Post

Penetration Testing Lab: Executive Master in Cybersecurity at IUSI

Posted
By Pietro Melillo
1 min read
Penetration Testing Lab: Executive Master in Cybersecurity at IUSI

As part of the Executive Master in Cybersecurity offered by IUSI — Istituto Universitario di Scienze Informatiche, I delivered the practical laboratory module on penetration testing.

Course Context

The Executive Master is designed for professionals who need to combine managerial understanding with technical awareness of modern cyber risk. My contribution focused on the operational side of offensive security, using controlled environments to explain how vulnerabilities are identified, exploited, documented, and remediated.

Module Description

The laboratory was built around realistic but isolated scenarios. Participants worked through the main phases of a penetration test, from reconnaissance to reporting, with particular attention to ethics, authorization, and evidence handling.

The module covered:

  • penetration testing methodologies, including PTES, OSSTMM, and OWASP Testing Guide;
  • reconnaissance and enumeration techniques;
  • exploitation of known vulnerabilities in lab environments;
  • privilege escalation on Windows and Linux;
  • post-exploitation concepts and lateral movement scenarios;
  • technical reporting and remediation guidance.

Tools and Platforms

The sessions included practical use of:

  • Kali Linux and Parrot OS;
  • Metasploit Framework;
  • Burp Suite;
  • Nmap;
  • Enum4linux;
  • Impacket;
  • custom vulnerable machines inspired by Hack The Box-style labs.

Learning Outcomes

At the end of the lab, participants were able to:

  • conduct structured penetration testing activities in controlled environments;
  • identify common weaknesses such as misconfigurations, outdated software, and weak credentials;
  • reconstruct attack paths from initial access to privilege escalation;
  • document findings in a professional and defensible way.

About the Master

The IUSI Executive Master in Cybersecurity is aimed at IT professionals, auditors, risk managers, and law enforcement personnel. It combines technical, legal, and organizational aspects of cybersecurity, with a strong focus on operational resilience.

Further information is available at:

iusi.eu/corsi/executive-master-sicurezza-informatica

Closing Note

Delivering this module was an opportunity to translate offensive security practices into a structured and ethical learning experience for professionals who are building or strengthening their cybersecurity capabilities.

Courses, Penetration Testing
iusi offensive-security vulnerability-assessment master cybersecurity-training
This post is licensed under CC BY 4.0 by the author.