eJPT — Master Study Plan

[!abstract] What this is A complete, self-paced study plan for the INE / eLearnSecurity Junior Penetration Tester (eJPT v2) track taught by Alexis Ahmed (HackerSploit). 12 modules · 252 video lessons · 11 PDF decks (973 pages) · 1 PPTX · ~12.4 GB. Open this file inside Obsidian with the EJPT/ folder loaded as the vault — every link resolves to a local file.

How to use this file

Open this folder as an Obsidian vault (File → Open Vault → /home/hett/Downloads/EJPT). All [[wiki-links]] in this plan resolve relative to that root.
Click a lesson — Obsidian opens the .mp4 in your default player. The PDF links open inline.
Tick the checkbox as you finish a lesson. Obsidian renders - [ ] as interactive todo items.
Build hands-on muscle memory. Treat every "Demo:" video as a lab — pause, switch to your Kali VM, replicate the command, then resume. Don't binge.
Make notes per module. Create a sibling note (e.g. Module-01-Notes.md) and use Obsidian's split pane while watching.
Track progress at the top of each module — checkboxes serve double duty as a personal heatmap.

[!tip] Suggested lab kit

Kali Linux (current rolling release) — primary attacker box

Metasploitable 3 (Windows Server 2008 build) — main vulnerable target

Metasploitable 2 (Linux) — Linux exploitation target

Windows 7 SP1 VM (for kernel exploits, mimikatz, UAC bypass demos)

Ubuntu 12.04 / 14.04 VM (for Shellshock + Linux kernel exploits)

[!warning] Authorization rule Every tool in this course is dual-use. Run them only against your own lab VMs or systems you have written permission to test. This is repeated in every PDF for a reason — it is also literally the first eJPT exam rule.

Folder map at a glance

#	Module	Videos	PDF pgs	Size
01	[[#Module 01 — Information Gathering]]	16	42	595M
02	[[#Module 02 — Enumeration]]	13	39	422M
03	[[#Module 03 — Footprinting & Scanning]]	20	104	1.1G
04	[[#Module 04 — Vulnerability Assessment]]	14	62	657M
05	[[#Module 05 — Auditing Fundamentals]]	13	82	723M
06	[[#Module 06 — Exploitation]]	30	88	1.3G
07	[[#Module 07 — Network-Based Attacks]]	9	42	483M
08	[[#Module 08 — Post-Exploitation]]	32	111	1.5G
09	[[#Module 09 — Social Engineering]]	7	—	533M
10	[[#Module 10 — System / Host-Based Attacks]]	30	124	1.4G
11	[[#Module 11 — The Metasploit Framework (MSF)]]	51	185	2.1G
12	[[#Module 12 — Web Apps · HTTP Protocol]]	17	100	1.5G

Suggested 10-week schedule

Assumes ~12-15 hr/week (video + lab replay + notes). Move faster on weeks where you already have background.

Week	Modules to finish	Lab focus
1	01 Info Gathering · 02 Enum	whois, nmap, theHarvester, sublist3r, MSF aux modules
2	03 Footprinting & Scanning	Nmap host disco / port scan / NSE / firewall evasion
3	04 Vuln Assessment	Nessus, MSF vuln scanners, EternalBlue, BlueKeep
4	05 Auditing	Lynis audit + remediation + PT verification
5	06 Exploitation	Black-box Win + Linux pentests, AV evasion w/ Shellter
6	07 Network Attacks · 08 (start)	SMB Relay, ARP/DNS spoof, MITM with Responder
7	08 Post-Exploitation	Local enum, priv-esc, persistence, hash-dump+crack, pivot
8	09 Social Eng · 10 Host-Based	Gophish, IIS WebDAV, mimikatz, UACMe, SUID/cron abuse
9	11 Metasploit	msfconsole + msfvenom + meterpreter end-to-end
10	12 Web Apps · Exam practice	Burp/ZAP, HTTP headers/methods, eJPT mock environments

Skip-the-duplicate map

INE bundles certain demo lessons into multiple courses. Watch once, check off everywhere.

[!warning]+ Repeat lessons (≈15-20 hours saved)

Lesson Appears in modules

Networking Fundamentals · OSI Model 03 + 07

Firewall Detection & IDS Evasion 03 + 07

Importing Nmap Scan Results into MSF 02 + 11

Port Scanning & Enumeration with Nmap 02 + 11

Port Scanning with Auxiliary Modules 02 + 11

FTP / SMB / SSH / SMTP / MySQL / Web Enumeration 02 + 11

Frequently Exploited Windows Services 04 + 10

Frequently Exploited Linux Services 04 + 10

Overview Of Windows Vulnerabilities 04 + 10

WebDAV Vulnerabilities · Exploiting MS IIS WebDAV 04 + 10

Exploiting MS17-010 EternalBlue 04 + 10 + 11

Exploiting CVE-2019-0708 BlueKeep 04 + 10

Exploiting Bash CVE-2014-6271 Shellshock 04 + 10

Pass-The-Hash 04 + 10 + 11

Vulnerability Scanning with MSF 04 + 11

Vulnerability Scanning with Nessus 04 + 11

Web App Vuln Scanning with WMAP 04 + 11

The Metasploit Framework intro 06 + 11

Bypassing UAC · Token Impersonation w/ Incognito 10 + 11

Dumping Hashes with Mimikatz 08 + 10 + 11

Pivoting 08 + 11

Quick reference (cheat sheets)

Pentest methodology (PTES — appears in 02 / 03 / 06 / 11)

Information Gathering  →  Enumeration  →  Vulnerability Analysis  →
   Exploitation (Initial Access)  →  Post-Exploitation  →  Reporting

Common ports the course will hammer

Port	Proto	Service	Course module
21	TCP	FTP / vsFTPd	02, 06, 10, 11
22	TCP	SSH / libssh	02, 06, 10, 11
23	TCP	Telnet	(legacy, mentioned)
25/465/587	TCP	SMTP / Haraka	02, 11
53	TCP/UDP	DNS	01
80/443	TCP	HTTP/S, IIS, WebDAV	02, 04, 10, 11, 12
110	TCP	POP3	(mentioned)
137-139	UDP/TCP	NetBIOS	07
161/162	UDP	SNMP	07
445	TCP	SMB / Samba	02, 04, 07, 10, 11
3306	TCP	MySQL	02, 11
3389	TCP	RDP	04, 10, 11
5985/5986	TCP	WinRM	10, 11
8080	TCP	Apache Tomcat	11

Tools by phase

Phase	Headline tools
Passive info gathering	whois, Netcraft, theHarvester, Sublist3r, Google dorks, wafw00f, dnsrecon
Active info / scanning	nmap (+NSE), masscan, hping3
Vuln assessment	Nessus Essentials, MSF aux/exploit, WMAP, nmap vuln scripts
Auditing	Lynis, NIST CSF, NIST SP 800-53, ISO 27001, PCI DSS
Exploitation	Metasploit, PowerShell-Empire (Starkiller), searchsploit, Shellter, Invoke-Obfuscation
Shells & file transfer	netcat, ncat, python -m http.server, certutil, wget, curl, Impacket
Network attacks	Responder, arpspoof, dnsspoof, ettercap, Wireshark, ntlmrelayx
Win post-exploitation	meterpreter, mimikatz, JAWS, PrivescCheck, UACMe, incognito, Windows-Exploit-Suggester
Linux post-exploitation	LinEnum, linux-exploit-suggester, GTFOBins
Cracking	john, hashcat
Pivoting	meterpreter `route add`, port-fwd, proxychains, chisel
Social engineering	Gophish, SET
Web	Burp Suite, OWASP ZAP, curl, wfuzz/ffuf, dirb/gobuster

Methodology mnemonic — what you do once you're "in"

LOCAL ENUM  →  TRANSFER FILES  →  UPGRADE SHELL  →  PRIV ESC  →
   PERSISTENCE  →  DUMP & CRACK  →  PIVOT  →  CLEAR TRACKS

(The post-exploitation course (08) is built around exactly that order.)

Module 01 — Information Gathering

[!book] Course companion [[01-Information-Gathering/Assessment Methodologies Information Gathering/INE-Assessment-Methodologies-Information-Gathering.pdf|📕 Course PDF · 42 pages]]

What you'll learn (from PDF): the difference between passive (no engagement with target — whois, OSINT, search engines, social media, DNS) and active information gathering (interacting with target — port scans, host discovery). Tools: whois, Netcraft, dnsrecon, wafw00f, Sublist3r, Google dorks, theHarvester, nmap. Also covers DNS record types (A/AAAA/NS/MX/CNAME/TXT/SOA/SRV/PTR/HINFO) and DNS zone transfers.

[!quote] Disclaimer (verbatim from the deck) "Never run any of these tools and techniques on those addresses or on any machine and network without proper authorization."

Intro

[[01-Information-Gathering/Assessment Methodologies Information Gathering/intro/INE - Assessment Methodologies Information Gathering -intrroo.mp4|01 · Course Trailer]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/intro/Course Introduction_6.mp4|01 · Course Introduction]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/intro/Introduction To Information Gathering.mp4|01 · Introduction To Information Gathering]]

Passive Information Gathering

[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Website Recon & Footprinting.mp4|01 · Website Recon & Footprinting]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Whois Enumeration.mp4|01 · Whois Enumeration]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Website Footprinting With Netcraft.mp4|01 · Website Footprinting (Netcraft)]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/DNS Recon.mp4|01 · DNS Recon]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/WAF With wafw00f.mp4|01 · WAF Detection (wafw00f)]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Subdomain Enumeration With Sublist3r.mp4|01 · Subdomain Enum (Sublist3r)]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Google Dorks.mp4|01 · Google Dorks]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Email Harvesting With theHarvester.mp4|01 · Email Harvesting (theHarvester)]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Passive Information Gathering/Leaked Password Databases.mp4|01 · Leaked Password DBs]]

Active Information Gathering

[[01-Information-Gathering/Assessment Methodologies Information Gathering/Active Information Gathering/DNS Zone Transfers.mp4|01 · DNS Zone Transfers]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Active Information Gathering/Host Discovery With Nmap.mp4|01 · Host Discovery (nmap)]]
[[01-Information-Gathering/Assessment Methodologies Information Gathering/Active Information Gathering/Port Scanning With Nmap.mp4|01 · Port Scanning (nmap)]]

Wrap-up

[[01-Information-Gathering/Assessment Methodologies Information Gathering/course conclusion/Course Conclusion_6.mp4|01 · Course Conclusion]]

[!note]- Key DNS record cheat sheet A IPv4 · AAAA IPv6 · NS nameserver · MX mail server · CNAME alias · TXT text · HINFO host info · SOA zone authority · SRV service · PTR reverse lookup

Module 02 — Enumeration

[!book] Course companion [[02-Enumeration/Assessment Methodologies Enumeration/INE-Assessment-Methodologies-Enumeration-Course-File.pdf|📕 Course PDF · 39 pages]]

What you'll learn: after host discovery + port scan, you enumerate the services to extract version info, accounts, shares, anonymous-access misconfigs, etc. The course is essentially "for each common protocol — what auxiliary modules / NSE scripts pull the most information." Heavy use of MSF auxiliary modules. Same demos appear again in [[#Module 11 — The Metasploit Framework (MSF)]].

Intro

[[02-Enumeration/Assessment Methodologies Enumeration/introduction/INE - Assessment Methodologies Enumeration-intro.mp4|02 · Course Trailer]]
[[02-Enumeration/Assessment Methodologies Enumeration/introduction/Course Introduction_8.mp4|02 · Course Introduction]]
[[02-Enumeration/Assessment Methodologies Enumeration/introduction/Introduction To Enumeration.mp4|02 · Introduction To Enumeration]]

Nmap Scripting Engine (NSE) & MSF integration

[[02-Enumeration/Assessment Methodologies Enumeration/Nmap Scripting Engine (NSE)/Port Scanning & Enumeration with Nmap_1.mp4|02 · Port Scan + Enum w/ Nmap]]
[[02-Enumeration/Assessment Methodologies Enumeration/Nmap Scripting Engine (NSE)/Importing Nmap Scan Results into MSF_1.mp4|02 · Importing Nmap → MSF]]
[[02-Enumeration/Assessment Methodologies Enumeration/Nmap Scripting Engine (NSE)/Port Scanning with Auxiliary Modules_1.mp4|02 · Port Scan w/ MSF Aux Modules]]

Service Enumeration

Each demo follows the same pattern: identify version → check default creds / anon access → brute-force users → look for known CVEs.

[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/FTP Enumeration_1.mp4|02 · FTP Enumeration (port 21)]]
[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/SMB Enumeration_1.mp4|02 · SMB Enumeration (port 445)]]
[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/Web Server Enumeration_1.mp4|02 · Web Server Enumeration (80/443)]]
[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/MySQL Enumeration_1.mp4|02 · MySQL Enumeration (port 3306)]]
[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/SSH Enumeration_1.mp4|02 · SSH Enumeration (port 22)]]
[[02-Enumeration/Assessment Methodologies Enumeration/Service Enumeration/SMTP Enumeration_1.mp4|02 · SMTP Enumeration (25/465/587)]]

Wrap-up

[[02-Enumeration/Assessment Methodologies Enumeration/course conclusion/Course Conclusion_8.mp4|02 · Course Conclusion]]

Module 03 — Footprinting & Scanning

[!book] Course companion [[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/INE-Assessment-Methodologies-Footprinting-and-Scanning-Course-File.pdf|📕 Course PDF · 104 pages]]

What you'll learn: the deepest networking + nmap module in the course. Covers OSI model, IPv4 header, TCP 3-way handshake, TCP control flags, port ranges (well-known / registered / dynamic), UDP vs TCP, then the full nmap toolbox: host discovery techniques (ICMP/ARP/SYN/ACK/UDP ping), port scan types (SYN, connect, FIN, NULL, XMAS, idle, ACK, UDP), service & OS fingerprinting, NSE, firewall/IDS evasion (decoys, fragmentation, source port spoof), scan timing T0–T5, and output formats (-oN/-oX/-oG/-oA).

Intro

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/intro/INE - Assessment Methodologies Footprinting & Scanning - intro.mp4|03 · Course Trailer]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/intro/Course Introduction_7.mp4|03 · Course Introduction]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/intro/Active Information Gathering.mp4|03 · Active Information Gathering recap]]

Networking Primer

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Networking Primer/Networking Fundamentals_1.mp4|03 · Networking Fundamentals]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Networking Primer/Network Layer.mp4|03 · Network Layer (IP, ICMP)]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Networking Primer/Transport Layer - Part 1.mp4|03 · Transport Layer pt1 (TCP)]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Networking Primer/Transport Layer - Part 2.mp4|03 · Transport Layer pt2 (UDP)]]

Host Discovery

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Host Discover/Network Mapping.mp4|03 · Network Mapping concepts]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Host Discover/Host Discovery Techniques.mp4|03 · Host Discovery Techniques]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Host Discover/Ping Sweeps.mp4|03 · Ping Sweeps]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Host Discover/Host Discovery With Nmap - Part 1.mp4|03 · Host Discovery w/ Nmap pt1]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Host Discover/Host Discovery With Nmap - Part 2.mp4|03 · Host Discovery w/ Nmap pt2]]

Port Scanning

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Port Scanning/Port Scanning With Nmap - Part 1.mp4|03 · Port Scanning w/ Nmap pt1]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Port Scanning/Port Scanning With Nmap - Part 2.mp4|03 · Port Scanning w/ Nmap pt2]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Port Scanning/Service Version & OS Detection.mp4|03 · Service Version & OS Detection]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Port Scanning/Nmap Scripting Engine (NSE).mp4|03 · NSE Intro]]

Evasion, Performance & Output

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Evasion, Scan Performance & Output/Firewall Detection & IDS Evasion_1.mp4|03 · Firewall Detection & IDS Evasion]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Evasion, Scan Performance & Output/Optimizing Nmap Scans.mp4|03 · Optimizing Nmap Scans]]
[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/Evasion, Scan Performance & Output/Nmap Output Formats.mp4|03 · Nmap Output Formats]]

Wrap-up

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/course conclusion/Course Conclusion_7.mp4|03 · Course Conclusion]]

[!tip]- Nmap scan-type cheat sheet -sS SYN (default w/ root) · -sT TCP connect · -sU UDP · -sA ACK · -sN/-sF/-sX NULL/FIN/XMAS · -sI Idle · -sV version · -O OS fingerprint · -A aggressive (-sV -O --traceroute -sC) · -p- all 65535 ports · -T0..T5 timing · -Pn skip host disco · -D decoys · -f fragment · --source-port spoof src · --script NSE · -oA all output formats

Module 04 — Vulnerability Assessment

[!book] Course companion [[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/INE-Assessment-Methodologies-Vulnerability-Assessment-Course-File.pdf|📕 Course PDF · 62 pages]]

What you'll learn: vuln scanning vs vuln analysis, the role of VA in the PT lifecycle. Frequently exploited Windows services (IIS, WebDAV, SMB/CIFS, RDP, WinRM) and Linux services (Apache, SSH, FTP, SAMBA). Walks through canonical CVEs you must know cold for the eJPT: MS17-010 / EternalBlue, CVE-2019-0708 / BlueKeep, CVE-2014-6271 / Shellshock, plus Pass-the-Hash. Tooling: Nessus Essentials, MSF aux/exploit scanners, WMAP for web apps.

[!warning] Heavy duplication with later modules Many demos here re-appear in [[#Module 10 — System / Host-Based Attacks]] and [[#Module 11 — The Metasploit Framework (MSF)]]. If you watch Module 10 / 11 thoroughly, you can lightly skim this module's Vuln Analysis section.

Intro

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/introduction/INE - Assessment Methodologies Vulnerability Assessment-intro.mp4|04 · Course Trailer]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/introduction/Course Introduction_9.mp4|04 · Course Introduction]]

Vulnerability Assessment / Scanning

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Assessment/Overview of Windows Vulnerabilities_1.mp4|04 · Overview of Windows Vulnerabilities]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Assessment/Frequently Exploited Windows Services_1.mp4|04 · Frequently Exploited Windows Services]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Assessment/Vulnerability Scanning with MSF_1.mp4|04 · Vulnerability Scanning w/ MSF]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Assessment/WebDAV Vulnerabilities.mp4|04 · WebDAV Vulnerabilities]]

Vulnerability Analysis (canonical CVEs)

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Analysis/Vulnerability Analysis_ EternalBlue.mp4|04 · Analysis · MS17-010 EternalBlue]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Analysis/Vulnerability Analysis_ BlueKeep.mp4|04 · Analysis · CVE-2019-0708 BlueKeep]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Analysis/Pass-the-Hash Attacks_1.mp4|04 · Pass-the-Hash]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Analysis/Frequently Exploited Linux Services_1.mp4|04 · Frequently Exploited Linux Services]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Analysis/Vulnerability Analysis_ Shellshock.mp4|04 · Analysis · CVE-2014-6271 Shellshock]]

Vulnerability Scanning (Nessus + WMAP)

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Scanning/Vulnerability Scanning with Nessus_1.mp4|04 · Nessus Scan]]
[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/Vulnerability Scanning/Web App Vulnerability Scanning with WMAP_1.mp4|04 · WMAP Web-App Scan]]

Wrap-up

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/course conclusion/Course Conclusion_9.mp4|04 · Course Conclusion]]

[!note]- Memorize these CVEs cold

CVE Name Service Affected

CVE-2017-0144 (MS17-010) EternalBlue SMBv1 / TCP 445 Win Vista, 7, 8.1, 10, Server 2008/2012/2016

CVE-2019-0708 BlueKeep RDP / TCP 3389 Win XP, Vista, 7, Server 2008/R2

CVE-2014-6271 Shellshock Bash via Apache CGI Linux w/ Bash <4.3

Module 05 — Auditing Fundamentals

[!book] Course companion [[05-Auditing/Assessment Methodologies Auditing Fundamentals/INE-Assessment-Methodologies-Auditing-Fundamentals-Course-File.pdf|📕 Course PDF · 82 pages]] [[05-Auditing/Assessment Methodologies Auditing Fundamentals/INE-Assessment-Methodologies-Auditing-Fundamentals-Course-File.pptx|📊 Course PPTX (slide source)]]

What you'll learn: the non-technical but exam-relevant module. Security auditing vs pentesting (objectives, scope, methodology, frequency). Audit lifecycle (Planning → Info gathering → Risk assessment → Execution → Analysis → Reporting → Remediation). Types of audits: Internal, External, Compliance, Technical, Network, Application. Frameworks (NIST CSF, COBIT) vs Standards (ISO/IEC 27001, PCI DSS, HIPAA, GDPR) vs Guidelines (CIS Controls, NIST SP 800-53). End-to-end "From Audit to Pentest" walk-through using Lynis on Linux.

Intro

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/introduction/INE - Assessment Methodologies Auditing Fundamentals - introduc.mp4|05 · Course Trailer]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/introduction/Course Introduction_5.mp4|05 · Course Introduction]]

Introduction to Security Auditing

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Introduction to Security Auditing/Overview of Security Auditing.mp4|05 · Overview of Security Auditing]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Introduction to Security Auditing/Essential Terminology.mp4|05 · Essential Terminology]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Introduction to Security Auditing/Security Auditing Process_Lifecycle.mp4|05 · Security Auditing Lifecycle]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Introduction to Security Auditing/Types of Security Audits.mp4|05 · Types of Security Audits]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Introduction to Security Auditing/Security Auditing & Penetration Testing.mp4|05 · Auditing vs Pentesting]]

Governance, Risk & Compliance (GRC)

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Governance, Risk & Compliance/Governance, Risk & Compliance (GRC).mp4|05 · GRC explained]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/Governance, Risk & Compliance/Common Standards, Frameworks & Guidelines.mp4|05 · Standards / Frameworks / Guidelines]]

From Auditing to Penetration Testing (practical lab)

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/From Auditing to Penetration Testing/Phase 1 - Develop a Security Policy.mp4|05 · Phase 1 · Develop Security Policy]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/From Auditing to Penetration Testing/Phase 2 - Security Auditing with Lynis.mp4|05 · Phase 2 · Audit w/ Lynis]]
[[05-Auditing/Assessment Methodologies Auditing Fundamentals/From Auditing to Penetration Testing/Phase 3 - Conduct Penetration Test.mp4|05 · Phase 3 · Pentest]]

Wrap-up

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/course conclusion/course conclusion_5.mp4|05 · Course Conclusion]]

[!note]- Audit ≠ Pentest

Aspect Audit Pentest

Purpose Verify compliance / posture Exploit weaknesses

Scope Broad — policy + tech + ops Narrow — defined targets

Method Doc review + interviews + tech checks Adversary simulation

Output Compliance gaps + recs Exploited findings + recs

Cadence Periodic / regulatory Per change / engagement

Module 06 — Exploitation

[!book] Course companion [[06-Exploitation/Host & Network Penetration Testing Exploitation/INE-Host-and-Network-Penetration-Testing-Exploitation.pdf|📕 Course PDF · 88 pages]]

What you'll learn: the first end-to-end exploitation course. Banner grabbing, vuln scanning with nmap NSE + MSF, finding exploits (Exploit-DB, searchsploit, Rapid7), fixing/cross-compiling C exploits, netcat fundamentals, bind vs reverse shells + reverse-shell cheatsheet, exploitation frameworks (MSF, PowerShell-Empire + Starkiller GUI), then two full black-box pentests: a Win Server 2008 target (IIS-FTP, OpenSSH, SMB, MySQL) and a Linux target (vsFTPd, PHP, SAMBA). Closes with AV evasion via Shellter + PowerShell obfuscation via Invoke-Obfuscation.

Intro

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Introduction/INE - Host & Network Penetration Testing Exploitation - introdu.mp4|06 · Course Trailer]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Introduction/Course Introduction_4.mp4|06 · Course Introduction]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Introduction To Exploitation/Introduction To Exploitation.mp4|06 · Introduction To Exploitation]]

Vulnerability Scanning Overview

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Vulnerability Scanning Overview/Banner Grabbing.mp4|06 · Banner Grabbing]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Vulnerability Scanning Overview/Vulnerability Scanning With Nmap Scripts.mp4|06 · Vuln Scan w/ Nmap NSE]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Vulnerability Scanning Overview/Vulnerability Scanning With Metasploit.mp4|06 · Vuln Scan w/ Metasploit]]

Exploits — finding & fixing

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Exploits/Searching For Exploits/Searching For Publicly Available Exploits.mp4|06 · Searching For Public Exploits]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Exploits/Searching For Exploits/Searching For Exploits With SearchSploit.mp4|06 · SearchSploit]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Exploits/Fixing Exploits/Fixing Exploits.mp4|06 · Fixing Exploits]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Exploits/Fixing Exploits/Cross-Compiling Exploits.mp4|06 · Cross-Compiling Exploits]]

Shells (Netcat, Bind, Reverse)

[[06-Exploitation/Host & Network Penetration Testing Exploitation/shells/Netcat Fundamentals.mp4|06 · Netcat Fundamentals]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/shells/Bind Shells.mp4|06 · Bind Shells]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/shells/Reverse Shells.mp4|06 · Reverse Shells]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/shells/Reverse Shell Cheatsheet.mp4|06 · Reverse-Shell Cheatsheet]]

Frameworks

[[06-Exploitation/Host & Network Penetration Testing Exploitation/frameworks/The Metasploit Framework (MSF).mp4|06 · The Metasploit Framework (intro)]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/frameworks/PowerShell-Empire.mp4|06 · PowerShell-Empire]]

Black-Box Windows Pentest (Server 2008)

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Windows Black Box Penetration Test.mp4|06 · BB Pentest · Windows scenario]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Port Scanning & Enumeration - Windows.mp4|06 · BB Win · Scan + Enum]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Targeting Microsoft IIS FTP.mp4|06 · BB Win · Microsoft IIS FTP]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Targeting OpenSSH.mp4|06 · BB Win · OpenSSH]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Targeting SMB.mp4|06 · BB Win · SMB]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Windows/Targeting MySQL Database Server.mp4|06 · BB Win · MySQL]]

Black-Box Linux Pentest

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Linux Exploitation/Linux Black Box Penetration Test.mp4|06 · BB Pentest · Linux scenario]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Linux Exploitation/Port Scanning & Enumeration - Linux.mp4|06 · BB Linux · Scan + Enum]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Linux Exploitation/Targeting vsFTPd.mp4|06 · BB Linux · vsFTPd]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Linux Exploitation/Targeting PHP.mp4|06 · BB Linux · PHP]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Linux Exploitation/Targeting SAMBA.mp4|06 · BB Linux · SAMBA]]

AV Evasion & Obfuscation

[[06-Exploitation/Host & Network Penetration Testing Exploitation/Obfuscation/AV Evasion With Shellter.mp4|06 · AV Evasion w/ Shellter]]
[[06-Exploitation/Host & Network Penetration Testing Exploitation/Obfuscation/Obfuscating PowerShell Code.mp4|06 · Obfuscating PowerShell (Invoke-Obfuscation)]]

Wrap-up

[[06-Exploitation/Host & Network Penetration Testing Exploitation/course conclusion/Course Conclusion_3.mp4|06 · Course Conclusion]]

[!tip]- Bind vs Reverse shell mental model Bind shell = the target listens, the attacker connects in. Fails behind NAT/firewall (target's ingress filtered). Use when you control firewall rules or target is exposed. Reverse shell = the attacker listens, the target phones home. Default for real engagements — egress is usually softer than ingress.

Module 07 — Network-Based Attacks

[!book] Course companion [[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/INE-Host-and-Network-Penetration-Testing-Network-Based-Attacks-Course-File.pdf|📕 Course PDF · 42 pages]]

What you'll learn: layer-2/3 enumeration + MITM. Networking + OSI recap (skip if Module 03 fresh), firewall/IDS evasion (also redundant with 03), then NetBIOS (137/138/139) vs SMB (445) — what each does and when each matters. SNMP (UDP 161/162) enumeration: managers, agents, MIB/OIDs, community strings (v1/v2c) vs v3 auth. The capstone is the SMB Relay attack — capture NTLM via responder/spoofing, relay (don't crack) to a trusting server.

Intro

[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/introduction/INE - Host & Network Penetration Testing Network-Based Attacks -intro.mp4|07 · Course Trailer]]
[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/introduction/Course Introduction_1.mp4|07 · Course Introduction]]

Networking (recap — skip if Module 03 fresh)

[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/networking/Networking Fundamentals.mp4|07 · Networking Fundamentals]]
[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/networking/Firewall Detection & IDS Evasion.mp4|07 · Firewall Detection & IDS Evasion]]

Network Attacks

[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/network attacks/Network Enumeration.mp4|07 · Network Enumeration intro]]
[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/network attacks/SMB & NetBIOS Enumeration.mp4|07 · SMB & NetBIOS Enumeration]]
[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/network attacks/SNMP Enumeration.mp4|07 · SNMP Enumeration]]
[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/network attacks/SMB Relay Attack.mp4|07 · SMB Relay Attack]]

Wrap-up

[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/conclusion/course conclusion_1.mp4|07 · Course Conclusion]]

[!note]- SMB Relay attack — what's actually happening

Attacker poisons LLMNR/NBT-NS (e.g. responder -I eth0) so a victim host queries the attacker.

Victim presents NTLM credentials to the attacker.

Attacker relays those creds (via ntlmrelayx) to a 3rd server that trusts the victim.

Server authenticates the attacker as the victim — instant code-exec / share access without cracking the hash. Defense: enable SMB signing, disable NBT-NS/LLMNR.

Module 08 — Post-Exploitation

[!book] Course companion [[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/INE-Host-and-Network-Penetration-Testing-Post-Exploitation-Course-File.pdf|📕 Course PDF · 111 pages]]

What you'll learn: the full post-exploitation methodology — Local Enumeration → File Transfer → Shell Upgrade → Privilege Escalation → Persistence → Hash Dump+Crack → Pivoting → Clearing Tracks. Both Windows and Linux paths. Tools you'll meet here: JAWS, PrivescCheck, LinEnum, mimikatz, hashdump, John, hashcat, meterpreter route add for pivoting.

Intro

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/course introduction/INE - Host & Network Penetration Testing Post-Exploitation-intro.mp4|08 · Course Trailer]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/course introduction/course intro.mp4|08 · Course Introduction]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Post-Exploitation/Introduction To Post-Exploitation.mp4|08 · Introduction To Post-Exploitation]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Post-Exploitation/Post-Exploitation Methodology.mp4|08 · Post-Exploitation Methodology]]

Windows Local Enumeration

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Windows Local Enumeration/Enumerating System Information.mp4|08 · Win · System Info]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Windows Local Enumeration/Enumerating Users & Groups.mp4|08 · Win · Users & Groups]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Windows Local Enumeration/Enumerating Network Information.mp4|08 · Win · Network Info]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Windows Local Enumeration/Enumerating Processes & Services.mp4|08 · Win · Processes & Services]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Windows Local Enumeration/Automating Windows Local Enumeration.mp4|08 · Win · Automate w/ JAWS]]

Linux Local Enumeration

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Linux Local Enumeration/Enumerating System Information_1.mp4|08 · Linux · System Info]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Linux Local Enumeration/Enumerating Users & Groups_1.mp4|08 · Linux · Users & Groups]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Linux Local Enumeration/Enumerating Network Information_1.mp4|08 · Linux · Network Info]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Linux Local Enumeration/Enumerating Processes & Cron Jobs.mp4|08 · Linux · Processes & Cron]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Linux Local Enumeration/Automating Linux Local Enumeration.mp4|08 · Linux · Automate w/ LinEnum]]

Transferring Files

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Transferring Files To Windows & Linux Targets/Setting Up A Web Server With Python.mp4|08 · Python http.server]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Transferring Files To Windows & Linux Targets/Transferring Files To Windows Targets.mp4|08 · Files → Windows]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Transferring Files To Windows & Linux Targets/Transferring Files To Linux Targets.mp4|08 · Files → Linux]]

Upgrading Shells

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Upgrading Shells/Upgrading Non-Interactive Shells.mp4|08 · Upgrading Non-Interactive Shells]]

Windows Privilege Escalation

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Escalation/Windows Privilege Escalation/Identifying Windows Privilege Escalation Vulnerabilities.mp4|08 · Win · Identify PE vulns (PrivescCheck)]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Escalation/Windows Privilege Escalation/Windows Privilege Escalation.mp4|08 · Win · Privilege Escalation]]

Linux Privilege Escalation

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Escalation/Linux Privilege Escalation/Linux Privilege Escalation - Weak Permissions.mp4|08 · Linux · Weak Permissions]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Escalation/Linux Privilege Escalation/Linux Privilege Escalation - SUDO Privileges.mp4|08 · Linux · SUDO abuse]]

Persistence

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Persistence/Windows Persistence/Persistence Via Services.mp4|08 · Win · Persistence via Services]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Persistence/Windows Persistence/Persistence Via RDP.mp4|08 · Win · Persistence via RDP]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Persistence/Linux Persistence/Persistence Via SSH Keys.mp4|08 · Linux · Persistence via SSH Keys]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Persistence/Linux Persistence/Persistence Via Cron Jobs.mp4|08 · Linux · Persistence via Cron]]

Dumping & Cracking Hashes

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Dumping & Cracking/Dumping & Cracking NTLM Hashes.mp4|08 · Dump + Crack NTLM]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Dumping & Cracking/Dumping & Cracking Linux Password Hashes.mp4|08 · Dump + Crack Linux ($1/$2/$5/$6)]]

Pivoting

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Pivoting Overview/Pivoting_1.mp4|08 · Pivoting]]

Clearing Your Tracks

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Clearing Your Tracks/Clearing Your Tracks On Windows.mp4|08 · Clearing Tracks · Windows]]
[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/Clearing Your Tracks/Clearing Your Tracks On Linux.mp4|08 · Clearing Tracks · Linux]]

Wrap-up

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/course conclusion/Course Conclusion_4.mp4|08 · Course Conclusion]]

[!note]- Linux hash prefix → algorithm $1$ MD5 · $2$ Blowfish · $5$ SHA-256 · $6$ SHA-512 — read from /etc/shadow, second field.

Module 09 — Social Engineering

[!book] Course companion (No PDF for this module — slides delivered in-video.)

What you'll learn: the smallest module — pretexting, then a two-part Gophish phishing campaign demo (set up server, craft template, send, collect credentials).

Intro

[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/introduction/INE - Host & Network Penetration Testing Social Engineering - intro.mp4|09 · Course Trailer]]
[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/introduction/Course Introduction.mp4|09 · Course Introduction]]

Social Engineering

[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/Social Engineering/Introduction to Social Engineering.mp4|09 · Introduction to Social Engineering]]
[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/Social Engineering/Pretexting.mp4|09 · Pretexting]]
[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/Social Engineering/Phishing with Gophish - Part 1.mp4|09 · Phishing w/ Gophish pt1]]
[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/Social Engineering/Phishing with Gophish - Part 2.mp4|09 · Phishing w/ Gophish pt2]]

Wrap-up

[[09-Social-Engineering/Host & Network Penetration Testing Social Engineering/Conclusion/Course Conclusion.mp4|09 · Course Conclusion]]

Module 10 — System / Host-Based Attacks

[!book] Course companion [[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/INE-Host-and-Network-Penetration-Testing-System-Host-Based-Attacks.pdf|📕 Course PDF · 124 pages]]

What you'll learn: the meatiest hands-on module in the eJPT path. End-to-end coverage of host-level exploits per OS:

Windows track — IIS WebDAV (manual + MSF), SMB via PsExec, MS17-010 EternalBlue, RDP brute-force, CVE-2019-0708 BlueKeep, WinRM via crackmapexec / evil-winrm, kernel exploits (Windows-Exploit-Suggester), UAC bypass with UACMe, access-token impersonation with Incognito, NTFS Alternate Data Streams, LM/NTLM hash internals, hunting passwords in unattend.xml/Autounattend.xml, mimikatz + Pass-the-Hash.
Linux track — Shellshock (CVE-2014-6271) via Apache CGI, FTP brute-force, SSH brute-force, SAMBA brute-force + smbmap/smbclient, Linux kernel exploits (linux-exploit-suggester), misconfigured cron jobs, SUID binaries (think GTFOBins), /etc/passwd + /etc/shadow dump.

[!warning] Heaviest duplication of any module Most demos here also appear in 04 and 11. If you're tight on time, treat this as the "definitive" version and lightly skim 04/11 dupes.

Intro

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/introduction/INE - Host & Network Penetration Testing SystemHost Based Attacks - introduction.mp4|10 · Course Trailer]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/introduction/Course Introduction_2.mp4|10 · Course Introduction]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/Host Based Attacks/Introduction To System_Host Based Attacks.mp4|10 · Introduction To System/Host-Based Attacks]]

Windows · Vulnerabilities Overview

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Vulnerabilities/Overview Of Windows Vulnerabilities.mp4|10 · Win · Vuln Overview]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Vulnerabilities/Frequently Exploited Windows Services.mp4|10 · Win · Frequently Exploited Services]]

Windows · Exploiting Vulnerabilities

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting Microsoft IIS WebDAV.mp4|10 · IIS WebDAV (manual)]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting WebDAV With Metasploit.mp4|10 · IIS WebDAV (MSF)]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting SMB With PsExec.mp4|10 · SMB w/ PsExec]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting Windows MS17-010 SMB Vulnerability (EternalBlue).mp4|10 · MS17-010 EternalBlue]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting RDP.mp4|10 · RDP brute-force]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting Windows CVE-2019-0708 RDP Vulnerability (BlueKeep).mp4|10 · CVE-2019-0708 BlueKeep]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Exploiting Windows Vulnerabilities/Exploiting WinRM.mp4|10 · WinRM (crackmapexec / evil-winrm)]]

Windows · Privilege Escalation

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Privilege Escalation/Windows Kernel Exploits.mp4|10 · Windows Kernel Exploits]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Privilege Escalation/Bypassing UAC With UACMe.mp4|10 · UAC Bypass (UACMe)]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Privilege Escalation/Access Token Impersonation.mp4|10 · Access-Token Impersonation]]

Windows · File-System Vulnerabilities

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows File System Vulnerabilities/Alternate Data Streams.mp4|10 · NTFS Alternate Data Streams]]

Windows · Credential Dumping

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Credential Dumping/Windows Password Hashes.mp4|10 · Win Password Hashes (LM/NTLM/SAM)]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Credential Dumping/Searching For Passwords In Windows Configuration Files.mp4|10 · Hunting passwords in config files (unattend.xml)]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Credential Dumping/Dumping Hashes With Mimikatz.mp4|10 · Dumping Hashes w/ Mimikatz]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/windows/Windows Credential Dumping/Pass-The-Hash Attacks.mp4|10 · Pass-The-Hash]]

Linux · Vulnerabilities Overview

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Linux Vulnerabilities/Frequently Exploited Linux Services.mp4|10 · Linux · Frequently Exploited Services]]

Linux · Exploiting Vulnerabilities

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Exploiting Linux Vulnerabilities/Exploiting Bash CVE-2014-6271 Vulnerability (Shellshock).mp4|10 · CVE-2014-6271 Shellshock]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Exploiting Linux Vulnerabilities/Exploiting FTP.mp4|10 · FTP exploitation]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Exploiting Linux Vulnerabilities/Exploiting SSH.mp4|10 · SSH brute-force]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Exploiting Linux Vulnerabilities/Exploiting SAMBA.mp4|10 · SAMBA exploitation]]

Linux · Privilege Escalation

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Linux Privilege Escalation/Linux Kernel Exploit.mp4|10 · Linux Kernel Exploit]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Linux Privilege Escalation/Exploiting Misconfigured Cron Jobs.mp4|10 · Misconfigured Cron Jobs]]
[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Linux Privilege Escalation/Exploiting SUID Binaries.mp4|10 · SUID Binaries]]

Linux · Credential Dumping

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/linux/Linux Credential Dumping/Dumping Linux Password Hashes.mp4|10 · Linux Password Hashes (/etc/shadow)]]

Wrap-up

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/conclusion/Course Conclusion_2.mp4|10 · Course Conclusion]]

[!note]- Windows access tokens — what to memorize Impersonate-level = non-interactive logon (services, domain logons) — local impersonation only. Delegate-level = interactive logon (console, RDP) — works against remote systems too. Required privileges for token attacks: SeAssignPrimaryToken, SeCreateToken, SeImpersonatePrivilege.

[!note]- SUID exploitation rule Look for SUID binaries owned by root that you have execute on. Cross-check the binary against GTFOBins — if listed, you have an instant root path.

Module 11 — The Metasploit Framework (MSF)

[!book] Course companion [[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/INE-Host-and-Network-Penetration-Testing-The-Metasploit-Framework-MSF.pdf|📕 Course PDF · 185 pages]]

What you'll learn: the largest module — Metasploit cover-to-cover. History, editions, architecture (modules: exploit / payload / encoder / NOP / aux / post), staged vs non-staged payloads, Meterpreter internals, msfdb (Postgres) setup, MSFconsole fundamentals (search/use/options/set/run/back/sessions), workspaces, integration with nmap / Nessus / WMAP, msfvenom (generate, encode w/ shikata_ga_nai, inject into PEs), resource scripts for automation, then the full kill chain demonstrated through MSF: HTTP File Server → IIS → MS17-010 → WinRM → Apache Tomcat → vsFTPd → Samba → libssh → Haraka SMTP. Closes with Armitage (Java GUI for MSF).

Intro

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/introduction/INE - Host & Network Penetration Testing The Metasploit Framework - introd.mp4|11 · Course Trailer]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/introduction/course introduction_3.mp4|11 · Course Introduction]]

Metasploit Framework Overview

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Framework Overview/Introduction to the Metasploit Framework.mp4|11 · Intro to MSF]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Framework Overview/Metasploit Framework Architecture.mp4|11 · Architecture (modules, stagers, etc.)]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Framework Overview/Penetration Testing With The Metasploit Framework.mp4|11 · Pentesting w/ MSF (PTES mapping)]]

Metasploit Fundamentals

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Fundamentals/Installing & Configuring The Metasploit Framework.mp4|11 · Install + Configure (msfdb)]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Fundamentals/MSFconsole Fundamentals.mp4|11 · MSFconsole Fundamentals]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Metasploit/Metasploit Fundamentals/Creating & Managing Workspaces.mp4|11 · Workspaces]]

Information Gathering & Enumeration (Nmap + Aux Modules)

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Nmap/Port Scanning & Enumeration With Nmap.mp4|11 · Port Scan + Enum w/ Nmap]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Nmap/Importing Nmap Scan Results Into MSF.mp4|11 · Import Nmap → MSF]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/Port Scanning With Auxiliary Modules.mp4|11 · Port Scan w/ Aux Modules]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/FTP Enumeration.mp4|11 · FTP Enumeration]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/SMB Enumeration.mp4|11 · SMB Enumeration]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/Web Server Enumeration.mp4|11 · Web Server Enumeration]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/MySQL Enumeration.mp4|11 · MySQL Enumeration]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/SSH Enumeration.mp4|11 · SSH Enumeration]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Information Gathering & Enumeration/Enumeration/SMTP Enumeration.mp4|11 · SMTP Enumeration]]

Vulnerability Scanning

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Vulnerability Scanning/MSF/Vulnerability Scanning With MSF.mp4|11 · Vuln Scanning w/ MSF]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Vulnerability Scanning/Nessus/Vulnerability Scanning With Nessus.mp4|11 · Vuln Scanning w/ Nessus]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Vulnerability Scanning/Web Apps/Web App Vulnerability Scanning With WMAP.mp4|11 · Web-App Vuln Scan w/ WMAP]]

Client-Side Attacks (Payloads & Automation)

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Client-Side Attacks/Payloads/Generating Payloads With Msfvenom.mp4|11 · msfvenom · Generate]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Client-Side Attacks/Payloads/Encoding Payloads With Msfvenom.mp4|11 · msfvenom · Encode]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Client-Side Attacks/Payloads/Injecting Payloads Into Windows Portable Executables.mp4|11 · msfvenom · Inject into PE]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Client-Side Attacks/Automating/Automating Metasploit With Resource Scripts.mp4|11 · Automating w/ Resource Scripts]]

Windows Exploitation

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Windows Exploitation/Exploiting A Vulnerable HTTP File Server.mp4|11 · Win · Rejetto HFS RCE]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Windows Exploitation/Exploiting Windows MS17-010 SMB Vulnerability.mp4|11 · Win · MS17-010 EternalBlue]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Windows Exploitation/Exploiting WinRM (Windows Remote Management Protocol).mp4|11 · Win · WinRM]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Windows Exploitation/Exploiting A Vulnerable Apache Tomcat Web Server.mp4|11 · Win · Apache Tomcat RCE]]

Linux Exploitation

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Exploitation/Exploiting A Vulnerable FTP Server.mp4|11 · Linux · vsFTPd 2.3.4 backdoor]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Exploitation/Exploiting Samba_1.mp4|11 · Linux · Samba RCE]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Exploitation/Exploiting A Vulnerable SSH Server.mp4|11 · Linux · libssh auth bypass]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Exploitation/Exploiting A Vulnerable SMTP Server.mp4|11 · Linux · Haraka SMTP cmd inject]]

Post Exploitation Fundamentals (Meterpreter)

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Post Exploitation Fundamentals/Meterpreter Fundamentals.mp4|11 · Meterpreter Fundamentals]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Post Exploitation Fundamentals/Upgrading Command Shells To Meterpreter Shells.mp4|11 · Upgrade cmd shell → meterpreter]]

Windows Post-Exploitation

Linux Post-Exploitation

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Post Exploitation/Linux Post Exploitation Modules.mp4|11 · Linux Post-Ex Modules]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Post Exploitation/Linux Privilege Escalation_ Exploiting A Vulnerable Program.mp4|11 · Linux · PE via vuln program]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Post Exploitation/Dumping Hashes With Hashdump.mp4|11 · Linux · hashdump]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Exploitation/Linux Post Exploitation/Establishing Persistence On Linux.mp4|11 · Linux · Persistence]]

Armitage (GUI)

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Armitage/Metasploit GUIs/Port Scanning & Enumeration With Armitage.mp4|11 · Armitage · Scan + Enum]]
[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Armitage/Metasploit GUIs/Exploitation & Post Exploitation With Armitage.mp4|11 · Armitage · Exploit + Post-Ex]]

Wrap-up

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/Conclusion/cousre conclusion.mp4|11 · Course Conclusion]]

[!tip]- MSFconsole muscle memory

search <term>           # find module
use <module-path>       # select module
info                    # docs for current module
show options / show payloads / show targets
set RHOSTS / set LHOST / set LPORT / set PAYLOAD
setg <var> <val>        # global var (persists across modules)
check                   # is target vulnerable? (some modules)
run / exploit           # fire
sessions -l / sessions -i <id>
background / bg         # detach session
workspace -a <name>     # new workspace
resource <file.rc>      # play back commands

Meterpreter top commands: sysinfo, getuid, getsystem, hashdump, migrate <pid>, ps, shell, upload/download, route add, portfwd, screenshot, keyscan_start/dump.

Module 12 — Web Apps · HTTP Protocol

[!book] Course companion [[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/INE-Web-Application-Penetration-Testing-Introduction-to-the-Web-HTTP-Protocol-Course-File.pdf|📕 Course PDF · 100 pages]]

What you'll learn: the entry course to the Web App Pentesting track — pure foundation, not yet exploitation. What web apps are, client-server model, OWASP-top-style threats (XSS, SQLi, CSRF, SSRF, broken access control, sensitive data exposure, file upload, DDoS, security misconfig, components w/ known vulns), web app architecture (frontend/backend/db/app server), client-side stack (HTML/CSS/JS, cookies, localStorage), server-side stack (Apache/Nginx/IIS, app servers, scripting languages, DBs), data interchange (JSON/XML/REST/SOAP), then HTTP in detail — request line, methods (GET/POST/PUT/DELETE/PATCH/HEAD/OPTIONS), headers (Host, User-Agent, Accept, Accept-Encoding, Connection, Authorization, Cookie), responses + status codes (200/301/302/400/401/403/404/500), headers (Date, Cache-Control, Content-Type/Encoding, Server), and HTTPS / TLS layering. Closes with passive crawling/spidering using Burp Suite + OWASP ZAP.

Intro

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/introduction/INE - Web Application Penetration Testing Introduction to the Web & HTTP Protocol - introduction.mp4|12 · Course Trailer]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/introduction/INE - Web Application Penetration Testing Introduction to the Web & HTTP Protocol - introduction_1.mp4|12 · Course Introduction]]

Introduction to Web Application Security

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Introduction to Web App Security Testing/Introduction to Web Application Security.mp4|12 · Intro to Web App Security]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Introduction to Web App Security Testing/Web Application Security Testing.mp4|12 · Web App Security Testing]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Introduction to Web App Security Testing/Common Web Application Threats & Risks.mp4|12 · Common Threats & Risks]]

Web Application Architecture & Components

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Web Application Architecture & Components/Web Application Architecture.mp4|12 · Web App Architecture]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Web Application Architecture & Components/Web Application Technologies - Part 1.mp4|12 · Web Technologies pt1]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Web Application Architecture & Components/Web Application Technologies - Part 2.mp4|12 · Web Technologies pt2]]

HTTP Protocol

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/Introduction to HTTP.mp4|12 · Introduction to HTTP]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTP Requests - Part 1.mp4|12 · HTTP Requests pt1]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTP Requests - Part 2.mp4|12 · HTTP Requests pt2]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTP Responses.mp4|12 · HTTP Responses]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTP Basics Lab - Part 1.mp4|12 · HTTP Basics Lab pt1]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTP Basics Lab - Part 2.mp4|12 · HTTP Basics Lab pt2]]
[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/HTTP Protocol/HTTPS.mp4|12 · HTTPS]]

Website Crawling & Spidering

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Website Crawling & Spidering/Passive Crawling & Spidering with Burp Suite & OWASP ZAP.mp4|12 · Passive Crawl w/ Burp + ZAP]]

Wrap-up

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/Goodbye/couse conclusion.mp4|12 · Course Conclusion]]

[!note]- HTTP status code minimum-set 200 OK · 301 Moved Permanently · 302 Found · 400 Bad Request · 401 Unauthorized · 403 Forbidden · 404 Not Found · 500 Internal Server Error. For pentesting, 403 vs 401 matters: 401 = "auth required, please send creds"; 403 = "auth provided/known, access denied". 500 frequently leaks stack traces.

[!note]- HTTP request methods that change server state POST · PUT · DELETE · PATCH. GET / HEAD / OPTIONS should be safe + idempotent (RFC 7231) — when a GET endpoint changes state, that's often a CSRF candidate.

Final-stretch checklist (exam prep)

[!success]+ Before you book the exam, you should be able to do all of these from muscle memory

Run an nmap scan with custom ports + service version + NSE scripts and parse the output formats

Set up responder + relay NTLM with ntlmrelayx (don't crack — relay)

Pop a Win Server 2008 box via MS17-010 EternalBlue (manual + MSF route)

Pop an Ubuntu 12.04 box via Shellshock through Apache CGI

Use searchsploit offline + cross-compile a C exploit for a target's architecture

Generate a staged + non-staged msfvenom payload, encode w/ shikata_ga_nai, inject into a PE, deliver, and catch with multi/handler

Upgrade a dumb shell to a TTY (python -c 'import pty; pty.spawn(...)' → stty raw -echo → fg → export TERM)

Dump SAM / NTDS hashes with mimikatz / hashdump, crack with john + hashcat using a wordlist + rules

Exploit a SUID binary using GTFOBins

Pivot from a compromised host into a second subnet using meterpreter route add + auxiliary scanners

Read an HTTP request and identify the method, host, headers, and response status from raw text alone

Use Burp Suite to passively crawl a site and identify hidden endpoints

[!tip] Exam-day tactics

eJPT is practical, not multiple choice — you get a lab and a checklist of tasks. There is no time penalty for retries.

Read every task before touching the lab. The intended path is usually the "easiest pivot" path.

Take notes inline (CherryTree / Obsidian) — the answer to a later question often comes from a scan you ran 90 minutes earlier.

When stuck, re-run nmap with -p- -sV -sC --script vuln. The course's grading hinges on services + versions you may have skipped.

Index of accompanying assets

[!info]+ PDF decks (open in Obsidian's PDF viewer)

[[01-Information-Gathering/Assessment Methodologies Information Gathering/INE-Assessment-Methodologies-Information-Gathering.pdf|01 · Information Gathering]]

[[02-Enumeration/Assessment Methodologies Enumeration/INE-Assessment-Methodologies-Enumeration-Course-File.pdf|02 · Enumeration]]

[[03-Footprinting-Scanning/Assessment Methodologies Footprinting & Scanning/INE-Assessment-Methodologies-Footprinting-and-Scanning-Course-File.pdf|03 · Footprinting & Scanning]]

[[04-Vulnerability-Assessment/Assessment Methodologies Vulnerability Assessment/INE-Assessment-Methodologies-Vulnerability-Assessment-Course-File.pdf|04 · Vulnerability Assessment]]

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/INE-Assessment-Methodologies-Auditing-Fundamentals-Course-File.pdf|05 · Auditing Fundamentals (PDF)]]

[[05-Auditing/Assessment Methodologies Auditing Fundamentals/INE-Assessment-Methodologies-Auditing-Fundamentals-Course-File.pptx|05 · Auditing Fundamentals (PPTX)]]

[[06-Exploitation/Host & Network Penetration Testing Exploitation/INE-Host-and-Network-Penetration-Testing-Exploitation.pdf|06 · Exploitation]]

[[07-Network-Attacks/Host & Network Penetration Testing Network-Based Attacks/INE-Host-and-Network-Penetration-Testing-Network-Based-Attacks-Course-File.pdf|07 · Network-Based Attacks]]

[[08-Post-Exploitation/Host & Network Penetration Testing Post-Exploitation/INE-Host-and-Network-Penetration-Testing-Post-Exploitation-Course-File.pdf|08 · Post-Exploitation]]

[[10-Host-Based-Attacks/Host & Network Penetration Testing System Host Based Attacks/INE-Host-and-Network-Penetration-Testing-System-Host-Based-Attacks.pdf|10 · System / Host-Based Attacks]]

[[11-Metasploit/Host & Network Penetration Testing The Metasploit Framework (MSF)/INE-Host-and-Network-Penetration-Testing-The-Metasploit-Framework-MSF.pdf|11 · The Metasploit Framework]]

[[12-Web-Apps/Web Application Penetration Testing Introduction to the Web & HTTP Protocol/INE-Web-Application-Penetration-Testing-Introduction-to-the-Web-HTTP-Protocol-Course-File.pdf|12 · Web & HTTP Protocol]]

[!info]- Module screenshots Each module folder ships with a Screenshot_*.jpg (likely the course-completion screen). Not links — open with your file manager if you want to look back at them.

Curated by reading every PDF in this collection (973 pages) and indexing all 252 video lessons. Ticking through this list end-to-end is the intended path to eJPT readiness.

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
README.md		README.md

Lesson	Appears in modules
Networking Fundamentals · OSI Model	03 + 07
Firewall Detection & IDS Evasion	03 + 07
Importing Nmap Scan Results into MSF	02 + 11
Port Scanning & Enumeration with Nmap	02 + 11
Port Scanning with Auxiliary Modules	02 + 11
FTP / SMB / SSH / SMTP / MySQL / Web Enumeration	02 + 11
Frequently Exploited Windows Services	04 + 10
Frequently Exploited Linux Services	04 + 10
Overview Of Windows Vulnerabilities	04 + 10
WebDAV Vulnerabilities · Exploiting MS IIS WebDAV	04 + 10
Exploiting MS17-010 EternalBlue	04 + 10 + 11
Exploiting CVE-2019-0708 BlueKeep	04 + 10
Exploiting Bash CVE-2014-6271 Shellshock	04 + 10
Pass-The-Hash	04 + 10 + 11
Vulnerability Scanning with MSF	04 + 11
Vulnerability Scanning with Nessus	04 + 11
Web App Vuln Scanning with WMAP	04 + 11
The Metasploit Framework intro	06 + 11
Bypassing UAC · Token Impersonation w/ Incognito	10 + 11
Dumping Hashes with Mimikatz	08 + 10 + 11
Pivoting	08 + 11

CVE	Name	Service	Affected
CVE-2017-0144 (MS17-010)	EternalBlue	SMBv1 / TCP 445	Win Vista, 7, 8.1, 10, Server 2008/2012/2016
CVE-2019-0708	BlueKeep	RDP / TCP 3389	Win XP, Vista, 7, Server 2008/R2
CVE-2014-6271	Shellshock	Bash via Apache CGI	Linux w/ Bash <4.3

Aspect	Audit	Pentest
Purpose	Verify compliance / posture	Exploit weaknesses
Scope	Broad — policy + tech + ops	Narrow — defined targets
Method	Doc review + interviews + tech checks	Adversary simulation
Output	Compliance gaps + recs	Exploited findings + recs
Cadence	Periodic / regulatory	Per change / engagement

Folders and files

Latest commit

History

Repository files navigation

eJPT — Master Study Plan

How to use this file

Folder map at a glance

Suggested 10-week schedule

Skip-the-duplicate map

Quick reference (cheat sheets)

Pentest methodology (PTES — appears in 02 / 03 / 06 / 11)

Common ports the course will hammer

Tools by phase

Methodology mnemonic — what you do once you're "in"

Module 01 — Information Gathering

Intro

Passive Information Gathering

Active Information Gathering

Wrap-up

Module 02 — Enumeration

Intro

Nmap Scripting Engine (NSE) & MSF integration

Service Enumeration

Wrap-up

Module 03 — Footprinting & Scanning

Intro

Networking Primer

Host Discovery

Port Scanning

Evasion, Performance & Output

Wrap-up

Module 04 — Vulnerability Assessment

Intro

Vulnerability Assessment / Scanning

Vulnerability Analysis (canonical CVEs)

Vulnerability Scanning (Nessus + WMAP)

Wrap-up

Module 05 — Auditing Fundamentals

Intro

Introduction to Security Auditing

Governance, Risk & Compliance (GRC)

From Auditing to Penetration Testing (practical lab)

Wrap-up

Module 06 — Exploitation

Intro

Vulnerability Scanning Overview

Exploits — finding & fixing

Shells (Netcat, Bind, Reverse)

Frameworks

Black-Box Windows Pentest (Server 2008)

Black-Box Linux Pentest

AV Evasion & Obfuscation

Wrap-up

Module 07 — Network-Based Attacks

Intro

Networking (recap — skip if Module 03 fresh)

Network Attacks

Wrap-up

Module 08 — Post-Exploitation

Intro

Windows Local Enumeration

Linux Local Enumeration

Transferring Files

Upgrading Shells

Windows Privilege Escalation

Linux Privilege Escalation

Persistence

Dumping & Cracking Hashes

Pivoting

Clearing Your Tracks

Wrap-up

Module 09 — Social Engineering

Intro

Social Engineering

Wrap-up

Module 10 — System / Host-Based Attacks

Intro

Windows · Vulnerabilities Overview

Windows · Exploiting Vulnerabilities

Windows · Privilege Escalation

Packages