Module 1: Gathering Info (Passive Reconnaissance) [Duration: 3 hrs]
• Look Up Company Detail By public resources
• Find target’s domain, number sheets, address and information from OSINT
• Pull target domain, contact info address and infrastructure hints
• Use google Dorking to find employee names and emails from public
• Extract Technology Stack Info from Public Data
Module 2: The Network Discovery (Active Recon) [Duration: 4 hrs]
• The breakdown of how a network is put together
• Detect devices and systems that are live in an environment for the target
• Assess existence of network filtering / firewalls
• Map network architecture using results
Module 3: Port and Service Enumeration [Duration: 1 hr]
• Try to get an idea of the purpose of ports and services in networking
• Which ports are open on target
• List services listening on a per-open port
• Examine responses from services to augment knowledge
Module 4: Operating System Identification [Duration: 1 hr]
• Based on network behavior, OS type and version
• Dump OS related information via network communication
• Association of service version with system attributes to infer OS
Module 5: Vulnerability Identification [Duration:2 hrs]
• Analyze discovered services for potential weaknesses
• Identify outdated or improperly configured systems
• Research publicly known vulnerabilities applicable to discovered services
• Document findings clearly and systematically
Module 6: Impact Evaluation [Duration:2 hrs]
• Assess the potential risks of discovered vulnerabilities
• Evaluate how vulnerabilities can affect confidentiality, integrity, and availability
• Prioritize findings based on severity and business impact
Module 7: Extracting files / info from the Target [Duration:1hr]
• Learn about File System Layouts (Linux and Windows)
• Identify the files or folders that are crucial for data harvesting
Module 8: Enumerate Network Facts about the Target System [Duration: 2 hrs]
• Find what network interfaces are configured and active
• Sensitive Data (credentials, gateways, DNS of the compromise machine)
Module 9: System Information Gathering [Duration:2 hrs]
• Find out hostname, OS version, architecture of the system
• Local installed applications or services
• Boot time and machine information
• Know your machine is configured a certain way in its surroundings
Module 10: User Account Enumeration [Duration:2 hrs]
• The list of user accounts Present on system
• Find what groups and the permissions users belong to
• Find any way that an attacker could seek for privilege escalation (backchannel access rights)
• Find login logs or saved user data
Module11: File Transfer Techniques (Inbound & Outbound) [Duration:2 hrs]
• know how attackers get files on and off compromised systems
• Scripts, tools & sensitive data moving in a safe manner
• Know why file transfer is vital for post-exploitation activities
Module 12: Missing and Stored Hashes [Duration: 2 hrs]
• Locate on the target stored passwords, hashes or credentials
• Walk through a look at password storage structures in a couple of systems
• Information about default locations for critical auth data files Data to be prepared for offline attacks or analysis
Module 13: Exploit Identification & Customization [Duration:1 hr]
• Know the exploit lifecycle Staff explore and locate known exploits that can potentially be used on a target vulnerability
• Review exploit code or config prior to use
• Tune exploit parameters (ips, payload, ports)
• Change exploit parameters (ips, payload, ports)
• Hone exploits for intended environments or defenseslysis
Module 14: Exploitation Execution [Duration:2 hrs]
• Understand how exploitation establishes access or control over a system
• Execute remote code execution (RCE), command execution, or shell-based exploits
• Post-exploitation awareness — know what to do after successful exploitation
• Use exploitation frameworks (example: Metasploit) responsibly and with proper methodology
Module 15: Network Pivoting Techniques [Duration:2 hrs]
• Understand the concept of pivoting — moving deeper into an internal network
• Add routes to reach internal subnets through the compromised machine
• Perform port forwarding to access internal services from outside
• Identify and navigate segmented or isolated network environments
Module 16: Brute-Force Password Attacks & Hash Cracking [Duration:3 hrs]
• Understand the ethics and risk of brute-force attacks
• Perform password guessing attacks against services or login portals
• Identify password hash types
• Understand how hash cracking works (online/offline)
• Use password lists or rules for cracking weak credentials
Module 17: About Web Application Reconnaissance (Information Gathering) [Duration:3 hrs]
• know the web application (URLs, parameters, pages, structures)
• Examine the visible content, remarks, metadata and developer blunders
• Find out what technologies is using the application (server, CMS, frameworks)
• How’s the application is communicating with server
Module 18: Discovering Hidden Files and Directories [Duration:2.5 hrs]
• Learning About the Hidden Files and Directories already existing in the System
• Developers Leave Sensitive Files & Folders
• Single backlinks and another resource (backup, config file or admin panel)
• Directory/File Enumeration (How to perform)
• Search Out the Lost / Sensitive content, intended for a Admin not public provided
Module 19: Identifying Web Application Vulnerabilities [Duration:3 hrs]
• Understand common web vulnerabilities (concept level)
• Insecure login mechanisms
• Information disclosure
• Misconfigurations
• Sensitive data exposure
• Analyze web responses and behaviors to identify weak points
• Look for clues that may lead to deeper attacks
Module 20: Brute-Force Login Attacks (Web Authentication Testing) [Duration:1 hr]
• Understand how login forms can be tested for weak passwords
• Perform responsible and controlled brute-force login attempts
• Identify signs of account lockout protections or rate-limiting
• Analyze web login behaviors to avoid detection
Module 21: Report Writing [Duration: 2 hrs]
• Executive Summary
• Methodology
• Findings
• Recommendations
• Proof of Exploitation