Ethical Hacking & Penetration Testing

Cybersecurity kill chain and MITRE ATT&CK framework, Legal and ethical considerations (ROE, NDA, scope agreements), Passive reconnaissance (OSINT, WHOIS, DNS enumeration, Shodan), Active reconnaissance (port scanning, service versioning, banner grabbing), Nmap scripting engine (NSE), Vulnerability scanning (Nessus, OpenVAS), Footprinting techniques and information leakage prevention.

Password cracking methodologies (dictionary, brute-force, rainbow tables), Hashcat and John the Ripper usage, Buffer overflow exploitation (stack/heap overflows), Privilege escalation techniques (Linux kernel exploits, Windows UAC bypass, SUID abuse), Password spraying and credential stuffing, Mimikatz for credential dumping, Lateral movement (Pass-the-Hash, Pass-the-Ticket).

OWASP Top 10 vulnerabilities, SQL injection (blind, time-based, error-based), Cross-Site Scripting (XSS - reflected, stored, DOM-based), Cross-Site Request Forgery (CSRF/XSRF), Server-Side Request Forgery (SSRF), Authentication bypass techniques, Session management flaws, Business logic vulnerabilities, Burp Suite Professional workflow (proxy, repeater, intruder, scanner).

Network service exploitation (SMB, RDP, SSH weak credentials), Metasploit Framework (MSF) modules and payloads, Exploit development lifecycle, Post-exploitation modules (meterpreter, persistence, pivoting), Wireless attacks (WEP/WPA2 cracking, evil twin AP, KRACK), Man-in-the-Middle attacks (ARP poisoning, SSL stripping), Network device exploitation (router/switch configuration errors).

Active Directory attacks (Kerberoasting, AS-REP roasting, Golden/Silver tickets), Container and Kubernetes security testing, Cloud platform pentesting (IAM misconfigurations, S3 bucket enumeration), Red teaming methodologies and OPSEC, Penetration test reporting (executive summary, technical findings, risk ratings, remediation), Continuous security testing (DAST, SAST, IAST), Defensive strategies and blue teaming.