📚 Module Library

Penetration Testing Process

Understanding the phases of penetration testing: Planning, Information Gathering, Vulnerability Assessment, Exploitation...

not started

Vulnerability Assessment

Identify and prioritize vulnerabilities using automated scanners and manual testing....

not started

File Transfers

Methods to transfer files between attacker and target systems....

not started

Getting Started

Set up your penetration testing environment, understand basic terminology, and learn fundamental concepts....

not started

Documentation & Reporting

Professional penetration test documentation, note-taking, and report writing....

not started

Attacking Enterprise Networks

Simulated real-world penetration test combining all skills - External to Internal to Domain Admin....

not started

Network Enumeration with Nmap

Master Nmap for host discovery, port scanning, service detection, and NSE scripts....

not started

Footprinting

Gather information about target infrastructure including DNS, SMTP, FTP, SMB, NFS, SNMP, and more....

not started

Vulnerability Scanning with Nessus

Using Nessus Professional for comprehensive vulnerability scanning and assessment....

not started

Vulnerability Scanning with OpenVAS

Open-source vulnerability scanning with Greenbone/OpenVAS....

not started

Web Information Gathering

Techniques for web application reconnaissance including subdomain enumeration, directory fuzzing, and technology fingerp...

not started

Using Web Proxies

Using Burp Suite and other proxies for web testing....

not started

Attacking Web Apps with Ffuf

Directory and parameter fuzzing with ffuf....

not started

Login Brute Forcing

Brute forcing web login forms and services....

not started

SQL Injection Fundamentals

Understanding and exploiting SQL injection vulnerabilities....

not started

SQLMap Essentials

Automated SQL injection with SQLMap....

not started

Cross-Site Scripting (XSS)

Finding and exploiting XSS vulnerabilities....

not started

File Inclusion

Local and Remote File Inclusion vulnerabilities....

not started

File Upload Attacks

Bypassing file upload restrictions....

not started

Command Injections

OS command injection techniques....

not started

Web Attacks

SSRF, XXE, IDOR and other web attacks....

not started

Attacking Common Applications

Exploiting CMS and common web applications....

not started

Shells & Payloads

Creating and catching reverse shells, bind shells, and web shells....

not started

Metasploit Framework

Using Metasploit for exploitation, post-exploitation, and pivoting....

not started

Password Attacks

Techniques for password cracking, brute forcing, and credential attacks....

not started

Attacking Common Services

Exploit techniques for FTP, SSH, SMB, RDP, SQL, and other services....

not started

Pivoting, Tunneling & Port Forwarding

Techniques to access internal networks through compromised hosts....

not started

Active Directory Enumeration

Enumerate AD environments to find attack paths....

not started

Active Directory Attacks

Common AD attack techniques: Kerberoasting, AS-REP Roasting, Pass-the-Hash, DCSync....

not started

LLMNR/NBT-NS Poisoning

Capture hashes via Link-Local Multicast Name Resolution and NetBIOS Name Service poisoning....

not started

Pass the Ticket & Pass the Certificate

Lateral movement using Kerberos tickets and certificates....

not started

ACL Abuse

Exploiting misconfigured Active Directory Access Control Lists....

not started

Domain Trust Attacks

Exploiting trust relationships between domains and forests....

not started

Constrained & Unconstrained Delegation

Abusing Kerberos delegation for privilege escalation and lateral movement....

not started

AD CS Attacks

Exploiting Active Directory Certificate Services misconfigurations....

not started

Linux Privilege Escalation

Techniques to escalate privileges on Linux systems....

not started

Windows Privilege Escalation

Techniques to escalate privileges on Windows systems....

not started