( eCPPT ) - Certified Professional Penetration Tester

Information Gathering & Reconnaissance (10%)

• • Perform Host Discovery and Port Scanning on Target Networks
  • Enumerate Information From Services Running on Open Ports

Initial Access (15%)

• • Perform Username Enumeration to Identify Valid User Accounts on Target Systems
  • Perform Password Spraying Attacks to Identify Valid Credentials for Initial Access
  • Perform Brute-Force Attacks on Remote Access Services for Initial Access

Web Application Penetration Testing (15%)

• • Perform Web Application Enumeration to Identify Potential Vulnerabilities & Misconfigurations
  • Identify and Exploit Common Web Application Vulnerabilities For Initial Access (SQLi, XSS, Command Injection, etc)
  • Perform Brute-Force Attacks Against Login Forms
  • Exploit Vulnerable and Outdated Web Application Components
  • Exfiltrate Data and Credentials From Compromised Web Applications and Databases

Exploitation & Post-Exploitation (25%)

• • Identify and Exploit Vulnerabilities or Misconfigurations in Services
  • Identify and Exploit Privilege Escalation Vulnerabilities
  • Dump and Crack Password Hashes
  • Identify Locally Stored Unsecured Credentials

Exploit Development (5%)

• • Develop/Modify Exploit Code For Initial Access and Post-Exploitation
  • Identify and Exploit Memory Corruption Vulnerabilities (Stack Overflow, Buffer Overflow)

Active Directory Penetration Testing (30%)

• • Perform Active Directory Enumeration
  • Identify Domain Accounts With Weak or Empty Passwords
  • Perform AS-REP Roasting to Steal Kerberos Tickets for Authentication
  • Perform Active Directory Lateral Movement Techniques (Pass-the-Hash, Pass-the-Ticket)
  • Obtain Domain Admin Privileges/Access