Module 1: Network Fundamentals [Duration: 3 hrs]

• OSI Model and TCP/IP Model
• TCP and UDP Protocols
• DNS, DHCP, ARP, and ICMP concepts
• Protocols and Ports for Networking (HTTP, FTP, SSH, etc.)
• Headers and Packet Structures
• Private IP, PAT, and NAT concepts
• VPN and Tunnelling Concepts Concept
• IP Addressing and Subnetting

Module 2: Data Collection and Footprinting [Duration: 3 hrs]

• Footprinting: Passive and Active
• List of Targets
• Hacking, or Google Dorking
• Open Source Intelligence, or OSINT
• Listing of the domain and its subdomains
• Host discovery and network scanning
• OS and Service Fingerprinting
• Tools: Recon-ng, Maltego, and theHarvester

Module 3: IP Scanning and Networks [Duration: 4 hrs]

• Basic to Advanced Nmap
• Identification of Services and Versions
• IP and Domain-Based Port Scanning 3.4. Vulnerability Scanning
• Listing SMTP, FTP, SNMP, and SMB
• Recognising Active Services
• Hacking Script Usage with NSE
• Grabbing Banners

Module 4: Evaluation of Vulnerabilities [Duration: 3 hrs]

• Databases of vulnerabilities (CVE, NVD, Exploit-DB)
• OpenVAS and Nessus are vulnerability scanners
• Manually Identifying Vulnerabilities
• Vulnerabilities of Websites (OWASP Top 10)
• Recognising Inaccuracies
• Directory traversal and inclusion of local files
• Vulnerability Analysis Based on Version
• Vulnerabilities in Privilege and Access

Module 5: Exploitation Fundamentals [Duration: 5 hrs]

• Overview of Exploits and Payloads
• Web Application Exploitation
• Exploiting Services (such as FTP and SSH)
• Exploiting using Metasploit
• Exploiting Manually
• Reverse Shells versus Bind Shells
• Fundamentals of Exploit Development
• Enumeration Following Exploitation

Module 6: Web Application Security Fundamentals [Duration: 6 hrs]

• Status Codes and HTTP Methods
• Validation and Sanitisation of Input
• SQLi, or SQL Injection
• Cross-Site Scripting (XSS)
• Command Injection
• File Upload Vulnerabilities
• Misconfigured Web Servers
• Tools: OWASP ZAP, Burp Suite

Module 7: Escalation of Privilege and System Security [Duration: 5 hrs]

• List of Users and Groups
• Escalation of Windows Privileges
• Escalation of Linux Privileges
• Incorrectly Configured Permissions and Services
• Harvesting Credentials
• SUID files and scheduled tasks
• Exploits in Kernels
• Tools: PowerUp, LinPEAS, and WinPEAS

Module 8: Attacks Using Passwords [Duration: 3 hrs]

• Concepts of Password Cracking
• Dictionary vs. Brute Force Attacks
• Cracking and Hash Types (MD5, SHA1, NTLM)
• Equipment: Hashcat, John the Ripper, and Hydra
• Tables with Rainbows
• Cracking passwords for PDF, ZIP, and other files
• Cracking Online vs. Offline
• Cracking Password Hashing for Windows and Linux

Module 9: Tunnelling, Pivoting, and Post-Exploration [Duration: 4 hrs]

• Network-to-Network Pivoting
• RDP and SSH Tunnelling
• SOCKS Proxies and Port Forwarding
• Techniques for Data Exfiltration
• Preserving Access
• Clearing Logs and Tracks
• Tools for Credential Dumping
• Using Reverse Shells to Execute Commands Remotely

Module 10: Writing Reports and Professional Practice [Duration: 4 hrs]

• A Penetration Test Report's Format
• Technical Details vs. Executive Summary
• Risk Assessments and Suggestions
• Exploit Reproducibility
• Documentation and Screenshots
• Scope Management
• Legal Concerns
• Morality and Conscientious Disclosure