Curriculum
- 24 Sections
- 321 Lessons
- 48 Weeks
Expand all sectionsCollapse all sections
- Week 1Cybersecurity Basic & networking fundamentals12
- 1.1Introduction to Cybersecurity – Need, Importance, Applications
- 1.2Key Terminologies: Web, Servers, Systems, Protocols, Firewalls
- 1.3CIA Triad (Confidentiality, Integrity, Availability)
- 1.4Understanding Threats, Vulnerabilities, Risks & Impact
- 1.5Cyber Kill Chain & Attack Lifecycle
- 1.6Types of Hackers: White Hat, Black Hat, Grey Hat
- 1.7Cybersecurity Domains Overview (Network, Web, Mobile, Cloud, IoT, etc.)
- 1.8Introduction to Networking: LAN, WAN, IP, DNS, DHCP
- 1.9Types of Network Topologies & Devices (Router, Switch, Firewall, etc.)
- 1.10Introduction to Command-Line Interface (CLI) for Security
- 1.11Hands-on: Packet Tracer / GNS3 basic lab setup
- 1.12Weekly Quiz & Group Discussion: Real-World Cyber Incidents
- Week 2Security Protocols & VAPT Overview12
- 2.1Deeper Networking Concepts: OSI & TCP/IP Models60 Minutes
- 2.2IP Addressing, Subnetting & CIDR
- 2.3Routing Protocols & Switching Methods
- 2.4Common Protocols in Detail: HTTP, HTTPS, FTP, SSH, DNS
- 2.5Understanding Firewalls, NAT, and Proxy
- 2.6Network Segmentation & VLAN Basics
- 2.7What is VAPT? Key Terms: VA vs PT
- 2.8Tools Overview: Nmap, Nessus, Nikto, Burp Suite
- 2.9Network Vulnerabilities: ARP Spoofing, DNS Poisoning, etc.
- 2.10Overview of MITRE ATT&CK Framework
- 2.11Reporting Formats & Documentation Techniques in VAPT
- 2.12Practical: OSI Model Packet Flow Simulation in Packet Tracer
- Week 3Vulnerability assessment & Penetration testing14
- 3.1Introduction to VA/PT Methodologies60 Minutes
- 3.2Port Scanning: Nmap Advanced Usage
- 3.3OS Detection & Banner Grabbing
- 3.4Service Enumeration Techniques
- 3.5Introduction to Exploitation Frameworks (Metasploit)
- 3.6Basic Exploit Usage (Remote Code Execution, Local Priv Esc)
- 3.7CVE, CVSS & Exploit Database Usage
- 3.8Privilege Escalation Fundamentals (Linux & Windows)
- 3.9Post Exploitation: Persistence, Cleaning Logs
- 3.10Antivirus Evasion Techniques Basics
- 3.11Security Baseline Checks & Patch Management
- 3.12Red Team vs Blue Team Basics
- 3.13Capture the Flag (CTF) Introduction & Scenarios
- 3.14Hands-on: Simulated VAPT on Test Machine (Kali + DVWA)
- Week 4Exploitation , Anonymity & Case Studies13
- 4.1Wireshark Deep Dive: Filtering, Protocol Analysis
- 4.2Kali Linux Toolkit Exploration
- 4.3Introduction to Nessus: VA Scanning Hands-On
- 4.4Advanced Nmap: NSE Scripting
- 4.5Proxy Tools: Tor, VPNs, SOCKS5, Psiphon, Proxychains
- 4.6Web Reconnaissance with FOCA, Shodan & WhatWeb
- 4.7IP Tracking & Geolocation with OSINT Tools
- 4.8Phishing & Social Engineering Techniques (Email & Web Based)
- 4.9Case Studies: Facebook Hack, Yahoo Data Breach, Equifax
- 4.10Forensics Basics: Chain of Custody, Digital Footprint
- 4.11Anti-Forensics & Tactics for Evading Detection
- 4.12Risk Assessment & Threat Modeling
- 4.13Hands-on Lab: Creating a phishing simulation + detection
- Week 5Web Application Security – Fundamentals & Setup13
- 5.1Web Application Architecture (Client-Server Model)
- 5.2HTTP/HTTPS Deep Dive: Headers, Methods, Cookies
- 5.3Web App Components: Frontend, Backend, Databases
- 5.4Introduction to Browser Dev Tools for Recon
- 5.5Common Web Security Issues & Entry Points
- 5.6Burp Suite Introduction & Configuration
- 5.7Hands-on: Intercepting HTTP Requests
- 5.8Session Management & Cookie Hijacking Basics
- 5.9URL Encoding/Decoding, Parameter Tampering
- 5.10Input Validation & Error Handling Flaws
- 5.11Reflected vs Stored Input Injection
- 5.12OWASP Top 10 Overview (Introduction)
- 5.13Lab: Web Application Recon using Burp Suite & HTTP Tools
- Week 6Security Standards & OWASP Top 10 (Part 1)13
- 6.1Introduction to Standards of Hacking & OWASP, SANS, OSSTMM, NIST, ISMS, PCI
- 6.2Introduction to OWASP Top 10 Vulnerabilities
- 6.3SQL Injection (SQLi) & Understanding & Exploitation
- 6.4Cross-Site Scripting (XSS) & Types & Mitigation
- 6.5Broken Authentication & Session Management
- 6.6Sensitive Data Exposure & Encryption Best Practices
- 6.7Security Misconfigurations in Web Applications
- 6.8Exploring OWASP Tools & Resources
- 6.9Secure DevOps Practices Overview
- 6.10Using OWASP ZAP for Scanning OWASP 10
- 6.11Secure Headers: CSP, X-Frame-Options, HSTS
- 6.12SSRF Basics (Server Side Request Forgery)
- 6.13Hands-on Lab: Broken Access Control Exploitation
- Week 7OWASP Top 10 (Part 2) & Hands-on Testing14
- 7.1OWASP Top 10 Vulnerabilities Continued
- 7.2Broken Authentication
- 7.3Sensitive Data Exposure
- 7.4Hands-on with Burp Suite Community Edition
- 7.5Intercepting Requests
- 7.6Modifying and Resending Requests
- 7.7Deep Dive into Input Validation Techniques
- 7.8XSS (Reflected, Stored, DOM) Hands-on
- 7.9Session Hijacking via Burp Suite
- 7.10JWT Token Analysis & Manipulation
- 7.11Log4j, Shellshock & Recent CVE Discussions
- 7.12Hands-on: Exploiting XSS in DVWA/Juice Shop
- 7.13Vulnerability Scanning Tools Overview (Nikto, Acunetix)
- 7.14Practical: Manual and Automated Web Testing (OWASP Top 10)
- Week 8SSL & Web Security Enhancements13
- 8.1Introduction to SSL/TLS Its Role in Web Security
- 8.2Understanding SSL/TLS Handshake & Encryption Mechanisms
- 8.3Common SSL/TLS Vulnerabilities (SSL Stripping, Heartbleed, POODLE, BEAST, etc.)
- 8.4Certificate Authorities (CAs) & Public Key Infrastructure (PKI)
- 8.5Identifying Weak SSL Configurations & Misconfigurations
- 8.6Web Application Security Testing with OWASP ZAP
- 8.7Using Acunetix for Automated Web Security Scanning
- 8.8Comparing Web App Scanners: Burp Suite, Nessus, Nikto, and More
- 8.9Hardening Web Security: Best Practices for Secure SSL/TLS Implementation
- 8.10Web Application Firewall (WAF) Basics
- 8.11Anonymity while scanning (VPN + TOR + Proxychains)
- 8.12Intro to CI/CD Security in DevOps Pipelines
- 8.13Lab: Compare Burp Suite, ZAP, Nikto, and Acunetix on Same App
- Week 9Authentication, Authorization & Session Security15
- 9.1Authentication vs Authorization – Core Differences
- 9.2Session Management: Cookies, Tokens, Sessions
- 9.3Importance of Compliance in Cybersecurity , Risk Assessment & Compliance AuditingCopyCopy
- 9.4Password Storage Best Practices (Hashing, Salting, Bcrypt)
- 9.5kareBrute Force & Credential Stuffing Attacks
- 9.6Multi-Factor Authentication (MFA) & OTP Mechanisms
- 9.7OAuth 2.0 & OpenID Connect: Flow & Exploitation
- 9.8JWT Tokens – Structure, Signature & Attacks (None Algo, Replay)
- 9.9Session Fixation & Session Hijacking Attacks
- 9.10Captcha Bypass Techniques
- 9.11Login/Signup Security Best Practices
- 9.12Tools: Hydra, Medusa, Burp Intruder, OWASP ZAP
- 9.13Hands-on: Bruteforce Login Portal with Hydra
- 9.14Case Study: GitHub Token Exposure Incident
- 9.15Lab: Simulating Session Hijack & Implementing Secure Cookie Flags
- Week 10Upload, RCE & Deserialization Attacks File13
- 10.1File Upload Vulnerabilities & Bypass Techniques
- 10.2MIME Type Misinterpretation & Content-Type Header
- 10.3Local File Inclusion (LFI) & Remote File Inclusion (RFI)
- 10.4Remote Code Execution (RCE) Overview
- 10.5Log Poisoning to RCE
- 10.6Uploading Web Shells (.php/.jsp/.aspx)
- 10.7Unrestricted File Upload – Impact & Mitigation
- 10.8Deserialization Vulnerabilities – PHP & Java
- 10.9Exploiting Serialized Objects & POP Chains
- 10.10Tools: ysoserial, Burp Suite Extenders
- 10.11Lab: LFI to RCE Walkthrough in DVWA
- 10.12Lab: Exploiting Unrestricted Upload to Gain Shell
- 10.13CTF Scenario: LFI + Upload Chain
- Week 11APIs, JSON Web Tokens & Mobile API Testing15
- 11.1What is an API? REST vs SOAP
- 11.2API Authentication Mechanisms (API Keys, JWT, OAuth2)
- 11.3Common API Attacks (BOLA, Broken Auth, Excessive Data Exposure)
- 11.4OWASP API Top 10 Overview
- 11.5GraphQL vs REST Security Flaws
- 11.6Postman/Burp Suite for API Testing
- 11.7Mitigation Techniques & Security Best PracticesCopyCopy
- 11.8Rate Limiting, Throttling & Replay Attack Mitigation
- 11.9Token Manipulation & JWT Tampering
- 11.10API Parameter Tampering & Mass Assignment
- 11.11Tools: Postman, Burp Suite, Insomnia, Swagger Exploitation
- 11.12Mobile API Testing Basics (Android/iOS APIs)
- 11.13Practical: API Scanning with Burp Suite + Manual Testing
- 11.14Hands-on: Token Forgery and Session Replay
- 11.15Lab: Vulnerable API Simulation using DVWS or Juice Shop
- Week 12: Source Code Review & Secure DevOps (DevSecOps)15
- 12.1Introduction to Source Code Review
- 12.2Reviewing Code for SQLi, XSS, File Uploads
- 12.3Static vs Dynamic Application Security Testing (SAST vs DAST)
- 12.4Tools: SonarQube, Semgrep, Bandit, Checkmarx (Intro)
- 12.5Secure SDLC (Software Development Life Cycle)
- 12.6DevSecOps Pipeline Overview
- 12.7Integrating Security in CI/CD (GitHub Actions, GitLab CI)
- 12.8Secrets Detection Tools: TruffleHog, Gitleaks
- 12.9Docker Security Basics
- 12.10Container Misconfigurations & Escape Techniques
- 12.11Infrastructure as Code (IaC) Security
- 12.12Dependency Scanning & SBOM (Software Bill of Materials)
- 12.13Hands-on: Code Review of Flask App for Vulnerabilities
- 12.14Lab: CI/CD Pipeline Scan with GitHub + SAST Tool
- 12.15Case Study: SolarWinds Supply Chain Attack
- Week 13Mobile Application Security (Android & iOS)15
- 13.1Introduction to Mobile App Architecture (Android vs iOS)
- 13.2Understanding APK Structure & Components (Activities, Services, etc.)
- 13.3Static vs Dynamic Analysis in Mobile Pentesting
- 13.4Tools: MobSF, JADX, APKTool, Frida, Drozer
- 13.5Reverse Engineering APKs with JADX & APKTool
- 13.6Identifying Insecure Data Storage (SharedPrefs, SQLite, etc.)
- 13.7Analyzing Network Traffic (MITMProxy + Burp on Emulator)
- 13.8Intercepting SSL Traffic – Certificate Pinning Bypass
- 13.9Runtime Instrumentation with Frida
- 13.10Testing Android Intents, Activities & Deep Links
- 13.11OWASP Mobile Top 10 Deep Dive
- 13.12Dynamic Analysis with Drozer
- 13.13iOS App Security Basics & Jailbreaking Concepts
- 13.14Hands-on: APK Decompile + Analyze for Hardcoded Secrets
- 13.15Lab: Capturing & Modifying Traffic from Android App via Burp
- Week 14Cloud Security – AWS, Azure, GCP (Part 1)14
- 14.1Introduction to Cloud Computing & Cloud Service Models (IaaS, PaaS, SaaS)
- 14.2Shared Responsibility Model
- 14.3Overview of AWS, Azure, GCP Architecture
- 14.4Identity & Access Management (IAM) Fundamentals
- 14.5Public vs Private Buckets – S3 Misconfigurations
- 14.6Tools: ScoutSuite, Prowler, Cloudsplaining
- 14.7Enumeration of Cloud Assets
- 14.8Credential Leaks & Misuse (Keys in GitHub, Hardcoded Tokens)
- 14.9Attacking Cloud Metadata Services (IMDSv1 vs IMDSv2)
- 14.10Hands-on: AWS CLI & IAM Policy Testing
- 14.11Introduction to CloudTrail, CloudWatch & Logging
- 14.12Case Study: Capital One AWS S3 Breach
- 14.13Lab: Exploiting Public S3 Bucket & IAM Misconfigurations
- 14.14Real-world Scenario: Attacking Cloud Dev Environment
- Week 15Cloud Security – AWS, Azure, GCP (Part 2)13
- 15.1Cloud Enumeration with Pacu (AWS Offensive Tool)
- 15.2Lambda Function Exploits (Code Injection, SSRF)
- 15.3Misconfigured Serverless Permissions
- 15.4Azure Identity Services Exploits (AAD, RBAC)
- 15.5Azure CLI & Portal Exploitation
- 15.6GCP IAM & Storage Exploitation Overview
- 15.7Cloud API Abuse & Access Escalation
- 15.8Kubernetes Basics: Pods, Services, etc.
- 15.9K8s Vulnerabilities (Exposed Dashboard, Secrets in Pods)
- 15.10Tools: Kube-Hunter, Kube-Bench
- 15.11Cloud Security Posture Management (CSPM) Concepts
- 15.12Lab: SSRF to IAM Token Extraction via Metadata
- 15.13Hands-on: Recon and Exploitation of AWS Misconfig with Pacu
- Week 16Cyber Forensics & Incident Response (Part 1)14
- 16.1Introduction to Digital Forensics: Process & Tools
- 16.2Forensic Acquisition: Disk Imaging (dd, FTK Imager)
- 16.3Memory Forensics with Volatility Framework
- 16.4Email Header Analysis for Phishing Detection
- 16.5Timeline Analysis & File System Forensics
- 16.6Windows Artifacts: Registry, Prefetch, MFT
- 16.7Linux Forensics: Logs, History, Bash Commands
- 16.8Log Analysis & Triage (Syslog, Event Viewer, Apache Logs)
- 16.9Identifying Indicators of Compromise (IOCs)
- 16.10Chain of Custody & Documentation Standards
- 16.11Tools: Autopsy, Volatility, Redline, Sleuth Kit
- 16.12Hands-on: RAM Dump Analysis Using Volatility
- 16.13Lab: Log Analysis of Compromised Web Server
- 16.14Case Study: Target POS Malware Breach
- Week 17Cyber Forensics & Incident Response (Part 2)14
- 17.1Deep Dive: Incident Response Lifecycle (Preparation to Lessons Learned)
- 17.2Playbook Development for Incident Handling
- 17.3Evidence Collection Techniques (Live vs Dead Box)
- 17.4Triage & Prioritization in Real-Time Incidents
- 17.5Threat Intelligence Integration in IR
- 17.6Analyzing Malware Behavior from Logs
- 17.7Host-Based Intrusion Detection (OSSEC, Wazuh)
- 17.8Network-Based Intrusion Detection (Snort, Suricata)
- 17.9SIEM Introduction (Splunk/ELK/Wazuh Dashboard)
- 17.10IOC Correlation & Threat Attribution
- 17.11Report Writing for Legal/Compliance
- 17.12Insider Threat Detection Techniques
- 17.13Case Study: SolarWinds Supply Chain Attack
- 17.14Lab: IR Simulation – Compromise Detection + Report Writing
- Week 18Malware Analysis & Reverse Engineering (Part 1)13
- 18.1Introduction to Malware Types & Attack Vectors
- 18.2Static vs Dynamic Malware Analysis
- 18.3Setting up a Safe Malware Lab (VM, INetSim, Remnux)
- 18.4Tools: PEStudio, CFF Explorer, Detect It Easy (DIE)
- 18.5File Signature Analysis & PE File Structure
- 18.6Strings Analysis & Obfuscation Techniques
- 18.7Identifying Indicators from Suspicious Executables
- 18.8Dynamic Tools: Process Monitor, Process Hacker, ProcDOT
- 18.9API Call Tracing & Behavior Logging
- 18.10Registry/Process/File System Artifacts
- 18.11Malware Sandbox Overview (Cuckoo Sandbox)
- 18.12Lab: Basic Static & Dynamic Analysis of Malware Sample
- 18.13Case Study: WannaCry Malware Behavior
- Week 19Malware Analysis & Reverse Engineering (Part 2)13
- 19.1Introduction to Assembly Language Basics
- 19.2Using x64dbg and Ghidra for Reverse Engineering
- 19.3Understanding Function Calls, Stack Frames
- 19.4Control Flow Graph (CFG) Navigation
- 19.5Anti-Analysis & Anti-Debugging Techniques
- 19.6Code Injection, DLL Hijacking Overview
- 19.7Unpacking Obfuscated Binaries
- 19.8Ransomware Behavior & Crypto-Malware Analysis
- 19.9Threat Hunting Techniques in Memory & Disk
- 19.10YARA Rules: Writing Signatures for Malware Detection
- 19.11Advanced Cuckoo Configuration & Custom Modules
- 19.12Lab: Analyze and Reverse a Packed Malware Sample
- 19.13Task: Create IOC list & Detection Strategy
- Week 20Threat Hunting, SIEM & EDR Tools14
- 20.1What is Threat Hunting? Role & Mindset
- 20.2Hypothesis-Driven vs IOC-Driven Hunting
- 20.3Data Sources: DNS, Proxy, Firewall, Host Logs
- 20.4Sigma Rules: Writing Behavioral Detections
- 20.5MITRE ATT&CK Integration in Hunting
- 20.6Blue Team Tools: Velociraptor, GRR, Osquery
- 20.7EDR Overview: CrowdStrike, SentinelOne, Defender for Endpoint
- 20.8Threat Hunting with Splunk Queries
- 20.9Using Kibana Dashboards for Anomaly Detection
- 20.10DNS Tunneling & Beaconing Detection
- 20.11Case Study: Detecting APT via Sysmon Logs
- 20.12Hunting Exercise: Detecting C2 via Proxy Logs
- 20.13Purple Team Collaboration Concepts
- 20.14Lab: Simulated Attack → Log Collection → Detection in SIEM
- Week 21Red Team Operations & TTPs (Part 1)16
- 21.1Introduction to Red Teaming vs Pentesting
- 21.2Objectives: APT Simulation, Persistence Testing
- 21.3Phases of Red Team Engagement
- 21.4Initial Access Vectors: Phishing, Exploits, USB Drops
- 21.5C2 Frameworks Overview: Cobalt Strike, Mythic, Sliver
- 21.6Memory & Disk Forensics TechniquesCopyCopy
- 21.7Payload Generation & AV Bypass (Veil, Shellter)
- 21.8Obfuscation Techniques (Invoke-Obfuscation, NimPlant)
- 21.9Enumeration Post Access (ADRecon, PowerView)
- 21.10Lateral Movement Techniques: Pass-the-Hash, PS Remoting
- 21.11Kerberoasting, Golden/Silver Ticket Attacks
- 21.12Hands-on: Setup C2 + Establish Callback on Target VM
- 21.13Case Study: Red Team Report Breakdown
- 21.14Windows Event Log Evasion & Cleansing
- 21.15Lab: Red Team Recon + Initial Foothold Simulation
- 21.16Red Team Toolkit Review
- Week 22IP Tracking & Network Analysis10
- 22.1Introduction to IP Tracking & Network Analysis
- 22.2Identifying Malicious IPs &; Threat Intelligence Sources
- 22.3Understanding IP Addressing & Geolocation
- 22.4Tracing IPs Using OSINT Tools (Shodan, Maltego, etc.)
- 22.5Network Traffic Analysis Fundamentals
- 22.6Packet Capturing & Inspection Using Wireshark
- 22.7Detecting Suspicious Traffic & Anomalies in Networks
- 22.8Investigating DDoS Attacks & Malicious Network Activity
- 22.9Forensic Analysis of Network Logs & Intrusions
- 22.10Hands-on Lab: Real-World Network Traffic Analysis Scenarios
- Week 23Blue Teaming, Defense & Communication Skills13
- 23.1SOC Operations and Tier Roles (Tier 1/2/3 Analyst)
- 23.2Log Analysis Practice (Windows, Linux, Firewall)
- 23.3Threat Containment & Eradication Steps
- 23.4Host-Based Artifact Analysis
- 23.5Email Analysis: Header, Attachment, Link Analysis
- 23.6Phishing Triage & User Awareness
- 23.7Creating SOPs & Runbooks for Incidents
- 23.8Effective Incident Communication Skills (Technical + Non-Tech)
- 23.9Cybersecurity Report Communication (CISO, Stakeholders)
- 23.10Resume Workshop: Tailoring for SOC Analyst, Red/Blue Team
- 23.11Presentation Skills: Explaining a Breach to Management
- 23.12Interview Body Language & Soft Skills Practice
- 23.13Mock Interview: 1-on-1 Role-Play with Feedback
- Week 24Incident Response & Hands-on Labs10
- 24.1Introduction to Incident Response & Its Importance
- 24.2Understanding the Incident Response Lifecycle (NIST Framework)
- 24.3Investigating Security Incidents & Digital Forensics Techniques
- 24.4Log Analysis & Threat Hunting in Incident Response
- 24.5Simulating Phishing Attacks & Social Engineering Scenarios
- 24.6Detecting & Mitigating Ransomware & Malware Attacks
- 24.7Incident Containment, Eradication, and Recovery Strategies
- 24.8Hands-on Threat Analysis Using SIEM Tools (Splunk, ELK, Wazuh)
- 24.9Creating an Effective Incident Response Plan (IRP)
- 24.10Final Lab Challenge: Real-World Cyber Attack Simulation & Response
Introduction to VA/PT Methodologies
Ipse videri illud quoad gravitasque tua tandem tubulum obsecro discessimus squalidius habeat occurreret referebat mirum disciplina habebat.
Efficit libidini latinum genera ardentiore neglegatur caperet fratre minuis videtis tollit lyco dipylo dant.
Defenditur augeri vos filio sensum putabit ergo incessum idemne an effeminari coletur illustris dicemus videndum faciant carneade vero deseruit.
Haerebitis diuturnitas istius potestis uratur alias tiberina voluit quaero insipientium dicitur congruentis duxisse pecudis quodsi caeleste.
Virtutis lorem praeclare sit prohiberet gaudere responsuros una quidem complectarsunt eo ergo anxio maximum.
Singulis consulatum eius plane tibi arripere existimoad dissentit quintus via ei repugnet reliquorum summas congressus levamentum praeposita.
Facilior que propensus ratione familiaris avaritiamne attinet optimis manilium dici addidisti incidant maximis cenent.
Coniungi sex adolescentiam valde recta perspicuum putet dedocendi istud spe mediocritate investigatio.
Posui ponis omnino hos beatissimum divitem actiones sequi adolescentiam vacuitas legem.
Quin malum videres habitus cantibus brevem publicarum leges vicimus dignitatem spectare poni.