Contact US : +919999508202 [email protected]
Select Page

junior pentester masterclass

Certcube Junior pentester training is a real-world certification program for beginners Who wants to understand the Cybersecurity ecosystem. Cybersecurity is a multi-layered domain, For beginners, it’s very much difficult to choose the right domain of cybersecurity as per their interest ,to solve this issue we have designed this Junior Pentester training.

Many of the high-profile businesses need Infosec professionals to scale up the business and defending information technology. Some of the top fortune 500 Companies like Apple, Google, and others are hiring certified ethical hackers to pentest their security measures to help them find loopholes and to make their products more trustworthy. They often offer many funds to anyone who can find a weakness.

The candidate will start learning with the layered approach like the training starts from the basics of networking, Cybersecurity standards, and global frameworks to understand the working flaw of the cybersecurity teams. We have heavily focused on different areas of pentesting like internal network & external network security, web application critical threats, cloud computing & attacks and at the end we have added an special defensive security module to understand the attacks and detecting the attacks in real time.

We will start by building up your basics and take your skills to an intermediate level with this real-world focused approach. Many Case Studies and use- cases will be coverup as per the specific domain in the curriculum. 

The end Goal of this training is make individuals comfortable with tools and techniques to perform the Attacks/Defense with an holistic approach.

 

Junior pentester masterclass training

training modules

Foundations of cyber security

  • What is Information Security?
  • Role of Information Security in Today’s Era
  • The ‘AIC’ Triad
  • The ‘AAA’
  • The DIKW model
  • Types of cybersecurity Teams and Responsibilities
  • Corporate VAPT Phases
  • RoE and Scope of the project Concepts
  • Understanding basic IT security Terminologies
    • RISK
    • THREAT
    • Vulnerability
    • Exploit
    • Payload
    • Zero-Day
  • Vulnerability Assessment
    • What is VA and how it is useful in assessments ?
    • Vulnerability Scoring Systems
      • Common Vulnerability Scoring System (CVSS)
      • Common Vulnerabilities and Exposures (CVE)
      • National Vulnerability Database (NVD)
      • VA Reports & Analysis of Reports
  • Penetration Testing Terminologies
    • Why Penetration Testing is important ?
    • Types of Penetration Testing in IT security Industry 
    • Comparing Security Audit, Vulnerability Assessment, and Penetration Testing
    • Concept of Red Teaming ,Blue and Purple Teaming
    • Role of AI/ML in Cyber Security

OSINT FOR PENTESTERS

    • Techniques in Social Engineering
    • Hands-on lab – Social Engineering Toolkit and Gophish customizations
    • Hands on lab – Spear phishing assessment scenarios
  • Reconnaissance and OSINT techniques
    • What is Reconnaissance?
      • Concept of Footprinting
      • Ways to Footprint
        • Google Dorks
        • Google Hacking Database
        • SHODAN
        • Gathering Information via People Services
        • Gathering Information via Job Sites
        • Gathering Information via Financial Services, e.g. Google Finances
        • Gathering Information via Alerts, e.g., Google Alerts
        • Gathering Information via blogs & other public websites
        • Gathering Information via Social Media Platforms
        • Website Footprinting
        • Email Footprinting
        • Competitive Intelligence
        • WHOIS Footprinting
        • DNS Footprinting
        • Network Footprinting
      • Hands-on Lab – OSINT Framework
      • Hands-on Lab – SpiderFoot
      • Hands-on Lab – Maltego
      • Hands-on Lab – SocialMapper
      • Hands-on Lab – PII hunting
      • Hands-on Lab – Mapping social security of an enterprise.

Hands-on PENETSTING PRIMER

  • Information Security Policies
  • Information Security Laws & Standards
  • Subnetting and NAT networks
  • TCP/IP-based stack models
  • Hands-on lab – Windows OS basics and CLI usage
  • Hands-on-lab –  Kali Linux Essentials
  • Hands-on lab – Pentesting Lab Setup
  • Enumerating various enterprise TCP and UDP services
  • Network packet sniffing & customization with Scapy
  • Packet analysis with Wireshark
  • NMAP enumeration basics
  • Different Scanning Techniques in NMAP
  • Advanced NMAP Scanning Techniques to evade detections
  • Port Scanning Countermeasures
  • Hands-on lab – Enumeration and Scanning of various services in a Lab Environment.
  • Hands-on lab – VA Tools for Network Scanning
    • Qualys Vulnerability Management
    • Nessus Professional
    • GFI-LANGuard
    • OpenVAS
    • Retina CS
  • Exploitation & Post-Exploitation attacks
    • Basics of Command and Control frameworks
    • Metasploit and Covenant for pentesters
    • Shellcode generation for gaining initial access
    • Hands-on lab – Generating the malicious Documents for initial access
    • Hands-on labs – Infrastructure pentesting with Metasploit and havoc c2 framework

wireless and IOT pentesting

  • Understanding 802.11-based Networks and Designs
  • Attacking Open Wireless Network
  • Hands-on Lab –  ClientLess Wi-Fi attacks
  • Hands-on Lab – Wi-Fi phishing
  • Hands-on Lab – WPA and WPA2 Cracking
  • Understanding PSK, TKIP, EAP, PEAP
  • Hands-on Lab – EvilTwin Attack
  • Introduction to IoT
    • IoT Architecture
    • IoT attack surfaces
  • IoT Protocols Overview
    • MQTT
    • Protocol Internals
    • Reconnaissance
    • Information leakage
    • Hands-on with open-source tools
  • Understating the Bluetooth Low Energy and Protocols
  • Hands-on Lab – BLE attacks
  • Hands-on Router firmware Pentesting
  • Hands-on Lab – IoT Pentesting automation

web application pentesting

  • Global Standards/Frameworks
    • CWE
    • WASC
    • NIST
    • OWASP
  • Introduction to web fuzzing and fuzzing web technologies
  • Understanding the web proxies and tools 
  • Hands-on Lab – Burpsuite – 101
  • Hands-on lab – Web Application Scanners
    • Netsparker
    • Acunetix
    • IBM AppSec Scan
  • Open source Tools and Testing Methodologies
    • Sqlmap
    • OWASP OWTF
    • OWASP ZAP
  • Attacking web applications as per OWASP testing guidelines
  • Hands-on Lab – Critical web application attacks 
  • Hands-on Lab – CMS Pentesting

cloud security and SOC primer

  • Cloud Deployment Models
  • NIST Cloud Deployment Reference Architecture
  • Cloud Computing Benefits
  • Separation of Responsibilities in Cloud
  • Hands-on Lab – Building Instances and VPC Networks
  • Hands-on lab – Building an cloud-pentesting lab
  • Hands-on Lab – Attacking misconfigured storage units
  • Introduction to SOC
    • SIEM basics
    • Logs and correlation
  • Splunk Fundamentals
  • Hands-on lab – Splunk Deployment
    • Network Monitoring
    • enterprise event management
  • Final  Attack – Defense workshop
    • Day 1 – Attacking and Investigating Network in Splunk
    • Day 2 – Attacking and Investigating Web in Splunk
who should attend this training?
  • Absolute Beginners
  • Collage Students
  • Anyone who willing to learn cyber security
what is duration of this training

The duration of windows security and administration is 50 hours.

How many days classes with be organized in a week ?

The instructor-led sessions are based on 3 days a week with 2 hours of duration. 

Weekend Sessions are also available for working professionals.

Can i take a demo before the training ??

yes, you can take a free demo and complimentary assistance for your career with our specialist trainers.

Any prerequisite for Windows security and active automation training ?

The person should familiar with basic windows operations

How to register for this training ?

Please drop your inquiry at [email protected]  or call +919999508202 for more assistance .

Can i take training in fast-track mode ?

Yes, we have 7 days of sessions for fast track mode learners. 

Testimonials

Today I’ve completed my one 2 one online training by Mr Naresh sir from Certcube Labs .
This is the first time I have attended a class in this format and wondered how effective it would be. It was very effective and therefore I would definitely be interested in attending other classes in the same format. The instructor was very knowlegeable and provided a wealth of information about the current version, especially since the last version I used was several releases ago.
Satyam Singh

BCA, Delhi University

Best place to learn. It helps to build confidence, professionalism and helped me a lot to learn about corporate. They helped me a lot to clear my fundamentals and each domain and would like to learn and enrolled for more programs now. I took admission in their CCEH Program. Now next target is CISP

Amandeep

Btech, Delhi University

We're Here To Help!

Office

3500 , 1st Floor , Raja Park , New Delhi -110034

Hours

M-S: 10am - 11pm