Pentesting Practitioner

Level: Intermediate

With instructor led learning covering topics ranging from understanding risk to compromising systems, pentesting practitioner prepares candidates for a career in cyber security. Students will learn from hands-on labs and guided discussions to ensure that they are able to take these skills and apply them in real world situations.


What Will You Learn?

  • Pentesting Practitioner provides the opportunity to learn how to conduct a security assessment of both computer systems and web applications using a range of tools and techniques


  • Students are taught how to identify the attack surface of a target, exploit vulnerabilities and take advantage of misconfigurations

Who Should Attend?

Both industry transitioners along with those looking to improve their careers in computing/cyber security should consider this course.

Typical candidates consist of:

  • Security Analysts
  • Consultants Prepping for CHECK Team Member exams
  • Network Engineers
  • System Administrators
  • Industry Transitioners

Recommended Prerequisites

While the course teaches computing concepts such as the OSI model and networking, it is recommended that students have a brief understanding of these topics and can understand how IP communication works.

It is required that all students are comfortable with whatever testing OS they choose to use and can comfortable with command line interfaces


Hacking methodologies

  • Understanding the motivation behind attackers
  • Understanding the process of a successful hack

Legal Considerations

  • Making sure you stay on the right side of the law
  • UK laws regarding hacking

Understanding Risks

  • What is a risk?
  • How to categorise and rank risks
  • What/Who is a threat

Networking and Scanning

  • Host discovery with security tools
  • Port scanning with Nmap
  • Identifying commonly used protocols and testing for misconfigurations/vulnerabilities

User Security

  • Cracking Windows or Linux passwords
  • Understanding file permissions
  • Token stealing


  • The difference between symmetric and Asymmetric encryption
  • How web applications encrypt traffic
  • Common misconfigurations

Web Application Security

  • An overview of the OWASP top 10
  • Practical steps of conducting an application assessment

Security Policies

  • How security policies can increase security
  • Understanding techniques to reduce risks through policy and procedure


  • Scanning environments for vulnerabilities
  • Identifying common misconfigurations


  • Understanding Metasploit exploits and auxiliary modules
  • Why to choose different shell types
  • How payloads work