WEEK 1 – Foundations of Cybersecurity
Lecture Topics (2 hrs)
- What is Cybersecurity? Types of Cybersecurity (Network, App, Cloud, Endpoint)
- Threat Landscape: Nation-state actors, insiders, cybercrime, hacktivism.
Security Terminologies: Risk, Threat, Vulnerability, Exploit, Impact, Asset.
- Attack Vectors: Phishing, Malware, Social Engineering, Ransomware.
- Security Frameworks & Regulations: NIST, ISO 27001, OWASP, GDPR, HIPAA
Lab Exercises (2 hrs)
- Explore cyber breach case studies (Target, Equifax, Colonial Pipeline); CIA Triad mapping
- Analyze real attack reports (APT28, Lazarus); build attacker profiles
- Map terms to scenarios; build a security dictionary
- Simulate phishing email creation and detection; decode base64-encoded payload
- Create a comparison matrix of frameworks; identify non-compliance in scenarios
WEEK 2 –Operating Systems, Networking & Protocols for Cybersecurity
Lecture Topics (2 hrs)
- Windows Internals: Registry, Processes, Services, Event Logs
- Linux Internals: File System, Permissions, Services, Cron
- TCP/IP Fundamentals, Network Topologies, OSI Model
- Key Protocols (HTTP/S, DNS, ARP, ICMP, FTP, SSH)
- Firewalls, NAT, Routing, VPN Concepts
Lab Exercises (2 hrs)
- Use Sysinternals tools: Process Explorer, Autoruns, and analyze logs.
- Practice chmod/chown; setup cronjobs; read /etc/passwd, /var/log
- Wireshark traffic capture and protocol dissection
- Simulate MITM attack using ARP poisoning; view DNS traffic
- Set up iptables rules; use OpenVPN; test NAT & static/dynamic routing
WEEK 3 – Ethical Hacking Fundamentals – Part 1
Lecture Topics (2 hrs)
- Introduction to Hacking: Legal, Ethical, Methodologies (PTES, OWASP)
- Reconnaissance (Passive & Active), Google Dorking, WHOIS, DNS Enum
- Scanning Techniques: Port Scanning, OS Fingerprinting
- Banner Grabbing, Enumeration of Services (SMB, FTP, SSH, SNMP)
- Vulnerability Scanning: CVE, CVSS, NVD, OpenVAS, Nessus
Lab Exercises (2 hrs)
- Explore Kali Linux & Parrot OS, set up attack lab (DVWA, Metasploitable)
- Use theHarvester, Recon-ng, dnsenum, crt.sh for recon
- Perform Nmap scans (SYN, UDP, OS detection), masscan basics
- Enumerate Samba shares, FTP dir listing, use enum4linux, snmpwalk
- Run OpenVAS/Nessus scan; analyze CVSS score; map CVE to real exploit
WEEK 4 –Ethical Hacking Fundamentals – Part 2
Lecture Topics (2 hrs)
- Web Application Overview (Frontend/Backend/DB), OWASP Top 10 (Overview)
- XSS (Reflected, Stored, DOM) + Prevention Techniques
- SQL Injection, Broken Authentication, IDOR.
- Command Injection, File Inclusion, SSRF.
Lab Exercises (2 hrs)
- Deploy OWASP Juice Shop; walkthrough its architecture
- Exploit XSS in DVWA; implement Content-Security-Policy in code
- Perform SQLi using SQLMap; brute-force login using Burp Intruder
- Exploit LFI/RFI in DVWA; simulate SSRF with custom script.
WEEK 5 – Wireless & Cloud Hacking Basics
Lecture Topics (2 hrs)
- Wireless Network Vulnerability
- Wi-Fi Encryption Attacks.
- Cloud Security Overview.
- Cloud Misconfigurations
- Cloud Attack Simulations
Lab Exercises (2 hrs)
- Aircrack-ng simulated WPA crack
- De-auth and handshake capture demo
- Setup AWS/GCP trial and explore IAM
- S3 bucket access configuration demo
- ScoutSuite and open-source S3 scan tools
WEEK 6 – Defensive Security Essentials.
Lecture Topics (2 hrs)
- Defense-in-Depth & Security Layers
- Firewalls & IDS/IPS
- Endpoint Security & EDR
- Secure Configuration & Hardening
- Secure Development Basics
Lab Exercises (2 hrs)
- Map defensive controls to OWASP Top 10
- Suricata/Wazuh demo setup
- Setup ClamAV and test signature
- CIS Benchmarking using Lynis
- Review insecure code and suggest fixes
WEEK 7– Security Monitoring & SIEM
Lecture Topics (2 hrs)
- Logging & Event Management
- SIEM Overview.
- Alerting & Correlation.
- Threat Hunting Basics
- SOC Workflows & Blue Teaming
Lab Exercises (2 hrs)
- Log parsing from Linux & Apache log
- Introduction to Wazuh/ELK Stack
- Write detection rules and alerts
- IOC-based hunting exercises
- Simulate SOC alert triage scenario
WEEK 8 –Secure Software Development
Lecture Topics (2 hrs)
- OWASP Top 10 (Part 1)
- OWASP Top 10 (Part 2).
- DevSecOps Concepts
- Code Review Practices
- Threat Modeling
Lab Exercises (2 hrs)
- Code analysis for A1–A5 risks
- Code analysis for A6–A10 risks
- SAST and DAST setup using GitHub Actions
- Review insecure Python and PHP snippets
- Create threat model for an ecommerce app
WEEK 9 – ISO 27001 Training (Day 1–5)
Lecture Topics (2 hrs)
- ISO 27001 Overview & ISMS Basics
- Clauses & Structure
- Annex A Controls Deep Dive (Part 1)
- Annex A Controls Deep Dive (Part 2)
- Risk Assessment & Treatment
Lab Exercises (2 hrs)
- Create an org chart and ISMS policy.
- Map controls to organizational needs.
- Apply A.5–A.10 to case studies.
- Apply A.11–A.18 to case studies.
- Conduct sample RA and build risk register.
WEEK 10 –ISO 27001 Audits & Certification
Lecture Topics (2 hrs)
- Internal Audit Planning
- Documentation & Evidence Gathering
- Non-conformance Handling
- Certification Process & Auditors
- ISO 27001 Mock Audit
Lab Exercises (2 hrs)
- Simulate audit interviews
- Fill audit forms, prepare checklist
- Write sample NCR reports
- Flowchart certification process
- Conduct mock audit for fictional company
WEEK 11 –Capstone Ethical Hacking Lab.
Lecture Topics (2 hrs)
- Red Team Engagement Planning
- Reconnaissance
- Exploitation
- Post Exploitation
- Reporting
Lab Exercises (2 hrs)
- Plan & scope pentest
- Perform recon on target
- Exploit known services/webapps
- Maintain access, extract data
- Draft professional pentest report
WEEK 12 –Capstone Defensive Security Lab
Lecture Topics (2 hrs)
- Incident Response Intro
- Log Review & Alert Handling.
- Threat Hunting & IOC Discover
- Forensics & Recovery
- Final Presentation
Lab Exercises (2 hrs)
- IR stages and planning
- Detect simulated attack logs
- Hunt for attack indicators
- Analyze memory/disk images
- Present red & blue team findings
