Truephers Certified Penetration Tester Full Course Certification
This is a 6 months course (3 months training + 3 months of project work if require) in Ethical Hacking and Penetration Testing at Chandigarh, Mohali, Panchkula. It includes syllabus and certifications covered in both the courses with some advanced topics that are also inclusive. The main agenda of this training program is to prepare a student who owns no or some basics knowledge, a Cyber Security Professional, and to make him/her ready to enter into the professional world of Cyber Security and Penetration Testing. We at Truephers Chandigarh focuses more on practicals because this field demands more practical knowledge instead of just having theoretical knowledge. At our labs, students will not only learn theoretical knowledge but will also do practicals on the dedicated virtual labs containing hacking machines, Linux, Windows servers, and client machines. With all these students will get a real-world like learning environment through which he/she can learn and expand his/her ideas. Truephers provide full working day lab access to the dedicated and desired students. Truephers provides hands-on practice with dummy websites and virtual machines at industry standards.
Course Content
120 hours (3 months) of Industrial Training’s Course Content
Each module contains subtopics in it, expand to see.
Basics of Networking
- Introduction to Internet Protocol
- IP Addresses
- IP Address Spoofing (Changing IP Address)
- Proxies
- Tor Browser, Web proxies, Manual proxies, VPN
- Ports (Logical ports)
- TCP/UDP
- 3-way TCP handshake
- DNS
- DHCP
- SMTP, POP3, IMPS
- HTTP, HTTPS, SSL, TLS
- MAC Address (Hardware Address)
- MAC Address Spoofing
- Hubs and Switches
Digital Forensics
- Introduction to Data Forensics
- Data recovering
- Permanent Data deletion
- Windows Forensics
- Events and Logs views
- USB and Browser Forensics
Cryptography and Steganography
- Disk Encryption
- Image Steganography
- Audio/ Video Steganography
Virtual Machines (VMWare, Virtual Box, KVM)
- Introduction to Virtual Machines.
- Installation of Virtual Box, VMWare, KVM’s
- Configuration of Virtual Machines in details
- Networking in Virtual Machines
- Importing/ Exporting Virtual Machines
- Cloning Virtual Machines
Basics of Linux Administration
- Introduction to UNIX/ LINUX
- Downloading and Installing Linux
- File Structure
- Basics Commands
Kali Linux
- Introduction to Kali Linux
- Installing Kali Linux
- File Structure
- Installing and Configuring SSH, FTP, TFTP, Apache, Tomcat, Postgresql, Python, and other important services and daemons in Kali Linux
- Installing and Configuring Kali Pen testing Tools
- Bash Scripting
- Essential Tools – Netcat, Ncat, SOCAT, Wireshark, tcpdump
Viruses, Worms, Trojans, Binder’s and Crypter’s
- Virus creation
- Trojan creation
- NetBus
- Poison ivy, Cybergate RAT
- Binder’s
- Crypter’s
DOS Attacks
- SMURF DOS
- Ping of Death DOS
- ICMP Flood
- SYN Flood
- Slow Loris
- DDOS
- Case Scenarios
Google Hacking Database
- Using Google Dorks
- Finding files, pages for particular Website
- Finding Open Cameras
- Finding Routers
- Exploit-DB GHDB
- SHODAN (Search Engine for IoT)
Password Attacks
- Windows/ Linux password hashing
- Windows SAM Database
- Linux passwd/ shadow files
- Windows Password Cracking
- Linux Password Cracking
- Brute-forcing
- Rainbow tables
- Ophcrack
- Cain and Able
- bkhive, samdump2
- Password Hashing and Encryption
- Password profiling with CUPP
- Password generator tools
- Hydra
- Hashcat
- John The Ripper
- HTTP – FTP – Telnet – RDP – RAR – ZIP – MD5 – SHA – LM/ NTLM password hashes and cracking with different tools and techniques
Active Information Gathering/ Enumeration
- Active Information Gathering
- OS Fingerprinting
- Port Scanning
- Banner Grabbing.
- Different Port Scanning tools and types.
- Port Scanning with Nmap
- Nmap Scripting Engine
- Netcat/ Zenmap
- Domain Name WHOIS lookup
- Reverse hostname lookup
- SMB Enumeration
- SMTP Enumeration
- SNMP Enumeration
Passive Information Gathering/ Enumeration
- Passive Information Gathering
- Google Hacking Database
- Google Dorks
- Online Email Finder
- Online Active ports scanners
- Reverse hostname lookup
- Netcraft
- DNS Zones
- Zone transfer
- Wayback Machine
- Uptime Monitoring
- Online Domain tools
Sniffing and Security
- Wired Sniffing and Wireless Sniffing
- ARP Poisoning
- Wireshark
- Cain and Able
- SSL-strip
ATM Hacking
- ATM Hacking and Techniques
- Card cloning
- Skimmers
- Online Frauds
Wireless Hacking and Security
- Wireless USB adapters
- Monitor mode and Promiscuous mode
- WEP Encryption
- WEP Password Cracking
- WPA/ WPA2 Password Cracking
- WPS Cracking
- Configuring and Finding Hidden SSID’s
- Beating Black-list/ White-list MAC filtering
- Using other tools
Vulnerability Assessment, Scanning
- Vulnerability Scanners
- Configuring and Installing Vulnerability Scanners
- Nessus
- Nexpose
- OpenVAS
- Web Vulnerability Scanners
- Acunetix Vulnerability Scanner
- Nikto
- Dirbuster
Web Application Penetration Testing
- Configuring Vulnerable Web Application for Learning and Testing
- Burp-Suite
- OWASP ZAP
- Nikto
- Dirbuster Dirb
- SQLmap
- Cross-Site Scripting XSS
- SQL Injection
- RFI/ LFI
- Insecure Sensitive files (password, backup files)
- OS Command Injections
- Insecure File Uploads
- And their Mitigations
Client-Side Attacks
- Browser-based client-side attacks
- Java signed applet attacks
- SMB based client-side
- PDF, Excels, Word documents based client-side attacks
- Responder
Buffer Overflow Exploitation
- Fuzzing
- Debugger
- DEP ASLR
- Crashing
- Registers
- Controlling EIP
- Bad Characters
- Space for Shellcodes
- Finding Return address
- Generating a shellcode with msfvenom
- Getting Shell on the box
Metasploit Framework
- Installing or updating
- User Interfaces
- Exploring Auxiliary module
- Exploring Exploit module
- Metasploit Payload module
- Searchsploit Exploit-DB
- Staged vs. Non-staged payloads
- Meterpreter
Web Shells | MsfVenom | Malware frameworks
- Web Shells
- Uploading and Executing different types of web shells
- ASP, PHP, Java, Cold-fusion, Perl Web Shells
- Payload Generators
- MSFVenom
Port Redirection and Tunneling
- Port forwarding and redirections
- SSH tunneling
- Local port, Remote Port and Dynamic port forwarding
- HTTP Tunneling benefits
- Proxychains (Chaining multiple proxies)
- Metasploit port forwarding
- Plink
- Other proxy tools
Privilege Escalation
- Linux and Windows Privilege Escalation
- Vertical Privilege Escalation
- Horizontal Privilege Escalation
- Misconfigured File permissions
- Kernel Exploits
- Automated scripts to privilege escalation
System Hardening
- Securing Windows
- Windows Password profiling
- Updating and Patching Windows
- Files Permissions
- User Access Control
- Linux Server Hardening
- Securing sensitive and configuration files
- Updating and Patching system and services
- Configuring Secure CMS
IDS | IPS
- Intrusion Detection Systems
- Firewalls
- Intrusion Prevention System
- WIPS, WIDS
- Snort
Android Hacking
- Understanding Android OS
- Rooting Android
- Installing the Xposed Framework
- Installing Hacking tools
- Creating malicious APK with msfvenom
- APK binding and signing.
- Hacking Android with Metasploit
- Hacking Android with other tools
Report Generation
- Sample Reports
- Report generation tools
- Maintaining Important links and texts in report generation
Miscellanies
- Making Bootable Pen-drive
- GNS3
- USB Password Sniffing APK
Why Truephers’ Training
Goodies Takeaway
Our Students’ Reviews
[grw id=”2534″]
Frequently asked Questions
This course is not for everyone, this course requires a very high understanding of how computers work and their logic, a burning desire to be a hacker and to learn continuously. In Cyber Security, you should possess these things, a burning desire to be a hacker of all times, passions while learning and doing, reading habit, problem-solving rather than leaving, and always learning nature. If you possess these qualities then you are ready to go.
This course does require some prerequisites, like a basic understanding of computers, you should be familiar with computers and its operating systems like Windows. In this course, you will learn all the basics things that are required to make a strong base to start to learn actual penetration testing and the advanced things to actually perform penetration tests. In this course, you will learn the basics of networking, Linux operating systems, virtualization, information gathering, vulnerability assessment, and exploitation. We will learn web app penetration testing, network & WiFi penetration testing, and basic stack/buffer overflow.
The answer to this question is big no, just kidding. But many young aspirants enter into this field and they think, there are some techniques and tools that they should use to hack into any available machine on this planet, but this is wrong. Penetration Testing requires a very deep understanding, a lot of learning and research work with computers to reap the fruit of pawning systems and applications. The course we are providing is very much sufficient to provide you a job if only you dedicate yourself to it. We are guaranteed you to get a job in Cyber Security, but it all depends on your hard work, learning ability, and a burning desire.
The short answer is YES, you should require to learn at least one coding language like C, C++, or Python. It does not require to be an expert in coding, but at least an understanding of how to code basically is a must. There is a big reason behind it, that implements in all worldly work, it is if you don’t know how the thing works at the back then you don’t even know how to make, repair or HACK it. For example, if you know how to code basic PHP pages, then only you understand some web application bugs like RFI, LFI, PHP object injections, and SQL injections.
Post COVID-19 would be a Cyber Security era. Everyone during COVID-19 is making their business to run online, this must require them to make their businesses and clients make and feel safe online. There is a huge scope in Cyber Security as we can see that online hacking, online frauds, and online security awareness demands a lot of manpower. The more and new cyber risks are evolving daily, a lot of new attack vectors and malware or ransomware attacks are increasing daily. The more business went online, the more manpower it will require to comply with cyberattacks also 80% of cyber attacks happened on small and medium-sized businesses.
Your complete journey with us would be like this. Simply register online with us by filling the online Google form and submitting the required documents at info [AT] truephers.com email id and submit the INR 1000/- as a registration amount through our online payment page. We will contact you by email or telephonically to announce the batch starting date and timings. The classes can be online or offline at the student’s choice. The classes will be led by certified ethical hackers only. The classes can be from Monday to Friday of up to 2 hours or from Saturday & Sunday of up to 5 hours each day. You will be provided with a highly detailed and specially crafted book for your full course to make you more comfortable during learning. There would be an online quiz after completing each module. After completing the full course you will be asked for an online exam date. The online practical examination is the real way to find your ability to hack. You can email for further questions on the online practical exam at info [AT] truephers.com. After the completion of the online exam, you will be rewarded with the Truephers Certified Penetration Tester exam certificate. Our relation with the student does not end here, we will provide full job assistance through our online portal and our online social media pages. The learning penetration testing and cybersecurity would be great fun for you as the teaching is for us.