Skip to content

Latest commit

 

History

History
146 lines (106 loc) · 5.4 KB

Syllabus.md

File metadata and controls

146 lines (106 loc) · 5.4 KB

PEN200 PWK Syllabus

My Shop Medium GitHub Buy Me A Coffee My GitBook Twitter (X)

🔧 Learning Modules Overview

A structured roadmap to mastering Penetration Testing with Kali Linux (PWK). This syllabus serves as a comprehensive guide for ethical hackers, security professionals, and students preparing for the PEN200 certification.

🎨 Table of Contents

  1. Course Introduction
  2. Introduction to Cybersecurity
  3. Effective Learning Strategies
  4. Report Writing for Penetration Testers
  5. Information Gathering
  6. Vulnerability Scanning
  7. Introduction to Web Applications
  8. Common Web Application Attacks
  9. SQL Injection Attacks
  10. Client-Side Attacks
  11. Locating Public Exploits
  12. Fixing Exploits
  13. Antivirus Evasion
  14. Password Attacks

🔄 1. Course Introduction

Welcome to PWK

  • Setup Guide: Configure your Kali VM, VPN, and course tools.
  • Course Structure: Learn module components and how to approach exercises effectively.

🔒 2. Introduction to Cybersecurity

Key Topics

  • The CIA Triad: Confidentiality, Integrity, and Availability principles.
  • Threats and Threat Actors: Differences between risks, threats, and vulnerabilities.
  • Career Opportunities: Explore diverse roles in cybersecurity.

🌍 3. Effective Learning Strategies

Highlights

  • Learning Techniques: Feynman Technique, Leitner System, and Spaced Practice.
  • Practical Steps: Long-term strategies for exam success and managing cognitive load.

🗃️ 4. Report Writing for Penetration Testers

Focus Areas

  • Note-Taking Best Practices: Use portable, efficient tools.
  • Writing Technical Reports: Tailor findings for both technical and executive audiences.

🔎 5. Information Gathering

What You’ll Learn

  • Passive Information Gathering: OSINT, DNS, and web server enumeration.
  • Active Enumeration: Techniques using Nmap, Netcat, and SNMP.

🔧 6. Vulnerability Scanning

Key Tools

  • Nessus: Configure, scan, and analyze results.
  • Nmap: Utilize NSE scripts for lightweight scanning.

🔓 7. Introduction to Web Applications

Modules

  • OWASP Top 10: Explore common web vulnerabilities.
  • Burp Suite Basics: Proxy setup and enumeration techniques.

🔄 8. Common Web Application Attacks

Examples

  • Directory Traversal: Exploit path vulnerabilities.
  • Command Injection: Leverage OS commands for access.
  • File Upload Exploits: Bypass security restrictions to upload malicious files.

🔖 9. SQL Injection Attacks

Deep Dive

  • Manual Exploitation: Union, Error, and Blind SQLi techniques.
  • Automation: Use SQLmap for efficient exploitation.

🔨 10. Client-Side Attacks

Topics Covered

  • Target Reconnaissance: Fingerprinting and data collection.
  • Microsoft Office Exploits: Macro-based attacks and Windows library abuse.

🔍 11. Locating Public Exploits

Resources

  • Online Repositories: Use Exploit-DB, GitHub, and SearchSploit.
  • Risk Assessment: Analyze exploit code before execution.

🔐 12. Fixing Exploits

What You’ll Learn

  • Buffer Overflow Basics: Update memory corruption exploits.
  • Web Exploit Patching: Troubleshoot and fix common web vulnerabilities.

🔒 13. Antivirus Evasion

Key Insights

  • Manual Bypassing: Modify payloads for AV evasion.
  • Automated Tools: Use advanced frameworks for stealth operations.

🔑 14. Password Attacks

Modules

  • Cracking Fundamentals: NTLM hash attacks and SSH passphrase exploits.
  • Automated Tools: Use John the Ripper and Hashcat.

🚀 Support My Work

If you find this syllabus helpful, consider supporting me by visiting my shop or Buy Me A Coffee page. Your support helps me create more content like this for the cybersecurity community!

More Info

Syllabus PDF