The learning process is one of the essential and most important components that is often overlooked. This module does not teach you techniques to lear...
This module is recommended for new users. It allows users to become acquainted with the platform and the learning process.
WordPress is an open-source Content Management System (CMS) that can be used for multiple purposes.
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.
Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both of...
This module covers the fundamentals of password cracking using the Hashcat tool.
This module covers the basics needed for working with Bash scripts to automate tasks on Linux systems. A strong grasp of Bash is a fundamental skill...
This module provides an overview of Active Directory (AD), introduces core AD enumeration concepts, and covers enumeration with built-in tools.
File Inclusion is a common web application vulnerability, which can be easily overlooked as part of a web application's functionality.
During an assessment, it is very common for us to transfer files to and from a target system. This module covers file transfer techniques leveraging t...
As a penetration tester or red teamer, it is imperative that we understand the tools that we use inside and out and also have the ability to write out...
OSINT (Open-source Intelligence) is a crucial stage of the penetration testing process. A thorough examination of publicly available information can i...
Buffer overflows are common vulnerabilities in software applications that can be exploited to achieve remote code execution (RCE) or perform a Denial-...
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information s...
As an information security professional, a firm grasp of networking fundamentals and the required components is necessary. Without a strong foundation...
This module introduces the topic of HTTP web requests and how different web applications utilize them to communicate with their backends.
Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.
The Metasploit Framework is an open-source set of tools used for network enumeration, attacks, testing security vulnerabilities, evading detection, pe...
This module will take you step-by-step through the fundamentals of JavaScript Deobfuscation until you can deobfuscate basic JavaScript code and unders...
This module focuses on discovering Command Injection vulnerabilities in NodeJS servers and exploiting them to control the server.
This module covers the fundamentals required to work comfortably with the Windows operating system.
Privilege escalation is a crucial phase during any security assessment. During this phase, we attempt to gain access to additional users, hosts, and r...
This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this m...
Learn how to brute force logins for various types of services and create custom wordlists based on your target.
The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the...
After gaining a foothold, elevating our privileges will provide more options for persistence and may reveal information stored locally that can furthe...
This module covers AD enumeration focusing on the PowerView and SharpView tools. We will cover various techniques for enumerating key AD objects that...
This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform ou...
Active Directory (AD) is present in the majority of corporate environments. Due to its many features and complexity, it presents a vast attack surface...
In the Introduction to Web Applications module, you will learn all of the basics of how web applications work and begin to look at them from an infor...
This module covers the fundamentals of penetration testing and an introduction to Hack The Box.
Authentication is probably the most straightforward and prevalent measure used to secure access to resources, and it's the first line of defense again...
Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational iss...
Active Directory presents a vast attack surface and often requires us to use many different tools during an assessment. The CrackMapExec tool, known a...
This module builds the core foundation for Binary Exploitation by teaching Computer Architecture and Assembly language basics.
This module covers topics that will help us be better prepared before conducting penetration tests. Preparations before a penetration test can often t...
Automating tedious or otherwise impossible tasks is highly valued during both penetration testing engagements and everyday life. Introduction to Pytho...
This module is your first step into Windows Binary Exploitation, and it will teach you how to exploit local and remote buffer overflow vulnerabilities...
This module teaches the penetration testing process broken down into each stage and discussed in detail. We will cover many aspects of the role of a p...
Cross-Site Scripting (XSS) vulnerabilities are among the most common web application vulnerabilities. An XSS vulnerability may allow an attacker to ex...
This module introduces the concept of Vulnerability Assessments. We will review the differences between vulnerability assessments and penetration test...
Command injection vulnerabilities can be leveraged to compromise a hosting server and its entire network. This module will teach you how to identify a...
Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best framework...
This module covers techniques for footprinting the most commonly used services in almost all enterprise and business IT infrastructures. Footprinting...
Penetration Testers can come across various applications, such as Content Management Systems, custom web applications, internal portals used by develo...
Gain the knowledge and skills to identify and use shells & payloads to establish a foothold on vulnerable Windows & Linux systems. This module utilize...
Organizations regularly use a standard set of services for different purposes. It is vital to conduct penetration testing activities on each service i...
This module covers three common web vulnerabilities, HTTP Verb Tampering, IDOR, and XXE, each of which can have a significant impact on a company's sy...
Arbitrary file uploads are among the most critical web vulnerabilities. These flaws enable attackers to upload malicious files, execute arbitrary comm...
Active Directory (AD) is the leading enterprise domain management suite, providing identity and access management, centralized domain administration,...
This module covers techniques for identifying and analyzing an organization's web application-based attack surface and tech stack. Information gatheri...
A backend that handles user-supplied input insecurely can lead to sensitive information disclosure and remote code execution. This module covers how t...
Passwords are still the primary method of authentication in corporate networks. If strong password policies are not in place, users will often opt for...
Maintaining and keeping track of a user's session is an integral part of web applications. It is an area that requires extensive testing to ensure it...
This module covers the fundamentals required to work comfortably within the macOS operating system and shell.
Once a foothold is gained during an assessment, it may be in scope to move laterally and vertically within a target network. Using one compromised mac...
Web services and APIs are frequently exposed to provide certain functionalities in a programmatic way between heterogeneous devices and software compo...
Bug bounty programs encourage security researchers to identify bugs and submit vulnerability reports. Getting into the world of bug bounty hunting wit...
Proper documentation is paramount during any engagement. The end goal of a technical assessment is the report deliverable which will often be presente...
We often encounter large and complex networks during our assessments. We must be comfortable approaching an internal or external network, regardless o...
As administrators and Pentesters, we may not always be able to utilize a graphical user interface for the actions we need to perform. Introduction to...
In this module, we will explore deserialization attacks with specific examples in Python and PHP.
Authentication plays an essential role in almost every web application. If a vulnerability arises in the application's authentication mechanism, it co...
In this module, we will look at exploiting NoSQL injection vulnerabilities, specifically MongoDB, with examples in Python, PHP, and Node.JS.
In this module, we cover blind SQL injection attacks and MSSQL-specific attacks.
This module covers details on Transport Layer Security (TLS) and how it helps to make HTTP secure with the widely used HTTPS. That includes how TLS wo...
This module covers advanced SQL injection techniques with a focus on white-box testing, Java/Spring and PostgreSQL.
This module covers three common HTTP vulnerabilities: Web Cache Poisoning, Host Header Vulnerabilities, and Session Puzzling or Session Variable Overl...
This module covers three HTTP vulnerabilities: CRLF Injection, HTTP Request Smuggling, and HTTP/2 Downgrading. These vulnerabilities can arise on the...
12 Sections
