Certified Penetration Testing Engineer – C)PTE

The Certified Penetration Testing Engineer (C)PTE course is designed for cybersecurity professionals, ethical hackers, and penetration testers who want to master offensive security techniques to identify, exploit, and mitigate vulnerabilities in networks, applications, and systems.

This hands-on training program covers advanced penetration testing methodologies, exploit development, and post-exploitation techniques using industry-standard tools. By the end of the course, participants will have the skills to conduct professional security assessments and enhance an organization’s cybersecurity posture.

In this course you will learn 5 Key Elements of Pen Testing; Information Gathering, Scanning, Enumeration, Exploitation and Reporting. Plus, discover the latest vulnerabilities and the techniques malicious hackers are using to acquire and destroy data. Additionally, you will learn more about the business skills needed to identify protection opportunities, justify testing activities and optimize security controls appropriate to the business needs in order to reduce business risk.

Learning Outcomes

By completing this course, you will be able to:
✅ Conduct comprehensive penetration testing on networks, web applications, and wireless systems
✅ Utilize offensive security tools like Metasploit, Nmap, Burp Suite, and Wireshark
✅ Perform advanced exploitation techniques, privilege escalation, and post-exploitation maneuvers
✅ Identify and mitigate zero-day vulnerabilities, misconfigurations, and security flaws
✅ Develop custom exploits and payloads to bypass security defenses
✅ Document findings and provide detailed penetration testing reports

Detailed Outline:

Module 1 – Business and Technical Logistics of Pen Testing                      

• Section 1 – What is Penetration Testing?
• Section 2 – Today’s Threats
• Section 3 – Staying up to Date
• Section 4 – Pen Testing Methodology
• Section 5 – Pre-Engagement Activities

Module 2 – Information Gathering Reconnaissance- Passive (External Only)    

• Section 1 – What are we looking for?
• Section 2 – Keeping Track of what we find!
• Section 3 – Where/How do we find this Information?
• Section 4 – Are there tools to help?
• Section 5 – Countermeasures

Module 3 – Detecting Live Systems – Reconnaissance (Active)  

• Section 1 – What are we looking for?
• Section 2 – Reaching Out!
• Section 3 – Port Scanning
• Section 4 – Are there tools to help?
• Section 5 – Countermeasure

Module 4 – Banner Grabbing and Enumeration

• Section 1 – Banner Grabbing
• Section 2 – Enumeration

Module 5 – Automated Vulnerability Assessment          

• Section 1 – What is a Vulnerability Assessment?
• Section 2 – Tools of the Trade
• Section 3 – Testing Internal/External Systems
• Section 4 – Dealing with the Results

Module 6 – Hacking Operating Systems

• Section 1 – Key Loggers
• Section 2 – Password Attacks
• Section 3 – Rootkits & Their Friends
• Section 4 – Clearing Tracks

Module 7 – Advanced Assessment and Exploitation Techniques

• Section 1 – Buffer Overflow
• Section 2 – Exploits
• Section 3 – Exploit Framework

Module 8 – Evasion Techniques

• Section 1 – Evading Firewall
• Section 2 – Evading Honeypots
• Section 3 – Evading IDS

Module 9 – Hacking with PowerShell    

• Section 1 – PowerShell – A Few Interesting Items
• Section 2 – Finding Passwords with PowerShell

Module 10 – Networks and Sniffing

• Section 1 – Sniffing Techniques

Module 11 – Accessing and Hacking Web Techniques    

• Section 1 – OWASP Top 10
• Section 2 – SQL Injection
• Section 3 – XSS

Module 12 – Mobile and IoT Hacking    

• Section 1 – What devices are we talking about?
• Section 2 – What is the risk?
• Section 3 – Potential Avenues to Attack
• Section 4 – Hardening Mobile/IoT Devices

Module 13 – Report Writing Basics        

• Section 1 – Report Components
• Section 2 – Report Results Matrix
• Section 3 – Recommendations

 

Detailed Lab Outline:

Lab 1 – Introduction to Pen Testing Setup

1. Section 1 – Recording IPs and Logging into the VMs
2. Section 2 – Joining the Domain
3. Section 3 – Research

Lab 2 – Using tools for reporting

1. Section 1 – Setup a Shared Folder
2. Section 2 – Setting up and using Dradis CE

Lab 3 – Information Gathering

1. Section 1 – Google Queries
2. Section 2 – Searching Shodan
3. Section 3 – Maltego
4. Section 4 – The many tools of OSINT
5. Section 5 – Recon-ng

Lab 4 – Detecting Live Systems – Scanning Techniques        

1. Section 1 – Finding a target using Ping utility
2. Section 2 – Footprinting a Target Using nslookup Tool
3. Section 3 – Scanning a Target Using nmap Tools
4. Section 4 – Scanning a Target Using Zenmap Tools
5. Section 5 – Scanning a Target Using hping3 Utility
6. Section 6 – Make use of the telnet utility to perform banner grabbing

Lab 5 – Enumeration 

1. Section 1 – OS Detection with Zenmap
2. Section 2 – Enumerating services with nmap
3. Section 3 – DNS Zone Transfer
4. Section 4 – Enum4linux
5. Section 5 – AD Enumeration

Lab 6 – Vulnerability Assessments   

1. Section 1 – Vulnerability Assessment with Rapid7 InsightVM
2. Section 2 – Vulnerability Assessment with OpenVAS

Lab 7 – System Hacking – Windows Hacking             

1. Section 1 – Scanning from the Hacked System
2. Section 2 – Using a Keylogger
3. Section 3 – Extracting SAM Hashes for Password cracking
4. Section 4 – Creating Rainbow Tables
5. Section 5 – Password Cracking with Rainbow Tables
6. Section 6 – Password Cracking with Hashcat
7. Section 7 – Mimikatz

Lab 8 – Advanced Vulnerability and Exploitation Techniques         

1. Section 1 – Metasploitable Fundamentals
2. Section 2 – Metasploit port and vulnerability scanning
3. Section 3 – Client-side attack with Metasploit
4. Section 4 – Using Workspaces in Metasploit
5. Section 5 – Remote Exploitation of Windows Server

Lab 9 – AntiVirus Bypass        

1. Section 1 – Bypassing AntiVirus – Not as effective
2. Section 2 – Bypassing AntiVirus Signature Scanning
3. Section 3 – Bypassing Windows Defender

Lab 10 – Cracking Passwords from a Linux System  

1. Section 1 – Cracking Linux Passwords
2. Section 2 – Brute-force SSH Accounts

Lab 11 – Hacking with PowerShell    

1. Section 1 – Using PowerShell to Crack Passwords
2. Section 2 – Using PowerShell for Enumeration

Lab 12 – Network Sniffing/IDS           

1. Section 1 – Sniffing Passwords with Wireshark
2. Section 2 – Performing MitM with Cain

Lab 13 – Attacking Web Applications            

1. Section 1 – OWASP TOP 10 2017 A1: Injection
2. Section 2 – OWASP TOP 10 2017 A2: Broken Authentication
3. Section 3 – OWASP TOP 10 2017 A3: Sensitive Data Exposure
4. Section 4 – OWASP TOP 10 2017 A4: XML External Entities
5. Section 5 – OWASP TOP 10 2017 A5: Broken Access Control
6. Section 6 – OWASP TOP 10 2017 A6: Security Misconfiguration
7. Section 7 – OWASP TOP 10 2017 A7: Cross-Site Scripting
8. Section 8 – OWASP TOP 10 2017 A8: Insecure Deserialization
9. Section 9 – WebApp Scanning