Program outcome
By the end, you will be able to run an end-to-end security audit in an authorized environment, prioritize real risks, and deliver a professional report with a remediation plan and technical backing.
Learning objectives
- Define scope, rules of engagement, and success criteria without ambiguity.
- Build an attack-surface map and prioritize objectives.
- Run reconnaissance and enumeration without breaking the environment.
- Validate vulnerabilities in the lab and classify real impact.
- Write technical evidence with reproducible traceability.
- Present findings to technical teams and non-technical leadership.
High-level syllabus
- M1 - Pentest governance and operational legal framework.
- M2 - Reconnaissance, defensive OSINT, and surface mapping.
- M3 - Enumeration of services, applications, and configurations.
- M4 - Validation of web and infrastructure vulnerabilities.
- M5 - Privilege escalation and ethical post-exploitation.
- M6 - Professional reporting and finding defense.
Included labs
- LAB-01: Lab preparation and security checklist.
- LAB-02: Guided reconnaissance on a fictional company.
- LAB-03: Enumeration of prioritized assets and ports.
- LAB-04: Validation of OWASP flaws in an isolated environment.
- LAB-05: Local escalation and evidence consolidation.
- LAB-06: Complete simulation with assessable final report.