1. Recon-ng with AI Modules
2. Burp Suite with BurpGPT
3. Tenable.io with Predictive Prioritization
4. Invicti
5. Pentest-Tools.com with AI Insights
6. ZAP (OWASP) with AI Plugins
7. Cuckoo Sandbox with AI Enhancements
8. Wapiti with AI Enhancements
9. OSINT Framework with AI Tools
10. Burp Suite With AI plugins
Unit 1: Essentials of Networking (Duration- 4 Hours)
• Networking Fundamentals
• Comparison of OSI and TCP/IP Models
• Addressing IPv4, its Classes and Subnetting
• Fundamental Concepts of DNS, DHCP, ARP, ICMP
• Distinctions Between TCP and UDP
• Private IPs and NAT Concepts
• The Structure of a Packet including TCP/IP Headers
• Basic Packet Sniffing Using Wireshark
Unit 2: Information Gathering & Reconnaissance (Duration- 6 Hours)
• Passive Methods for Reconnaissance
• Whois Searches, DNS Queries including NSLookup and Dig
• Finding Subdomains using DNS Enumeration
• Shodan Searches and Google Dorking
• Active Reconnaissance including Ping Sweeps and Traceroute
• Nmap Target Enumeration Units
Unit 3: Scanning and Enumeration (Duration- 6 Hours)
• Basics of Network Scan including Nmap and Netdiscover
• Different Types of Port Scans: SYN, TCP Connect, UDP
• Detection of Operating System and Fingerprinting the Version
• Use of Nmap Scripting Engine (NSE)
• Service Detection and Banner Grabbing
• SNMP Enumeration, FTP, SSH, HTTP, SMB
• Discovery of Usernames or Hosts
Unit 4: Web Application Basics (Duration- 8 Hours)
• HTTP Request with Methods and Responses
• Reasons and concepts in URLs and Parameters
• Analysis of HTML and JS Forms
• Authentication including Sessions and Cookies
• Enumeration of Web Servers like Apache and Nginx
• Attack Surface Identification of Web Applications
Unit 5: Attack on Web Application (Duration- 7 Hours)
• Introduction of SQL Injection with SQLMap or manually
• Cross-Site Scripting, Command Injection
• Directory Traversal, Authentication Bypass
• File Upload Vulnerabilities and OWASP Top 10
Unit 6: System & Network Exploitation (Duration- 5 Hours)
• Exploitation Methodologies Overview
• Assessment Vs Exploitation
• SMB Exploitation (Eternal Blue, Null Sessions)
• Exploitation of Insecure Services (FTP, Telnet, etc.)
• Running Metasploit for Specific Exploited Vectors
• Shell Access - Bind Shell and Reverse Shell Difference
• Command Line and Netcat Shells
Unit 7: Brute Force & Credential Attacks (Duration- 4 Hours)
• Password Attack Overview
• Brute Force Online with Hydra, Medusa
• Customization of Dictionary Attacks and Wordlistsf
• Cracking Login Forms over HTTPBrute Force FTP/SSH/RDP
• Hash Analysis with Hash- Identifer
• Cracking Hashes with John The Ripper
Unit 8: Privilege Escalation Techniques (Duration- 8 Hours)
• Differentiating Between User and Root/Admin Privileges
• Linux Privilege Escalation (SUID, Insecure Script)
• Windows Privilege Escalation (Misconfigured Services)
• Locating Passwords and Tokens in System Files
• Executing whoami, id, sudo, getcap…etc.
• Exploitation of Kernel Vulnerabilities (introductory level)
Unit 9: Post-Exploitation & Pivoting (Duration- 5 Hours)
• Post Exploitation and Clean Up
• Securing account passwords and caching important Info Data breach
• Cleansing log files and traces
• Local enumeration scripts such as LinPEAS, WinPEAS
• Lateral movement and other basic concepts of pivoting
• SSH Tunneling and forwarding of ports
• Differentiating Between User and Root/Admin Privileges
Unit 10: Reporting and Real-world practice (Duration- 10 Hours)
• Documenting Finding and Vulnerabilities
• Executive counterpart of the contest pentest report
• Risk Scoring (CVSS Overview)
• Evidence Retrieval (Screenshots and Logs)
• Recommended Steps for Resolving Issues
• Training Towards the eJPT Practical Exam
• Live Pentest Time Efficiency Management
• Post Exploitation and Clean Up
• Securing account passwords and caching important Info Data breach
• Cleansing log files and traces
• Local enumeration scripts such as LinPEAS, WinPEAS
• Lateral movement and other basic concepts of pivoting
• SSH Tunneling and forwarding of ports