Skip to content

CPTS

Number Module My notes Duration
01 Penetration Testing Process Penetration Testing Process 6 hours Introduction
02 Network Enumeration with Nmap (Almost) all about nmap 7 hours Reconnaissance, Enumeration & Attack Planning
03 Footprinting Introduction to footprinting
Infrastructure and web enumeration
Some services: FTP, SMB, NFS, DNS, SMTP, IMAP/POP3,SNMP, MySQL, Oracle TNS, IPMI, SSH, RSYNC, R Services, RDP, WinRM, WMI
2 days Reconnaissance, Enumeration & Attack Planning
04 Information Gathering - Web Edition Information Gathering - Web Edition. With tools such as Gobuster, ffuf, Burpsuite, Wfuzz, feroxbuster, OWASP WSTG-INFO-02, OWASP WSTG-INFO-02, Google Dorks More tools for recon: finalrecon 7 hours Reconnaissance, Enumeration & Attack Planning
05 Vulnerability Assessment Vulnerability Assessment:
Nessus, Openvas
2 hours Reconnaissance, Enumeration & Attack Planning
06 File Transfer techniques File Transfer Techniques:
Linux, Windows, Code- netcat python php and others, Bypassing file upload restrictions, File encryption, Evading techniques when transferring files, LOLbas Living off the land binaries
3 hours Reconnaissance, Enumeration & Attack Planning
07 Shells & Payloads Bind shells, Reverse shells, Spawn a shell, Web shells (Laudanum and nishang), Windows footprinting, 2 days Reconnaissance, Enumeration & Attack Planning
08 Using the Metasploit Framework Metasploit, Msfvenom 5 hours Reconnaissance, Enumeration & Attack Planning
09 Password Attacks Password attacks 8 hours Exploitation & Lateral Movement
10 Attacking Common Services Common services: FTP
SMB (tools: smbclient, smbmap, rpcclient, Samba Suite, crackmapexec, impacket-smbexec, impacket-psexec), Databases (MySQL and Attacking MySQL, MSSQL and Atacking MSSQL, log4j, RDP, DNS, SMTP, IMAP/POP protocols, postfix, swaks
8 hours Exploitation & Lateral Movement.
Machines:
- Rabbit
-  SneakyMailer
- Reel
11 Pivoting, Tunneling, and Port Forwarding 2 days Exploitation & Lateral Movement
12 Active Directory Enumeration & Attacks 7 days Exploitation & Lateral Movement
13 Using Web Proxies Proxies: burpsuite, zap-proxy, proxychains 8 hours Web Exploitation
14 Attacking Web Applications with Ffuf ffuf 5 hours Web Exploitation
15 Login Brute Forcing 6 hours Web Exploitation
16 SQL Injection Fundamentals 8 hours Web Exploitation
17 SQLMap Essentials 8 hours Web Exploitation
18 Cross-Site Scripting (XSS) XSS 6 hours Web Exploitation
19 File Inclusion 8 hours Web Exploitation
20 File Upload Attacks 8 hours Web Exploitation
21 Command Injections 6 hours Web Exploitation
22 Web Attacks Web exploitation 2 days Web Exploitation
23 Attacking Common Applications 4 days Web Exploitation
24 Linux Privilege Escalation 8 hours Post-Exploitation
25 Windows Privilege Escalation 4 days Post-Exploitation
26 Documentation & Reporting 2 days Reporting & Capstone
27 Attacking Enterprise Networks 2 days Reporting & Capstone

Practicing Steps

Starting point:

  • 2x Modules: The modules chosen should be categorized according to two different difficultiestechnical and offensive.
  • 3x Retired Machines: we recommend choosing two easy and one medium machines. At the end of each module, you will find recommended retired machines to consider that will help you practice the specific tools and topics covered in the module. These hosts will share one or more attack vectors tied to the module.
  • 5x Active Machines: After building a good foundation with the modules and the retired machines, we can venture to two easytwo medium, and one hard active machine. We can also take these from the corresponding module recommendations at the end of each module in Academy.
  • 1x Pro Lab / Endgame: These labs are large multi-host environments that often simulate enterprise networks of varying sizes similar to those we could run into during actual penetration tests for our clients.
Last update: 2024-11-03
Created: November 27, 2023 14:56:56