Here's what you learn through our ISAC-Certified
Penetration Testing & Bug Bounty Researcher Courses
Day 1
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
Day 8
Day 1
Introduction
- Types of Hackers
- CIA Triad
- Hands on Computing
- Some Basic Terminologies
- Setting Up your Hacking environment
Networking
- OSI Model
- TCP/UDP Model
- TCP/IP Model
- Ports and Services such as SSH FTP HTTP HTTPS SMTP
- Nmap & Nmap Scripts
- Wireshark
- Honeypots
Day 2
Linux Basics and Shell Scripting
- Basic Linux Commands
- Linux Booting Process
- Linux Run Levels
- Linux File Structure
- Linux Permissions
- Basics of Bash Scripting
- Netcat
Cryptography and Steganography
- Symmetric Encryption
- Asymmetric Encryption
- Hashing
- SSL TLS
- Encoding Decoding
- Steganography and different types
- Steghide
Day 3
Password Cracking
- Wordlists
- Creating Custom Wordlists using Crunchbase
- Hydra for Password Cracking
- John the Ripper
- Metasploit for SSH password cracking
- Cyber Chef
- Rainbow Tables
Malwares and Trojans
- Different types of Malwares
- Different Types of Bombs
- Dos and DDos Attacks
- MAC Changer
- Deepweb & Darkweb
- TOR
- Onion Websites
Day 4
System Hacking
- Introduction to Metasploit
- Creating payloads using Metasploit
- Reverse Listeners
- Linux and Windows Exploits
- Uploading a Backdoor
Android Hacking
- Attack Killchain
- Android Hacking
- Android Hacking with backdoor
Day 5
Social Engineering Attacks
- Different Social Engineering Attacks
- Phishing and Types with Practical
- IDN Homograph Attack
- Email Spoofing
- ShellPhish
- Social Engineering Toolkit (SET)
WiFi Hacking
- Introduction
- Rogue Access Point
- WPA2 Cracking
Day 6
Introduction to Web Pentesting
- OWASP Top 10
- 2013 v/s 2017 v/s 2021
- CVSS
- Introduction to Bug Bounty
- Installation of Burp Suite
- Basic Authentication Attacks
- SQL Injection
- XSS
- Session Hijacking & Fixation
Day 7
Information Gathering
- Google Dorking
- Tools
- The Harvester
- Whois Enumeration
- DNS Enumeration
- Black Widow
- Sherlock
- Subdomain Enumeration
Day 8
IoT Search Engines & Reconnaissance
- Shodan
- Censys
- Reverse Whois
- Waybackurls
- Github Dorking
- Tips & Tricks
- Capstone Project
Day 1
Day 2
Day 3
Day 4
Day 5
Day 6
Day 7
Day 1
- Top 10 Rules for Bug Bounties
- What is Bug Bounty & Basics
- VAPT vs Bug Bounty
- Motivation
- Google Dorking
- Become Author of Google Dorks
- OWASP 2013 vs 2017
- XSS & Techniques
- Reflected XSS
- Stored XSS
- DOM XSS
Day 2
- Burp suite Lab Setup
- Owasp ZAP vs Burp suite
- Authentication Bypass
- OTP Bypass
- Captcha Bypass
- Rate Limiting Attack
- Race Conditions Attacks
Day 3
- CSRF Attacks & Techniques
- Open Redirect Attacks
- Cross Origin Resource Sharing Attacks
- Click Jacking Attacks
- Sensitive Data Exposure Attacks
Day 4
- HTML Injection Attacks
- Broken Link Hijacking
- Session Hijacking
- Session Fixation
- Failure to Invalidate Session
Day 5
- SQL Injection Attacks using SQL map
- Server Side Request Forgery
- Local File Inclusion
- Remote Code Execution
- Wayback archive
Day 6
- Shodan
- Censys
- Greynoise
- Github Recon
- Automation using bash
- Subdomain Enumeration
- Subdomain Takeovers
Day 7
- Fuzzing Web Application
- Report writing
- Reporting Templates
- Pentesing / Bug Bounty Checklist
- Mindmaps
- Tips and Tricks
- Ethics in Bug Bounty
- Clean Exit Code of Conduct
- Capstone Project
- How to kick start your bug bounty journey
/shifa
