Penetration Testing Fundamentals

Practitioner-track training for security engineers and SOC analysts who want to move from defensive monitoring into offensive testing. Day 1 covers OSINT and external reconnaissance against a simulated target. Day 2 focuses on web-app exploitation chains using OWASP-aligned methodologies — injection, broken auth, deserialization, SSRF. Day 3 moves into internal network attacks: SMB relay, Kerberoasting, lateral movement, AD privilege escalation. Day 4 is a capture-the-flag against a full corporate range, scored individually. Participants leave with a written test methodology and reporting template suitable for engagements under Qatar's NIA framework. Prerequisite: comfort with Linux command line and basic networking.