Advance Penetration Testing (APT)

Course Overview

There are good penetration testers and then there are great penetration testers.

Unless you are bent on being nothing other than the best in penetration testing, don’t bother registering for this program, as you are probably not cut out for it.

You will be required to make knowledgeable decisions under immense pressure at critical stages while selecting your approach and exploits.

As you progress along these levels, you will need to maneuver web application, network, and host penetration testing tools and tricks in an internal and external context to ultimately pawn the hosts and exfiltrate data required for the completion of the challenges.

This course is designed for security professionals who want to take a serious and meaningful step into the world of professional penetration testing. This includes – pentesters seeking an industry-leading certification, security professionals, network administrators and other technology professionals.


  • Using Information gathering techniques to identify and enumerate targets running various operating systems and services
  • Writing basic scripts and tools to aid in the penetration testing process
  • Analyzing, correcting, modifying, cross-compiling and porting public exploit code
  • Conducting both remote and client-side attacks
  • Identifying and exploiting XSS, SQL infection and file inclusion vulnerabilities in web applications
  • Deploying tunneling techniques to bypass firewalls
  • Creative problem solving and lateral thinking skills


  • Solid understanding of TCP/IP networking
  • Reasonable understanding of Linux
  • Familiarity of Bash scripting with basic Python or Perl a plus

Course Duration

  • 40 Hours (8 hours/day).

Course Content

Essential Tool for Penetration Testing

  • Wireshark to analyze the network traffic
  • Tcpdump to filtering traffic
  • Netcat in Enumeration
  • Netcat to Transfer File
  • Netcat to take a reverse shell

Passive Information Gathering

  • Netcraft for information gathering
  • Recon-ng for information gathering
  • Maltego for information gathering

Active Information Gathering

  • DNS lookup
  • Perform zone transfer using dig
  • Nmap port scanning technique
  • Use tool like nslookup, snmpenum, snmpwalk

Buffer Overflow

  • Fuzzing
  • How to Control the EIP?
  • Checking and removing of bad characters
  • Improve the old exploits
  • DEP and ASLR protection and how to bypass them

Working with Exploit

  • Search for exploit according to the version info
  • Finding exploits at different sources
  • Customize the prebuild exploit

Privilege Escalation

  • Abusing sudo rights based privilege escalation
  • SUID bit based privilege escalation
  • Kernel exploit based privilege escalation
  • Path variable based privilege escalation
  • Mysql based privilege escalation
  • Crontab based privilege escalation
  • Wildcard injection based privilege escalation
  • Buffer overflow based privilege escalation

Web application attacks

  • OWASP top 10

Port Redirection and Tunneling

  • Port Forwarding/Redirection
  • SSH tunneling
  • HTTP tunneling Redirection and Tunneling
  • Port Forwarding

Bypass Antivirus Software

  • Encoding payload with metasploit
  • Custom Encoders

Advance Labs

Easy CTF’s

  • Nibbles
  • Poison
  • Sunday
  • Jerry
  • Blue

Hard CTF’s

  • BrainFuck
  • Kotarak
  • TartarSauce
  • Silo
  • Bart

Medium CTF’s

  • Bashed
  • Sense
  • Node
  • Valentine
  • Cronos
  • Nineveh
  • Solidstate
  • Optimum
  • Davel
  • Bounty
  • Jeeves