1. Overview
2. Regulation and Compliance
3. Common Pentest Restrictions
4. Legal Concepts and Documents
5. Standards and Methodologies
6. Scoping an Engagement
7. Professionalism and Integrity
8. DNS Recon
9. Target Recon
10. Host Discovery and Enumeration
11. Web and Cloud Discovery and Enumeration
12. Defense Detection and Avoidance
13. Vulnerability Scanning
14. Nmap
15. Exploit Resources
16. Denial of Service
17. ARP and DNS Poisoning
18. Password Attacks
19. VLAN Hopping
20. MAC Spoofing
21. Wireless Attacks
22. OWASP Top 10 Web App Security Risks
23. SSRF Attacks
24. Business Logic Flaws
25. SQL Injection Attacks
26. Other Injection Attacks
27. XSS Attacks
28. Session Attacks
29. API Attacks
30. Cloud Attacks
31. Mobile Attacks
32. IoT Hacking
33. Data Storage System Vulnerabilities
34. ICS SCADA and IIOT Vulnerabilities
35. Virtual Environment Vulnerabilities
36. Container Vulnerabilities
37. Social Engineering and Physical Attacks
38. Post Exploitation Enumeration and Tools
39. Network Segmentation Testing
40. Privilege Escalation
41. Persistence
42. Detection Avoidance
43. Components of Written Reports
44. Recommended Remediations
45. Communication During a Pentest
46. Post Report Delivery Activities
47. Basic Programming Concepts
48. Analyze Scripts Or Code For Use In A Pentest
49. Opportunities for Automation
