Penetration Testing and Ethical Hacking

Penetration Testing and Ethical Hacking

Penetration Testing and Ethical Hacking

Who should attend ?

IT Security Centre Personnel, Auditors, Cyber Security Experts, Site or System Managers.


Basic knowledge of networks is a plus.

Course Syllabus

  • Introduction: Basic concepts, Pentest approaches, Planning, Reporting
  • Linux Basics
  • Network basics
  • Reconnaissance
    • Active/Passive information gathering
    • Using search engines & Google hacking
    • Footprinting
  • Web application pentests
    • Web technologies & standards
    • Personal proxy
    • Information gathering
    • Configuration management & flaws
    • Input/output manipulation
      • XSS (Cross Site Scripting)
      • SQL injection
    • Authentication flaws
      • Brute force & dictionary attacks
      • CAPTCHA & flaws
    • Authorization flaws
      • Privilege escalation
      • Path traversal
    • Session management flaws
      • Session fixation
      • CSRF (Cross Site Request Forgery)
    • Business logic flaws
  • Scanning networks
    • Host detection
    • Discovering network topology
  • Network layer (Layer 2) attacks
  • Vulnerability scanning
  • Exploit – Post Exploit
    • Exploit databases
    • Metasploit framework
    • Post exploitation
  • Pivoting and tunnelling
  • Social Engineering
    • Evading detection devices
    • Preparing custom payloads
    • Embedding malware into files
    • Social engineering attacks on Mobile devices
  • Persistency


5 Days.


Attendees will be able to participate and contribute to penetration tests.

Course Tutor

Muharrem Aydın

Computer Engineer, Cyber Security Expert, IT Lawyer

After 10 years of software engineering experience with titles of software developer, product manager, and integration architect, I have been working in cyber security domain for last 10 years. I am not only a cyber security expert but also the head and kick-starter of a cyber security consultancy unit.

In security field, I have performed dozens of penetration tests for institutes from different sectors: finance, military, state agencies, and telcos.

I have been consulting different compaines in security field which includes global banks such as ING Bank, HSBC, CitiBank and more.

In addition, I am an adjunct instructor in a university and teaching cyber security for years.

I involved in technical areas and has taken responsibilities in:

  • Penetration tests (Pentests) and security audits
  • Cyber security training & consultancy
  • Source code analysis & secure software development
  • Cyber security incident response
  • Information security management system (ISMS) consultancy Open source cyber security systems, such as OpenVAS, OSSEC, OSSIM, Snort, Suricata, mod security

I’m creating my courses by using my know-how and 10 years of experience. As a result, our first course “Hacking Web Applications and Penetration Testing: Fast Start!” has gained “Best Seller” reputation in its category.

I have risen a lot of cyber security experts from scratch, and you are the next.