Advanced
Certification Program in
Penetration Testing
- Master the Art of Ethical Hacking
- Empowering Cyber Defenders with Cutting-Edge Skills
- Unlock Your Expertise in Advanced Security Testing
- Campus immersion programme at EICT Academy IIT Guwahati (only for successful learners)
Add the CEH v13 with AI or OSCC certification course at 50% OFF
Program Highlights and Advantages
Comprehensive Curriculum
Practical learning and Real-world exposure
Expert Guidance
Placement Assistance
About the program
We are offering a premier cyber security training program in India focused on penetration testing and vulnerability assessment. Developed in partnership with Offensive Security, an internationally renowned leader in cyber skills development, this program delivers their top-rated Penetration Testing with Kali Linux (PWK) course content.Students undergo intensive hands-on lab exercises mimicking real-world penetration tests. The training environment replicates the demanding OSCP certification exam scenario through a set of retired exam machines providing ample opportunity to hone skills across a variety of environments and systems.Successful course graduates emerge equipped with an arsenal of hacking techniques enabling them to evaluate enterprise security posture from an attacker’s perspective. Those who also clear the OSCP exam earn the coveted Offensive Security Certified Professional credential, opening doors to lucrative and impactful careers in the information security domain.
Book a Free Demo Class
Eligibility Criteria
- Graduate or working professional with a STEM background.
- The ones who are thinking about building a career in the field of cybersecurity.
- Basic understanding of computer networks and programming concepts.
- Familiarity with IT infrastructure and software development lifecycle
Who Can Apply?
To Apply, Candidates should meet the criteria of:
- Would have graduated a bachelor’s degree with 50% Marks minimum.
- No Need of any prior Experience
- No need of Programming Languages at this level
Applicants should have:
- Basic Computer Fundamentals: Operating Systems, Hardware Components etc.
- Network Fundamentals: Networking Protocols, Devices, Services etc.
- Network Devices Fundamentals: Routers, Firewalls, Switches functioning knowledge.
- Soft Skills: Effective communication and security awareness.
- Continuous Learning: Interest in staying updated with Cybersecurity trends and technologies.
Key Learning Outcomes:
- Get proper knowledge of the fundamental concepts, terminology, and technologies in Penetration Testing.
- Make sure to identify and analyzing data breaches and cyber attacks
Mobile Penetration Testing:
- Discover hidden vulnerabilities in iOS and Android apps by thinking like an attacker.
- Evaluate mobile security measures through technical analysis and customized tools.
- Lead comprehensive app assessments and provide remediation roadmaps.
- Share expertise with less experienced testers and development teams.
- Craft innovative app exploition techniques and embed them into automation frameworks.
- Anticipate emerging risks by tracking industry shifts and hypothesis-driven research.
- Strengthen the app ecosystem through open collaboration and published scholarship
Web Penetration Testing
- Evaluate website defenses with a hacker’s wariness for defects like injections and leaks.
- Craft thorough security reviews that plainly present risks and cures.
- Mechanize hazard hunting to enable efficient app introspection at scale.
- Advise coders on principles and patterns for building resilience into lines of code.
- Educate others on current bugs and protective best practices.
- Pioneer new approaches to web compromisation through continual investigation.
- Conduct code reviews and security assessments of web applications.
- Work with development teams to remediate identified vulnerabilities..
- Research new vulnerabilities and attack techniques in web technologies.
- Publish research findings and contribute to security communities.
- ⦁ Develop proof-of-concept exploits and testing tools.
Network Penetration Testing
- Secretly pierce networked perimeters to uncover structural vulnerabilities.
- Engineer stealth solutions and tactics tailored for infrastructure assessment.
- Present remediation blueprints to stakeholders with tactical prescience.
- Contribute testing tools and methods to an open cybersecurity toolbox
- Disseminate discoveries of novel network access vectors.
- Consult to harden network design according to proactive security principles.
- Conduct regular network security assessments and audits.
- Collaborate with IT teams to remediate identified vulnerabilities.
- Conduct research on new network vulnerabilities and attack vectors.
- Publish findings in security journals, blogs, or conferences.
- Develop and maintain network security tools and scripts.
Web Penetration Testing
- Understanding Web Application Architectures.
- Familiarity with Common Web Vulnerabilities.
- Proficiency with Web Penetration Testing Tools.
- Knowledge of Authentication and Authorization Mechanisms.
- Experience with Manual Testing Techniques.
- Report Writing Skills.
Cross-Disicipline Rolls
- Govern assessment projects end-to-end according to standardized processes.
- Formally establish and enforce testing criteria for consistent, quality outcomes.
- Model real breaches to evaluate security response readiness under pressure.
- Recommend policy improvements across technical, procedural and social domains.
- Foster the growth of junior infiltration specialists.
- Perform custom multi-faceted red team simulations.
- Simulate real-world attack scenarios to test an organization’s defenses.
- Work across different domains, including mobile, web, and network.
- Collaborate with blue teams to improve overall security posture.
- Develop and execute advanced penetration testing techniques.
Web Penetration Testing
- Understanding Web Application Architectures
- Familiarity with Common Web Vulnerabilities
- Proficiency with Web Penetration Testing Tools
- Knowledge of Authentication and Authorization Mechanisms
- Experience with Manual Testing Techniques
- Report Writing Skills
Mobile Penetration Testing(Android & ios)
- Understanding Mobile Application Architectures.
- Knowledge of Mobile Security Models
- Familiarity with Mobile Vulnerabilities
- Proficiency with Mobile Penetration Testing Tools
- Experience with Static and Dynamic Analysis
- Knowledge of Secure Coding Practices for Mobile
- Report Writing Skills
Cross-Discipline Learning Outcomes:
- Analytical and Critical Thinking Skills
- Problem-Solving Skills
- Communication Skills
- Ethical Hacking Principles
Future Job Roles After Program
Graduates of the cyber security program will be well-positioned to embark on exciting and impactful careers in information security such as:
Application Security Engineer:
Identify software vulnerabilities and architect robust solutions.
Network Security Engineer:
Manage firewalls, IDS/IPS, VPNs and allied infrastructure to safeguard networked environments
Mobile Security Engineer:
Conduct mobile app assessments and remediate mobile threats targeting iOS/Android platforms.
Penetration Testing Manager :
Oversee penetration test execution, quality assurance, process development and stakeholder engagement.
Security Consultant :
Advise on security best practices, conduct audits/assessments and coach clients on compliance and defense strategies.
Red Team Specialist
Simulate advanced attacks to challenge defenses through diverse tactics emulating hackers on mobile, web and network domains.
With rigorous skills training, program graduates can pursue rewarding roles and accelerate their career trajectory in this booming cyber security domain.
Who’s this program is for?
This program is designed to fulfill the upskilling requirements of undergraduate and graduating students specializing in BFSI, cybersecurity, and fintech fields who already have a basic technical understanding of cybersecurity. It is especially beneficial for those aspiring to pursue job roles/positions such as, but not limited to:
1. Ethical hacker
2. Network Security Consultants
3. Threat Hunters
4. Risk Assessment Analysts
5. Security Analysts
6. Junior Penetration Testers
7. Security Architects
8. Graduate students & working professionals
Application Submission: Step 1
Apply for the program by completing the application with one page cover letter stating your Interest and Qualifications for the program.
Application Review: Step 2
Admission Counselors will review applications and cover letter to Qualify your Application.
Admission:
Candidates admission will be confirmed by paying the program fee upon proper indication by the counselor or concern team/person.
Empowering Futures: E&ICT Academy, IIT Guwahati
E&ICT Academy, IIT Guwahati was established as an initiative of Ministry of Electronics and Information Technology (MeitY), Government of India to offer quality technology education programs. It aims to bridge the gap between academia and industry and fuel innovation. The Academy has developed advanced certification programs in collaboration with top industry leaders to help professionals gain in-demand skills.
Choose Your Preferred Learning Mode
Classroom Training
We offer customized VILT (Virtual Instructor-Led Training) sessions at your convenient hours to provide effortless training.
Online Training Class
One can also opt for the prerecorded video sessions available at any point of time from any particular location.
Corporate Training
Hire a preferred trainer at your work premises at your chosen time slots and train your employees with full efficiency.
Course curriculum
- Network Devices and Fundamentals
- Introduction to Cyber Security & Information Security
- Fundamentals of Ethical hacking Concepts
- Understanding Ethical Hacking Concepts
- CIA Triad, Hacker Terminologies
- Hacking Phases,
- Standards and Cyber Laws
- Penetration Testing concepts
- Return on Investment
- Vulnerability Assessment & Penetration Testing
- Red team Oriented PT vs Goal Oriented vs Compliance Oriented
- Types of Penetration Testing
- Methods & Areas of Penetration Testing
- Penetration Testing Methodology and Need for Methodology
- Overview of OSSTMM Methodology
- Adherence for Penetration Testing
RFP
Looking after RFP
Looking after Scope of work
Preparing Queries or Requirements for Pre-Bid Meeting
Attending Pre-Bid Meeting
Preparing Response for Proposal
List out the goals
Clarity of scope
Fill out the Questionnaires
Identify the type of Pen-test
Prepare Technical Proposal
Internal Team Preparation
Staffing
Costing
Duration of PenTest
Deliverables
Prepare Commercial Proposal
Proposal Submission
Rules of Engagement
Deciding Target Point of Contact
Frequency of Audit
Preparing Test Bed
Understand the Limitations and restrictions of Pen-Test
- Active and Passive Information Gathering Techniques
- OSINT through WWW
- OSINT through website Analysis
- OSINT through DNS Interrogation
- OSINT Automation with Tools/Frameworks/Scripts
- Scanning Concepts
- Scanning Techniques and Tools
- Scanning beyond Firewall
- Countermeasures
- OS and Service Fingerprinting
- Banner Grabbing and Tools
- Vulnerability Analysis
- Exploit Research
- Exploit Verification
- Footprinting
- Network Scanning
- Enumeration Concepts
- 12Vulnerability Assessment
- Exploit Making
- Windows exploitation
- Linux Exploitation
- Privilege Escalation
- File Extraction Techniques
- Clearing Tracks
- Buffer Over Flow
- Exploit Research
- Exploitation and Validation
- Man in the Middle Attacks
- Introduction to various tools – Wireshark, Cain & Abel, Ettercap,
- DNSSpoof, Sslstrip, YersiniaEncryption at Rest
- Attacking Methodology – ARP Poisoning, Dns Poisoning,
- SSL Stripping, DHCP Starvation Attacks
- Automating Internal Network Exploitation Techniques with Immunity
- Canvas
- Post Exploitation Reconnaissance
- Privilege Escalation
- Backdooring
- C2
- Data Exfiltration
- Firewall Security Assessment
- IDS Security Assessment
- Router Security Assessment
- Switch Security Assessment
- Firewall Security Assessment
- IDS Security Assessment
- Router Security Assessment
- Switch Security Assessment
- Introduction to Web Application, Web server Architecture
- Fundamentals of Application and Application server
- Information Gathering Techniques of Web Application
- Introduction to Burpsuite and information gathering tools
- Introduction to Application Security Standards [OWASP, SANS, NIST]
- Web Application Information Gathering
- Subdomain Enumeration
- Web Archives
- Shodan
- Censys
- FOFA
- Amass
- Virus Total
- Whois XML API
- BGP.net
- Google Dorks
- Js File Extraction
- Finding Juicy Endpoints
- Finding Configuration Files
- Parameter research
- Web Crawling
- Directory Busting & Fuzzing
- Credential Stuffing
- Github Dorking
- Dependency Confusion
- JWT Token misconfiguration
- Log4j CVE
- Header Misconfigurations
- Web Sockets Attacks
- GraphQL Hacking
- Other Enumeration and Validation Attacks
- Recent Trends in Web Application Attacks
- Android Architecture
- Flow of Android Architecture
- What is DVM
- Lab Environment Setups using Emulators and Bare metal method
- Introduction to Frida
- Introduction to Objection
- Introduction to Medusa
- Frida Scripts and collection
- Introduction to Dex Files
- Introduction to ADB
- SSL Pinning
- SSL Pinning Types
- 5-7 Types of SSL Pinning
- Types of Mobile Application Pentesting
- Static and Dynamic Analysis
- Static Analysis
- Introduction to Jadx
- Introduction Dex2jar
- Introduction to APK Tool
- Look for Hardcoded Data
- Sensitive URL
- API Keys
- Config files
- Manifest file
- Run time analysis
- Checking for insecure storage
- Checking for all http traffic
- Checking for improper platform uses
- Checking for the use of insecure permissions
- Checking for insecure loggings
- Check for Broken Authentication, OTP Bypass
- Check for SQL Injection
- Check for OWASP Top 10 Mobile Application Vulnerability
- Types of Report Writing
- Report Writing Methodology
- Report Submission Techniques
Program Certification
- Expands on advanced topics such as network security and ethical hacking.
- Offers project work to apply theoretical knowledge practically.
Frequently Asked Questions
The course spans a duration of 6 months.
Upon successful completion, you will receive an Advanced Certification in Cybersecurity jointly awarded by E&ICT Academy, IIT Guwahati.
Classes are scheduled to accommodate the needs of working professionals, with sessions held during weekday evenings and weekends.
You must maintain a minimum of 75% attendance in live lectures and submit all assignments to successfully complete the program.
While attending all classes is strongly recommended, you can catch up by watching recorded sessions available on our learning platform.
Live sessions will be held during weekday evenings and weekends (Saturdays and Sundays), tailored to fit the schedule of working professionals.
Yes, the program features live sessions delivered by esteemed faculty from E&ICT Academy, IIT Guwahati, along with insights from experienced industry leaders.
You will have access to class recordings, faculty notes, tools, and reference materials on our integrated online learning portal, ensuring you can review and study at your convenience.
Students can request a full refund within 15 calendar days from the enrollment date, as per our terms of service.
