MTCSA Modules

Network fundamentals

understanding IP addressing, subnetting, and routing.

Operating systems

familiarity with Windows and Linux operating systems, including command-line interface usage and system administration tasks.


proficiency in scripting languages such as Python and Bash, to automate repetitive tasks and exploit development.

Web technologies

understanding of web protocols, such as HTTP and HTTPS, as well as web application technologies, such as HTML, JavaScript, and PHP.

Database technologies

understanding of database systems, such as MySQL and Microsoft SQL Server, and their vulnerabilities.

Exploitation techniques

knowledge of various exploitation techniques, such as buffer overflows, SQL injection, and cross-site scripting (XSS).

Post-exploitation techniques

techniques for maintaining access to compromised systems, such as privilege escalation, persistence, and data exfiltration.


understanding of cryptography concepts, including symmetric and asymmetric encryption, hashes, and digital signatures.

Virtualization and cloud computing

familiarity with virtualization technologies, such as VMware and VirtualBox, and cloud computing environments, such as Amazon Web Services (AWS) and Microsoft Azure.

Compliance and security frameworks

knowledge of various exploitation techniques, such as buffer overflows, SQL injection, and cross-site scripting (XSS).

Exploitation techniques

knowledge of security frameworks, such as the OWASP Top 10 and the ISO/IEC 27001 standard, and regulatory compliance requirements, such as the General Data Protection Regulation (GDPR).

Footprinting and Reconnaissance

Understanding the importance of information gathering and the various techniques for collecting information about target systems.

Scanning Networks

Knowledge of network scanning techniques, including port scanning, vulnerability scanning, and OS fingerprinting.


Understanding how to identify open network services and the information that can be gathered from them.

Vulnerability Analysis

Knowledge of the various types of vulnerabilities and how to identify them in target systems.

System Hacking

Understanding how to compromise systems, including techniques for cracking passwords, bypassing security measures, and exploiting vulnerabilities.

Malware Threats

Knowledge of malware and its impact on systems, including viruses, Trojans, worms, and rootkits.


Understanding network sniffing techniques, including ARP spoofing, DHCP spoofing, and DNS spoofing.

Social Engineering

Understanding the impact of social engineering attacks, including phishing, baiting, and pretexting.

Denial of Service

Knowledge of various denial of service attack techniques and how to protect against them.

Session Hijacking

Understanding session hijacking techniques, including IP spoofing and TCP session hijacking.

Hacking Web Servers

Understanding web server security and the techniques used to attack web servers, including SQL injection and cross-site scripting.

Hacking Web Applications

Understanding web application security and the techniques used to attack web applications, including cross-site scripting and parameter tampering.

SQL Injection

Understanding SQL injection attacks and how to defend against them.

Wireless Network Hacking

Understanding wireless network security and the techniques used to attack wireless networks.

Penetration Testing Report Writing

Understanding the importance of report writing in penetration testing and how to present findings to stakeholders.