VAPT Methodology : Cyber-kill chain: Reconnaissance and Information Gathering : OSINT, Breached credentials, Subdomain brute forcing, Directory scanning. Scanning and Enumeration : Scanning and exploiting open ports and services, Scanning for potential exploits in public vulnerability databases. Exploitation Basics : Metasploit, Gaining access to machines using vulnerabilities, Custom exploitation scripts, Password brute forcing, Password spraying. Active Directory : LLMNR poisoning, SMB relays, IPv6 DNS takeovers, pass-the-hash/pass-the- password, token impersonation, kerberoasting, GPP attacks, golden ticket attacks. Maintaining access : Reverse shell, file transfer. Web Application Penetration Testing. Automated Vulnerability scanners: Nessus, NMap, Metasploit, Acunetix. Report Writing : Statements of Work, Rules of Engagement, Non-Disclosure Agreements, and Master Service Agreements

1. Bugcrowd, “The Ultimate Guide to Penetration Testing”, 2020 edition
2. HackerOne, “Web hacking 101”

• CO1. Familiarization with cyber kill-chain (Reconnaissance, Scanning and Enumeration, Exploitation, Privilege escalation, Maintaining access etc)
• CO2. Understanding the usage of industry standard tools used as a part of the VAPT process such as Metasploit, nmap, Nessus
• CO3. Ability to perform pentest a target and generate a report based on the test