Unit 1: Essentials of Networking (Duration- 4 Hours)
• Networking Fundamentals
• Comparison of OSI and TCP/IP Models
• Addressing IPv4, its Classes and Subnetting
• Fundamental Concepts of DNS, DHCP, ARP, ICMP
• Distinctions Between TCP and UDP
• Private IPs and NAT Concepts
• The Structure of a Packet including TCP/IP Headers
• Basic Packet Sniffing Using Wireshark

Unit 2: Information Gathering & Reconnaissance (Duration- 6 Hours)
• Passive Methods for Reconnaissance
• Whois Searches, DNS Queries including NSLookup and Dig
• Finding Subdomains using DNS Enumeration
• Shodan Searches and Google Dorking
• Active Reconnaissance including Ping Sweeps and Traceroute
• Nmap Target Enumeration Units

Unit 3: Scanning and Enumeration (Duration- 6 Hours)
• Basics of Network Scan including Nmap and Netdiscover
• Different Types of Port Scans: SYN, TCP Connect, UDP
• Detection of Operating System and Fingerprinting the Version
• Use of Nmap Scripting Engine (NSE)
• Service Detection and Banner Grabbing
• SNMP Enumeration, FTP, SSH, HTTP, SMB
• Discovery of Usernames or Hosts

Unit 4: Web Application Basics (Duration- 8 Hours)
• HTTP Request with Methods and Responses
• Reasons and concepts in URLs and Parameters
• Analysis of HTML and JS Forms
• Authentication including Sessions and Cookies
• Enumeration of Web Servers like Apache and Nginx
• Attack Surface Identification of Web Applications

Unit 5: Attack on Web Application (Duration- 7 Hours)
• Introduction of SQL Injection with SQLMap or manually
• Cross-Site Scripting, Command Injection
• Directory Traversal, Authentication Bypass
• File Upload Vulnerabilities and OWASP Top 10

Unit 6: System & Network Exploitation (Duration- 5 Hours)
• Exploitation Methodologies Overview
• Assessment Vs Exploitation
• SMB Exploitation (Eternal Blue, Null Sessions)
• Exploitation of Insecure Services (FTP, Telnet, etc.)
• Running Metasploit for Specific Exploited Vectors
• Shell Access - Bind Shell and Reverse Shell Difference
• Command Line and Netcat Shells

Unit 7: Brute Force & Credential Attacks (Duration- 4 Hours)
• Password Attack Overview
• Brute Force Online with Hydra, Medusa
• Customization of Dictionary Attacks and Wordlistsf
• Cracking Login Forms over HTTPBrute Force FTP/SSH/RDP
• Hash Analysis with Hash- Identifer
• Cracking Hashes with John The Ripper

Unit 8: Privilege Escalation Techniques (Duration- 8 Hours)
• Differentiating Between User and Root/Admin Privileges
• Linux Privilege Escalation (SUID, Insecure Script)
• Windows Privilege Escalation (Misconfigured Services)
• Locating Passwords and Tokens in System Files
• Executing whoami, id, sudo, getcap…etc.
• Exploitation of Kernel Vulnerabilities (introductory level)

Unit 9: Post-Exploitation & Pivoting (Duration- 5 Hours)
• Post Exploitation and Clean Up
• Securing account passwords and caching important Info Data breach
• Cleansing log files and traces
• Local enumeration scripts such as LinPEAS, WinPEAS
• Lateral movement and other basic concepts of pivoting
• SSH Tunneling and forwarding of ports
• Differentiating Between User and Root/Admin Privileges

Unit 10: Reporting and Real-world practice (Duration- 10 Hours)
• Documenting Finding and Vulnerabilities
• Executive counterpart of the contest pentest report
• Risk Scoring (CVSS Overview)
• Evidence Retrieval (Screenshots and Logs)
• Recommended Steps for Resolving Issues
• Training Towards the eJPT Practical Exam
• Live Pentest Time Efficiency Management
• Post Exploitation and Clean Up
• Securing account passwords and caching important Info Data breach
• Cleansing log files and traces
• Local enumeration scripts such as LinPEAS, WinPEAS
• Lateral movement and other basic concepts of pivoting
• SSH Tunneling and forwarding of ports