Introduction & Basics of Cybersecurity

Terminology (Web, Servers, Systems, Network Programming Languages, Hacking, IT Security)

CIA Triad(Confidentiality , Integrity , Availability)

Vulnerability, Threat, Impact, and Attack

Networking fundamentals

Security Awareness

Networking fundamentals

OSI & TCP/IP Models

Routing & Switching Basics

Common protocols: HTTP, HTTPS, FTP, SSH, DNS

Detailed overview of VAPT and its roles

Common Network Vulnerabilities & Threats

Reporting & Documentation in VAPT

Vulnerability assessment using tools

Vulnerability Assessment Methodologies

Port Scanning & Service Detection Techniques

Basic Nmap scanning

Penetration testing using tools

Exploiting network vulnerabilities

Privilege Escalation Techniques

Post-Exploitation & Maintaining Access

Wireshark, Metasploit, and different Kali Linux tools usage

Nessus introduction

Angry IP Scanner basics

Global Anonymous: Proxy Server, VPN, SOCKS, RDP, HTTP Tunneling, Psiphon

Case Studies of Hacking, IT Security & Computer Forensics

Phishing techniques

Introduction to Web Security

Hacking to Explore

Understanding Web Application Architecture

Web Application Penetration Testing Basics

Understanding HTTP/HTTPS Requests and Responses

Common HTTP Methods (GET, POST, PUT, DELETE, etc.)

Session Management & Cookies Security

Identifying & Exploiting Common Web Vulnerabilities

Introduction to Standards of Hacking & OWASP, SANS, OSSTMM, NIST, ISMS, PCI

Introduction to OWASP Top 10 Vulnerabilities

SQL Injection (SQLi) & Understanding & Exploitation

Cross-Site Scripting (XSS) & Types & Mitigation

Broken Authentication & Session Management

Sensitive Data Exposure & Encryption Best Practices

Security Misconfigurations in Web Applications

Exploring OWASP Tools & Resources

OWASP Top 10 Vulnerabilities Continued

Broken Authentication

Sensitive Data Exposure

Hands-on with Burp Suite Community Edition

Intercepting Requests

Modifying and Resending Requests

Introduction to SSL/TLS Its Role in Web Security

Understanding SSL/TLS Handshake & Encryption Mechanisms

Common SSL/TLS Vulnerabilities (SSL Stripping, Heartbleed, POODLE, BEAST, etc.)

Certificate Authorities (CAs) & Public Key Infrastructure (PKI)

Identifying Weak SSL Configurations & Misconfigurations

Web Application Security Testing with OWASP ZAP

Using Acunetix for Automated Web Security Scanning

Comparing Web App Scanners: Burp Suite, Nessus, Nikto, and More

Hardening Web Security: Best Practices for Secure SSL/TLS Implementation

Introduction to Security Compliance

Overview of Security Compliance Standards (GDPR, HIPAA, ISO 27001, PCI DSS, SOC 2)

Importance of Compliance in Cybersecurity , Risk Assessment & Compliance Auditing

Introduction to Mobile Application Security

Understanding Mobile Application Architecture (Android & iOS)

Common Security Threats in Mobile Apps

Basic Tools for Mobile Pentesting (MobSF, Frida, Burp Suite, Drozer)

Securing Mobile Applications & Best Practices

Introduction to Mobile Security

Understanding Android & iOS Security Architecture

Static & Dynamic Analysis of Mobile Applications

Injection Attacks in Mobile Applications

Insecure Data Storage & Leakage

Exploring Insecure Communication in Mobile Apps

Security Best Practices for Mobile Applications

Introduction to Mobile App Reverse Engineering

APK Decompiling & Code Analysis

Tools for Reverse Engineering (JADX, APKTool, MobSF, Ghidra, Frida)

Static Analysis of Mobile Applications

Dynamic Analysis & Runtime Manipulation

Exploit Development for Mobile Applications

Mitigation Techniques & Security Best Practices

Overview of Mobile Security Testing Tools

Introduction to MobSF (Mobile Security Framework)

Using JADX for APK Decompilation & Code Analysis

Setting Up & Using Android Emulator for Pentesting

Intercepting Mobile Traffic with Burp Suite & MITMProxy

Using Angry IP Scanner for Network Reconnaissance

Advanced Mobile Security Testing Techniques

Capture the Flag (CTF) & Practical Exercises

Report Writing & Documentation Best Practices

Discussion on Career Paths in Mobile Security

Introduction to Advanced Nmap Techniques Identifying Running Services & Version Detection

Deep Dive into Port Scanning (TCP & UDP)

Understanding Nmap Scan Types (SYN, ACK, FIN, XMAS, NULL, etc.)

OS Fingerprinting & Network Mapping

Identifying Running Services & Version Detection

Detecting Vulnerabilities with Nmap Scripts (NSE & Nmap Scripting Engine)

Evading Firewalls & IDS/IPS with Nmap

Advanced Target Enumeration & Host Discovery Techniques

Bypassing Security Mechanisms with Nmap

Practical Exercises & Real-World Scenarios

Introduction to Virtualization & Virtual Machines

Overview of Virtualization Platforms: VMware, VirtualBox, Hyper-V, KVM

Understanding Virtual Machine Architecture & Security

Common Vulnerabilities in Virtualized Environments

Virtual Machine Escape Attacks & Exploitation Techniques

Attacking Hypervisors: Threats & Real-World Exploits

Hands-on Exploitation of Virtual Machines in a Lab Setup

Case Studies on Virtualization Security Breaches

Introduction to Hacking-Based Operating Systems

Overview of Kali Linux & Its Role in Pentesting

Advanced Tools & Usage in Kali Linux

Essential Command-Line Tools for Security Testing

Live Booting vs. Full Installation: Pros & Cons

Anonymity & Privacy Tools in Hacking OS (Tor, VPN, ProxyChains)

Hands-on Labs: Practical Exercises Using Kali & Parrot OS

Introduction to APIs & Their Role in Web Applications

API Structure & Communication Mechanisms

Understanding REST vs. SOAP APIs: Key Differences

Authentication Methods in APIs (API Keys, OAuth, JWT, Basic Auth)

Common API Vulnerabilities (Broken Authentication, Insecure Endpoints, Rate Limiting Bypass)

API Request Manipulation & Exploitation Techniques

API Rate Limiting & Throttling Mechanisms

Securing APIs: Best Practices & Mitigation Strategies

Hands-on API Pentesting Labs & Real-World Scenarios

Introduction to API Authentication & Authorization

OAuth 2.0: Flow, Scopes, and Common Implementations

Understanding OAuth, API Keys, and JWT Authentication

Testing API Authentication Mechanisms for Weaknesses

Broken Authentication in APIs (Session Hijacking, Token Leakage)

Testing API Authorization (Role-Based Access Control, Privilege Escalation)

API Security Best Practices for Authentication & Authorization

Hands-on API Pentesting Labs & Real-World Exploits

Reporting & Mitigating API Authentication Vulnerabilities

Introduction to API Fuzzing & Its Importance in Security Testing

Identifying Vulnerable API Endpoints

Understanding API Error Handling & Response Codes

Using Burp Suite for API Fuzzing & Security Testing

Automated API Fuzzing Techniques & Tools

Handling Improper Error Messages & Information Leakage

Detecting & Exploiting Improper Input Validation in APIs

Rate Limiting & Throttling Evasion via Fuzzing

Hands-on API Security Challenges & Practical Exercises

Introduction to API Exploitation & Security Risk

Identifying & Exploiting Broken Authentication in APIs

API Hacking Practical Scenarios & Case Studies

Bypassing API Authorization & Privilege Escalation Attacks

Injection Attacks in APIs (SQLi, XSS, Command Injection, SSRF)

Mass Assignment & Business Logic Exploitation in APIs

Rate Limiting & Throttling Bypass Techniques

API Data Exposure & Sensitive Information Leakage

Securing APIs Against Known Attacks & Implementing Best Practices

Hands-on API Pentesting Challenge & Final Assessment

Introduction to Cyber Forensics & Its Importance

Digital Evidence Collection & Chain of Custody

Types of Digital Evidence & Their Significance

Basics of Forensic Investigation Methodologies

Understanding File Systems & Data Recovery

Memory & Disk Forensics Techniques

Network Forensics: Capturing & Analyzing Network Traffic

Forensic Tools Overview (Autopsy, FTK, EnCase, Wireshark)

Legal Aspects & Compliance in Cyber Forensics

Hands-on Case Study: Investigating a Cyber Incident

Introduction to IP Tracking & Network Analysis

Identifying Malicious IPs &; Threat Intelligence Sources

Understanding IP Addressing & Geolocation

Tracing IPs Using OSINT Tools (Shodan, Maltego, etc.)

Network Traffic Analysis Fundamentals

Packet Capturing & Inspection Using Wireshark

Detecting Suspicious Traffic & Anomalies in Networks

Investigating DDoS Attacks & Malicious Network Activity

Forensic Analysis of Network Logs & Intrusions

Hands-on Lab: Real-World Network Traffic Analysis Scenarios

Introduction to Email Security & Threats

Understanding Email Protocols (SMTP, POP3, IMAP)

Email Header Analysis for Investigations

Identifying Phishing & Spoofing Attacks

Analyzing Malicious Attachments ; Links in Emails

Email Forgery & Social Engineering Tactics

Using OSINT Tools for Email Tracking & Verification

Implementing Email Security Measures (SPF, DKIM, DMARC)

Detecting Business Email Compromise (BEC) Attacks

Hands-on Lab: Investigating Real-World Phishing Emails

Introduction to Incident Response & Its Importance

Understanding the Incident Response Lifecycle (NIST Framework)

Investigating Security Incidents & Digital Forensics Techniques

Log Analysis & Threat Hunting in Incident Response

Simulating Phishing Attacks & Social Engineering Scenarios

Detecting & Mitigating Ransomware & Malware Attacks

Incident Containment, Eradication, and Recovery Strategies

Hands-on Threat Analysis Using SIEM Tools (Splunk, ELK, Wazuh)

Creating an Effective Incident Response Plan (IRP)

Final Lab Challenge: Real-World Cyber Attack Simulation & Response