Penetration Tester
Career Path
Penetration Testers are professional ethical hackers, responsible for assessing the security posture of applications and networks on behalf of their employers. This career path will prepare you for success as an entry-level Pentester.
43
H
0
M
Intermediate
22
Learners at 96% of Fortune 1000 companies trust Cybrary
.svg){kind=small}
About this Career Path
Cybrary’s Penetration Tester career path and associated assessments will equip you with the knowledge and hands-on skills you need to launch your career as a Penetration Tester. Over the course of 20+ courses and hands-on virtual labs, you will learn how to successfully identify, exploit, and remediate security vulnerabilities, and build a strong foundation of ethical hacking knowledge and skills.
As you proceed through the path, your progress will be measured in real time using Experience Points (XP) that serve as a comprehensive capability score for each topic.
Skills you'll gain
- Conducting offensive security assessments
- Performing reconnaissance and network enumeration
- Executing and defending against network attacks
- Using evasion techniques to bypass security measures
- Defending against credential attacks
- Identifying vulnerabilities in applications
Path Outline
Collection Outline
Coming Soon
The Leadership and Management Career Path is expected to release in Q2 of 2025. Sign up now to explore our other leadership courses and content.
Start Learning for FreeLearn
Learn core concepts and get hands-on with key skills.
Offensive Security Operations
In this course, you will be introduced to fundamental offensive security concepts, legal and ethical issues, documents and agreements, and operational frameworks and methodologies.
Cyber Kill Chains
In this course, you will delve into the concept of the "kill chain" and explore some well-known cyber kill chains, including the Cyber Kill Chain (CKC), the MITRE ATT&CK framework, and the Unified Kill Chain (UKC).
Reconnaissance and Enumeration Basics
In this course, you will be introduced to reconnaissance and enumeration in the context of an offensive security engagement. You will learn the distinction between the terms, how they are related, and the basic techniques that support them in a offensive security context.
OSINT
In this hands-on lab, you will learn the basics of Open-Source Intelligence (OSINT). You will practice gathering publicly available information about a target organization's assets and people from a number of sources.
Network Reconnaissance
In this lab, you will learn the basics of performing reconnaissance and enumeration on a target network. You will practice using Masscan and Nmap to scan and enumerate a network.
Network Attacks Basics
In this course, you will learn the basics of network-based attacks. You will learn about active and passive network attacks, as well as network devices, services, and protocols, and the common attack types and techniques directed at them.
Network Sniffing
In this hands-on lab, you will learn the basics of network sniffing, including passive and active sniffing techniques. You will practice using Wireshark to sniff network traffic, and retrieve and apply actionable information from a target network.
Metasploit Basics
In this hands-on lab, you will learn the basics of Metasploit, a popular penetration testing tool. You will practice using some core features of Metasploit to identify and exploit vulnerabilities on a live server.
Password Cracking
In this hands-on lab, you will learn the basics of password cracking. You will practice using Hashcat to crack passwords using both brute force and dictionary-based techniques.
Evasion Basics
In this course, you will learn the basics of evasion in the context of penetration testing. You will learn common evasion techniques and tools for networks, hosts, and applications.
Local Host Enumeration
In this hands-on lab, you will learn the basics of local host enumeration. You will practice enumerating a Linux system using built-in commands and a Windows system using the WinPEAS script.
Identifying Ingress and Egress Rules
In this hands-on lab, you will learn the basics of identifying ingress and egress rules on a firewall. You will practice using Nmap to probe a live firewall in a simulated network environment and gather information about its rule configuration.
Tunneling and Pivoting
In this hands-on lab, you will learn about tunneling and pivoting as tactics for traversing target networks. You will practice tunneling and pivoting using Metasploit and SSH Dynamic Port Forwarding.
Evading Microsoft Defender
In this hands-on lab, you will learn about evading Microsoft Defender. You will practice using process injection and obfuscation techniques to evade Microsoft Defender.
Application Attacks Basics
In this course, you will learn the basics of applications and how to attack them, including web application architecture, common vulnerablities, and mitigation strategies.
Burp Suite Basics
In this hands-on lab, you will learn the basics of Burp Suite, a popular web application penetration testing tool. You will practice using some core features of Burp Suite to identify and exploit vulnerabilities in a web application.
Password Spraying and Credential Stuffing
In this hands-on lab, you will learn about password spraying and credential stuffing. You will practice using Hydra and Burp Suite to perform password spraying and credential stuffing attacks.
Injection Attacks
In this hands-on lab, you will learn the basics of injection attacks. You will practice performing SQL injection, command injection, and XSS attacks against a vulnerable web application.
SSRF Attacks
In this hands-on lab, you will learn the basics of Server-Side Request Forgery (SSRF) Attacks. You will practice performing live SSRF attacks against a vulnerable web application.
Bypassing Web Application Firewalls
In this hands-on lab, you will learn about Web Application Firewalls (WAF) and common techniques for bypassing them. You will practice using manual testing techniques to bypass various WAF configurations.
Deserialization Attacks
In this hands-on lab, you will learn the basics of deserialization attacks. You will practice performing deserialization attacks using Python scripts and Burp Suite.
API Attacks
In this hands-on lab, you will learn the basics of API Attacks. You will practice exploiting some common API vulnerabilities in a REST-based web application.
Practice
Exercise your problem-solving and creative thinking skills with security-centric puzzles
Box Full of Recon
In this hands-on challenge, you will practice using Nmap to identify and exploit simple vulnerabilities on target hosts.
Penguin Land
In this hands-on challenge, you will practice performing local host enumeration and privilege escalation on a Linux system.
Scratch and Sniff
In this hands-on challenge, you will practice network sniffing. You will interpret and manipulate a packet capture to gain access to other hosts on a target network.
Tunnel Cake
In this hands-on challenge, you will practice identifying and exploiting vulnerabilities on a target host, then using tunneling and pivoting to broker access to internal services
Crackception
In this hands-on challenge, you will exercise your password cracking skills to defeat the security of an encrypted file.
Spray Paint
In this hands-on challenge, you will exercise your password cracking and password spraying skills.
The Defense Rests
In this hands-on challenge, you will practice making changes to a malware sample in order to evade Microsoft Defender.
In-N-Out
In this hands-on challenge, you will practice identifying potential egress points through intermediate devices and creating tunnels out of a network.
Encoder Switch
In this hands-on challenge, you will practice exploiting SSRF vulnerablities and converting binary output.
Burping Sauce
In this hands-on challenge, you will practice using Burp Suite to exploit a vulnerable web application.
Prove
Assess your knowledge and skills to identify areas for improvement and measure your growth
Offensive Security Fundamentals
Test your Offensive Security Fundamentals knowledge to identify strengths, gaps, and weaknesses in areas like offensive security operations and cyber kill chains. Measure your mastery of Offensive Security Fundamentals and advance your career with targeted course recommendations.
Reconnaissance and Enumeration
Test your Reconnaissance and Enumeration knowledge and skills to identify strengths, gaps, and weaknesses in areas like OSINT, network reconnaissance, and local host enumeration.
Network Attacks
Test your Network Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like reconnaissance, enumeration, exploitation, and more. Measure your mastery of Network Attacks and advance your career with targeted course and virtual lab recommendations.
Credential Attacks
Test your Credential Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like Password Cracking, Password Spraying, and Credential Stuffing.
Evasion
Test your Evasion knowledge and skills to identify strengths, gaps, and weaknesses in areas like identifying ingress and egress rules, evading Microsoft Defender, and bypassing web application firewalls.
Application Attacks
Test your Application Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like web application vulnerabilities and Burp Suite. Measure your mastery of Application Attacks and advance your career with targeted course and virtual lab recommendations.
Train Your Team
Cybrary’s expert-led cybersecurity courses help your team remediate skill gaps and get up-to-date on certifications. Utilize Cybrary to stay ahead of emerging threats and provide team members with clarity on how to learn, grow, and advance their careers within your organization.
Instructors
Instructors
Get Hands-on Learning
Put your skills to the test in virtual labs, challenges, and simulated environments.
Measure Your Progress
Track your skills development from lesson to lesson using the Cybrary Skills Tracker.
.png)
Connect with the Community
Connect with peers and mentors through our supportive community of cybersecurity professionals.
Success from Our Learners
Frequently Asked Questions
This career path is designed for learners with a solid grasp of foundational IT, cybersecurity, and defensive security concepts who are interested in pursuing an entry-level offensive security role. This includes current mid-career IT and defensive security practitioners who are interested in transitioning to an offensive security role.
Experienced offensive security practitioners will also benefit from reviewing core concepts and testing their skills in this path's Challenge and Assessment modules.
Penetration Testers seek to identify and resolve security vulnerabilities in an organization’s networks. This often involves creating new or improved security protocols.
Common Pentester tasks and responsibilities include:
- Performing penetration tests on computer systems, networks, and applications
- Creating new testing methods to identify vulnerabilities
- Performing physical security assessments of systems, servers, and other network devices to identify areas that require physical protection
- Searching for weaknesses in common software, web applications, and proprietary systems
- Identifying potential entry points attackers may use to exploit vulnerabilities or weaknesses
- Documenting and discussing findings with IT and management teams
- Reviewing and providing feedback for information security fixes
- Staying up-to-date on the latest malware and security threats
Penetration testing is an essential tool for identifying vulnerabilities in systems, networks, and applications before malicious actors can exploit them. By understanding a hacker’s mindset and tools, Penetration Testers can simulate real-world attacks to expose weaknesses and fortify security measures before it’s too late.
Pentesting not only helps prevent data breaches and other cyber incidents — it also ensures compliance with industry regulations and enhances overall risk management.
Professionals trained in penetration testing can pursue a variety of cybersecurity roles, such as:
- Penetration Tester (Ethical Hacker)
- Security Consultant
- Vulnerability Analyst
- Red Team Member
- Cybersecurity Analyst
Pentesters are employed across various industries, including finance, healthcare, government, tech, and more.
