This course is designed to provide candidate with a comprehensive understanding of offensive and defensive cyber security techniques. Students will acquire practical knowledge and skills necessary to identify, prevent, and mitigate potential cyber threats. They will explore various offensive and defensive tools, techniques, and methodologies used in penetration testing, vulnerability analysis, incident response, and network security.
Course Objectives:
1. Understand the fundamentals of cyber threats, attacks, and vulnerabilities.
2. Learn offensive techniques used by hackers to breach systems and steal sensitive information.
3. Develop defensive strategies to protect organizational assets from cyber-attacks.
4. Gain hands-on experience with various tools and technologies used in offensive and defensive cybersecurity.
5. Understand ethical considerations and legal implications associated with offensive cybersecurity practices.
6. Implement defensive strategies to protect networks and systems from attacks.
7. Analyze and respond to security incidents effectively.
Program Overview & Learning Path
- Month 1 – Foundations & Discovery
– Build core cybersecurity knowledge: reconnaissance, scanning, and vulnerability assessment.
– Master ethical hacking principles and legal frameworks. - Month 2 – Exploitation Mastery
– Develop advanced exploitation skills: system penetration, lateral movement, and web application attacks.
– Introduction to bug bounty methodologies. - Month 3 – Professional Excellence
– Focus on malware analysis, CTF competition, and professional VAPT report writing.
Each month builds progressively, ensuring both theoretical understanding and practical expertise. Weekly hands-on labs reinforce real-world skills for professional pentesting and bug bounty success.
Month 1: Building Your Cybersecurity Foundation
01. Ethics & Core Concepts
– CIA Triad, threat landscapes, and ethical hacking.
– Legal compliance and responsible disclosure.
02. Reconnaissance Mastery
– Passive and active reconnaissance using OSINT.
– Tools: Maltego, theHarvester, Google Dorking.
03. Network Discovery
– Scanning and enumeration with Nmap.
– NetBIOS, SNMP, and DNS zone transfer techniques.
04. Vulnerability Assessment
– Enterprise-grade scanning with Nessus and OpenVAS.
– Patch management and secure coding practices.
Week 1–2: Intelligence Gathering & Reconnaissance
Core Learning Objectives
– Systematic passive and active information gathering.
– Building target profiles stealthily.
Topics Covered:
– CIA Triad in practice
– Legal & ethical boundaries
– OSINT mastery
– DNS enumeration & subdomain discovery
– Social engineering reconnaissance
Key Tools:
HYDRA, Nmap, Wireshark, Shodan, Censys, Custom OSINT Scripts.
Month 2: Advanced Exploitation Techniques
System Exploitation
– Initial access via Metasploit.
– Privilege escalation on Windows & Linux.
Lateral Movement
– Pass-the-Hash, Empire, and Covenant frameworks.
Web Application Testing
– Exploit OWASP Top 10 vulnerabilities.
– SQLi, XSS, CSRF using Burp Suite Pro.
Bug Bounty Methodology
– Scoping, triage, and professional bug reporting.
Web Application Security Deep Dive
Injection Attacks
– SQLi (union, blind, NoSQL, command injection).
Cross-Site Attacks
– XSS (stored, reflected, DOM-based).
– CSRF exploitation & bypassing protections.
Security Misconfigurations
– Exploiting default credentials, exposed admin panels, and cloud misconfigurations.
Hands-On: Burp Suite training, payload crafting, vulnerable app testing.
Month 3: Specialized Attack Vectors
Wireless Security
– WPA/WPA2 cracking, rogue AP, deauth, PMKID attacks.
Malware Analysis
– Static & dynamic analysis using Ghidra and IDA Free.
Emerging Technologies
– IoT, cloud, container, and serverless security.
Threat Intelligence
– IOC development, SOC fundamentals, and threat hunting.
CTF Training & Practical Application
Competitive Cybersecurity
– Jeopardy & Attack-Defense style CTFs.
– Challenges: Reverse engineering, web exploitation, cryptography, forensics, binary exploitation.
Real-World Case Studies
– Analyze ransomware campaigns, APTs, and corporate breaches.
– Learn from real incidents and develop defensive strategies.
Professional VAPT Report Writing
01. Executive Summary
– Communicate risks in business terms.
02. Technical Documentation
– Detailed vulnerabilities, PoC, and reproduction steps.
03. Risk Assessment
– Apply CVSS scoring and contextual analysis.
04. Remediation Guidance
– Provide actionable mitigation and prevention strategies.
Final Project & Career Preparation
Capstone Project
– Full penetration test on a multi-tier environment.
Portfolio Development
– Include sanitized reports, CTF achievements, and technical write-ups.
Industry Readiness
– Interview prep, certification guidance, and networking.
Graduates gain real-world penetration testing expertise and direct career pathways into professional cybersecurity and bug bounty programs.
Dark Web Introduction
Overview
The dark web is a hidden part of the internet accessible via specialized software like Tor. It provides anonymity and is often used for illicit activities but is also vital for threat intelligence.
Topics Covered:
– Threat Intelligence: Tracking compromised data and threat actor discussions.
– Cybercrime Marketplaces: Malware, exploit kits, and stolen data trade.
– Adversary Tactics: C2 infrastructure, communication channels, and operational planning.
Outcome:
Gain insights into adversarial behavior, enhance defense readiness, and learn ethical and legal handling of dark web intelligence.
Hands-on Exercises
• Practical labs and simulations
• Application of offensive and defensive techniques
• Learning to use relevant tools and technologies
• Penetration testing projects
