In 1903, the Italian physicist Guglielmo Marconi staged a public demonstration of "secure" wireless telegraphy for the Royal Institution in London. Before he could transmit a single letter, the magician and inventor Nevil Maskelyne hijacked the frequency and broadcast the word "rats" in Morse code — followed by a ribald poem mocking Marconi. Maskelyne had built a competing wireless system and wanted to prove that Marconi's claims of secrecy were nonsense. The principles he exploited — unauthenticated broadcast, no encryption, implicit trust in the medium — would recur in nearly every major network attack for the next 120 years, from packet injection on early ARPANET to the 2020 SolarWinds supply-chain compromise that reached 18,000 organizations.
What AI is doing to network penetration testing in the mid-2020s closely mirrors what cheap computing did in the late 1980s: it is collapsing the skill threshold required to perform sophisticated reconnaissance, vulnerability chaining, and evasion. When Wietse Venema and Dan Farmer released SATAN — the Security Administrator Tool for Analyzing Networks — in April 1995, the New York Times called it "a potential electronic weapon of mass destruction." What it actually did was automate tasks that previously required expert manual effort, making good security auditing accessible to administrators who weren't full-time security researchers. Tools like Nmap (released 1997) and Metasploit (2003) continued that trajectory. AI-assisted pentesting is the current chapter of the same story.
This course covers the foundational knowledge you need to use AI tools responsibly and effectively in authorized network security assessments. You will review the classical pentest methodology, learn where AI accelerates or distorts each phase, practice with real tool categories, and develop judgment about when AI output should be trusted versus verified. The course assumes you already understand basic networking concepts — TCP/IP, DNS, HTTP — and have encountered terms like port scanning and vulnerability assessment. If any of that is unfamiliar, a networking fundamentals course belongs before this one.
If you finish every module, here's who you become:
On April 12, 2022, the US Department of Justice unsealed an indictment against four members of Sandworm, the Russian GRU unit responsible for attacking Ukrainian power infrastructure in December 2015. The indictment described their methodology in unusual technical detail: initial spear-phishing, lateral movement using VPN credentials, SCADA protocol reconnaissance, and finally manual manipulation of industrial control systems to cut power to 230,000 customers. What struck security researchers reading that document was not the sophistication of any individual tool — it was the discipline of the sequence. The attackers spent months in reconnaissance before touching anything destructive. Methodology, not any single exploit, was the decisive factor. The same principle governs every legitimate pentest engagement today.
Professional network penetration testing follows a structured sequence that has remained stable since PTES (the Penetration Testing Execution Standard) was formalized in 2012, and was implicitly practiced well before that. The five phases are: Reconnaissance, Scanning and Enumeration, Exploitation, Post-Exploitation and Lateral Movement, and Reporting. Each phase feeds the next. Skipping or compressing any phase increases both the risk of missed findings and the risk of unintended damage to client systems.
Understanding these phases as a tester — and as someone deploying AI tools — matters because AI assistance is not uniformly distributed across them. It changes recon dramatically, helps enumeration measurably, contributes to exploitation in specific ways, and is almost useless for the judgment calls in post-exploitation and reporting. Knowing this distribution prevents the most common failure mode of AI-assisted pentesting: over-relying on AI in phases where it flatters itself but produces garbage.
Passive reconnaissance collects information about the target without directly touching its infrastructure. Sources include WHOIS records, DNS history (tools like SecurityTrails preserve historical records), certificate transparency logs (crt.sh indexes every publicly trusted TLS certificate), job postings (which leak technology stack information), LinkedIn (which reveals org structure and employee roles), and GitHub (where developers frequently commit credentials, internal hostnames, and API keys).
Active reconnaissance involves direct contact with target systems: DNS zone transfer attempts, SMTP VRFY/EXPN commands to enumerate email addresses, and light port probing. Scope agreements always define which active techniques are authorized and when they may begin — this is a legal and contractual boundary, not a technical one.
Scanning identifies live hosts, open ports, and running services. Nmap, released by Gordon Lyon (Fyodor) in 1997, remains the reference implementation for TCP/UDP port scanning. Its scripting engine (NSE) supports hundreds of service-specific probes. Masscan, released by Robert Graham in 2013, sacrifices depth for speed — it can scan the entire IPv4 address space in under six minutes from a sufficiently provisioned host, making it useful for broad asset discovery in large-scope engagements.
Enumeration goes deeper: it extracts specific version strings, SMB share names, SNMP community strings, LDAP directory structure, and HTTP server headers. Version information is the direct bridge between scanning and exploitation — a host running Apache 2.4.49 in October 2021 was vulnerable to CVE-2021-41773, a path traversal and RCE bug that was actively exploited within 48 hours of disclosure. Without version enumeration, that finding is invisible.
Scanning without authorization is illegal under the Computer Fraud and Abuse Act (18 U.S.C. § 1030) in the US and equivalent statutes globally. A signed scope-of-work agreement specifying IP ranges, test windows, and permitted techniques is the non-negotiable prerequisite for every activity in this course when applied to real systems.
Exploitation converts identified vulnerabilities into access. The Metasploit Framework, created by H.D. Moore in 2003 and acquired by Rapid7 in 2009, provides a structured environment for selecting, configuring, and launching exploits against specific service/version combinations. It also manages payloads — the code that runs after successful exploitation — and sessions.
Legitimate pentest exploitation operates within strict constraints: exploit only authorized targets, maintain session logs for the report, avoid payloads that could cause data destruction or service disruption (except where explicitly tested), and document every action with timestamps. These constraints are not optional ethical preferences — they are contractual obligations and, in many jurisdictions, legal requirements under rules of engagement.
Post-exploitation establishes what an attacker could do with obtained access: credential dumping (Mimikatz demonstrated password extraction from Windows LSASS memory in 2007), lateral movement via pass-the-hash or Kerberoasting, persistence mechanisms, and data exfiltration simulation. The goal is not to cause harm but to demonstrate the realistic blast radius of a successful compromise.
Reporting translates technical findings into business risk language. A finding that "SMBv1 is enabled on 47 hosts" becomes actionable only when paired with the specific CVEs it enables (EternalBlue / MS17-010, the NSA exploit weaponized in WannaCry in May 2017), the compensating controls that reduce likelihood, and a CVSS-scored severity with remediation steps. Reports are the deliverable clients pay for; the technical work is the means.
In subsequent modules, you will see AI tools applied specifically in recon (automated OSINT aggregation), scanning interpretation (NLP-assisted service fingerprinting), and report generation (structured finding summarization). The methodology taught in this lesson is the skeleton onto which those AI capabilities attach. Understanding it now means understanding later why AI succeeds in some phases and fails in others.
In this lab you will use the AI assistant to practice applying the five-phase pentest methodology to realistic scenarios. The assistant will present situations and ask you to identify phases, justify sequencing decisions, and flag scope/authorization issues.
Complete at least three substantive exchanges to finish the lab.
When Target Corporation suffered its catastrophic 2013 breach — 40 million payment cards stolen between November 27 and December 15 — the initial entry point was not a Target system at all. Attackers compromised Fazio Mechanical Services, a Pennsylvania HVAC contractor with remote network access to Target's facility management systems. Because Target had not properly segmented its corporate network from its point-of-sale environment, the attackers pivoted from a vendor credential to the POS network in a series of lateral moves. The breach cost Target $162 million in direct expenses, the resignation of its CIO and CEO, and a fundamental restructuring of its security architecture. The lesson network testers have internalized since 2013: the first system you land on is almost never the one that matters — what matters is what you can reach from it.
IPv4 addressing divides the 32-bit address space into network and host portions via a subnet mask. A /24 network (255.255.255.0) contains 254 usable host addresses; a /16 contains 65,534. For a pentester, subnet boundaries matter because they define broadcast domains and routing decisions. Traffic between subnets must pass through a router or layer-3 switch — a controlled chokepoint that may apply access control lists (ACLs) or firewall rules.
RFC 1918 defines the private IPv4 ranges: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Internal corporate networks almost universally use these ranges. When you gain access to an internal host, reading its routing table (ip route on Linux, route print on Windows) immediately reveals what network segments the host can reach — and therefore what pivoting paths exist.
Virtual LANs (VLANs) segment layer-2 broadcast domains on managed switches, creating logical separation without physical cable separation. A properly configured VLAN prevents a host on the guest Wi-Fi VLAN from sending ARP requests to hosts on the corporate VLAN — they are isolated at layer 2, and inter-VLAN traffic must traverse a router with associated ACLs.
VLAN hopping attacks exploit misconfigured trunk ports. In a switch spoofing attack, an attacker configures their NIC to send 802.1Q-tagged frames, tricking a misconfigured switch into establishing a trunk link and forwarding all VLAN traffic to the attacker's port. This attack requires that the switch port be configured with DTP (Dynamic Trunking Protocol) in auto or desirable mode — a misconfiguration that remains disturbingly common in enterprise switches. The fix is to explicitly disable DTP on all access ports with the Cisco command switchport nonegotiate.
A demilitarized zone (DMZ) is a network segment that sits between the public internet and the internal corporate network, hosting services that must be publicly accessible — web servers, mail servers, DNS servers — while preventing direct internet access to internal hosts. The classic three-legged firewall design places the DMZ on a separate interface from both the internet-facing interface and the internal network interface.
From a pentest perspective, the DMZ is typically the most accessible attack surface. A successful compromise of a DMZ host then presents the question: can you pivot inward? Well-architected DMZs use strict firewall rules allowing DMZ hosts to initiate connections only to specific internal resources (e.g., a database server on port 1433) and blocking all other inbound connections from the DMZ to the internal network. Poorly architected DMZs allow DMZ hosts broad internal access — exactly the kind of flat network architecture that enabled the Target breach.
SMB (TCP 445): Microsoft's Server Message Block protocol for file and printer sharing. SMBv1 (disabled by Microsoft in 2017 following WannaCry) was the vector for EternalBlue. SMBv2/v3 have their own history of vulnerabilities; SMBGhost (CVE-2020-0796) allowed unauthenticated RCE against Windows 10 systems in 2020. SMB is the first thing experienced testers probe on a Windows-heavy network.
LDAP (TCP 389 / LDAPS 636): Lightweight Directory Access Protocol — the query interface to Active Directory. Anonymous LDAP binds (disabled by default since Windows Server 2003 SP1 but frequently re-enabled) allow unauthenticated enumeration of users, groups, computers, and GPOs. Even with authentication required, any valid domain credential allows extensive directory enumeration.
SNMP (UDP 161): Simple Network Management Protocol, present on nearly every managed network device. SNMP v1 and v2c use community strings (essentially passwords transmitted in cleartext) for authentication. The default community string "public" provides read access on a surprising fraction of production devices. SNMP can reveal full network topology, routing tables, and interface configurations.
AI-assisted scanners can auto-interpret Nmap output and map discovered services to known vulnerabilities — but they cannot infer network architecture from a single host scan. Understanding subnets, VLANs, and DMZs manually is required to correctly interpret what AI-assisted pivot suggestions actually mean and whether they are feasible in the engagement's network topology.
Practice interpreting hypothetical network configurations to determine pivot feasibility and segmentation weaknesses. The assistant will present you with network snippets — routing tables, VLAN configs, firewall rule descriptions — and ask you to reason through what an attacker could and could not reach.
Complete at least three substantive exchanges to finish the lab.
On March 2, 2021, Microsoft released emergency patches for four zero-day vulnerabilities in Exchange Server — CVE-2021-26855, 26857, 26858, and 27065 — later attributed to the Chinese state-sponsored group HAFNIUM. Within 72 hours of the patches appearing, automated scanning activity by at least ten distinct threat actors was detected against unpatched Exchange servers globally. By March 12, the FBI reported that approximately 30,000 US organizations had been compromised. The speed of that exploitation wave — from patch to mass compromise in days — illustrates a dynamic that defines modern pentesting: the window between CVE publication and reliable public exploit availability has collapsed. For both attackers and defenders, reading the CVE ecosystem accurately and quickly is now a core operational skill.
The Common Vulnerabilities and Exposures (CVE) system was created by MITRE in 1999. Each CVE identifier (e.g., CVE-2021-26855) uniquely names a publicly disclosed vulnerability. The National Vulnerability Database (NVD), maintained by NIST, enriches CVE records with CVSS scores, CWE classifications, CPE affected-product strings, and reference links. The NVD is the authoritative scoring source for most enterprise vulnerability management programs.
CVEs are assigned by CVE Numbering Authorities (CNAs) — vendors, research organizations, and bug bounty programs authorized to assign CVE IDs within their scope. MITRE serves as the root CNA and handles disclosures outside other CNAs' scope. As of 2024, over 240,000 CVEs have been published, with roughly 25,000 new CVEs added per year. Volume alone makes unfiltered CVE monitoring useless; pentesting requires learning to quickly triage which CVEs matter for a given engagement.
The Common Vulnerability Scoring System (CVSS), currently at version 3.1 (with v4.0 published in 2023), produces a numeric severity score from 0 to 10 based on a vector string encoding eight base metrics: Attack Vector, Attack Complexity, Privileges Required, User Interaction, Scope, Confidentiality Impact, Integrity Impact, and Availability Impact.
A score of 9.8 (Critical) does not mean a vulnerability is actively exploitable against any given target. It means that if the vulnerable service is exposed and reachable, exploitation is likely low-complexity. Context matters enormously: a Critical-scored RCE in a service that is not installed on any target system is zero risk to that engagement. A Medium-scored SSRF vulnerability (say, a 6.5) in a cloud-hosted application that can reach instance metadata endpoints (as in the 2019 Capital One breach, where Paige Thompson used SSRF to query AWS metadata and obtain IAM credentials) may be the most consequential finding in the entire report.
Exploit-DB (exploit-db.com), maintained by Offensive Security, is the primary public repository of exploits and shellcodes correlated to CVEs. When evaluating whether an exploit exists for a discovered vulnerability, Exploit-DB is the first stop. Entries include proof-of-concept code, affected versions, and a verification status.
CISA KEV (Known Exploited Vulnerabilities catalog), launched in November 2021, lists CVEs for which CISA has evidence of active exploitation in the wild. US federal agencies are required to patch KEV-listed vulnerabilities within specified deadlines. For pentesters, the KEV is an authoritative shortcut: if a vulnerability found on a target is in the KEV catalog, it is being actively weaponized, and the finding warrants Critical priority in the report regardless of CVSS score.
Shodan (shodan.io), launched by John Matherly in 2009, indexes internet-connected devices by banner and response data. A Shodan search for vuln:CVE-2021-26855 returned results for tens of thousands of unpatched Exchange servers in the days following the March 2021 disclosure, giving both attackers and defenders real-time visibility into global exposure.
Injection (CWE-89, CWE-78): SQL injection and OS command injection remain in the OWASP Top 10 for 2021 (as A03 Injection). SQLi is frequently encountered in legacy web applications and internal tools built without parameterized queries.
Authentication weaknesses: Default credentials, credential stuffing, password spraying, and broken session management. The 2016 Mirai botnet infected 600,000+ IoT devices almost entirely via default credentials — admin/admin, root/root — demonstrating that credential hygiene failures scale catastrophically.
Unpatched software: The most common critical finding in enterprise pentests. EternalBlue (MS17-010) exploits were still being detected on corporate networks four years after the WannaCry pandemic because patch deployment at enterprise scale is genuinely hard.
Misconfiguration: Overly permissive firewall rules, anonymous access to SMB shares, world-readable S3 buckets, weak SNMP community strings. The 2017 Equifax breach (affecting 147 million Americans) was initiated through CVE-2017-5638, an Apache Struts vulnerability for which a patch had been available for two months before Equifax's systems were compromised.
AI tools can rapidly cross-reference discovered service versions against CVE databases and generate initial triage summaries. The limitation is that they cannot assess exploitability in context — whether a firewall blocks the affected port, whether compensating controls exist, whether the installed version actually matches the vulnerable range. That contextual judgment remains the tester's job.
Practice the triage process: given a CVE identifier and an engagement context, determine whether the vulnerability is relevant, exploitable as discovered, and how it should be prioritized in a report. The assistant will provide CVE details and engagement snippets for you to analyze.
Complete at least three substantive exchanges to finish the lab.
In August 2019, security researcher Chris Vickery reported that he had discovered an exposed MongoDB database containing personal data on 198 million American voters. He found it while conducting what he described as routine research into misconfigured cloud storage — not as part of any authorized engagement. The data belonged to Deep Root Analytics, a contractor for the Republican National Committee. Vickery faced no charges, in part because he did not download or use the data, immediately reported it, and the database was publicly accessible without authentication. But his situation illustrates the fragility of the legal position for researchers who operate without explicit authorization: the Computer Fraud and Abuse Act's language about "exceeding authorized access" and "unauthorized access to protected computers" is broad enough that a prosecutor's decision, not technical behavior, is often the deciding factor. Authorization documents are not bureaucratic paperwork. They are the legal firewall that separates a pentester from a criminal.
Every legitimate penetration test engagement is governed by two core documents: the Statement of Work (SoW) and the Rules of Engagement (RoE). Together they define what is permitted, what is prohibited, who has the authority to authorize testing, and what happens when something goes wrong.
The SoW specifies: the IP ranges or domain names in scope, any explicitly out-of-scope systems (often including production databases, medical devices, OT/ICS networks), the test window (dates and hours during which testing is permitted), and the names of personnel authorized to grant expanded scope or pause testing. The SoE specifies: permitted attack techniques (black-box vs. gray-box vs. white-box), whether social engineering is in scope, whether physical testing is included, and the emergency halt procedure.
If during a test you discover you have accessed a system or data that is outside the agreed scope — whether through a misconfigured pivot, an unexpected trust relationship, or a miscounted IP range — you must stop immediately, document the access with timestamps, and notify the client's designated point of contact. Continuing is both a contractual violation and potentially a criminal act.
The Computer Fraud and Abuse Act (18 U.S.C. § 1030), originally passed in 1986 and amended most significantly in 1994, 1996, 2001 (USA PATRIOT Act), and 2008, criminalizes unauthorized access to protected computers — a category that covers essentially all computers connected to the internet. The statute's intentional ambiguity ("exceeds authorized access") means that authorization from the owner of target systems is the non-negotiable legal prerequisite for any active testing.
In June 2021, the Supreme Court's ruling in Van Buren v. United States narrowed the CFAA's "exceeds authorized access" provision: it does not cover accessing information for improper purposes from a system you are already authorized to access. But it provides no protection for accessing systems for which you have no authorization at all. For pentesters, the practical implication is unchanged: explicit written authorization from the system owner remains legally essential.
The CFAA governs activity touching US systems. Equivalent statutes include the UK's Computer Misuse Act 1990 (amended 2015), Germany's § 202a–202d StGB (Ausspähen von Daten), and the EU's Directive on Attacks Against Information Systems (2013/40/EU). Testing a system hosted in one country from a tester located in another country creates potential jurisdiction overlap — both countries' laws may apply simultaneously.
Bug bounty programs (HackerOne, Bugcrowd) publish explicit safe harbor terms that define the legal protections their programs extend to researchers. Reading the safe harbor before submitting any report is essential: some programs do not extend safe harbor to automated scanning, others exclude specific asset types. The 2016 case of security researcher Justin Shafer, prosecuted under the CFAA for accessing dental X-ray software he believed was in the scope of his authorized research, illustrates how the boundaries of safe harbor are contested in practice.
During a pentest, testers frequently encounter real sensitive data: database dumps containing PII, email archives, credential files, medical records. The standard practice is to document the finding (capture sufficient evidence to demonstrate access — a screenshot showing column headers, a partial record count) without retaining the actual sensitive data. Most SoWs explicitly prohibit exfiltrating real customer data even as proof-of-concept.
Pentest reports that include real customer PII, credentials, or health information create legal exposure for both the testing firm and the client. Evidence of vulnerability can always be demonstrated without retaining the actual sensitive content — a screenshot of a database table structure is sufficient evidence of SQL injection without copying the rows.
AI-assisted recon tools — including automated OSINT aggregators and AI-driven scanners — are subject to the same authorization requirements as manual techniques. An AI tool that autonomously expands its scanning scope beyond the agreed IP range does not transfer legal liability to the AI. The tester who deployed it is responsible for every packet sent. Configure scope restrictions in AI tools before deployment, not after.
Practice the scoping and authorization thinking that precedes every real engagement. The assistant will present engagement scenarios with incomplete or problematic scope definitions, and you will identify gaps, propose corrections, and reason through edge cases involving out-of-scope access and data handling.
Complete at least three substantive exchanges to finish the lab.