Card image
Basic Toolset

Medium 91 Sections +110

Cubes Required: 470

In this path, modules cover the basic tools needed to be successful in network and web application penetration testing. This is not an exhaustive listing of all tools (both open source and commercial) available to us as security practitioners but covers tried and true tools that we find ourselves using on every technical assessment that we perform. Learning how to use the basic toolset is essential, as many different tools are used in penetration testing. We need to understand which of them to use for the various situations we will come across.

  Network Enumeration with Nmap

Easy 12 Sections +10

Nmap is one of the most used networking mapping and discovery tools because of its accurate results and efficiency. The tool is widely used by both offensive and defensive security practitioners. This module covers fundamentals that will be needed to use the Nmap tool for performing effective network enumeration.

  Login Brute Forcing

Easy 11 Sections +20

Learn how to brute force logins for various types of services and create custom wordlists based on your target.

  Attacking Web Applications with Ffuf

Easy 13 Sections +10

This module covers the fundamental enumeration skills of web fuzzing and directory brute forcing using the Ffuf tool. The techniques learned in this module will help us in locating hidden pages, directories, and parameters when targeting web applications.

  Cracking Passwords with Hashcat

Medium 14 Sections +20

This module covers the fundamentals of password cracking using the Hashcat tool.

  SQLMap Essentials

Easy 11 Sections +20

The SQLMap Essentials module will teach you the basics of using SQLMap to discover various types of SQL Injection vulnerabilities, all the way to the advanced enumeration of databases to retrieve all data of interest.

  Intro to Network Traffic Analysis

Medium 15 Sections +10

Network traffic analysis is used by security teams to monitor network activity and look for anomalies that could indicate security and operational issues. Offensive security practitioners can use network traffic analysis to search for sensitive data such as credentials, hidden applications, reachable network segments, or other potentially sensitive information "on the wire." Network traffic analysis has many uses for attackers and defenders alike.

  Using Web Proxies

Easy 15 Sections +20

Web application penetration testing frameworks are an essential part of any web penetration test. This module will teach you two of the best frameworks: Burp Suite and OWASP ZAP.

To start this course Sign Up!