EFFORT
4-8 WEEKS
40h trainer-led
FORMAT
Self-paced
or instructor-led
CERTIFIES
City & Guilds
Assured
PREREQUISITES
Intermediate
Basic Networking Knowledge, Cybersecurity Foundation, Linux Commands
For teams & organizations — volume pricing, instructor-led delivery, custom scenarios.
1,600
ZX301 – Penetration Testing
Valid for 6 months
// ZX OFFENSE · LEVEL 3 · ZX301
Penetration Testing
Find and exploit vulnerabilities
Master the methodical approach to identify and exploit system vulnerabilities, using professional tools and techniques for ethical hacking and security assessment.
Overview
This course provides comprehensive training in offensive security testing, covering the full penetration testing lifecycle from reconnaissance through exploitation to post-compromise activities. Students learn to identify, exploit, and document system vulnerabilities using industry-standard tools including Nmap, Metasploit, and Burp Suite. The curriculum targets security professionals and ethical hackers seeking to simulate real-world attacks, perform vulnerability assessments, and strengthen organizational defenses. Participants gain hands-on experience with network exploitation, web application testing, and social engineering tactics used in modern penetration testing engagements.
Learning Objectives
By the end of this course, students will be able to:
-
Conduct passive and active reconnaissance using OSINT sources, DNS enumeration, and domain intelligence gathering tools
-
Perform comprehensive network scanning and service enumeration to map attack surfaces and identify potential entry points
-
Execute exploitation techniques including brute force attacks, database exploitation, and trojan deployment against vulnerable systems
-
Generate and deploy custom payloads using Msfvenom for multiple platforms and establish Meterpreter sessions for advanced system control
-
Escalate privileges, establish persistence mechanisms, and pivot through compromised networks during post-exploitation phases
-
Design and execute social engineering campaigns leveraging phishing, impersonation, and psychological manipulation techniques
-
Identify and exploit common web application vulnerabilities including SQL injection, XSS, and file inclusion flaws
-
Utilize professional penetration testing tools such as Burp Suite, OWASP ZAP, and Metasploit Framework to assess web application security
Course Modules
-
Information Gathering
This module covers reconnaissance techniques essential to the penetration testing lifecycle, including Whois lookups, Dmitry queries, and DNS enumeration for mapping network topology. Students learn to extract domain registrar data, organizational information, and digital footprints using advanced Google Hacking Database (GHDB) queries and subdomain discovery techniques. These passive and active reconnaissance methods form the foundation for identifying potential attack surfaces and planning subsequent testing phases.
-
Scanning
Students master network scanning using Nmap to detect open ports, running services, and operating system fingerprints on target systems. The module covers scan types, timing options, and evasion techniques necessary for stealthy reconnaissance. Students learn to interpret scan results and leverage Nmap Scripting Engine (NSE) capabilities to extend scanning functionality for deeper network analysis and vulnerability detection.
-
Enumeration
This module focuses on extracting detailed system information from discovered services and hosts to support attack planning. Students learn to enumerate SMB shares, SNMP data, user accounts, and network resources using specialized tools and NSE scripts. Enumeration techniques bridge the gap between initial scanning and active exploitation by identifying specific software versions, configurations, and potential entry points.
-
Exploitation
Students execute practical attacks against vulnerable systems using brute force password cracking, pre-existing exploits from databases, and trojan deployment techniques. The module covers both manual exploitation methods and automated frameworks for leveraging documented system weaknesses. Students gain hands-on experience with reverse and bind shell connections, exploiting authentication weaknesses, and maintaining stealth during active compromise attempts.
-
Meterpreter
This module explores the advanced Meterpreter payload, an extensible framework that provides comprehensive post-exploitation capabilities on compromised systems. Students learn to establish Meterpreter sessions, execute commands in memory without touching disk, and leverage built-in modules for credential harvesting, network pivoting, and lateral movement. The module emphasizes Meterpreter's ability to maintain persistent access while evading detection through in-memory operation and encrypted communications.
-
Payloads
Students master payload creation and delivery using Msfvenom, generating customized shellcode for multiple platforms including Windows, Linux, and mobile operating systems. The module covers payload encoding, obfuscation techniques to evade antivirus detection, and automation strategies for streamlining payload generation workflows. Students learn to embed payloads in various file formats and establish reliable command-and-control channels for remote system access.
-
Post Exploitation
This module covers activities performed after successful system compromise, including privilege escalation using local exploits, lateral movement to access additional network resources, and establishing persistence mechanisms across system reboots. Students learn techniques for disabling security controls, harvesting credentials, and maintaining access while minimizing forensic footprints. The module emphasizes practical tactics for maximizing the value of compromised systems in penetration testing engagements.
-
Social Engineering
Students learn to exploit human psychology and trust relationships through phishing campaigns, impersonation tactics, and psychological manipulation techniques. The module covers crafting convincing pretexts, designing effective phishing emails, and leveraging social engineering frameworks to bypass technical security controls. Students gain insight into how attackers target the human element and how organizations can defend against these non-technical attack vectors.
-
WebApp Security
This comprehensive module addresses web application security testing from HTML fundamentals through advanced exploitation techniques. Students explore the OWASP Top 10 vulnerabilities including SQL injection, cross-site scripting (XSS), local and remote file inclusion (LFI/RFI), and authentication flaws. The module includes hands-on practice with Burp Suite, OWASP ZAP, and Metasploit for identifying and exploiting web application weaknesses, deploying web shells, and manipulating database queries to access unauthorized data.
// Where you'll do all of this
You won't watch this.
You'll run it live.
Every module above is executed inside Cyberium Arena — real tools on real nodes, deployed on the live internet, with live threat intelligence running from your first login. Not a sandbox. Not a VM. Not a video.
Live Internet
Real Tools
Sand Box
VM
Delivery and Assessment
The course delivers hands-on learning through practical labs where students conduct simulated penetration tests in controlled environments. Participants work with real-world attack scenarios across network infrastructure and web applications, using professional-grade tools to identify and exploit vulnerabilities. Assessments measure students' ability to execute complete penetration testing engagements from reconnaissance through reporting.
Certification
Certificate of completion. This course prepares students for the ThinkCyber Penetration Testing certification, accredited by City & Guilds.
1,600
ZX301 – Penetration Testing
Valid for 6 months
Ready when you are
Trusted since 2016 — national police, military cyber units & Fortune 500 teams · City & Guilds Assured