Prerequisites:
- Laptop with 12GB RAM
- Core i7
- 500GB Disk Space
- Ethernet / WIFI
- Four Months Course Duration
- Intermediate Students can join
Modules of EHP:
- Module 1
Introduction of Linux – Cyber Security - Module 2
Information Gathering - Module 3
Enumeration - Module 4
Vulnerability Assessment - Module 5
Host-Based Exploitation - Module 6
Network-Based Exploitation - Module 7
Post-Exploitation - Module 8
Web Application Basics - Module 9
Web Application Reconnaissance - Module 10
Web Application Exploitation - Module 11
Reporting and Documentation
Module 01 – Introduction of Linux – Cyber Security
- RedHat Linux basics (Boot Process, Shell, Directory Structure, partitioning, file permission, chown, chmod, cp, ls, mv, PID, RPM)
- Cybersecurity Laws, Regulations, Standards, and Frameworks (ISO27001, NIST(CSF), CIS, OWASP10, PCIDSS, HIPPA, GDPR, MITRE)
- OSINT (CIA, Risks, Threats, Vulnerabilities, and Exploits) and Penetration Testing Deliverables
- Overview of Kali Linux and Setting up Lab Environment (Kali – Metmetasploitable2/3 – OWASPBWA)
- Cyber Security Career, Certifications and Tools Overview. (NMAP, Burp Suite, Nessus, Drib, OpenVAS, Metasploit)
Module 02 – Information Gathering
- Passive and Active Reconnaissance
- Identifying Open Ports and Services
- Foot printing and Scanning
- Gathering Information from Public Sources
- Enumerating Network and Domain Data
Module 03 – Enumeration
- Banner Grabbing and OS Fingerprinting
- Enumerating Users and Shared Resources
- Network Mapping and Protocol Identification
- System-Specific Information Collection
Module 04 – Vulnerability Assessment
- Identifying Vulnerabilities in Network Services
- Utilizing Scanning Tools (e.g., Nessus, OpenVAS)
- Manual Vulnerability Verification
- Evaluating Risk and Impact of Vulnerabilities
Module 05 – Host-Based Exploitation
- Brute Force Attacks and Password Cracking
- Using Metasploit Framework for Exploitation
- Privilege Escalation Techniques
- Exploitation of System Vulnerabilities
Module 06 – Network-Based Exploitation
- Hash Dumping and Credential Extraction
- Network Service Exploitation
- ARP Spoofing and Packet Manipulation
- Exploiting Protocol Vulnerabilities
Module 07 – Post-Exploitation
- Data Exfiltration Techniques
- Clearing Logs and Covering Tracks
- Persistent Access Method (Metasploit)
Module 08 – Web Application Basics
- Understanding HTTP Protocols
- Cookie Management and Sessions
- Introduction to Web Servers and Technologies
Module 09 – Web Application Reconnaissance
- Directory and File Enumeration
- Hidden Parameter and Resource Discovery
- Brute Force Techniques for Login Pages
- Subdomain Enumeration
- Technology Profiling
Module 10 – Web Application Exploitation
- OWASP Top 10 Vulnerabilities
- SQL Injection, XSS, and File Upload
- File inclusion Exploits
- IDOR, PHP Reverse Shell
Module 11 – Reporting and Documentation
- Writing Effective Penetration Test Reports
- Recommendations for Mitigation
- Ethical Practices in Penetration Testing