Ethical Hacking & Penetration Testing - Professional Program
$2000.00
Ethical Hacking & Penetration Testing — Professional Program
5-Day Professional Training Course | EHPT5001
KSA · GCC · Africa
Course Overview
This intensive 5-day professional programme equips cybersecurity practitioners, security engineers, and offensive security specialists with the advanced attack methodologies, adversarial thinking disciplines, and professional engagement frameworks needed to conduct comprehensive, legally compliant penetration tests across the full spectrum of modern attack surfaces. Ethical hacking is the most technically demanding discipline in cybersecurity — applying the complete offensive toolkit of a sophisticated threat actor under authorised, controlled conditions to discover what a real attacker would find and deliver that intelligence in a form that drives genuine security improvement. Across Saudi Arabia where the NCA mandates penetration testing across critical sectors, GCC organisations managing complex hybrid cloud environments that create attack surfaces of extraordinary depth, and African organisations where explosive digital banking and e-commerce growth is creating web application attack surfaces being actively exploited by criminal actors — professionals who complete this programme conduct penetration tests that make organisations genuinely safer. Aligned with PTES, OWASP Testing Guide v4.2, MITRE ATT&CK Enterprise, EC-Council CEH, and OSCP methodology.
Keywords: Ethical Hacking Training Saudi Arabia | Penetration Testing Professional Course GCC | Offensive Security Africa | CEH OSCP Training Riyadh · Dubai · Nairobi · Cairo
Course Information
Course Code | EHPT5001 |
Duration | 5 Days (40 Contact Hours) |
Delivery Mode | Classroom · Virtual · In-House |
Language | English (Arabic support available) |
Markets | KSA, UAE, Qatar, Kuwait, Bahrain, Oman, Egypt, Nigeria, Kenya, Ghana |
CPD Credits | 40 Hours |
Certification | Certificate of Completion · CEH, OSCP Methodology & PTES-aligned |
Target Audience
Cybersecurity engineers transitioning into offensive security and penetration testing roles
Red team professionals developing advanced adversarial simulation competency
Security consultants conducting penetration assessments across multiple client environments
SOC analysts developing offensive understanding to strengthen defensive detection
Government cybersecurity professionals in KSA and GCC offensive capability programmes
African cybersecurity practitioners building offensive security competency for the continent's growing penetration testing market
Learning Outcomes
Upon successful completion, participants will be able to:
Execute professional penetration tests across network, web application, cloud, Active Directory, and wireless domains using structured methodology
Apply the MITRE ATT&CK framework to simulate realistic adversary tactics, techniques, and procedures
Chain multiple vulnerabilities across systems to demonstrate realistic attack paths reflecting genuine organisational risk
Conduct advanced Active Directory attacks including Kerberoasting, Pass-the-Hash, and DCSync
Produce professional penetration test reports with risk-rated findings and prioritised remediation roadmaps
Operate within legal and ethical boundaries governing authorised penetration testing across KSA, GCC, and African jurisdictions
Learning Methods
Method | Description |
|---|---|
Expert Offensive Sessions | Senior penetration testers with direct regional engagement experience across critical infrastructure and financial sector |
Progressive Hacking Labs | Daily hands-on labs executing real attacks against realistic target systems of increasing complexity |
MITRE ATT&CK Mapping | Participants map attack techniques to ATT&CK tactics developing professional adversary simulation vocabulary |
Full-Scope Simulation | Day-long simulated engagement requiring scoping, execution, and reporting under realistic professional conditions |
Capstone Professional Report | Each participant produces a boardroom-ready penetration test report documenting a complete attack chain by Day 5 |
5-Day Programme Outline
Day 1 — Engagement Framework, Reconnaissance & OSINT
Professional penetration testing standards: PTES methodology, rules of engagement, scope definition, and legal documentation governing every legitimate offensive security engagement
MITRE ATT&CK framework: tactic categories from initial access through impact and how red teams use ATT&CK to plan realistic adversary simulations
Passive reconnaissance: WHOIS, DNS enumeration, certificate transparency logs, LinkedIn mapping, and OSINT techniques that build target intelligence without alerting defensive monitoring
Active reconnaissance: Nmap scan types, service version detection, OS fingerprinting, and active discovery methodology
Automated reconnaissance: Recon-ng, theHarvester, Maltego, and Shodan for accelerated professional intelligence gathering
Lab: Complete passive and active reconnaissance against a simulated target — producing a target intelligence report covering network topology, exposed services, and technology stack
Day 2 — Network Exploitation, Post-Exploitation & Lateral Movement
Exploitation methodology: vulnerability prioritisation, exploit reliability assessment, payload selection, and professional exploitation workflow
Metasploit advanced operation: post-exploitation modules, meterpreter scripting, and pivoting through compromised hosts
Credential attacks: password spraying, hash cracking with Hashcat, and credential attack techniques exploiting universal organisational password failures
Lateral movement: SMB relay attacks, WMI remote execution, SSH key reuse, and techniques expanding access from initial foothold to organisational compromise
Persistence mechanisms: scheduled tasks, registry run keys, and service installation — with detection guidance for each technique
Lab: Complete network exploitation sequence from vulnerability exploitation through meterpreter, privilege escalation, credential extraction, and lateral movement to secondary target
Day 3 — Active Directory Attacks & Windows Environment Exploitation
Active Directory for penetration testers: domain structure, Kerberos authentication flow, and the AD knowledge enabling systematic domain exploitation
AD enumeration: BloodHound attack path analysis, PowerView reconnaissance, and ACL analysis mapping privilege escalation paths
Kerberos attacks: Kerberoasting, AS-REP roasting, and Pass-the-Ticket exploiting Kerberos protocol weaknesses
Credential extraction: Mimikatz LSASS extraction, SAM database dumping, NTDS.dit extraction, and DCSync domain replication abuse
Domain dominance: Golden Ticket and Silver Ticket attacks, AdminSDHolder abuse, and GPO modification representing domain penetration test endpoints
Lab: Complete Active Directory attack chain from initial user compromise through BloodHound analysis, Kerberoasting, DCSync, and Golden Ticket persistence
Day 4 — Web Application, API Security & Cloud Penetration Testing
Advanced web exploitation: blind SQL injection, SSRF, XXE injection, and complex vulnerabilities automated scanners consistently miss
Authentication attacks: OAuth vulnerabilities, JWT manipulation, session fixation, and authentication bypass techniques
API security testing: REST and GraphQL enumeration, BOLA and BFLA vulnerabilities, and API-specific attacks essential for GCC fintech and African digital banking platforms
Server-side vulnerabilities: template injection, insecure deserialisation, and techniques achieving remote code execution against hardened targets
Cloud penetration testing: AWS IAM privilege escalation, S3 misconfiguration exploitation, metadata service attacks applicable to GCC and African hybrid cloud environments
Lab: Complete web application and API penetration test — SQL injection data extraction, authentication chain exploitation, and cloud misconfiguration demonstration
Day 5 — Evasion, Advanced Topics & Professional Reporting
AV and EDR evasion: payload obfuscation, process injection, living-off-the-land binaries maintaining offensive capability against mature endpoint detection deployments
Custom payload development: shellcode generation, payload encoding, and C2 framework concepts distinguishing advanced penetration testers from tool operators
Physical and wireless integration: evil twin attacks, badge cloning, and techniques completing full-scope engagements beyond network and application boundaries
Professional report writing: executive summary structure, attack narrative development, CVSS scoring, risk rating, and evidence presentation serving both technical and executive audiences
Penetration testing programme governance: client management, quality assurance, and business development for security consultants across KSA, GCC, and African markets
Capstone: Participants present their professional penetration test report — complete attack chain with MITRE ATT&CK-mapped findings, risk-rated vulnerabilities, and prioritised remediation roadmap — for peer and facilitator review
Regional Relevance
Content is contextualised for KSA, GCC, and African penetration testing environments — integrating Saudi NCA penetration testing mandates for critical infrastructure, GCC financial and energy sector regulatory requirements, and the African digital banking attack surface being actively exploited where professional penetration testing talent remains critically scarce.
Assessment & Certification
Assessment Method | Professional penetration test report + hands-on lab competency across all five domains |
Pass Requirement | 80% attendance + satisfactory report submission and lab completion |
Certificate Issued | Certificate of Completion in Ethical Hacking & Penetration Testing — Professional Program |
CPD Recognition | 40 CPD Hours — accepted by EC-Council, CREST, and regional cybersecurity professional bodies |
SEO Tags: Ethical hacking training Saudi Arabia · Penetration testing professional GCC · Offensive security Riyadh · CEH OSCP training Dubai · Ethical hacking Africa · Red team training KSA · Advanced penetration testing UAE · Offensive security certification Nairobi · MITRE ATT&CK training Qatar · Professional hacking course GCC · EHPT5001
