Network Pentesting

NO.	Topic	What i Learn
01	OSI Model, TCP/IP, Subnetting Basics	Understand OSI layers, TCP/IP stack, IPv4/IPv6, subnet masks, CIDR notation, IP classes.
02	Common Ports, Protocols, NAT, DNS	Learn default ports, NAT operation, DNS resolution, UDP vs TCP, ICMP basics.
03	Packet Flow, TCP Handshake, ARP	Understand 3-way handshake, ARP request/response, and packet life cycle in a network.
04	Nmap Basics: Host Discovery, Ping Scan	Nmap installation, ping scan (-sn), host discovery (-Pn, -n), troubleshooting host detection.
05	Nmap: Port Scanning Techniques	TCP SYN (-sS), TCP Connect (-sT), UDP scan (-sU), stealth scanning, aggressive scanning (-A).
06	Nmap: OS & Service Detection, NSE	OS detection (-O), version detection (-sV), using default NSE scripts for vulnerability scan.
07	Banner Grabbing, Netcat, Masscan	Manual banner grabbing (Netcat), fast scanning with Masscan, service fingerprinting.
08	Passive Reconnaissance	WHOIS, nslookup, theHarvester, DNSDumpster, online recon techniques without touching the target.
09	Web Recon: Wappalyzer, WhatWeb, Wayback	Identify tech stack, CMS, exposed endpoints, older versions of web apps using archive tools.
10	Threat Intelligence: Shodan, VirusTotal	Use Shodan to find vulnerable devices; check URLs/files on VirusTotal for malware detection.
11	Common Network Vulnerabilities & CVEs	Study CVE database, CVSS scores, top vulnerabilities in SMB, FTP, HTTP, etc.
12	Lab Setup & Tool Recap	Build your lab (VMs, network topology), recap tools used so far, and create quick notes.
—	Rest or Notes Review	Self-review: Summarize everything, write questions, reinforce core networking/pentesting ideas.
13	SMB Enumeration with Enum4linux	Use enum4linux to find shares, OS info, users from SMB-enabled hosts.
14	SNMP, FTP, SSH Enumeration	Enumerate SNMP (onesixtyone, snmpwalk), FTP (anonymous login), SSH banners.
15	DNS Zone Transfer, Dig, Nslookup	Attempt zone transfers, learn DNS records, forward/reverse lookups with dig/nslookup.
16	LDAP & NetBIOS Enumeration	Use Nmap/Nikto for NetBIOS, LDAP tools like ldapsearch for domain and user enumeration.
17	Wireshark Basics: Packet Analysis	Analyze live capture or pcap files, filter TCP, HTTP, DNS traffic, follow streams.
18	ARP Spoofing with Bettercap/Ettercap	MITM attacks using ARP spoofing, sniffing credentials, and exploiting insecure communications.
19	DNS Spoofing, SSL Stripping	Redirect DNS requests, force HTTP from HTTPS, intercept traffic with MITMproxy.
20	Tcpdump & MITMproxy	Command-line packet capture and proxy setup to intercept and manipulate HTTP traffic.
21	Vulnerability Scanning (Nmap NSE)	Use NSE scripts for vulners, smb-vuln*, ftp-anon, http-enum, etc.
22	OpenVAS/Nessus Basics	Scan networks with GUI tools, understand report metrics, risk ratings, and false positives.
23	Searchsploit, ExploitDB, CVE Hunting	Find exploits locally or online, map them to vulnerable software versions.
24	Nikto & Manual Vulnerability Analysis	Use Nikto to identify outdated software, XSS, headers, perform manual validation.
25	Metasploit Basics, Payload Types	Setup Metasploit, use exploits, understand payload types, exploit config, and post modules.
26	Exploiting SMB (EternalBlue)	Practice MS17-010 exploitation using Metasploit or manual methods.
27	FTP, SSH Exploits, Reverse Shells	Exploit misconfigured services, weak creds, upload backdoors, get reverse shells.
28	MSFVenom + Manual Payloads	Generate payloads for Windows/Linux, encode and inject, use bind/reverse shells.
29	Netcat, Socat, Bind/Reverse Shells	Create listeners, transfer files, spawn TTY shells, and port redirection with Netcat/Socat.
30	Exploit Writing Basics (optional)	Learn buffer overflow, fuzzing, shellcode basics using Python or C.
31	Meterpreter Commands, System Info	Use Meterpreter to gather system info, pivot, log keystrokes, capture screenshots.
32	Privilege Escalation (Windows)	Check misconfigurations, weak permissions, tools like winPEAS, PowerUp.
33	Privilege Escalation (Linux)	Sudo/suid binaries, kernel exploits, tools like LinPEAS, GTFOBins.
34	Pivoting, Port Forwarding	SSH tunneling, dynamic port forwarding, proxychains with pivoted shells.
35	Mimikatz, Credential Dumping	Extract passwords, hashes, tickets, and dump credentials from memory.
36	Password Cracking: Hashcat, JtR	Crack common hash types, wordlists, rules, brute-force, and dictionary attacks.
37	Brute-Force with Hydra	Brute-force login portals, FTP, SSH, RDP using Hydra with custom user/pass lists.
38	Wordlists, CeWL, Crunch	Create custom wordlists, use CeWL on websites, and generate patterns with Crunch.
39	Proxychains, VPNs, Tunneling Basics	Use VPN for anonymity, Proxychains for routing through proxies and SOCKS tunnels.
40	Decoy Scans, Nmap Evasion Techniques	Use -D, --spoof-mac, -f to avoid IDS/IPS detection during scanning.
41	Active Directory Intro, BloodHound	Understand AD structure, enumerate relationships and attack paths with BloodHound.
42	CrackMapExec, Kerberos Enumeration	Use CME for SMB/AD attack surface; Kerberos enumeration like ASREPRoast, SPN hunting.
43	Report Structure, CVSS, PoC Writing	Learn CVSS scoring, write vulnerability reports with PoCs, risk rating, and impact analysis.
44	Sample Report Practice (Web + Net)	Build mock pentest reports with screenshots, logs, recommendations.
45	Practice: Internal Network Challenge	Test skills on internal lab (TryHackMe/HTB or custom lab).
46	Practice: External Network Challenge	Attempt a black-box or internet-facing simulation.
47	TryHackMe: Network Security	Complete THM modules focused on networking, scanning, and enumeration.
48	TryHackMe: Offensive Pentesting	Complete offensive labs (Metasploit, privilege escalation, pivoting).
49	Final Review: Notes + Weak Areas	Review weak topics, update notes, prepare for challenge day.
50	Final Test Challenge + Chill 🎉	Attempt a full challenge and reflect on entire learning journey.