Ethical Hacking Professional (EHP)

The course is structured into eight core units covering all critical areas of ethical hacking:

1. Fundamentals of Pentesting and Ethical Hacking

• What is a hacker? Types and classifications.
• Hacking vs. ethical hacking.
• Introduction to Pentesting: phases, methodologies, and testing types.
• Frameworks: PETS, OWASP, MITRE ATT&CK.
• Security tools: IDS, VPN, firewalls, honeypots, SIEM, backup, and recovery.

2. Social Engineering

• History and fundamentals of social engineering.
• Types: phishing, spear phishing, vishing, smishing, whaling, baiting, scareware, pretexting.
• Common channels and attack methods.
• Prevention and control measures: awareness, training, phishing campaigns.

3. Passive and Active Reconnaissance

• Passive reconnaissance: OSINT, Google Hacking, DNS collection, Whois, Shodan.
• Active reconnaissance: network scanning and enumeration, open ports, service detection.

4. Network Scanning and Analysis

• Network analysis tools: Ping, Traceroute, ICMP, TCP flags, and handshakes.
• Lab setup: installing VMware, Kali Linux, Metasploitable 2 and 3.
• Using Nmap: basic and advanced scans, OS detection, firewall evasion, performance tuning.

5. Vulnerability Analysis

• Understanding vulnerabilities and CVSS scoring.
• Automated scanning with Nessus and ZAP.
• Manual scanning using Nmap scripts.

 6. Exploitation

• Using Metasploit: basic commands, exploit search, executing meterpreter sessions.

7. Attack Techniques

• Types of attacks: malware, spoofing, man-in-the-middle, DDoS, SQL injection, phishing, etc.

8. Reporting and Findings

• How to write professional executive and technical reports.
• Communicating findings with actionable mitigation recommendations.