EC-Council Certified Penetration Testing Professional Training Program
Instructors:
Adnan Masood
Assistant Professor @ CASE Islamabad
Dr. Syed Jawad Hussain
Associate Professor & Chairperson @ SS CASE IT
This advanced course builds practical skills in real-world penetration testing, from network and web exploitation to reverse engineering and Active Directory attacks. Delivered with access to EC-Council iLabs, it offers hands-on labs in a live cyber range environment.
As part of SS CASE IT’s MoU with EC-Council, the program ensures global certification alignment. Ideal for professionals aiming for CPENT, it prepares you for modern red teaming and enterprise-grade security challenges.
Course Educational Objective
- To jump-start a career in offensive cybersecurity and penetration testing by mastering advanced exploitation techniques, red teaming methodologies, and real-world cyber range simulations.
- To inspire innovative security solutions and ethical hacking practices that address modern enterprise threats.
- To prepare skilled professionals who can contribute to Pakistan’s cybersecurity resilience and global standing in information security and cyber defense.
Pre-Requisite
To ensure students can effectively grasp and implement course concepts, the following knowledge areas are required:
- Basic understanding of computer networks
- Operating systems (Windows/Linux)
- Cybersecurity fundamentals
Why EC-Council Certification?
- Global Recognition: Prestigious cybersecurity certification trusted by employers worldwide
- Industry-Aligned Curriculum: Continuously updated to reflect real-world threats
- Hands-On Training: Focused labs and simulations
- Career Boost: Opens doors to top-tier roles in cybersecurity
- Compliance Ready: Supports organizational compliance (ISO, NIST, HIPAA, etc.)
Instructors Detail Profile
Mr. Adnan Masood
Associate Professor at CASE Islamabad with a focus on offensive cybersecurity, digital forensics, and network security. With hands-on experience in penetration testing and vulnerability assessments across organizational networks, Bring a practical, real-world approach to the classroom.
Certified in CEH and CHFI, Delivered university-level courses and industry-recognized short trainings in ethical hacking, incident response, and forensics. Also contributed to red-team security audits and software vulnerability evaluations for critical systems.
Known for interactive and problem-solving teaching style, I aim to bridge the gap between theoretical learning and real-world application. Currently involved in mentoring students for EC-Council’s CPENT (Certified Penetration Testing Professional), I am passionate about building the next generation of ethical hackers and security professionals.
Dr. Syed Jawad Hussain
Syed Jawad Hussain is an Associate Professor and Chairperson at the Sir Syed Case Institute of Technology, Islamabad, Pakistan. He holds a Ph.D in Computer Science from Massey University, New Zealand, focusing on developing high-definition video quality experience models. His research interests include multimedia communication networks, machine learning, quality of service (QoS), quality of experience (QoE), data and network security, and statistical modeling. Dr. Hussain has extensive experience in academia and industry, having held various leadership roles, including Head of Department positions at institutions in Pakistan and abroad. He has worked on numerous research and consultancy projects, focusing on machine learning, data security, and multimedia communications. Dr. Hussain has published extensively in prestigious journals and conferences, contributing significantly to the field of computer science.
Course Details
| Training Details | Information |
|---|---|
| Training Duration | 26th July – 21st September 2025 |
| Total Duration | 48 hours (24 hours theory + 24 hours lab) |
| Fee Options | Option 1: Rs. 40,000 (SS CASE IT Certificate + Official Training) Option 2: Rs. 40,000 + 420 USD (EC-Council Training + Exam Voucher + E-Book + iLabs Access) |
| Mode of Training | Hybrid (Online + On-Campus) |
| Registration Deadline | 25th July 2025 |
| Classes Schedule | Saturday (9:00 am to 12:00 pm Theory class) (1:00 pm to 4:00 pm Lab) |
Introduction to Penetration Testing and Methodologies
- Principles and Objectives of Penetration Testing
- Penetration Testing Methodologies and Frameworks
- Best Practices and Guidelines for Penetration Testing
- Role of Artificial Intelligence in Penetration Testing
- Role of Penetration Testing in Compliance with Laws, Acts, and Standards
Penetration Testing Scoping and Engagement
- Penetration Testing: Pre-engagement Activities
- Key Elements Required to Respond to Penetration Testing RFPs
- Drafting Effective Rules of Engagement (ROE)
- Legal and Regulatory Considerations Critical to Penetration Testing
- Resources and Tools for Successful Penetration Testing
- Strategies to Effectively Manage Scope Creep
Open-Source Intelligence (OSINT)
- Collect Open-Source Intelligence (OSINT) on Target’s Domain Name
- Collect OSINT About Target Organization on the Web
- Perform OSINT on Target’s Employees
- OSINT Using Automation Tools
- Map the Attack Surface
Social Engineering Penetration Testing
- Social Engineering Penetration Testing Concepts
- Off-Site Social Engineering Penetration Testing
- On-Site Social Engineering Penetration Testing
- Document Findings with Countermeasure Recommendations
Web Application Penetration Testing
- Web Application Footprinting and Enumeration Techniques
- Techniques for Web Vulnerability Scanning
- Test for Vulnerabilities in Application Deployment and Configuration
- Techniques to Assess Identity Management, Authentication, and Authorization
- Mechanisms
- Evaluate Session Management Security
- Evaluate Input Validation Mechanisms
- Detect and Exploit SQL Injection Vulnerabilities
- Techniques for Identifying and Testing Injection Vulnerabilities
- Exploit Improper Error Handling Vulnerabilities
- Identify Weak Cryptography Vulnerabilities
- Test for Business Logic Flaws in Web Applications
- Evaluate Applications for Client-Side Vulnerabilities
API and Java Web Token Penetration Testing
- Techniques and Tools to Perform API Reconnaissance
- Test APIs for Authentication and Authorization Vulnerabilities
- Evaluate the Security of JSON Web Tokens (JWT)
- Test APIs for Input Validation and Injection Vulnerabilities
- Test APIs for Security Misconfiguration Vulnerabilities
- Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
- Test APIs for Security of GraphQL Implementations
- Test APIs for Business Logic Flaws and Session Management
Perimeter Defense Evasion Techniques
- Techniques to Evaluate Firewall Security Implementations
- Techniques to Evaluate IDS Security Implementations
- Techniques to Evaluate the Security of Routers
- Techniques to Evaluate the Security of Switches
Windows Exploitation and Privilege Escalation
- Windows Pen Testing Methodology
- Techniques to Perform Reconnaissance on a Windows Target
- Techniques to Perform Vulnerability Assessment and Exploit Verification
- Methods to Gain Initial Access to Windows Systems
- Techniques to Perform Enumeration with User Privilege
- Techniques to Perform Privilege Escalation
- Post-Exploitation Activities
Active Directory Penetration Testing
- Architecture and Components of Active Directory
- Active Directory Reconnaissance
- Active Directory Enumeration
- Exploit Identified Active Directory Vulnerabilities
- Role of Artificial Intelligence in AD Penetration Testing Strategies
Linux Exploitation and Privilege Escalation
- Linux Exploitation and Penetration Testing Methodologies
- Linux Reconnaissance and Vulnerability Scanning
- Techniques to Gain Initial Access to Linux Systems
- Linux Privilege Escalation Techniques
Reverse Engineering, Fuzzing, and Binary Exploitation
- Concepts and Methodology for Analyzing Linux Binaries
- Methodologies for Examining Windows Binaries
- Buffer Overflow Attacks and Exploitation Methods
- Concepts, Methodologies, and Tools for Application Fuzzing
Lateral Movement and Pivoting
- Advanced Lateral Movement Techniques
- Advanced Pivoting and Tunneling Techniques to Maintain Access
IoT Penetration Testing
- Fundamental Concepts of IoT Pentesting
- Information Gathering and Attack Surface Mapping
- Analyze IoT Device Firmware
- In-depth Analysis of IoT Software
- Assess the Security of IoT Networks and Protocols
- Post-Exploitation Strategies and Persistence Techniques
- Comprehensive Pentesting Reports
Report Writing and Post-Testing Actions
- Purpose and Structure of a Penetration Testing Report
- Essential Components of a Penetration Testing Report
- Phases of a Pen Test Report Writing
- Skills to Deliver a Penetration Testing Report Effectively
- Post-Testing Actions for Organizations