Curriculum

Certified Enterprise Penetration Tester (CEPT) Bootcamp

Start Date: November 1, 2025
Format: 16 Weeks | 250+ Hours | Live Online with Hands-On Labs

Week 1 – Orientation & Offensive Security Mindset

  • Lab environment setup (Kali Linux, Windows AD, cloud resources).

  • Core tools: Burp Suite, Nmap, Metasploit, BloodHound.

  • Understanding attacker mindsets, threat modeling, and penetration testing methodology.

  • Compliance frameworks (PCI DSS, HIPAA, SOC 2) and how pentesting ties in.

Weeks 2–3 – Reconnaissance & Enumeration

  • OSINT techniques (search engines, social media mining, WHOIS).

  • Active reconnaissance: port scanning, banner grabbing, and service identification.

  • Subdomain enumeration & DNS attacks.

  • Network mapping and attack surface identification.

  • Guest Speaker: Offensive Security Penetration Tester – Recon in Fortune 500 assessments.

Weeks 4–6 – Vulnerability Discovery & Exploitation

  • Automated scanning (Nessus, OpenVAS) vs. manual validation.

  • Exploiting misconfigurations in Windows/Linux environments.

  • Chaining exploits for lateral compromise.

  • Privilege escalation: Windows token manipulation, Linux SUID abuse.

  • Persistence tactics used by APTs.

  • Lab: Exploiting a vulnerable enterprise web application.

  • Guest Speaker: Red Team Operator – Exploiting real-world enterprise flaws.

Weeks 7–9 – Lateral Movement & Web Exploitation

  • Credential dumping & password spraying attacks.

  • Kerberoasting, pass-the-hash, and domain dominance techniques.

  • Pivoting & tunneling into restricted networks.

  • Web exploitation: OWASP Top 10 (SQLi, XSS, RCE, CSRF).

  • Advanced Burp Suite methodologies for chaining web exploits.

  • Simulation: Multi-stage attack on a segmented network.

  • Guest Speaker: Cloud Security Specialist – Pivoting between on-prem and cloud.

Weeks 10–12 – Wireless, Mobile & Advanced Tradecraft

  • Wireless reconnaissance & WPA/WPA2 cracking.

  • Rogue APs & Evil Twin attacks.

  • Mobile application penetration testing basics (Android/iOS).

  • Malware evasion, obfuscation, and command-and-control (C2) frameworks.

  • Introduction to adversary TTPs via MITRE ATT&CK.

  • Guest Speaker: Enterprise Red Teamer – Advanced offensive tactics.

Weeks 13–15 – Cloud & Active Directory Exploitation

  • Active Directory attack paths with BloodHound & SharpHound.

  • Golden Ticket & DCSync attacks.

  • Cloud exploitation: AWS IAM misconfigurations, Azure AD privilege escalation.

  • Hybrid attack scenarios across on-prem and cloud.

  • Simulation: Full enterprise penetration test from initial foothold to domain takeover.

  • Guest Speaker: Senior Penetration Tester – Cloud/AD exploitation case study.

Week 16 – Capstone Challenge & Professional Reporting

  • 48-hour Capture the Flag Challenge: Simulated enterprise environment with Windows, Linux, Web, and Cloud assets.

  • Students conduct full-scope penetration tests and document findings.

  • Delivery of executive report & technical appendix following industry standards.

  • Final debrief: How to present findings to executives, CISOs, and technical staff.

  • Career readiness workshop: Portfolio building, interview preparation, and industry networking.

Outcome:
Graduates will leave with hands-on penetration testing experience, a professional pentest report for their portfolio, and the technical depth to pursue certifications such as CompTIA Pentest+, PNTP, and advanced red team tracks.