VAPT Ethical Hacking Track
Think like an attacker. Master web, network, and Active Directory penetration testing with industry-standard tools.
Duration
3 Months · 12 Weeks
Weeks
12
Modules
84
Access
Curriculum
Penetration Testing Foundations
4w · 28 modules
Recon and OSINT for Pentesters
Passive recon · Active recon · Attack surface mapping
Penetration Testing Methodology — Scoping, Rules of Engagement, Reporting
Legal framework, scope documents, what makes a pentest legal vs illegal. Professional standards every ethical hacker must know.
Passive OSINT — Building a Target Profile Without Touching the Network
Shodan, Censys, Google dorking, LinkedIn recon, certificate transparency logs, WHOIS, DNS history.
Active Recon — Nmap Mastery, Service Enumeration, OS Fingerprinting
Full Nmap flag coverage, NSE scripts, version detection, timing options, stealth scanning techniques.
Subdomain Enumeration and DNS Recon
Amass, Subfinder, DNSrecon, Certificate Transparency. Finding forgotten subdomains that expose attack surface.
Attack Surface Mapping — From OSINT to a Target Profile
Compiling all recon data into an attack surface map. Prioritising targets. Building the engagement plan.
Vulnerability Scanning — Nessus, OpenVAS, Nuclei
Automated vulnerability discovery, reading scanner output, understanding CVSS scores, triaging false positives.
Week 1 Lab — Full Recon on a Target Lab Network
Students complete passive + active recon on a provided lab target and submit a full attack surface report.
Web Application Penetration Testing
Burp Suite · OWASP · SQL injection · Auth attacks
Burp Suite Pro — Intercepting, Repeating, and Manipulating HTTP Traffic
Proxy setup, Intercept, Repeater, Intruder, Scanner — mastering the single most important VAPT tool.
SQL Injection — Manual Exploitation and Automated Tools (SQLMap)
Union-based, error-based, blind SQLi — finding and exploiting manually, then with SQLMap. Extraction and escalation.
Cross-Site Scripting — Stored, Reflected, DOM-Based Exploitation
XSS payload crafting, filter bypass techniques, session hijacking via XSS, BeEF framework introduction.
Broken Authentication and Session Management Attacks
JWT attacks, session fixation, cookie manipulation, brute force with Hydra and Burp Intruder.
IDOR, SSRF, and XXE — Business Logic and Advanced Web Vulnerabilities
Finding and exploiting insecure direct object references, server-side request forgery, XML entity injection.
API Security Testing — REST, GraphQL, and OAuth Vulnerabilities
API enumeration, broken object-level auth, mass assignment, GraphQL introspection abuse, OAuth token theft.
Week 2 Lab — Full Web App Pentest on DVWA and HackTheBox Web Challenges
Students complete a structured web app pentest, finding and exploiting multiple vulnerability classes. Report submitted.
Network Penetration Testing
Exploitation · Metasploit · Pivoting
Metasploit Framework — From Search to Shell
Module types, exploits vs payloads, meterpreter, post-exploitation modules. The complete Metasploit workflow.
Service Exploitation — SMB, FTP, SSH, RDP, Web Servers
Exploiting common service vulnerabilities — EternalBlue, misconfigured FTP, SSH key attacks, RDP brute force.
Password Attacks — Cracking, Spraying, and Credential Stuffing
Hashcat, John the Ripper, wordlists, rainbow tables, NTLM hash cracking. Password spray strategies.
Privilege Escalation — Linux and Windows Local PrivEsc Techniques
SUID binaries, sudo misconfigs, kernel exploits (Linux), unquoted service paths, token impersonation (Windows).
Pivoting and Tunnelling — Moving Through a Network After Initial Access
SSH tunnelling, Chisel, Ligolo, proxychains — reaching internal network segments from an initial foothold.
Post-Exploitation — Persistence, Credential Harvesting, Data Exfiltration
Maintaining access, dumping credentials with Mimikatz, exfiltrating data covertly, cleaning up traces.
Week 3 Lab — Full Network Pentest on a Multi-Machine Lab Environment
Students compromise an initial foothold, pivot through segments, and reach the domain controller. Full chain required.
Active Directory Attacks and Report Writing
Kerberoasting · Lateral movement · Professional reports
Active Directory Enumeration — BloodHound, PowerView, and ADRecon
Mapping AD relationships, finding attack paths to Domain Admin, identifying misconfigurations with BloodHound.
Kerberoasting, AS-REP Roasting, and Pass the Hash
Extracting and cracking Kerberos tickets, targeting accounts without pre-auth, lateral movement with NTLM hashes.
DCSync, Golden Ticket, and Silver Ticket Attacks
Replicating domain credentials, forging Kerberos tickets for persistent privileged access. Detection implications.
Professional Pentest Report Writing — Executive Summary to Technical Findings
Report structure, CVSS scoring, remediation recommendations, writing findings that clients actually understand.
Sample Report Walkthrough — Reading and Writing Like a Senior Pentester
Deconstructing a real pentest report. What separates junior reports from senior reports. Common mistakes.
Client Communication — Briefing, Debrief, and Remediation Walkthroughs
How to present findings to a client, handling pushback on severity ratings, remediation verification engagements.
Month 1 Capstone — Full AD Attack Chain + Professional Report
Students compromise an AD lab from initial access to Domain Admin and submit a client-ready pentest report.
Specialised Attack Techniques
4w · 28 modules
Cloud Penetration Testing
AWS · Azure · GCP attack paths
Cloud Pentest Scoping — What's In and Out of Scope on AWS, Azure, GCP
Cloud provider pentest policies, what requires prior approval, responsible disclosure for cloud bugs.
AWS Attack Paths — IAM Privilege Escalation, S3 Enumeration, EC2 Abuse
Exploiting misconfigured IAM roles, finding open buckets, abusing instance metadata service (IMDSv1 attacks).
Azure Penetration Testing — Entra ID, ARM Templates, Storage Attacks
Azure-specific attack paths: managed identity abuse, storage account key extraction, RBAC escalation.
Cloud Pentest Tools — ScoutSuite, Prowler, Pacu, ROADtools
Automated cloud security assessment tools. When to use each, how to interpret output, manual validation.
Container and Kubernetes Penetration Testing
Container escapes, K8s RBAC misconfigs, exposed dashboards, secrets in environment variables.
Serverless and Function Attack Surfaces — Lambda, Azure Functions
Injection in serverless functions, event source abuse, IAM over-permissions in serverless architectures.
Week 5 Lab — Full Cloud Pentest on a Misconfigured AWS Environment
Students assess and exploit a deliberately misconfigured AWS environment from initial access to full account compromise.
Mobile and API Security Testing
Android · iOS · API attacks
Mobile App Security Testing — Android Architecture and Attack Surface
APK structure, decompilation with JADX, ADB basics, Android security model, attack surface mapping.
Android Pentest — Static and Dynamic Analysis
MobSF for static analysis, Frida for dynamic instrumentation, traffic interception with Burp on Android.
iOS Security Testing Basics — App Transport Security, Keychain, Jailbreak
iOS security model, what testers can access, Objection framework for runtime manipulation.
Advanced API Security Testing — OWASP API Top 10
Mass assignment, excessive data exposure, function-level auth bypass, injection in APIs — full OWASP API Top 10 coverage.
GraphQL Security — Introspection, Injection, and Batching Attacks
GraphQL-specific vulnerabilities and how to test them. An increasingly common attack surface in modern apps.
Thick Client Penetration Testing — Desktop App Security
Intercepting thick client traffic, binary reversing basics, credential storage in desktop apps.
Week 6 Lab — Mobile + API Pentest on a Vulnerable App
Students test an intentionally vulnerable Android app and its API backend. Full report submitted.
Social Engineering and Physical Security
Phishing campaigns · Vishing · Physical recon
Social Engineering in Pentesting — When and How It's Used
Scope and ethics of SE testing, legal considerations, common SE scenarios in professional engagements.
Phishing Campaign Design — GoPhish, Evilginx, and Credential Harvesting
Setting up phishing infrastructure, crafting convincing pretexts, running campaign simulations, measuring results.
Spear Phishing and Whaling — Targeting High-Value Individuals
Personalised phishing using OSINT, crafting emails that bypass MFA awareness, executive impersonation.
Vishing and Pretexting — Phone-Based Social Engineering
Building pretexts, conducting vishing simulations, what information employees reveal on calls.
Physical Penetration Testing Basics — Tailgating, Lock Picking, Recon
Physical security assessment concepts, what physical pentests involve, RFID cloning, badge access attacks.
Reporting Social Engineering Findings — Metrics and Recommendations
How to present SE results to clients, click rates, credential submission rates, training recommendations.
Week 7 Lab — Run a Simulated Phishing Campaign and Analyse Results
Students design, launch, and analyse a phishing simulation in a controlled lab environment. Full metrics report.
Evasion Techniques and Month 2 Capstone
AV bypass · Detection evasion · Full engagement
AV and EDR Evasion — How Attackers Bypass Security Tools
Obfuscation, encoding, in-memory execution, custom loaders — understanding evasion so defenders can detect it.
Living off the Land Binaries — Attacking With What's Already There
PowerShell, certutil, mshta, regsvr32 — LOLBins that attackers abuse and testers must understand.
C2 Frameworks — Cobalt Strike Concepts, Sliver, and Havoc
How C2 frameworks work, beaconing, staging, operator tradecraft — understanding attacker infrastructure.
Custom Payload Development Basics — Python and PowerShell Scripting for Pentesters
Writing simple reverse shells, encoding payloads, automating exploitation steps with Python.
Covering Tracks — Log Manipulation, Timestomping, Artefact Cleanup
How attackers hide evidence — and how forensics investigators find it anyway. Both perspectives matter.
Month 2 Assessment — Technical Review
Comprehensive practice exam covering cloud, mobile, API, SE, and evasion techniques.
Month 2 Capstone — Full Adversary Simulation Engagement
Students run a complete red team-style engagement: recon, initial access, pivot, AD compromise, C2, and full report.
HackTheBox, CTFs, Certification and Placement
4w · 28 modules
HackTheBox and Real-World Practice
HTB machines · TryHackMe · PortSwigger
HackTheBox Platform Orientation — How to Learn From HTB Machines
Starting point machines, methodology for approaching new boxes, writeup culture, learning from hints without spoiling.
HTB Easy Machine Walkthroughs — 3 Machines With Full Methodology
Guided walkthroughs of 3 retired easy machines. Methodology focus over tool focus.
HTB Medium Machine — Student Completes Independently With Mentor Review
Students tackle a medium machine. Mentor reviews approach, methodology, and report quality.
PortSwigger Web Security Academy — Top 10 Labs Every Pentester Must Complete
Guided completion of the most important PortSwigger labs. Best free web hacking training on the internet.
CTF Strategy — How to Approach and Win Capture the Flag Competitions
CTF mindset, category strategies (web, crypto, pwn, forensics), how CTF experience translates to job interviews.
Building Your Hacking Portfolio — GitHub, HTB Profile, and Writeups
How to present practical experience publicly. What hiring managers look for in a VAPT candidate's portfolio.
Week 9 Lab — Complete 2 HTB Machines and Submit Full Writeups
Students complete two machines independently and submit professional-quality writeups for review.
Interview Preparation and VAPT Portfolio
Resume · Mock interviews · Portfolio building
VAPT Pentester Resume — What Hiring Managers at Indian Firms Look For
Skills section, tools list, how to frame lab and CTF experience professionally, what to never include. Real reviewed examples.
Top 40 VAPT Interview Questions With Model Answers
Technical and scenario-based questions from real Indian pentesting firm interviews. Junior to mid-level coverage with detailed answers.
Building a Public Hacking Portfolio — GitHub, HTB Profile, and CTF Writeups
How to document and publish lab work, write professional CTF writeups, and present a portfolio that hiring managers actually read.
Certifications That Accelerate Hiring — CEH, OSCP, eJPT, CompTIA PenTest+
Honest comparison of each cert — cost, difficulty, Indian market recognition, exam format. How ZPT sits alongside them.
VAPT Career Paths — Junior Pentester to Lead to Bug Bounty to Red Team
The ethical hacking career ladder, salary bands at each stage, how to move from employed pentesting to freelance and bug bounty.
Networking in Offensive Security — Communities, Twitter/X, Conferences, Bug Bounty Platforms
Null community, OWASP India chapters, HackerOne/Bugcrowd profiles, conferences to attend (c0c0n, PyCon India security track).
Week 10 Lab — Full Live Mock Technical Interview With Mentor Feedback
45-minute recorded mock interview: scenario round, tool knowledge, methodology walkthrough. Written feedback provided.
ZPT Certification Preparation
Full revision · Practice exam · 24-hour lab simulation
ZPT Exam Format and Scoring — What to Expect
Exam structure, theory section (50 questions), 24-hour practical lab rules, report submission requirements, pass criteria (70%), retake policy.
Full Revision — Recon, Web App, Network Pentest, AD Attacks
Month 1 comprehensive review — all tools, all techniques, all methodology steps. Practice questions and flashcards included.
Full Revision — Cloud, Mobile, API, SE, and Evasion Techniques
Month 2 advanced topic revision. Focus on areas where students typically lose marks. Mapped to ZPT exam objectives.
ZPT Theory Practice Exam — 50 Questions Timed
Full mock theory exam under timed conditions. All questions reviewed and explained with detailed answer rationale after submission.
ZPT Practice Lab — 24-Hour Compromise Challenge
Full exam simulation: students receive a multi-machine lab and 24 hours to compromise, pivot, and produce a client-ready report.
Weak Area Remediation — Targeted Revision Based on Practice Results
Personalised gap-close session based on practice exam and lab performance. Focused re-drilling of weak techniques before the real exam.
Pre-Exam Strategy — Time Management, Lab Approach, and Report Template
Exam-day strategy: how to approach machines in order, time boxing, note-taking during the lab, report writing speed techniques.
ZPT Certification Exam and Graduation
Exam · ZPT Certificate · Placement launch · Alumni
ZPT Theory Exam — 50 Questions, 90 Minutes
Proctored theory examination covering all 3 months of VAPT curriculum. Pass mark: 70%.
ZPT Practical Exam — 24-Hour Live Lab Compromise
Proctored 24-hour lab: multi-machine network, students must enumerate, exploit, pivot, escalate, and submit a professional pentest report.
ZPT Certificate Issued — Zharnyx Penetration Testing Certification
Digital certificate with unique ID and QR verification code. Shared with hiring partners. LinkedIn post template provided.
Placement Kickoff — Profile Submission to Zharnyx Hiring Partners
Resume reviewed and submitted to active hiring partner network. Interview scheduling begins within 5 working days.
Graduation — Cohort Celebration and Zharnyx Dragons Alumni Badge
Cohort graduation session, alumni Discord access, mentorship continuity, Zharnyx Dragons badge for LinkedIn and GitHub.
30-Day Post-Graduation Job Search Support
Weekly mentor check-ins, job application review, interview preparation support, continued lab access for 30 days post-graduation.
Continuous Learning Path — From ZPT to OSCP and Beyond
OSCP preparation roadmap, bug bounty getting-started guide, red team career pathway, recommended advanced courses and platforms.