• History and Features of Linux
• Architecture of Linux OS
• Linux Distributions
• Linux Command Line
• Software Package Management

• File System
• Users and Groups
• File/Folder Permissions
• Special Permissions
• Disk Management
• Service and Process Management

• Computer Networks and Types of Networks
• Network Devices
• IP and MAC Address
• IPv4 and IPV6 Packet Structure
• Addressing and Subnetting
• OSI Model and TCP/IP Model
• Network Protocols (TCP, UDP, ICMP, ARP)
• Network Services (DNS, DHCP, SNMP, FTP)
• Packet Analysis using Wireshark

Internet, Intranet, and Extranet
• DMZ
• DNSSEC
• Firewalls
• IDS, IPS and IDPS
• VPN and tunneling
• Network Address Translation (NAT) and PAT
• Honeypots & Deception Technology
• Practical Assignment I

• Fundamentals of Vulnerability Assessment and Management
• Vulnerability Assessment tool Deployment Strategy
• Scanning Methodologies
• Authenticated vs NonAuthenticated Scanning
• Planning and Performing Infrastructure Security Assessment
• Interpreting and Calculating CVSS Score
• Risk Identification and Categorization
• Reporting
• Patches and Updates

Introduction to Penetration Testing
• Types of Penetration Testing
• Pentesting Services
• Penetration Testing Phases
• PreEngagement Actions
• OSINT
• Exploitation (Automated)
• Password Cracking

• Manual Exploitation of System Vulnerabilities
• PostExploitation
• Privilege Escalation (Linux and Windows)
• Pivoting and Double Pivoting
• Resolution & Retesting
• File Security

• Introduction to Cryptography
• Symmetric Ciphers
• Asymmetric Ciphers
• PseudoRandom Number Generator
• Building SSL certificates
• Digital Certificates and Digital Signatures
• Disk Encryption
• Hashing
• Encoding
• Steganography

Introduction to Active Directory
• Active Directory Setup
• Active Directory Enumeration
• Kerberos Authentication
• Active Directory Attack Vectors
• Active Directory Post Enumeration
• Active Directory Post Attacks
• AD Defense Detection

• Cyber Security Compliance (GDPR, HIPAA, SOX)
• ISO IEC 27001/ISO 27002
• PCIDSS
• Penetration Testing Standards (OWASP, WASC, SANS25, PTES, OSSTMM)
• Risk Governance & Risk Management
• Cyber Crime & Classification of Cyber Crimes
• NIST Cybersecurity Framework
• Case Studies
• Practical Assignment II & Capture The Flag (CTF) I

• Web application Technologies
• Web Application offence and defence
• Web Reconnaissance
• Web Application Vulnerability Assessment
• CMS Enumeration and Exploitation
• Tools Nikto, OWASPZap, gobuster, wpscan

OWASP Top 10 Web Risks
• Web Application Pentesting Checklist
• Authentication & Authorization
• Session Management
• File Security
• Web Application Firewalls
• Tools BurpSuite, Sqlmap, wafw00f
• Practical Assignment III & Capture The Flag (CTF) II

• Android OS Architecture
• IOS Architecture
• Android app structure
• Rooting Concept
• Compromising Android OS with malware
• Android Application Reverse Engineering
• Android App Penetration Testing

• WiFi Security
• Aircrackng Essentials
• Attacking WiFi security protocols (WEP, WPA/WPA2)
• Rogue Access Points
• Attacking Captive Portals

• Phishing Attacks
• Social Engineering Campaigns
• Human based attacks
• Defense against Social Engineering

• Architectural Concept and Design Requirements
• Deployment Models and Security
• Cloud Platform and Infrastructure Security
• Container Security
• Cloud Data Security
• Legal and Compliance Implications

• Basics of Shell Scripting
• Basics of Python Programming
• Automating Pentesting with Python

• Understanding Buffer Overflow
• Exploiting Buffer Overflow Vulnerability
• Writing Exploit Code using Python

• IBM Qradar Log Analysis
• IBM Qradar Network/Flow Analysis
• Offense Management
• SOC Analysis using Splunk
• Data Visualization with Pivots and Databases
• Search Processing Language Basics
• Splunk Knowledge Objects
• Generating Alerts
• Practical Assignment IV