{"id":3968,"date":"2026-04-28T13:49:00","date_gmt":"2026-04-28T13:49:00","guid":{"rendered":"https:\/\/www.hackmosphere.fr\/training-program-pentest-systems-networks\/"},"modified":"2026-04-28T19:14:46","modified_gmt":"2026-04-28T19:14:46","slug":"training-program-pentest-systems-networks","status":"publish","type":"page","link":"https:\/\/www.hackmosphere.fr\/en\/training-program-pentest-systems-networks\/","title":{"rendered":"Training Program: Pentest Systems &amp; Networks"},"content":{"rendered":"\n<p><strong>Trainer<\/strong>: Florian Ecard &#8211; Ethical Hacker &#8211; <a href=\"mailto:fecard@hackmosphere.fr\">fecard+formationinfra@hackmosphere.fr<\/a> &#8211; 06.49.98.89.87<\/p>\n\n<p><strong>Target audience<\/strong>: System\/network administrators, SOC teams, CISOs, junior pentesters<\/p>\n\n<div style=\"height:48px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">1. Pedagogical objectives<\/h1>\n\n<ul class=\"wp-block-list\">\n<li>Understand the legal and methodological framework of a security audit.<\/li>\n\n\n\n<li>Master the technical fundamentals of Pentest.<\/li>\n\n\n\n<li>Understand system architecture and network basics.<\/li>\n\n\n\n<li>Identify, exploit and remediate vulnerabilities.<\/li>\n<\/ul>\n\n<div style=\"height:49px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">2. Module content<\/h1>\n\n<ul class=\"wp-block-list\">\n<li>Introduction<ul><li>Role of pentest, types of hackers (white\/black\/grey hat).<\/li><\/ul><ul><li>Importance of the contract, engagement letter, CGS.<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Alternative thinking: out-of-the-box thinking exercises.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Functional Audit<ul><li>Governance &amp; Processes, crisis management (before\/during\/after).<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Access control, network security, backups, DRP\/DCP.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Technical Audit \/ APT Simulation<ul><li>Recognition: Footprint, Nmap\/Nessus scan, user enumeration, vulnerability scanning.<\/li><\/ul><ul><li>Exploitation: Web vulns (SQLi, XSS, file upload), brute-force, Metasploit.<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Post-Exploitation: Reverse shells, persistence, elevation of privileges, lateral movements.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Practical workshop<ul><li>Setting up a vulnerable Docker lab.<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Objectives: complete compromise, exfiltration, audit report.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<div style=\"height:49px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">3. Evaluation methodology<\/h1>\n\n<ul class=\"wp-block-list\">\n<li><strong>Pre-training<\/strong>: QCM level + needs analysis.<\/li>\n\n\n\n<li><strong>During <\/strong>: Practical lab exercises, flag capture challenges (CTF).<\/li>\n\n\n\n<li><strong>After the course <\/strong>: Sending of an evaluation document to assess the level acquired.<\/li>\n<\/ul>\n\n<div style=\"height:51px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">4. Duration &amp; Terms<\/h1>\n\n<ul class=\"wp-block-list\">\n<li><strong>Duration <\/strong>: 4 days.<\/li>\n\n\n\n<li><strong>Average access time<\/strong>: 1 month.<\/li>\n\n\n\n<li><strong>Format <\/strong>: Face-to-face or distance learning with dedicated lab.<\/li>\n\n\n\n<li><strong>Prerequisites <\/strong>: Knowledge of networks and Windows\/Linux systems.<\/li>\n\n\n\n<li><strong>Prices <\/strong>: from \u20ac4,000 excl.<\/li>\n<\/ul>\n\n<div style=\"height:53px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">5. Adaptation to different levels<\/h1>\n\n<p>The training program adapts to differences in level by alternating between theoretical input and practical workshops. At the start of the session, participants&#8217; level is informally assessed through discussion &amp; targeted questions, in order to identify specific needs. <\/p>\n\n<p>During hands-on sessions, the trainer provides individualized support: he circulates with participants, observing their progress at their workstations and adapting his assistance according to any difficulties encountered. Less advanced participants benefit from more gradual guidance, while those who are more autonomous can go deeper into the scenarios with complementary objectives. <\/p>\n\n<p>Exercises are designed with a minimum common objective, supplemented by more advanced variants. Pooling time is used to clarify important notions and consolidate acquired skills. This approach enables each participant to progress at his or her own pace, while meeting the training objectives.  <\/p>\n\n<div style=\"height:49px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n<h1 class=\"wp-block-heading\">6. Detailed program for each day of training<\/h1>\n\n<h2 class=\"wp-block-heading\">Day 1 &#8211; Introduction to pentesting and functional auditing<\/h2>\n\n<p><strong>Objective<\/strong>: Understand the framework of a penetration test, its legal limits and the basics of a security audit.<\/p>\n\n<p><strong>Modules<\/strong>:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Overview of the course and concepts covered<\/li>\n\n\n\n<li>Introduction to pentesting<ul><li>The role of pentesting in a security approach<\/li><\/ul><ul><li>Differences between white hat, black hat and grey hat<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Concepts of vulnerability, threat, risk and impact<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Legal and contractual framework<ul><li>Importance of perimeter and scoping<\/li><\/ul><ul><li>Sales proposal, general terms and conditions and commitment letter<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Contacts, duration, authorizations and test limits<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Methodology and alternative thinking<ul><li>Thinking outside the box<\/li><\/ul><ul><li>Attacking reasoning and structured methodology<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Introduction to the stages of a PTA<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Functional audit<ul><li>Governance and safety organization<\/li><\/ul><ul><li>Crisis management: before, during and after<\/li><\/ul><ul><li>Access control, backups, DRP\/DCP<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Awareness, inventory, suppliers and logging<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Practical workshop<ul><li>Building a functional audit questionnaire<\/li><\/ul><ul><li>Group interview simulation<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Formalization of findings and recommendations<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Setting up the lab<ul><li>Overview of vulnerable Docker environments<\/li><\/ul><ul><li>Differences between VM, image and container<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Launching the lab and checking the environment<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">Day 2 &#8211; Reconnaissance, vulnerability identification and initial exploitation<\/h2>\n\n<p><strong>Objective<\/strong>: Map an infrastructure and identify exposed services. Then, detect the first weaknesses and take full control of the first machine. <\/p>\n\n<p><strong>Modules<\/strong>:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Passive and active recognition<ul><li>Footprint: DNS, IP, services, users<\/li><\/ul><ul><li>Network discovery with netdiscover and Nmap<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Port scanning and service identification<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Vulnerability scanning<ul><li>Obsolete banners, software versions and services<\/li><\/ul><ul><li>Automated scans with Nessus \/ OpenVAS<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Manual search with Burp, Nikto, Gobuster and Searchsploit<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Application and system enumeration<ul><li>User enumeration<\/li><\/ul><ul><li>Analysis of error messages<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Identification of shares, sensitive files and misconfigurations<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Practical workshop<ul><li>Lab mapping<\/li><\/ul><ul><li>Identification of priority targets<\/li><\/ul><ul><li>Production of an initial technical inventory<\/li><\/ul><ul><li>Information-based vulnerability identification<\/li><\/ul><ul><li>Initial operation of the first machine<\/li><\/ul><ul><li>Persistence<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Elevation of privileges<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<h2 class=\"wp-block-heading\">Day 3 &amp; 4 &#8211; Pivoting, repeating all the steps learned previously, until objectives are achieved<\/h2>\n\n<p><strong>Objective<\/strong>: Swivel.<\/p>\n\n<p><strong>Operating modules<\/strong>:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Web operation<ul><li>Weak authentication and access bypass<\/li><\/ul><ul><li>SQL Injection<\/li><\/ul><ul><li>XSS and application injections<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>File upload and command execution<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Brute-force and attacks on services<ul><li>Weak credentials<\/li><\/ul><ul><li>Using Hydra, Burp, John and Hashcat<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Attacks on exposed services<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>System operation<ul><li>Operating obsolete services<\/li><\/ul><ul><li>Using Metasploit<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Manual operation and impact validation<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Reverse shell and access stabilization<ul><li>Reverse shell principle<\/li><\/ul><ul><li>TTY stabilization<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Using netcat and socat<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<p><strong>Post-operation and pivot modules<\/strong>:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Post-op<ul><li>Local enumeration after compromise<\/li><\/ul><ul><li>Search for secrets and sensitive files<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Password dumping and cracking<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Privilege elevation and persistence<ul><li>Incorrect system configurations<\/li><\/ul><ul><li>Use of LinPEAS, WinPEAS and equivalent tools<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Persistence via cron, scheduled tasks or created accounts<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Lateral and pivot movement<ul><li>Network pivot principle<\/li><\/ul><ul><li>Proxychains, SSH dynamic port forwarding and Chisel<\/li><\/ul>\n<ul class=\"wp-block-list\">\n<li>Repetition of recognition and exploitation steps<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n<p><strong>Final objectives for learners :<\/strong><\/p>\n\n<ul class=\"wp-block-list\">\n<li>Complete lab compromise<\/li>\n\n\n\n<li>Exploitation of all Web vulnerabilities presented<\/li>\n\n\n\n<li>Getting Tom&#8217;s password<\/li>\n\n\n\n<li>Controlled exfiltration of sensitive data: SuperSecret.txt<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Trainer: Florian Ecard &#8211; Ethical Hacker &#8211; fecard+formationinfra@hackmosphere.fr &#8211; 06.49.98.89.87 Target audience: System\/network administrators, SOC teams, CISOs, junior pentesters 1. Pedagogical objectives 2. Module content 3. Evaluation methodology 4. Duration &amp; Terms 5. Adaptation to different levels The training program adapts to differences in level by alternating between theoretical input and practical workshops. At the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"Training program: Pentest systems & networks","_seopress_titles_desc":"The aim of this training course is to understand system architecture and network fundamentals. Secondly, to identify, exploit and remediate vulnerabilities. ","_seopress_robots_index":"","_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"class_list":["post-3968","page","type-page","status-publish"],"_links":{"self":[{"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/pages\/3968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/comments?post=3968"}],"version-history":[{"count":3,"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/pages\/3968\/revisions"}],"predecessor-version":[{"id":4012,"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/pages\/3968\/revisions\/4012"}],"wp:attachment":[{"href":"https:\/\/www.hackmosphere.fr\/en\/wp-json\/wp\/v2\/media?parent=3968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}