1. Module: Introduction (Duration: 2 Hours)

• Information security
• CIA Triad, Security Standards
• IT laws and Rules
• Deep web and Dark web
• Deep fake Threat

2. Module: Getting Comfortable with kali Linux (Duration: 1 Hour)

• Kali Linux Installation
• Linux special commands for Penetration Testing

3. Module: Information Gathering (Duration: 3 Hours)

• Collect information of target URL OSINT framework
• Making and Analysis of OSINT report on target URL

3.1 Active Information Gathering
• Collect information using Automated Tools

3.2 Passive Information Gathering
• Collect information through Automated Tools
• Whois, Google Hacking dB, Netcraft, Shodan, Censys.io, crt.sh, fullhunt.io etc.

4. Module: In-Depth Scanning (Duration: 3 Hours)

• Collect information about Network like, active machines, active services, Operating Systems, and we cover tools like Nmap, Hping3, angryip-scanner, MSF, Recon-ng, and Katana etc.

5. Module: Exploitation (Duration: 3 Hours)

• Collecting information about Active Machines and target
• Test each and every service like FTP, SSH, Telnet, HTTP, VNC, SMB, SMTP, SNMP, MYSQL, HTTP etc.

6. Module: Metasploit Framework (Duration: 3 Hours)

• In this module, we use auxiliary modules, payloads, scripts and post-exploitation module etc.

7. Module: Vulnerability Scanning (Duration: 3 Hours)

• Introduction of Vulnerability
• Vulnerability Scoring System
• Tool for Vulnerability Scanning
• Acunetix, Nessus, Qualys, Crashtest, Nikto, MSF-Pro, Nmap, NSE Script, Pentest toolbox etc.

8. Module: Web Application Attacks (Duration: 10 Hours)

• Introduction of Web Application and Server.
• Reconnaissance of web Application and server with tools
• Technology Analyses with Wappalyzer , Netcraft etc.
• Directory Brute Force with Gobuster, Dirbuster etc.
• Cross-Site Scripting (XSS)
• Basic XSS
• Stored and Reflected XSS
• Testing on live website
• CTF solve
• Directory Traversal
• Exploiting Absolute Path and Relative Path
• File Inclusion
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• File Upload Vulnerabilities
• Command Injection.

9. Module: SQL Injection Attack (Duration: 5 Hours)

• Overview of SQL language and Database
• Understanding the basic SQL queries
• Performing Authentication Bypass
• Manually testing on live website
• Error-based SQL injection
• UNION-based SQL Injection
• Blind SQL Injection
• Time-based SQL Injection
• Boolean Based SQL Injection
• Out of band SQL Injection

10. Module: Client Side Attack (Duration: 3 Hours)

• Introduction of Client Side Attack
• Cover techniques different type of attack like
• Phishing web-pages, Mirroring websites, Client Fingerprinting .etc.

11. Module: Password Attacks (Duration: 3 Hours)

• Cracking and Passing NTLM Password,
• Attack on SSH and RDP port,
• Using Encryption, Calculate Hashes and Cracking.

12. Module: Fixing Exploits (Duration: 3 Hours)

• Fixing Memory Corruption Exploits
• Troubleshooting the “index out of range” Error
• Fixing Web Exploits

13 Module: Locating Public Exploits (Duration: 1 Hour)

• Online Exploits Method
• Manual Exploits Method

14 Module: Antivirus Evasion and Anti-Virus Bypass (Duration: 3 Hours)

• Introduction of Antivirus
• Antivirus Working Process
• Antivirus key Components
• Antivirus Thread Injection
• Bypass Antivirus and Hack Remote Windows PC.

15 Module: Windows Privilege Escalation (Duration: 5 Hours)

• Introduction of Windows Privilege Escalation
• Enumerating Windows
• Understanding of Kernel
• Windows Kernel Exploitation
• User Account Privilege
• Remote Code Execution (RCE)

16 Module: Linux Privilege Escalation (Duration: 5 Hours)

• Introduction of Linux Privilege Escalation
• Enumerating Linux
• Exposed Confidential Information
• Exploit Password Authentication
• Root Account Privilege
• User Account Privilege
• Exploiting RCE

17 Module: Active Directory Attacks (Duration: 4 Hours)

• Introduction of Active Directory concept
• Lab setup
• Enumerate Active Directory
• Analyze domain data using Bloodhound
• Kerberos attack
• Pass the Hash using Mimi Katz
• NTLM Attack etc.

18 Module: Port Redirection and SSH Tunneling (Duration: 3 Hours)

• Introduction of Port forwarding
• SSH Tunneling
• HTTP Tunneling
• Tunneling Through Deep Packet Analysis
• Bind port 22 on port 80 and then used tool like MobaXterm, Putty, Chisel etc.

19 Module: Assembling the Pieces (Duration: 4 Hours)

• Enumerating the Public Network
• Exploit Internal Network
• Attacking on Internal Application
• Relay attack on web Plugin
• Privilege access of the Domain Controller

20 Module: Miscellaneous

• CTF Practice on TryHackMe, HackTheBox and VulnHub.
• Note Taking
• VAPT Report Making
• Linux Playground
• Windows Playground