HackLearn Certified Ethical Hacking Internship
🟢 Basic Level Projects
1. Lab Setup & VPN Configuration
Install Kali Linux, DVWA, and Metasploitable 2 on VirtualBox or VMware. Configure VPN using OpenVPN for safe pentesting.
2. Nmap & Netdiscover Mapping
Scan a local network to identify hosts and services using Nmap and Netdiscover. Create a network map.
3. Whois + theHarvester Project
Gather domain info, subdomains, emails using Whois and theHarvester. Document findings in a PDF report.
4. OSINT Project
Perform open-source investigation on a fake profile. Use tools like Maltego, Sherlock, Google Dorks, etc.
5. Google Dork Booklet
Create a reference list of 20+ powerful Google Dorks. Validate them on public test targets (ethically).
6. Vulnerability Scan with Nikto
Use Nikto to detect outdated server software and misconfigurations. Document all risk levels and descriptions.
7. FTP/SMTP Enumeration
Use Telnet and Nmap to enumerate banners and test login options on open FTP and SMTP ports.
8. Wireshark Traffic Analysis
Capture packets on local network and identify credentials or sensitive info using Wireshark filters.
9. Basic SQLi + XSS in DVWA
Exploit low-level SQL injection and XSS vulnerabilities in DVWA. Practice payload crafting and bypass techniques.
10. Burp Suite Basic Flow
Intercept, modify and replay HTTP/HTTPS requests using Burp. Understand headers, cookies, and session IDs.
🟡 Intermediate Level Projects
11. WordPress Vulnerability Assessment
Run WPScan on a WordPress site and find outdated themes, weak passwords, and vulnerable plugins.
12. Hydra Bruteforce
Use Hydra to attempt login brute-force attacks on test FTP, SSH, or HTTP forms. Log successful attempts.
13. Subdomain + Directory Discovery
Use tools like Gobuster and Sublist3r to find hidden pages and subdomains of a target test website.
14. CVE Exploitation with Metasploit
Use Metasploit to exploit common CVEs (e.g., vsftpd, Samba). Gain shell and document the process step-by-step.
15. Custom Payloads with msfvenom
Create reverse/bind shell payloads using msfvenom. Test in isolated lab environment with listener setup.
16. Social Engineering Toolkit (SET)
Use SET to create phishing pages (for testing purposes). Analyze how credential harvesting works and how to detect it.
17. Report Writing
Learn how to write detailed and professional pentest reports using a standard template including impact and fixes.
18. Python Scripting – Scanner Tool
Build a Python port scanner or web crawler. Use Socket, Requests, or Scapy libraries.
19. Bypassing Client-Side Validations
Use dev tools and Burp Suite to bypass JavaScript validations (e.g., modify price, change form values).
20. DNS Tunneling + Protocol Analysis
Use tools like iodine or dnscat2 to establish DNS tunnels. Analyze traffic using Wireshark or TCPdump.
🔴 Advanced Level Projects
21. Full Pentest on Juice Shop
Conduct a full pentest on OWASP Juice Shop. Cover authentication flaws, XSS, IDOR, SQLi, and write a full report.
22. Red Team Simulation Lab
Simulate a real APT-style attack in a local lab: Recon → Exploitation → Privilege Escalation → Pivoting.
23. C2 Server with Empire or Sliver
Set up a Command & Control framework (Empire/Sliver). Execute post-exploitation payloads from listener.
24. API Pentesting
Use Postman and Burp Suite to test REST APIs for auth bypass, rate-limit issues, and data leaks.
25. Bug Bounty Challenge
Participate in a bug bounty platform or challenge. Find and responsibly disclose one valid issue.
26. Keylogger & Data Exfiltration
Build a keylogger in Python and test it inside a VM. Log keystrokes and simulate exfiltration using a remote script.
27. NTLM Hash Capture & Cracking
Use Responder or Inveigh to capture NTLM hashes. Crack them using John the Ripper or Hashcat.
28. Cloud Pentesting Lab
Simulate an AWS environment. Find misconfigured S3 buckets, IAM roles, and apply permission audits.
29. WebSocket Pentesting
Analyze WebSocket traffic using Burp Suite. Check for token reuse, insecure logic, and injection vectors.
30. Real World CTF Challenge
Solve one CTF challenge on TryHackMe or HackTheBox. Submit full walkthrough and flag report.
🟣 Industry-Based Projects
31. Web Application Security Audit for E-Commerce
Audit a mock e-commerce platform for OWASP Top 10 issues. Document risks in login, payment, and product manipulation areas.
32. SOC Analyst Simulation Project
Analyze demo logs in ELK or Splunk. Detect malicious login attempts, data exfiltration, or brute-force behavior. Document alerts and prepare a report.
33. Secure Code Review on a PHP App
Perform a code-level security review of a sample PHP application. Identify SQLi, XSS, and CSRF flaws and fix the code.
34. Simulated Ransomware Incident Response
Simulate a ransomware attack in a VM. Document how it spreads, containment steps, backup restoration, and recovery plan.
35. Cybersecurity Compliance Checklist for SMEs
Create a NIST or ISO 27001-aligned checklist for small businesses. Cover access control, backup policy, awareness training, and response strategy.
🎁 What You'll Get Beyond the Syllabus
Course Fee: ₹2999
Pay via UPI to:
9340654498@kotak
Pay Now via UPI App Click Here to Join on WhatsApp Facing Issue in Payment? Contact Us