Module 1: Introduction to Cybersecurity & Key Concepts – 2Hrs

• Introduction to Cybersecurity
• Definition, Importance, and Role of Cybersecurity in the Modern Digital Age
• Types of Cyberattacks: Cybercrime, Hacktivism, Cyberwarfare
• Ethical Hacking vs. Black Hat Hacking
• Types of Hackers
• Black Hat, White Hat, and Gray Hat Hackers
• Script Kiddies, Hacktivists, and State-Sponsored Hackers
• Ethical Hacking Guidelines
• CIA Triad
• Confidentiality, Integrity, and Availability in Information Security
• Importance of the CIA Triad in Vulnerability Management and Risk Assessment
• Common Vulnerabilities and Exposure (CVE) & Identifiers
• What is CVE?
• CVE Impact and How It Affects Organizations
• Understanding CVSS (Common Vulnerability Scoring System) and its Application
• Types of Security Testing
• Vulnerability Assessment (VA), Penetration Testing (VAPT), Red Teaming, Blue Teaming
• Difference Between Automated and Manual Security Testing
• Why VAPT is Critical in Cybersecurity

Module 2: Networking Fundamentals & Security – 2 Hrs

• Introduction to Networks & Network Topology
• Understanding Network Types: LAN, MAN, WAN
• Network Topology and its Importance in Security
• Key Network Devices: Routers, Switches, Hubs, Gateways, Firewalls
• OSI Model and Network Protocols
• OSI (Open Systems Interconnection) Model: Understanding Layers 1–7
• Key Protocols at Each Layer (TCP/IP, UDP, HTTP, FTP, DNS, etc.)
• TCP/IP Protocol Suite
• How TCP/IP Works in Network Communication
• Understanding IP Addresses, Subnetting, and Routing
• TCP vs. UDP: Differences and Use Cases
• Firewall: Basics & Monitoring
• What is a Firewall and How Does It Protect a Network?
• Types of Firewalls: Packet Filtering, Stateful Inspection, Proxy Firewalls
• Firewall Protocols and Security Monitoring
• Intrusion Detection System (IDS) & Intrusion Prevention System (IPS)
• Role of IDS and IPS in Detecting and Preventing Attacks
• Types of IDS: Signature-Based, Anomaly-Based, Hybrid IDS

Module 3: Linux Fundamentals and Security Tools – 3 Hrs

• Kali Linux - Introduction
• Overview of Kali Linux as a Penetration Testing Distribution
• Practical: Kali Linux Setup and Command Line Basics
• Linux File Permissions and Security
• Understanding Linux File Permissions (Read, Write, Execute)
• Practical: File Permissions, Sudoers, and User Management
• Reconnaissance and Information Gathering
• Practical: Network Reconnaissance Using Nmap
• Practical: DNS Lookup and Using Google Dorks/Shodan for OSINT (Open-Source Intelligence)
• Social Engineering Techniques: Phishing
• Practical: Port Scanning Using Hping3 and Nmap
• Understanding Different Scanning Techniques: SYN, ACK, UDP Scans
• Using Nmap for Network Discovery and Security Audits
• Hping3 for Advanced Network and Port Scanning
• Practical: Network Tools
• Using Netcat for Banner Grabbing, Reverse Shell

Module 4: Vulnerability Scanning and Exploitation – 5 Hrs

• Understanding Common Services/Protocols
• Key Network Services: DNS, DHCP, HTTP(S), FTP, SSH, Telnet, etc.
• Ipsec Protocols & Operations for Securing Communication
• VPN Protocols: SSL/TLS, IKE
• Practical: IKE Scan for VPN Discovery
• Hacking Passwords
• Types of Password Attacks: Brute Force, Dictionary, Rainbow Tables
• Practical: Using Tools for Password Cracking
• Vulnerability Scanning with Nessus
• Introduction to Nessus: How to Perform a Vulnerability Scan
• Understanding Vulnerability Reports and Risk Assessment
• Practical: Metasploit
• Introduction to Metasploit Framework: Setting up and Using Metasploit for Exploitation
• Practical Exploits: Finding and Executing Exploits using Metasploit
• Practical: Exploiting FTP, SMB, SSH

Module 5: Wireless Networks & Attacks – 3 Hrs

• Wireless Networks Overview
• Types of Wireless Networks (WEP, WPA, WPA2, WPA3)
• Risks in Wireless Networks and Common Attack Vectors
• Practical: Wireless Packet Interaction
• Capturing WLAN Packets with Aircrack-ng, Wireshark
• Cracking WEP Encryption and Cracking WPA/WPA2
• Practical: Aircrack-Ng
• Tools and Techniques to Crack WEP Encryption
• Cracking WPA2 Using Dictionary Attacks
• Evil Twin Attack
• How Evil Twin Attacks Work and Mitigation Techniques
• Practical: Setting up a Rogue Access Point for an Evil Twin Attack

Module 6: Web Application Penetration Testing – 12 Hrs

• Practical: Burp Suite
• Introduction to Burp Suite as a Penetration Testing Proxy
• Using Burp Suite for Intercepting and Modifying Web Traffic
• Common Web Application Vulnerabilities
• Host Header Injection
• Open Redirection
• Cross-Site Scripting (XSS): Types of XSS (Reflected, Stored)
• SQL Injection (Union and Blind Injection)
• HTML Injection
• Cross-Site Request Forgery (CSRF)
• Insecure CORS (Cross-Origin Resource Sharing)
• OTP Bypass
• IDOR (Insecure Direct Object Reference) Attacks
• File Upload Vulnerabilities
• Parameter Tampering
• Command Injection
• XML External Entity
• Access Control Issues
• Path Traversal
• Server Side Template Injection
• JWT Attacks
• OAuth Attacks
• Lack of Rate Limiting

Module 7: Android Penetration Testing – 5 Hrs

• Understanding the Android File System
• Key Files in Android: Manifest, XML, DEX Files
• Practical: Exploring Android File Structure and Filesystem
• Android Pentesting Tools
• Tools for Android Penetration Testing: MobSF, ADB
• Using ADB (Android Debug Bridge) for Interacting with Android Devices
• Dynamic Analysis - Memu
• Practical: Configuring Memu to BurpSuite
• Static Analysis
• Practical: Decompiling/Reverse Engineer APK
• Practical: Identify Vulnerabilities using Static Analysis
• Practical: Exploiting Activity, Webview

Module 8: Reporting & Documentation – 1 Hrs

• Penetration Testing Report
• Importance of Documentation in Pentesting
• Structuring Penetration Testing Reports: Executive Summary, Technical Details, Recommendations
• Risk Assessment: CVSS Scoring and Impact Analysis