Key Sessions

Planning and Scoping
-Understand legal and regulatory implications to ensure compliance during penetration testing.
-Define the scope and objectives of penetration tests, including identifying key stakeholders and establishing communication protocols.
-Evaluate governance, risk, and compliance (GRC) concepts relevant to penetration testing and organisational security.
-Demonstrate an ethical hacking mindset with a focus on integrity, confidentiality, and availability of data.
-Prepare engagement contracts that define the boundaries and limitations of the penetration test.

Information Gathering and Vulnerability Scanning
-Perform passive and active reconnaissance to gather information on targets without being detected.
-Utilise various vulnerability scanning tools and techniques to identify vulnerabilities within systems and networks.
-Analyse the output from reconnaissance and vulnerability scans to prioritize targets for further exploitation.
-Understand the role of vulnerability management programs in identifying and mitigating vulnerabilities.
-Conduct social engineering tests to gather additional information or gain access to systems.

Attacks and Exploits
-Execute network-based attacks, including exploiting misconfigurations and vulnerabilities in network services.
-Conduct wireless and application-based attacks to penetrate Wi-Fi networks and web applications.
-Utilise social engineering techniques for manipulation and gaining unauthorised access.
-Perform post-exploitation techniques to maintain access, escalate privileges, and gather more sensitive information.
-Explore vulnerabilities in cloud technologies and execute attacks tailored to cloud-based environments.

Reporting and Communication
-Analyse penetration testing findings to identify critical vulnerabilities and the impact on the organisation.
-Develop comprehensive penetration testing reports that detail the findings, methodologies, and outcomes of the test.
-Communicate effectively with stakeholders, including technical staff and senior management, to explain the risks and necessary remediations.
-Recommend remediation strategies for identified vulnerabilities to improve the organization’s security posture.
-Address legal and compliance issues in reports to ensure the organization understands its regulatory obligations.

Tools and Code Analysis
-Identify and use various tools and technologies throughout the phases of a penetration test, including reconnaissance, scanning, exploitation, and post-exploitation.
-Analyse scripts and code samples for malicious content or vulnerabilities that could be exploited.
-Understand the applications and limitations of penetration testing tools to select the most effective ones for each phase of the test.
-Explain the use cases for scripting in automation of tasks during a penetration test.
-Evaluate the security of scripts and coded applications as part of the overall security assessment of an organisation.