Certified Penetration Testing Professional (C|PENT AI)

I. Overview:

The Certified Penetration Testing Professional (C|PENT AI) program is the world's most comprehensive guided penetration testing program. It offers a complete hands-on pentesting methodology and AI techniques mapped to all pentesting phases. C|PENT AI enables you to master pentesting within an enterprise network environment, evaluating intrusion risks and compiling actionable, structured reports. Distinguish yourself with the C|PENT AI, learning beyond technical knowledge—scoping engagements, understanding design, estimating effort, and presenting findings—and thrive as a leader in offensive security with versatile skills. C|PENT AI combines guided learning with hands-on practice while immersing you in diverse live scenarios involving IoT systems, segmented networks, and advanced defenses, with practical challenges mapped to each domain. Gain expertise in advanced skills necessary to create your tools, conduct advanced binary exploitation, double pivot, customize scripts, and write your exploits to penetrate the deepest pockets of the network.

  • Hands-on course featuring CTFs, 110+ labs, live cyber ranges, and 50+ tools
  • Practical exam tests skills on unique multi-disciplinary network ranges
  • The only program to teach a complete pen testing methodology
  • Prepares you for VAPT compliance and various regulations.
II. Duration: 40 hours (5 days)
III. Objectives:

What pentesting skills you'll learn:

Fundamentals of Penetration Testing

  • The fundamentals of penetration testing, including its objectives, methodologies, frameworks, and role in an organization's security strategy.

Engagement Planning & Ethics

  • The approach to scoping penetration testing engagements, defining objectives, establishing clear communication with stakeholders, and adhering to legal and ethical boundaries.

Information Gathering & Reconnaissance

  • Open-Source Intelligence (OSINT) techniques for gathering actionable intelligence and identifying, mapping, and analyzing an organization's attack surface.

Windows & Active Directory Exploitation

  • Methods for exploiting vulnerabilities in Windows systems and performing privilege escalation to gain higher-level access.
  • Techniques for testing and exploiting vulnerabilities in Active Directory environments by identifying misconfigurations and security weaknesses.

Web & API Security Testing

  • Techniques for testing web applications for vulnerabilities such as SQL injection, XSS, and authentication flaws, including methods for exploitation and remediation.
  • Methods for assessing API security by testing endpoints, exploiting misconfigurations, and identifying weaknesses in JSON Web Tokens (JWT).

Network & Perimeter Security

  • Advanced techniques for bypassing firewalls, intrusion detection systems (IDS), routers, switches, and other perimeter defenses.
  • Techniques for navigating internal networks, gaining access to additional systems, and pivoting to critical assets during penetration testing.

Social Engineering

  • The techniques and preventive measures related to exploiting human vulnerabilities through social engineering.

Linux Exploitation & Privilege Escalation

  • Techniques for exploiting Linux systems and escalating privileges while understanding common vulnerabilities and configurations.

Binary Exploitation & Reverse Engineering

  • Techniques for reverse engineering, fuzzing, and binary exploitation to identify and exploit weaknesses in software and applications.

IoT Security Testing

  • Techniques to find and exploit vulnerabilities in IoT devices and ecosystems.

Reporting & Post-Testing Actions

  • Creating professional penetration testing reports, communicating findings effectively, and outlining actionable post-testing recommendations.

What AI skills you'll learn

AI empowers you by automating repetitive tasks, enhancing accuracy, and uncovering complex security flaws that traditional methods might overlook. Here are some key skills and benefits:

  • Enhanced efficiency
  • Improved accuracy
  • Real-time threat detection
  • Advanced vulnerability analysis
  • Customization and scalability
  • Up to 40% more efficiency in cyber defense
  • 90% accuracy in detecting various cybersecurity threats
  • 2X your productivity
IV. Intended Audience:
  • Cybersecurity professionals: Drive your cybersecurity career forward with CPENT AI, enhanced by the power of AI.
  • Teams and Organizations: Turbocharge you team's knowledge with certified expertise
  • Government and military: Trusted and highly valued globally by government departments and defense organizations
  • Educators: Create and grow your cybersecurity courses and programs
V. Course outlines:

1. Module 01: Introduction to Penetration Testing and Methodologies

  • Principles and Objectives of Penetration Testing
  • Penetration Testing Methodologies and Frameworks
  • Best Practices and Guidelines for Penetration Testing
  • Role of Artificial Intelligence in Penetration Testing
  • Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Key topics covered: Penetration Testing, Penetration Testing Process, Penetration Testing Methodologies and Frameworks, MITRE ATT&CK Framework, Characteristics of a Good Penetration Test, AI-Driven Penetration Testing, AI-Driven Tools for Penetration Testing, Compliance-Driven Penetration Testing, Role of AI and Machine Learning in Compliance-Driven Testing

2. Module 02: Penetration Testing Scoping and Engagement

  • Penetration Testing: Pre-engagement Activities
  • Key Elements Required to Respond to Penetration Testing RFPs
  • Drafting Effective Rules of Engagement (ROE)
  • Legal and Regulatory Considerations Critical to Penetration Testing
  • Resources and Tools for Successful Penetration Testing
  • Strategies to Effectively Manage Scope Creep

Key topics covered: Preparing for Proposal Submission, Rules of Engagement, Drafting a ROE, Drafting Penetration Testing Contract, Rules of Behavior, Nondisclosure Agreement, Liability Issues, Engagement Letter, Kickoff Meeting, Statement of Work, Preparing the Test Plan, Data Use Agreement, Mission Briefing, Scope Creeping

3. Module 03: Open-Source Intelligence (OSINT)

  • Collect Open-Source Intelligence (OSINT) on Target's Domain Name
  • Collect OSINT About Target Organization on the Web
  • Perform OSINT on Target's Employees
  • OSINT Using Automation Tools
  • Map the Attack Surface

Labs:

  • Collect OSINT on Target's Domain Name, Web, and Employees
  • Collect OSINT Using Automation Tools
  • Identify and Map Attack Surface

Key topics covered: Find Domain and Subdomains, Whois Lookups, DNS Records, Reverse Lookups, DNS Zone Transfer, Web Searches Using Advanced Operators, Google Dork, Footprint Target Using Shodan, Email Harvesting, People Search Online Services, Automate OSINT Process Using Tools/Frameworks, Attack Surface Mapping, Traceroute Analysis, Scanning Target Network, Discover Live Hosts, Port Scanning, OS Banner Grabbing, Service Fingerprinting

4. Module 04: Social Engineering Penetration Testing

  • Social Engineering Penetration Testing Concepts
  • Off-Site Social Engineering Penetration Testing
  • On-Site Social Engineering Penetration Testing
  • Document Findings with Countermeasure Recommendations

Labs:

  • Sniff credentials using the Social-Engineer Toolkit (SET)

Key topics covered: Social Engineering Penetration Testing Process, Off-Site Social Engineering Penetration Testing, Phishing, Social Engineering Using Phone, Social Engineering using AI and ML, On-Site Social Engineering Penetration Testing, Social Engineering Countermeasures

5. Module 05: Web Application Penetration Testing

  • Web Application Footprinting and Enumeration Techniques
  • Techniques for Web Vulnerability Scanning
  • Test for Vulnerabilities in Application Deployment and Configuration
  • Techniques to Assess Identity Management, Authentication, and Authorization Mechanisms
  • Evaluate Session Management Security
  • Evaluate Input Validation Mechanisms
  • Detect and Exploit SQL Injection Vulnerabilities
  • Techniques for Identifying and Testing Injection Vulnerabilities
  • Exploit Improper Error Handling Vulnerabilities
  • Identify Weak Cryptography Vulnerabilities
  • Test for Business Logic Flaws in Web Applications
  • Evaluate Applications for Client-Side Vulnerabilities

Labs:

  • Perform Website Footprinting
  • Perform Web Vulnerability Scanning Using AI
  • Perform Various Attacks on Target Web Application

Key topics covered: OWASP Penetration Testing Framework, Website Footprinting, Web Spidering, Website Mirroring, HTTP Service Discovery, Web Server Banner Grabbing, Test for Default Credentials, Enumerate Webserver Directories, Web Vulnerability Assessment, Web Application Fuzz Testing, Directory Brute Forcing, Web Vulnerability Scanning, Test Handling of File Extensions, Test Backup and Unreferenced Files, Username Enumeration, Authorization Attack, Insecure Access Control Methods, Session Token Sniffing, Session Hijacking, Cross-Site Request Forgery (XSRF), URL Parameter Tampering, SQL Injection, LDAP Injection, Improper Error Handling, Logic Flaws, Frame Injection

6. Module 06: API and Java Web Token Penetration Testing

  • Techniques and Tools to Perform API Reconnaissance
  • Test APIs for Authentication and Authorization Vulnerabilities
  • Evaluate the Security of JSON Web Tokens (JWT)
  • Test APIs for Input Validation and Injection Vulnerabilities
  • Test APIs for Security Misconfiguration Vulnerabilities
  • Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
  • Test APIs for Security of GraphQL Implementations
  • Test APIs for Business Logic Flaws and Session Management

Labs:

  • Perform API Reconnaissance Using AI
  • Scan and Identify Vulnerabilities in APIs
  • Exploit Various Vulnerabilities to Gather Information on the Target Application

Key topics covered: API Reconnaissance, Test APIs for Broken Authentication, Test APIs for Object-Level Permissions (BOLA), Test for JWT Issues, Test APIs for SQL Injection Vulnerabilities, Test APIs for Cross-Site Scripting (XSS), Fuzzing API Inputs, API Vulnerability Scanning, Unsafe Consumption of APIs, API for Throttling and Rate Limiting Attacks, GraphQL Issues, API for Workflows' Circumvention, API for Session Hijacking

7. Module 07: Perimeter Defense Evasion Techniques

  • Techniques to Evaluate Firewall Security Implementations
  • Techniques to Evaluate IDS Security Implementations
  • Techniques to Evaluate the Security of Routers
  • Techniques to Evaluate the Security of Switches

Labs:

  • Identify and Bypass a Firewall
  • Evade Perimeter Defenses Using Social-Engineer Toolkit (SET)
  • Perform WAF Fingerprinting

Key topics covered: Testing the Firewall, Locate the Firewall, Enumerate Firewall Access Control List, Scan the Firewall for Vulnerabilities, Bypass the Firewall, IDS Penetration Testing, Techniques Used to Evade IDS Systems, Test the IDS Using Different Techniques, Bypass IDS, Router Testing Issues, Port Scan the Router, Test for Router Misconfigurations, Security Misconfigurations in Switch, Test for OSPF Performance, Router and Switch Security Auditing Tool

8. Module 08: Windows Exploitation and Privilege Escalation

  • Windows Pen Testing Methodology
  • Techniques to Perform Reconnaissance on a Windows Target
  • Techniques to Perform Vulnerability Assessment and Exploit Verification
  • Methods to Gain Initial Access to Windows Systems
  • Techniques to Perform Enumeration with User Privilege
  • Techniques to Perform Privilege Escalation
  • Post-Exploitation Activities

Labs:

  • Exploit Windows OS Vulnerability
  • Exploit and Escalate Privileges on a Windows Operating System
  • Gain Access to a Remote System
  • Exploit Buffer Overflow Vulnerability on a Windows Machine

Key topics covered: Reconnaissance on Windows, Windows Vulnerability Scanning, Gain Access to Windows System, Vulnerability Scanning and Exploit Suggestion using AI, Crack Passwords, Gain Access to Windows Using Remote Shell, Exploit Buffer Overflow Vulnerability on Windows, Meterpreter Post Exploitation, Escalating Privileges, UAC Bypass, Antivirus Evasion, Disable Windows Defender, Setup Backdoor at Boot, Evade Antivirus Detection

9. Module 09: Active Directory Penetration Testing

  • Architecture and Components of Active Directory
  • Active Directory Reconnaissance
  • Active Directory Enumeration
  • Exploit Identified Active Directory Vulnerabilities
  • Role of Artificial Intelligence in AD Penetration Testing Strategies

Labs:

  • Explore the Active Directory Environment
  • Perform Active Directory Enumeration
  • Perform Horizontal Privilege Escalation and Lateral Movement
  • Retrieve Cached Active Directory Credentials

Key topics covered: Active Directory, Active Directory Components, Active Directory Reconnaissance, Enumerate Active Directory, Active Directory Service Interfaces (ADSI), Active Directory Enumeration Tools, Password Spraying Attack, Active Directory Certificate Services (AD CS), Exchange Server User Enumeration, Exploit Exchange Server, Extract Password Hashes, Crack NTLM Hashes, Active Directory Exploitation, AD Enumeration using AI

10. Module 10: Linux Exploitation and Privilege Escalation

  • Linux Exploitation and Penetration Testing Methodologies
  • Linux Reconnaissance and Vulnerability Scanning
  • Techniques to Gain Initial Access to Linux Systems
  • Linux Privilege Escalation Techniques

Labs:

  • Perform Reconnaissance and Vulnerability Assessment on Linux
  • Gain Access and Perform Enumeration
  • Identify Misconfigurations for Privilege Escalation

Key topics covered: IoT, Popular IoT Hacks, IoT Challenges, IoT Penetration Testing, Abstract IoT Testing Methodology, Attack Surface Mapping, IoT Architecture, Typical IoT Vulnerabilities, Steps to Analyzing the IoT Hardware, Firmware Attacks, Attack Surface Map, Sample Architecture Diagram, Sample Firmware Analysis Process, Binwalk to Extract the File System, Exploring the File System, Firmware Emulation

11. Module 11: Reverse Engineering, Fuzzing, and Binary Exploitation

  • Concepts and Methodology for Analyzing Linux Binaries
  • Methodologies for Examining Windows Binaries
  • Buffer Overflow Attacks and Exploitation Methods
  • Concepts, Methodologies, and Tools for Application Fuzzing

Labs:

  • Perform Binary Analysis
  • Explore Binary Analysis Methodology
  • Write an Exploit Code
  • Reverse Engineering a Binary
  • Identify and Debug Stack Buffer Overflows
  • Fuzzing an Application

Key topics covered: Machine Instructions, 32-bit Assembly, ELF Binary, IA-32 Instructions for Pentesting, Binary Analysis Methodology, Capstone Framework, Static Analysis, Dynamic Analysis, x86 C Program, Buffer Overflow, Heap Overflow, Memory Corruption Exploits, Cross-Compile Binaries, Fuzzing, Fuzzing Steps, Types of Fizzers, Debugging, Fuzzing Tools, Building Fuzzer

12. Module 12: Lateral Movement and Pivoting

  • Advanced Lateral Movement Techniques
  • Advanced Pivoting and Tunneling Techniques to Maintain Access

Labs:

  • Perform Pivoting
  • Perform DNS Tunneling and HTTP Tunneling

Key topics covered: Lateral Movement, Pass the Hash (PtH) Attack, Pass the Ticket (PtT) Attack, Kerberos Attacks, Silver Ticket, Golden Ticket, Kerberoasting, PsExec Metasploit FrameWork for Lateral Movement, Windows Remote Management (WinRM) for Lateral Movement, Crack RDP, Pivoting, Pivoting Tools, HTTP Tunneling, DNS Tunneling, ICMP Tunneling, SSH Tunneling, Port Forwarding

13. Module 13: IoT Penetration Testing

  • Fundamental Concepts of IoT Pentesting
  • Information Gathering and Attack Surface Mapping
  • Analyze IoT Device Firmware
  • In-depth Analysis of IoT Software
  • Assess the Security of IoT Networks and Protocols
  • Post-Exploitation Strategies and Persistence Techniques
  • Comprehensive Pentesting Reports

Labs:

  • Perform IoT Fireware Acquisition, Extraction, Analysis, and Emulation
  • Probe IoT Devices

Key topics covered: IoT Penetration Testing, OWASP Top 10 IoT Threats, OWASP IoT Attack Surface Areas, IoT Penetration Testing Methodology, Identify IoT Devices, Firmware Analysis, Extract the Firmware Image, Firmware Extraction, Reverse Engineering Firmware, Static Analysis of Binaries, Dynamic Analysis of Binaries, IoT Software Analysis, IoT Network and Protocol Security Testing, Network Traffic Analysis Between Devices, Gateways, and Servers, Privilege Escalation Techniques in IoT, Lateral Movement Techniques Within IoT Networks, IoT Penetration Testing Report

14. Module 14: Report Writing and Post-Testing Actions

  • Purpose and Structure of a Penetration Testing Report
  • Essential Components of a Penetration Testing Report
  • Phases of a Pen Test Report Writing
  • Skills to Deliver a Penetration Testing Report Effectively
  • Post-Testing Actions for Organizations

Labs:

  • Generate Penetration Test Reports

Key topics covered: Characteristics of a Good Pentesting Report, Report Components, Phases of Report Development, Writing a Draft Report, Report Writing Tools, Delivering the Penetration Testing Report, Report Retention, Destroying the Report, Sign-off Document, Developing and Implementing Data Backup Plan, Conducting Training, Retesting and Validation

  • Học trực tuyến

  • Học tại Hồ Chí Minh

  • Học tại Hà Nội

Các khóa học khác