Techniques to gain access to target systems: password cracking, brute-force attacks, privilege escalation.

Methods to persist access to compromised systems: backdoors, rootkits, trojans, tunnels, and evasion techniques.

Techniques for erasing or tampering with attack traces and basic principles of digital forensics and incident response.

Principles, terminology, and legal aspects of ethical hacking.

Overview of malware, phishing, DoS, SQL injection, and other common threats.

Reconnaissance and footprinting methods to collect data about a target.

Tools and techniques to identify and exploit system vulnerabilities.

Common web app attacks such as XSS, CSRF, SQL injection, directory traversal, and practical countermeasures.