Skip to main content
Abdul Alanazi - An Introductory Bootcamp on Network & Web Penetration Testing - $1,400 early
Abdul Alanazi - An Introductory Bootcamp on Network & Web Penetration Testing - $1,400 early

Abdul Alanazi - An Introductory Bootcamp on Network & Web Penetration Testing - $1,400 early

Trainer bio:
Abdul is a seasoned penetration testing technical manager at SabrySecurity, a key player in Sabry InfoSec, boasting close to a decade of experience in the field. Before his tenure at Sabry, he honed his skills as a Penetration Testing Consultant at prestigious firms like Booz Allen Hamilton, HYAS InfoSec, ManTech, and various other global and local entities. Abdul holds a MASc in Computer Engineering with a specialization in Applied Network Security & Machine Learning from His academic prowess extends to publishing research on Botnet Detection, including the paper "Holistic Model for HTTP Botnet Detection Based on DNS Traffic Analysis" in 2017, showcasing his deep understanding of cybersecurity. Abdul holds multiple certifications from Offensive Security, including OSCP, OSCE, OSWE, OSEP, OSWA, OSWP, as well as a GPEN from GIAC, among others. He has also trained individuals in Advanced Network Penetration Testing. Outside of work, Abdul is passionate about coding and delving into the intricacies of open-source security tools. Notably, he has graced the stage at DEF CON 30 and contributed to the community with his open-source tool/framework titled "PMR - PT & VA Management & Reporting."

Trainer social media links:


Full description of the training:

This specialized training is designed for professionals looking to transition their careers from backgrounds in IT, network engineering, or programming to cybersecurity. It is also suitable for individuals with skills and backgrounds in networking and programming who are ready to advance to the next level in cybersecurity, particularly in professional enterprise environments.
The course provides a comprehensive understanding of penetration testing methodologies, techniques, and tools. Participants will learn a wide range of topics, including reconnaissance, scanning, exploitation, post-exploitation, and reporting. They will learn how to identify and exploit vulnerabilities in various systems and networks, using both manual and automated techniques. The training includes hands-on exercises and real-world scenarios to enhance learning and practical skills.

Participants will gain the professional skills needed for penetration testing and corporate pentesting, preparing them to work in professional enterprise environments with confidence and expertise.

Short description of what the student will know how to do, after completing the class:

After completing the class, students will have the knowledge and skills to conduct thorough penetration tests on systems and networks, identify vulnerabilities, and provide actionable recommendations for improving security posture. They will be able to use a variety of tools and techniques to simulate real-world cyber attacks and help organizations improve their overall security defenses. Students will also gain the professional skills needed to work in professional enterprise environments, including effective communication, report writing, and teamwork.

Outline of the class:

Outline of the 2-Day Bootcamp with Learning Paths:

Day 1: Network Penetration Testing

Morning Session:

Introduction to network penetration testing

Reconnaissance: Tools and techniques for gathering network information

Learning Path: Online resources for further study in network reconnaissance

Next Steps: Hands-on practice with reconnaissance tools, such as Nmap and netexec, project discovery tools, and others

Afternoon Session:

Scanning and Enumeration: Network scanning techniques

Writing Python scripts to automate penetration testing tasks

Exploitation: Exploiting common network vulnerabilities

Common OSINT Techniques

Network Mapping And Target Identification

Brute-Force Attacks

Vulnerability Identification And Exploitation Using Common Hacking Tools

Insecure Protocols

Security Misconfigurations Leading To Privilege Escalation Attacks

Password Attacks And Password Cracking

Administrative Shares Exploitation

Persistence Techniques

Learning Path: Recommended books and courses on network scanning and exploitation

Next Steps: Practice exploiting vulnerabilities in a controlled lab environment

Lab Exercises:

Conducting reconnaissance on target networks

Scanning networks for open ports and services

Exploiting network vulnerabilities

Day 2: Web Application Penetration Testing

Morning Session:

Introduction to web application penetration testing

Reconnaissance: Gathering information about web applications

Learning Path: Online tutorials and documentation for web application reconnaissance

Next Steps: Hands-on practice with reconnaissance tools, such as Burp Suite and OWASP ZAP, project discovery tools and usage techniques

Afternoon Session:

Scanning and Enumeration: Web application scanning techniques

Identification And Exploitation Of OWASP Top 10 Vulnerabilities

XML External Entity Attack

SQL Injection

Cross-Site Request Forgery

Practical Cryptographic Attacks

Authentication Related Vulnerabilities

Brute force Attacks

Password Storage and Password Policy

TLS Security

Identification of TLS security Misconfigurations.

Server-Side Request Forgery

Authorization And Session Management Related Flaws –

Insecure Direct Object Reference (IDOR)

Parameter Manipulation attacks

Insecure File Uploads

Code Injection Vulnerabilities

Business Logic Flaws

Directory Traversal Vulnerabilities

Common Security Misconfigurations.

Information Disclosure.

Vulnerable And Outdated Components.

Exploitation: Exploiting common web application vulnerabilities

Learning Path: Recommended blogs and forums for web application security enthusiasts

Next Steps: Practice exploiting vulnerabilities in popular web applications

Lab Exercises:

Identifying and exploiting vulnerabilities in web applications

Using tools like Burp Suite for web application testing

Note: Each day will include a mix of lectures, hands-on lab exercises, and practical scenarios to reinforce learning. Participants will be required to bring their laptops with relevant software installed for the lab sessions.



Technical difficulty of the class:Beginner & Intermediate

Suggested prerequisites for the class:

·         Basic understanding of networking concepts (e.g., TCP/IP, DNS, HTTP)
·         Familiarity with common operating systems (e.g., Windows, Linux)
·         Basic knowledge of programming languages (e.g., Python, Bash)
·         Prior experience with cybersecurity concepts is beneficial but not required
·         Willingness to learn and participate in hands-on lab exercises

Note: While these are suggested prerequisites, motivated individuals with a strong desire to learn cybersecurity are welcome to join the class.

Items students will need to provide:

·         Laptop with administrative access (Windows, macOS, or Linux)
·         Virtualization software (e.g., VirtualBox, VMware)
·         Install required software (TBD Later)
·         Willingness to participate actively in hands-on lab exercises and practical scenarios

DATE: August 12th-13th, 2024

TIME: 8am to 5pm PDT

VENUESahara Las Vegas

TRAINER: Abdul Alanazi

- 16 hours of training with a certificate of completion.
- 2 coffee breaks are provided per day
- Note: Food is not included

Registration terms and conditions:

Trainings are refundable before July 1st, the processing fee is $250.

Trainings are non-refundable after July 10th, 2024.

Training tickets may be transferred. Please email us for specifics.

Failure to attend the Training without prior written notification, will be considered a No-Show. No refund will be given.

By purchasing this ticket you agree to abide by the DCT Code of Conduct and the registration terms and conditions listed above.