Fundamentals of Ethical Hacking: Concepts, Scope & Impact

Role of Cybersecurity in Today’s Digital World

Types of Hackers: White Hat, Black Hat, Grey Hat, and Script Kiddies

Key Cybersecurity Terminologies: Threats, Vulnerabilities, Exploits, and Risk Management

Overview of Cyber Laws & Compliance: GDPR, HIPAA, ISO 27001, PCI DSS, and NIST

The Five Phases of Ethical Hacking: Reconnaissance, Scanning, Gaining Access, Maintaining access , Covering tracks

Essential Tools for Ethical Hacking: Kali Linux, Metasploit, Nmap, and Wireshark

Setting Up a Hacking Lab: Virtual Machines, Networking Basics & Isolated Testing Environments

Career Paths in Cybersecurity & Ethical Hacking Certifications (CEH, OSCP, CISSP, etc.)

Understanding IP Addressing, Subnetting, and CIDR Notation

Common Network Protocols: HTTP, HTTPS, FTP, SSH, DNS, SMTP, SNMP

Network Security Devices: Firewalls, IDS, IPS, and Their Functions

Network Reconnaissance Techniques: Passive vs. Active Information Gathering

OSINT (Open-Source Intelligence): Tools and Techniques for Data Collection

WHOIS, DNS Enumeration & Website Footprinting

Shodan & Google Dorking for Ethical Hacking

Hands-on Lab: Performing Basic Reconnaissance Using Nmap and Wireshark

Introduction to Operating Systems: Windows & Linux Security Basics

Understanding File Systems, Permissions, and Access Control

Common System Vulnerabilities: Unpatched Software & Misconfigurations

Password Exploitation: Brute Force, Dictionary Attacks & Credential Dumping

Malware Analysis: Viruses, Worms, Trojans, Ransomware, and Rootkits

Privilege Escalation Techniques in Windows and Linux

Vulnerability Scanning Tools: Nessus, OpenVAS, and Nikto

Introduction to Metasploit Framework for Exploitation

Hands-on Lab: Identifying and Exploiting System Vulnerabilities

Understanding Web Applications: Client-Server Model & HTTP/HTTPS

Introduction to Web Vulnerabilities: SQL Injection, XSS, CSRF, and More

Deep Dive into OWASP Top 10 Security Risks

Common Web Hacking Tools: Burp Suite, SQLmap, Nikto, and ZAP

Web Application Attack Methodologies: Reconnaissance & Exploitation

Basic Exploitation Techniques: SQL Injection, XSS, and Broken Authentication

Bypassing Authentication & Exploiting Poor Session Management

Securing Web Applications: Input Validation, Secure Coding, and Patching

Hands-on Lab: Web Vulnerability Assessment and Exploitation

Deep Dive into Nmap: Advanced Scanning, OS Fingerprinting, and Firewall Evasion

Advanced Wireshark Techniques: Traffic Analysis & Packet Inspection

Enumerating Network Services: SNMP, SMB, FTP, RDP, and More

MITM (Man-in-the-Middle) Attacks: ARP Spoofing, DNS Poisoning, and SSL Stripping

Wireless Network Hacking: WEP/WPA/WPA2 Cracking & Rogue AP Attacks

Advanced Port Scanning & Service Fingerprinting Techniques

Bypassing Firewalls & IDS/IPS: Evasion Techniques and Tools

Network Exploitation: Capturing Credentials & Sniffing Sensitive Data

Hands-on Lab: Simulating Network Attacks and Defenses

Understanding Privilege Escalation: Vertical vs. Horizontal Attacks

Windows Privilege Escalation: Exploiting Weak Permissions & Misconfigurations

Token Impersonation & Pass-the-Hash Attacks

Exploiting Unquoted Service Paths & DLL Hijacking

PowerShell for Privilege Escalation: PowerUp, PrivescCheck & Other Tools

Linux Privilege Escalation: SUID/GUID Binary Exploits

Kernel Exploits & Exploiting Misconfigured Cron Jobs

Abusing Sudo Permissions & Weak File Permissions

Hands-on Labs: Practical Privilege Escalation Scenarios on Windows & Linux

Advanced SQL Injection Techniques (Blind SQLi, Time-Based, Error-Based)

Cross-Site Scripting (XSS): Stored, Reflected, and DOM-Based Attacks

Command Injection & File Upload Vulnerabilities

Exploiting Authentication & Authorization Flaws (Session Hijacking, JWT Exploits)

Post-Exploitation Techniques in Web Applications

Maintaining Access: Deploying Backdoors & Web Shells

Pivoting & Lateral Movement within Web Environments

Data Exfiltration & Covering Tracks

Hands-on Labs & Tools: Burp Suite Pro, SQLmap, XSSer, BeEF

Understanding Buffer Overflows (Stack Overflow, Heap Overflow)

Writing Custom Exploits (Fuzzing, Shellcoding, Exploit Automation)

Reverse Engineering Fundamentals & Malware Analysis (Static vs Dynamic Analysis)

Introduction to Assembly Language for Exploit Development

Windows Exploit Development (ROP Chains, SEH Exploits, DEP/ASLR Bypass)

Linux Exploit Development (Memory Corruption, Race Conditions, Format String Vulnerabilities)

Analyzing & Modifying Shellcode for Exploits

Tools for Exploit Development (Immunity Debugger, GDB, Radare2, IDA Pro)

Hands-on Exploitation Labs & Real-World Exploit Case Studies

Understanding Blue Team Operations & Defensive Strategies

Cyber Threat Intelligence (CTI) & Threat Hunting Techniques

Implementing Security Information & Event Management (SIEM) Solutions

Log Analysis & Correlation (Windows Event Logs, Syslog, Elastic Stack)

Endpoint Detection & Response (EDR) Solutions & Implementation

Network Traffic Analysis (NetFlow, Zeek, Suricata, Wireshark)

Malware Detection & Anomaly Behavior Analysis

Threat Hunting Methodologies & Frameworks (MITRE ATT&CK, Cyber Kill Chain)

Incident Response & Threat Containment Strategies

Introduction to Digital Forensics & Investigation Process

Forensic Evidence Collection (Disk, Memory, Network)

Windows & Linux File System Forensics

Memory Forensics (RAM Analysis, Volatility Framework, Rekall)

Disk Imaging & Data Recovery (Autopsy, FTK, EnCase, dd, Guymager)

Identifying and Analyzing Malware Artifacts

Log Analysis & Event Reconstruction

Mobile Forensics & Data Extraction

Legal & Compliance Considerations in Digital Forensics (Chain of Custody, Admissibility of Evidence)

Incident Response (IR) Framework & Methodologies (NIST, SANS, ISO 27035)

Phases of Incident Handling (Preparation, Identification, Containment,

Eradication, Recovery, Lessons Learned)

Handling Security Breaches (Ransomware, Data Leaks, Insider Threats, APTs)

Investigating Phishing & Social Engineering Attacks

Digital Evidence Preservation & Chain of Custody

Developing an Incident Response Playbook

Threat Intelligence Integration in Incident Response

Security Operations Center (SOC) Roles & Responsibilities

Automating Incident Response with SOAR (Security Orchestration, Automation, and Response)