Authorized penetration testing: methodology, recon, scanning, web + network + AD + cloud pentesting, phishing, reporting, continuous pentest programs.
This is the course for builders who want to test systems the way real adversaries do — under authorisation, with documented scope, and with deliverables that change behaviour. The course walks the full pentest workflow: pre-engagement methodology (RoE, PTES, threat modelling, OPSEC), reconnaissance (OSINT, subdomain discovery, secrets recon), scanning + enumeration (nmap, Nuclei, web fuzzing), web pentesting (Burp Suite, manual auth bypass, API + GraphQL), network pentesting + lateral movement (Wireshark, pivoting, credential harvesting), Active Directory attacks (BloodHound, Kerberos, ACL abuse), cloud + Kubernetes pentesting (IAM, IMDS, CloudGoat), authorised phishing campaigns (GoPhish, MFA-resistance), reporting + program design, and continuous pentest models (purple teaming, BAS, internal red teams). Anchored in PTES, NIST SP 800-115, MITRE ATT&CK, OWASP Testing Guide, OSCP / OSEP reference material. Five capstones (you pick one): full pentest plan + RoE for an authorised target, network pentest on a HackTheBox box, full AD pentest on GOAD, end-to-end Juice Shop web pentest, design a continuous pentest program.
Built by Lakshya Kumar
Paste this into any AI chat. Fill in the bracketed parts with your context — you'll get back a straight answer on whether this belongs on your plate.
We grant free access case-by-case — students, career-switchers, builders on a tight budget. Sign in to send us a note.
Sign in to applyComplete all modules, then submit the required number of capstone projects. Each must earn a passing rating from an admin reviewer.
For an authorised target (yours or one you have written permission to test), draft: a Rules of Engagement document, a threat model for the target, a day-by-day engagement plan, the deliverable template, and the OPSEC plan. Walk through with a teammate as if you were pre-engagement.
Run an end-to-end web app pentest against OWASP Juice Shop. Use Burp Suite + manual techniques + sqlmap as appropriate. Produce a complete report: executive summary, 8+ findings with reproductions and CVSS scores, recommendations. Use a real public pentest report (Trail of Bits / NCC) as a structural template.
I am learning authorized penetration testing — pentest methodology (PTES, NIST SP 800-115), Rules of Engagement and ethics, reconnaissance (OSINT, subdomain discovery, GitHub secret hunting), scanning and enumeration (nmap, Nuclei, ffuf), web pentesting (Burp Suite, manual auth bypass, SQL/XSS exploitation depth, API + GraphQL), network pentesting (Wireshark, MITM in labs, pivoting via ligolo, credential harvesting with mimikatz), Active Directory attacks (BloodHound, Kerberoasting, ACL abuse, Golden/Silver tickets), cloud pentesting (AWS IMDS, S3 misconfigs, CloudGoat scenarios, Kubernetes via Peirates), authorised phishing campaigns (GoPhish, MFA-resistance), reporting (CVSS + EPSS + KEV), and continuous pentest programs (purple teaming, BAS via Caldera). Help me work through the actual mechanics with reference to PTES, MITRE ATT&CK, OWASP Testing Guide, and real-world tools — always under authorisation and within scope.
Complete an entire HackTheBox (or similar) box: initial recon → exploitation → privilege escalation → persistence (in lab) → reporting. Document the full attack chain. Write a network pentest report with severity-rated findings + architectural recommendations.
Stand up GOAD (Game of Active Directory) lab. Run a full pentest end-to-end: initial foothold (provided), enumeration via SharpHound + BloodHound, attack-path identification, exploitation (Kerberoasting, ACL abuse, etc.), reach Domain Admin. Document the entire chain and write a report with BloodHound-derived recommendations.
Design a continuous pentest program for an org (yours or hypothetical). Include: internal team vs external retainers, bug bounty integration, BAS (AttackIQ or Caldera), purple teaming cadence, detection-coverage targets, budget, metrics, and reporting. Produce a 5-page program-design document. Defend it to a stakeholder (real or simulated).
US government's pentest framework.