Ethical Hacking & Penetration Testing

Objectives:

• Teach ethical hacking techniques legally and responsibly.
• Identify vulnerabilities in systems, networks, and applications.
• Prepare learners for industry-standard certifications like OSCP, CEH.

Curriculum:

• Ethical Hacking Legal & Ethical Considerations
• Reconnaissance & Footprinting
• Scanning & Enumeration
• Exploitation Techniques
• Post-Exploitation & Privilege Escalation
• Web Application Attacks & OWASP Top 10
• Wireless & Network Attacks
• Pen Testing Tools & Report Writing

12-Week Ethical Hacking & Penetration Testing Curriculum

Week 1: Introduction to Ethical Hacking and Legal Considerations The course kicks off with an overview of ethical hacking principles, emphasizing the importance of legal and responsible hacking practices. Participants will learn about the ethics, laws, and authorization required for penetration testing. This foundation ensures trainees understand the boundaries and legal frameworks guiding their activities. Discussions will include the role of penetration testers, the importance of consent, and professional conduct.

Week 2: Reconnaissance & Footprinting

Students will explore techniques to gather intelligence on target systems, networks, and applications. This phase involves passive and active reconnaissance, including OSINT (Open Source Intelligence) tools and methods to identify potential entry points. Labs will include using tools like Maltego and reconnaissance modules within Kali Linux to perform footprinting in a controlled environment.

Week 3: Scanning & Enumeration

Building upon reconnaissance, learners will dive into scanning and enumeration techniques to identify open ports, services, and vulnerable applications. They will utilize tools such as Nmap, Netcat, and default scripts to enumerate system details and identify weaknesses. Practical exercises will simulate scanning of target environments to discover exploitable configurations.

Week 4: Exploitation Techniques

In this critical week, trainees will learn how attackers exploit discovered vulnerabilities. They will use Metasploit and other exploitation frameworks to execute exploits, gain access, and demonstrate control over target systems. The focus will be on understanding exploitation workflows, payloads, and evasion techniques, with hands-on labs to practice exploitation in a safe, lab environment.

Week 5: Post-Exploitation & Privilege Escalation

Participants will understand what happens after initial access is achieved. This includes maintaining access, privilege escalation, and lateral movement. Labs will involve privilege escalation exploits, bypassing security mechanisms, and establishing persistence within compromised systems, simulating real-world attacker behavior.

Week 6: Web Application Attacks & OWASP Top 10

This week focuses on attacking web applications by exploiting common vulnerabilities from the OWASP Top 10 list. Participants will learn techniques such as SQL injection, Cross-site Scripting (XSS), file inclusion, and CSRF. Practical labs will involve attacking deliberately vulnerable web applications such as DVWA and OWASP Juice Shop, along with Burp Suite for intercepting and manipulating HTTP requests.

Week 7: Wireless & Network Attacks

Learners will explore attacking wireless networks, including WPA/WPA2 password cracking, fake access points, and Evil Twin attacks. Network attacks such as ARP poisoning, Man-in-the-Middle (MITM), and packet sniffing will be covered using tools like Aircrack-ng, Wireshark, and bettercap. Hands-on labs will involve capturing traffic and executing wireless attacks within controlled environments.

Week 8: Penetration Testing Tools & Automation

Participants will familiarize themselves with essential pentesting tools like Kali Linux, Nmap, Metasploit, Burp Suite, and others. They will learn to automate reconnaissance, scanning, and exploitation tasks using scripting and batch processes to improve efficiency. Labs will focus on tool integration, scripting basic automation scripts, and creating repeatable attack workflows.

Week 9: Vulnerability Scanning & Exploit Development

This week emphasizes using vulnerability scanners like Nessus, OpenVAS, or Nikto to identify security flaws. Students will learn to analyze scan results and develop simple exploits or modify existing ones to exploit vulnerabilities. Practical labs include vulnerability assessment and basic exploit development in safe lab environments.

Week 10: Penetration Testing Methodology & Report Writing Participants will learn how to plan, execute, and document penetration tests following a structured methodology (e.g., PTES or OSSTMM). They will develop skills in assessing target scope, conducting tests methodically, and writing professional reports outlining vulnerabilities, exploit techniques, findings, and remediation recommendations. Labs will simulate delivering comprehensive reports based on previous exercises.

Week 11: Capstone Practice & Simulated Pen Tests

In this culminating week, learners will undertake simulated full-scale penetration tests in a controlled lab environment. They will perform reconnaissance, scanning, exploitation, post-exploitation, and reporting in an end-to-end exercise. This practical experience reinforces theoretical knowledge while honing real-world skills.

Week 12: Certification Preparation & Final Assessment

The final week prepares trainees for industry certifications such as OSCP or CEH. It includes review sessions, scenario-based quizzes, and mock exams to reinforce learned concepts. Participants will receive feedback and guidance on exam strategies, ensuring they are confident and ready to attain their certifications.

Labs/Tools/Simulations:

• Kali Linux tools (Nmap, Metasploit, Burp Suite)
• Web app attack simulations
• Wireless penetration labs
• Exploit Development Practice
• Vulnerability scanning exercises

Internships & Projects:

• Penetration test engagements
• Vulnerability assessment reports
• Capture-the-Flag (CTF) challenges

Certifications:

• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)

Job Readiness Program:

• Portfolio building
• Interview prep
• Industry networking