eLearnSecurity Junior Penetration Tester (eJPTv2)

Module-1 : Penetration Testing Methodology

Reconnaissance:

• Identify Network Endpoints
• Footprinting and Scanning
• Detect open ports and services on a target
• Determine the operating system used
• Gather company-related information from public sources
• Collect email addresses from public sources
• Gather technical details from public sources

Enumeration:

• Extract network-related data from target system files
• Gather system-specific information from the target
• Retrieve user account details from the target system

Vulnerability Assessment:

• Identify vulnerabilities within services
• Evaluate the criticality or impact of identified vulnerabilities based on available information

Module-2 : Network & Host Auditing

• Foundational Auditing Principles
• Auditing Networks
• Auditing Host-Based Systems

Module-3 : Penetration Testing on Network & Host

• Attacks Targeting Networks
• Attacks Targeting Hosts/Systems
• Execution of brute-force password guessing and hash cracking
• Accessing the Exploit Database
• Utilizing the Metasploit Framework (MSF)
• Exploiting Vulnerabilities
• Modifying exploits as required
• Transferring files to and from the target system
• Extracting hash or password data from the target
• Post-Exploitation Strategies
• Social Engineering Techniques

Module-4 : Penetration Testing on Web Application

• Basics of Web Technologies
• Understanding the HTTP Protocol
• Conduct reconnaissance on web applications
• Uncover concealed files and directories
• Carry out brute-force attacks on login pages
• Web Application Vulnerabilities
• Familiarity with OWASP Top 10 Vulnerabilities
• Broken Access Control
• Understanding SQL Injection
• Authentication Vulnerabilities
• XSS (Cross-Site Scripting) attacks
• Directory Traversal vulnerabilities
• Understanding File Upload Vulnerabilities