Autoplay
Autocomplete
Previous Lesson
Complete and Continue
The Complete Pentest+ Course [PT0-003]
0. Welcome to The Complete Pentest+
0.1 Course Overview and Expectations (11:10)
1. Pre-Engagement
1.1 Standards, Frameworks, and Regulations (16:41)
1.2 Rules of Engagement (17:29)
1.3 Agreements (15:48)
1.4 Scoping an Engagement (12:28)
1.5 Types of Pentests (24:10)
1.6 Responsibility Models (17:49)
1.7 Ethical and Legal Regards (18:33)
1.8 Customer Communication (15:57)
1.9 Pentesting Frameworks (18:38)
1.10 Mitre ATT&CK (9:40)
1.11 OWASP Top 10 (13:59)
1.12 OWASP Mobile Application Security (13:28)
1.13 Purdue Model for ICS Security (14:22)
1.14 Threat Modeling Frameworks (20:43)
2. Recon and Enumeration
2.1 Passive vs. Active Recon (16:08)
2.2 OSINT (17:15)
2.3 Network Recon and Enumeration (28:20)
2.4 Certificate Transparency Logs (8:44)
2.5 Information Disclosure (9:33)
2.6 Search Engine Recon (12:59)
2.7 HTML Information Scraping (7:58)
2.8 Web App Recon and Enumeration (13:18)
2.9 Enumerating Shares (11:26)
2.10 Wifi Recon and Enumeration (9:58)
2.11 Developing the Attack Path (10:18)
2.12 Scripting 101 (20:51)
2.13 Spiderfoot (13:09)
2.14 Maltego (18:17)
2.15 Recon-NG (14:22)
3. Vulnerability Assessment
3.1 Containers (16:10)
3.2 SAST and SCA (12:21)
3.3 DAST and IAST (19:55)
3.4 Vulnerability Scanning Networks (19:49)
3.5 Vulnerability Scanning Active Directory (17:17)
3.6 Vulnerability Scanning ICS (13:44)
3.7 Analyzing Vulnerability Assessment Results (15:34)
3.8 Physical Security Assessments (11:36)
4. Exploitation
4.1 Target Prioritization and Preparation (24:42)
4.2 Attacking Weak Network Credentials (24:17)
4.3 OAUTH and OIDC Attacks (19:38)
4.4 SAML Attacks (22:37)
4.5 Web App Login Brute-Force Attacks (27:25)
4.6 Directory Traversal and File Inclusion Attacks (17:26)
4.7 Server-Side Request Forgery (SSRF) (16:18)
4.8 Cross-Site Scripting (XSS) (10:48)
4.9 Session Hijacking (16:17)
4.10 Cross-Site Request Forgery (CSRF/XSRF) (7:49)
4.11 Deserialization Attacks (15:48)
4.12 SQL Injections (SQLi) (33:07)
4.13 Command Injection (10:55)
4.14 Server-Side Template Injection (SSTI) (20:03)
4.15 Insecure Direct Object Reference (IDOR) (8:45)
4.16 Arbitrary Code Execution (10:08)
4.17 API Abuse (28:39)
4.18 JSON Web Token (JWT) Attacks (19:38)
4.19 WordPress Attacks (24:57)
4.20 Common Cloud Attacks (26:00)
4.21 Pacu (20:23)
4.22 Common Wifi Attacks (24:59)
4.23 Cracking WPA (18:56)
4.24 Social Engineering Attack Types (13:40)
4.25 Social Engineer Toolkit (SE-Toolkit) (15:07)
4.26 GoPhish (14:15)
4.27 Evilginx (21:12)
4.28 BeEF XSS Framework (15:18)
4.29 Mobile Device Attacks (20:10)
4.30 Basic AI Attacks (20:24)
4.31 Common OT and ICS Attacks (17:24)
4.32 Bluetooth, RFID, and NFC Attacks (15:36)
4.33 Automating Initial Access (12:10)
4.34 Breach and Attack Simulation (BAS) (14:34)
5. Post Exploitation
5.1 Windows Privilege Escalation (28:18)
5.2 Linux Privilege Escalation (26:05)
5.3 NTLM Attacks (17:47)
5.4 Kerberos Attacks (27:38)
5.5 Password Cracking Tools and Techniques (15:08)
5.6 Cracking Password Hashes (19:42)
5.7 Maintaining Persistence (28:06)
5.8 Lateral Movement and Pivoting (18:45)
5.9 Staging and Exfil Tools and Techniques (21:39)
5.10 Clean-Up (7:23)
6. Post Engagement Activities
6.1 Pentest Final Report (26:00)
6.2 Findings Remediation and Mitigation (22:32)
1.11 OWASP Top 10
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock