🛠

Learning Track · 17 modules

Ethical Hacking Tools

Nmap, Burp Suite, Metasploit, Hashcat, Mimikatz — the core offensive toolkit.

Why this track

Nmap, Burp Suite, Metasploit, Hashcat, Mimikatz — the core offensive toolkit. This track walks you from fundamentals through advanced techniques across 17 practitioner modules — the same body of knowledge senior security professionals build over years, structured for self-paced progression with India-specific context throughout.

Prerequisite: See module 1 for entry context. Most modules are self-contained but follow the suggested sequence for best results.

Modules

13.7 h

Total time

Free modules

∞

Quiz retries

Difficulty mix

Beginner · 3 Intermediate · 5 Advanced · 8 Expert · 1

Module sequence

Sliver C2 Operator Guide — Implants, Transports, OPSEC, and the Detection Patterns Blue Teams Should Hunt

Sliver is the open-source post-Cobalt-Strike C2 framework — accessible to Indian red teams without licensing barriers, and the most-abused C2 after CS itself. Architecture, implant generation, transport choices, OPSEC patterns, and the defender-side hunt queries that actually catch it.

Expert 60 min →

Burp Suite Pro 2026 — Five Production Bambdas and Three Custom BChecks (Paste-Ready)

Burp Bambdas (per-request JavaScript) and BChecks (YAML scanner checks) are the highest-leverage features in Burp Pro 2026. Five paste-ready Bambdas (sensitive data, JWT alg-none, parameter pollution) and three BChecks (open redirect, IDOR, CORS) for your next engagement.

Advanced 45 min →

Caido for Web Pentest — A Modern Alternative to Burp Suite Pro (Hands-On Walkthrough)

Caido is the first credible challenger to Burp Suite Pro — Rust-built, web UI, multi-tester collaboration. Architecture comparison, workflow-by-workflow analysis of where Caido beats Burp and where Burp still wins, and a 4-week migration plan for Indian pentest teams.

Beginner 35 min →

Nmap — Network Discovery and Port Scanning

Nmap is the first tool every security practitioner reaches for. Pen-tester? You’re using nmap. Defender auditing your attack surface? Nmap. Discovered a new subnet you need to profile? Nmap. This module takes you from “I’ve typed nmap once” to “I can scan intelligently, interpret results, and avoid triggering every IDS in the building.” What nmap […]

Beginner 60 min →

Burp Suite — Web Application Testing

Burp Suite is the web security practitioner’s daily driver. If you test web applications, you use Burp. This module gets you from install → first intercepted request → basic testing flow, without the 300-page manual. What Burp Suite is A web application security testing platform. At its core: an intercepting proxy that sits between your […]

Intermediate 90 min →

Metasploit Framework Basics

Metasploit Framework (MSF) is the world’s most widely-used exploitation platform. It bundles thousands of exploits, payloads, post-exploitation modules, and auxiliary tools under one console. This module gets you comfortable launching your first authorised exploit and understanding what MSF is doing behind the scenes. Core concepts Exploit — code that takes advantage of a vulnerability Payload […]

Intermediate 90 min →

Hashcat — Password Cracking

Hashcat is the world’s fastest and most widely-used password cracking tool. GPU-accelerated, supporting 300+ hash algorithms, it’s what every serious pen-tester and every serious attacker uses after recovering password hashes. When you use Hashcat Pen-test: you extracted NTLM hashes from an AD dump (DCSync, ntds.dit). Crack to recover passwords. Pen-test: you recovered /etc/shadow. Crack SHA-512 […]

Advanced 120 min →

Mimikatz — Credential Extraction

Mimikatz is the tool that defined modern Windows credential attacks. Benjamin Delpy’s 2011 research paper accompanying it single-handedly changed how the security community thinks about Windows auth. This module covers what Mimikatz does, how defenders catch it, and why Credential Guard matters. What it extracts Mimikatz reads credentials from process memory (primarily LSASS — Local […]

Advanced 120 min →

sqlmap — Automated SQL Injection

Why this module. sqlmap automates 80% of SQLi work. Mastering it means going from “I think this is injectable” to “here’s the database dump” in 15 minutes. The base workflow # Detect sqlmap -u "https://target.com/page?id=1" --batch --level=3 --risk=2 # Confirm with banner sqlmap -u "https://target.com/page?id=1" --batch --banner # Enumerate sqlmap -u "https://target.com/page?id=1" --batch --dbs sqlmap […]

Intermediate 25 →

John & Hashcat — Cracking Workflow

Why this module. Cracked hashes power lateral movement. Knowing how to crack quickly turns a low-impact LSASS dump into a Domain Admin compromise. Identify the hash hashid 'aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0' # Output: NTLM Hashcat modes (the ones you need) Mode Hash 0 MD5 100 SHA1 1000 NTLM 5500 NetNTLMv1 5600 NetNTLMv2 1800 sha512crypt (Linux) 13100 Kerberos 5 […]

Intermediate 25 →

Impacket — The Swiss Army Knife

Python toolkit for SMB/MSRPC/Kerberos. Used in nearly every AD pentest. Top scripts secretsdump.py — dump SAM, LSA, NTDS psexec.py / smbexec.py / wmiexec.py — remote command execution GetUserSPNs.py — Kerberoasting GetNPUsers.py — AS-REP roasting ntlmrelayx.py — NTLM relay attacks ticketer.py — forge Kerberos tickets (Golden/Silver) addcomputer.py — create computer accounts (RBCD) rbcd.py — Resource-Based Constrained […]

Advanced 25 →

M10

CrackMapExec / NetExec

CrackMapExec (now NetExec / nxc) is the parallel-executor that makes Impacket scriptable across hundreds of hosts. Workflow # Enumerate SMB hosts nxc smb 10.0.0.0/24 # Test credentials across the subnet nxc smb 10.0.0.0/24 -u alice -p 'Password@2026' --continue-on-success # Pass-the-hash nxc smb 10.0.0.0/24 -u admin -H aad3b435b51404ee...:31d6cfe... # Once you have admin somewhere nxc smb […]

Intermediate 20 →

M11

Responder & MITM6

Most internal pentests start with passive listening. Responder + MITM6 capture authentication attempts and convert them to crackable hashes. Responder — LLMNR/NBT-NS poisoning When Windows can’t resolve a name via DNS, it falls back to LLMNR/NBT-NS broadcasts. Responder answers them, claiming to be the target. Victim authenticates to Responder; NetNTLMv2 hashes captured. sudo responder -I […]

Advanced 20 →

M12

BloodHound — Operator Guide

Module 3 (AD track) and Module 174 covered BloodHound conceptually. This is the operator manual. Collection # SharpHound from Windows (any domain user) SharpHound.exe -c All # bloodhound-python from Linux bloodhound-python -u alice -p 'Pass' -d corp.local -ns 10.0.0.10 -c all # AzureHound for Entra ID azurehound list -o azure-data.json Cypher queries that matter # […]

Advanced 25 →

M13

OSINT & External Recon

Recon is the cheapest, highest-yield phase of any engagement. Tools that pay back the time investment. Subdomain enumeration # Passive (no traffic to target) subfinder -d target.com -all -silent amass enum -passive -d target.com crt.sh search ("%.target.com") # Active (more thorough) amass enum -active -d target.com ffuf -w subdomains.txt -u https://FUZZ.target.com Search engines for hackers […]

Beginner 20 →

M14

EvilGinx — Modern Phishing

For defensive understanding only. Don’t deploy without clear authorisation. EvilGinx is the proof that “MFA stops phishing” was true in 2018, false by 2024. How proxy phishing works Attacker hosts EvilGinx with a phishlet for the target service (Microsoft, Google, etc.). EvilGinx is a transparent reverse proxy: requests come in, get forwarded to legitimate service, […]

Advanced 20 →

M15

Cobalt Strike — Defender Perspective

Cobalt Strike is the most-used commercial C2 framework — by red teams and by the most ransomware operators. Defenders must know its capabilities and detection signals. Capabilities Beacon — implant; supports HTTP, HTTPS, DNS, SMB pipe Malleable C2 — operator customises traffic profile (mimic Outlook, Slack, etc.) Pivoting — beacon-to-beacon over SMB Built-in tools — […]

Advanced 20 →

Common questions about this track

How long will this track take me? +

Most learners finish in 4-8 weeks at a sustainable 4-5 hours per week. Modules are self-paced so you can move faster or slower as life allows.

Do I need prior experience? +

Module 1 sets the entry baseline. The first module is always free; if it feels approachable, the track is for you.

Will this prepare me for industry certifications? +

Most modules align with the body of knowledge tested by senior security certifications. The Academy is not a cert-prep course but produces working knowledge that transfers to any cert exam in the same domain.

Ready to start?

Begin with Module 1. Work through at your own pace. Free modules require no signup — everything else unlocks with a free RingSafe Academy account.

Start Module 1 → View pricing tiers 🗺️ Explore Skill Map