Master of PenTest

Course Content

Module 1: Pre-Engagement & Information Gathering

The initial phase focuses on defining the scope and collecting as much public information as possible about the target.

  • Passive Reconnaissance: Using OSINT (Open Source Intelligence), Google Dorking, Shodan, and WHOIS lookups.
  • Active Reconnaissance: DNS enumeration, port scanning with Nmap, and service fingerprinting.
  • Vulnerability Research: Identifying known CVEs (Common Vulnerabilities and Exposures) associated with discovered services.
Module 2. Vulnerability Scanning with Nessus

Module 3. Vulnerability Scanning with Nmap

Module 4. Web Application Assessment Methodology

Module 5: Web Application Penetration Testing

This module focuses on the OWASP Top 10 and the unique vulnerabilities found in web environments.

  • Injection Attacks: SQL Injection (SQLi), Command Injection, and LDAP Injection.
  • Broken Authentication: Session hijacking, cookie theft, and brute-forcing.
  • Cross-Site Scripting (XSS): Stored, Reflected, and DOM-based XSS.
  • Insecure Direct Object References (IDOR): Accessing unauthorized data by manipulating IDs.
  • Tooling: Professional use of Burp Suite, OWASP ZAP, and Gobuster.

Module 6: Social Engineering Attacks

  • About Social Engineering Attack
  • Using Maltego Tool
  • Trojan Creation using SET
  • Phishing using SET
  • Using BeEF

Module 7: Network & Infrastructure Attacks 

Testing the security of the internal and external network architecture.

  • Exploitation Frameworks: Advanced use of the Metasploit Framework.
  • Sniffing & Spoofing: Man-in-the-Middle (MITM) attacks and LLMNR/NBT-NS poisoning.
  • Password Attacks: Online and offline cracking using Hashcat and John the Ripper.
  • Wireless Security: Cracking WPA2/WPA3, rogue access points, and deauthentication attacks.

Module 8: Exploitation & Post-Exploitation

Once access is gained, the focus shifts to maintaining control and expanding reach.

  • Privilege Escalation: Moving from a low-privilege user to Root (Linux) or SYSTEM (Windows).
  • Lateral Movement: Techniques like Pass-the-Hash (PtH) and pivoting through compromised hosts to reach isolated segments.
  • Persistence: Establishing backdoors and scheduled tasks to ensure access survives a reboot.
  • Data Exfiltration: Identifying and safely removing sensitive data.

Module 9: Specialized Testing Environments

Modern testing requires knowledge beyond standard servers.

  • Active Directory (AD) Attacks: Kerberoasting, Golden Ticket attacks, and BloodHound analysis.
  • Cloud Security: Misconfigured S3 buckets, IAM role exploitation, and Azure/AWS-specific vulnerabilities.
  • Social Engineering: Phishing simulations and pretexting.

Module 10. The Metasploit Framework

Module 11. Assembling the Pieces

 

Module 12: Reporting & RemediationAbout Post Exploitation

The most critical part of a professional engagement is communicating findings.

  • Executive Summary: High-level risk assessment for non-technical stakeholders.
  • Technical Breakdown: Step-by-step reproduction of vulnerabilities.
  • Risk Scoring: Assigning CVSS (Common Vulnerability Scoring System) scores.
  • Remediation: Providing actionable patches and configuration changes.

Who is the Master of Penetration Testing (MPT) For?

The MPT is an advanced, professional-level certification. To ensure student success, we recommend that those without prior offensive security experience first complete the MEH (Master of Ethical Hacking) before enrolling in this program.

Ideal Candidates Include:

  • Aspiring Penetration Testers: Individuals looking to master the art of identifying and exploiting network vulnerabilities in a controlled, professional environment.

  • Security Professionals & Ethical Hackers: Current practitioners who want to sharpen their toolkit, moving beyond basic scanning to complex, multi-stage exploitation.

  • IT Systems & Network Administrators: Professionals managing infrastructure who wish to pivot into a specialized security role or understand how to defend against modern attack vectors.

  • Career Advancers: Those seeking a high-level credential to qualify for senior security analyst, red teamer, or lead consultant positions.

  • Practical Learners: Individuals who thrive in “learning by doing” and want a rigorous, hands-on lab environment rather than just theoretical study.

  • Dedicated Enthusiasts: Serious hobbyists with a strong foundational knowledge of networking and OS who are ready to formalize their skills into a professional discipline.

Laptop requirements

Important! Set up your own system according to these guidelines.
To effectively engage in this course, your system must be properly configured. If you do not properly read and follow these directions, you will be unable to fully engage in the course’s hands-on tasks. Please ensure that you are available with a system that meets all of the mentioned requirements.Make a backup of your system before attending class. Better better, use a system that does not contain any sensitive or critical data. Dark ExploiT is not liable for your system or data.

MANDATORY WAPT SYSTEM HARDWARE REQUIREMENTS

CPU: 64-bit Intel i5/i7 (8th generation or later), or Ryzen equivalent. This class requires an x64-bit processor with a clock speed of 2.0 GHz or above.CRITICAL: Apple Silicon devices cannot execute the required virtualization and so cannot be used for this course.BIOS settings must be changed to allow virtualisation technologies, such as the “Intel-VTx” or “AMD-V” extensions. If your BIOS is password protected, make sure you can access it in case you need to make modifications.At least 8GB of RAM is necessary.At least 50GB of free storage space is required.There is at least one accessible USB 3.0 Type-A port. A Type-C to Type-A converter may be required for modern laptops.Some endpoint protection software does not allow the usage of USB devices, so test your system with a USB drive before class.Wireless networking (802.11) is required. There is no wired internet access in the classroom.

You cannot copy content of this page