Spider Module
- Intruder Attack Types and Payload Settings
- Repeater Module
- Sequencer and Scanner Module
Common Website Security Attacks
- Injection
- Broken Authentication and Session Management
- Cross-Site Scripting
- Insecure Direct Object Reference
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Functional Level Access Controls
- Cross-Site Request Forgery
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards
- XML External Entities
- A Closer Look at the 10 Ten Owasp Vulnerabilities
Database Attacks
- SQL Injection
- Error-Based Injection
- Double Query Injection
- Boolean-Based Blind Injection
- Time-Based Blind Injection
- Dumping DB Using SQLMap

Module 5: Wireless Pentest (3 Theoretical Hours, 3 Practical Hours)

Wireless Security Overview
Introduction to the 802.11 Standard
Aircrack-ng Kungfu
EvilTwin Attack
Wireless Security Tools
Best Practices for Wireless and Wireless Enterprise Security

Module 6: Post-Engagement Cleanup (2 Theoretical Hours, 3 Practical Hours)

Killing Active Shell Connections
Removing Unnecessary User Accounts
Deleting Miscellaneous Files
Reversing Configuration Changes
Closing Backdoors

Give your team the edge they need to succeed with our comprehensive courses, tailored to your specific needs.

Interested in more details?

We’d be happy to answer all your questions!

Partner with Wawiwa to offer tech training programs in less than 6 months!

Wawiwa bridges the tech skills gap by reskilling people for tech professions in high demand. There are millions of tech vacancies and not enough tech professionals with the relevant knowledge and skills to fill them. What the industry needs of employees is not taught in long academic degrees. Wawiwa helps partners around the world to reskill, and upskill people for tech jobs through local tech training centers or programs. The company utilizes a proven training methodology, cutting-edge content, digital platforms for learning and assessment, and strong industry relations, to deliver training programs that result in higher employability and graduate satisfaction. This, in turn, also creates a strong training brand and a sustainable business for Wawiwa’s partners.