EC – Council Certification Training - Saudi Arabia

Certified Encryption Specialist Certification Course Outline

Module 01: Introduction and History of Cryptography

• Gaps In Crypto Knowledge
• What Is Cryptography
• History Of Cryptography
• Mono-Alphabet Substitution
  • Caesar Cipher
  • Atbash Cipher
  • Affine Cipher
  • ROT13 Cipher
  • Scytale
  • Single Substitution Weaknesses
• Multi-Alphabet Substitution
  • Cipher Disk
  • Vigenère Cipher
  • Playfair Cipher
  • ADFGVX Cipher
• Homophonic Substitution
  • Null Ciphers
  • Book Ciphers
  • Rail Fence Ciphers
  • Vernam Cipher
  • The Enigma Machine
  • CrypTool

Module 02: Symmetric Cryptography & Hashes

• Symmetric Cryptography
• Information Theory
  • Information Theory Cryptography Concepts
• Kerckhoff’s Principle
• Substitution
• Transposition
• Binary Math
  • Binary AND
  • Binary OR
  • Binary XOR
• Block Cipher vs. Stream Cipher
• Symmetric Block Cipher Algorithms
  • Basic Facts Of The Feistel Function
  • S-Box
  • The Feistel Function
  • Unbalanced Feistel Cipher
  • Data Encryption Standard (DES)
  • 3DES
  • Advanced Encryption Standard (AES)
  • Blowfish
  • Serpent
  • Twofish
  • Skipjack
  • International Data Encryption Algorithm (IDEA)
  • CAST
  • Tiny Encryption Algorithm (TEA)
  • SHARK
  • GOST
  • McGuffin
• Symmetric Algorithm Methods
  • Electronic Codebook (ECB)
  • Cipher-Block Chaining (CBC)
  • Propagating Cipher-Block Chaining (PCBC)
  • Cipher Feedback (CFB)
  • Output Feedback (OFB)
  • Counter (CTR)
  • Initialisation Vector (IV)
• Symmetric Stream Ciphers
  • Example of Symmetric Stream Ciphers: RC4
  • Example of Symmetric Stream Ciphers: FISH
  • Example of Symmetric Stream Ciphers: PIKE
• Hash Function
  • Hash - Salt
  • MD5
  • MD6
  • Secure Hash Algorithm (SHA)
  • FORK-256
  • RIPEMD-160
  • Tiger
  • Blake
  • Hava
  • Whirlpool
  • Skein
  • NTLM - Windows Hashing
  • MAC and HMAC
  • Key Stretching
• CryptoBench

Module 03: Number Theory and Asymmetric Cryptography

• Asymmetric Encryption
• Basic Number Facts
  • Prime Numbers
  • Mersenne Primes
  • Fermat Prime
  • Co-Prime Numbers
  • Euler’s Totient
  • Modulus Operator
  • Congruence Numbers
  • Solving Congruence
  • Fibonacci Numbers
  • Algebraic Group
  • Rings
  • Field
  • Galois Field
  • Logarithms
  • Natural Logarithms
  • Discrete Logarithms
• Birthday Theorem
  • Birthday Paradox
  • Birthday Attack
• Random Number Generator
  • Classification Of Random Number Generator
  • Traits Of A Good PRNG
  • Middle Square Method
  • Naor-Reingold And Mersenne Twister Pseudorandom Function
  • Linear Congruential Generator
  • Lehmer Random Number Generator
  • Lagged Fibonacci Generator (LFG)
  • Blum Blum Shub
  • Yarrow
  • Fortuna
• Diffie-Hellman
• Rivest Shamir Adleman (RSA)
  • RSA - How It Works
  • RSA Example
• Menezes-Qu-Vanstone
• Digital Signature Algorithm
  • Signing With DSA
• Elliptic Curve
  • Elliptic Curve Variations
  • Elliptic Curve
• Elgamal
• Cramer - Shoup
• YAK
• Forward Secrecy
• CrypTool

Module 04: Applications of Cryptography

• FIPS Standards
• Digital Signatures
• What Is A Digital Certificate?
  • Digital Certificates
• Certificate Authority (CA)
  • Registration Authority (RA)
  • Certificate Authority - Verisign
  • Certificate Types
  • Public Key Infrastructure (PKI)
  • Digital Certificate Terminology
  • Server-based Certificate Validation Protocol
  • Digital Certificate Management
  • Trust Models
  • Certificates And Web Servers
  • Microsoft Certificate Services
  • Windows Certificates
• Authentication
  • Password Authentication Protocol (PAP)
  • Shiva Password Authentication Protocol (S-PAP)
  • Challenge-Handshake Authentication Protocol (CHAP)
  • Extensible Authentication Protocol (EAP)
  • Kerberos
• PGP Certificates
• Wi-Fi Encryption
  • Wired Equivalent Privacy (WEP)
  • WPA - Wi-Fi Protected Access
• SSL
• TLS
• Diagram
• Protocols
• Common SSL/TLS Libraries
• Virtual Private Network (VPN)
  • Point-to-Point Tunneling Protocol (PPTP)
  • Layer 2 Tunneling Protocol VPN
  • Internet Protocol Security (IPSec) VPN
  • SSL/TLS VPN
• Split Tunneling
• VPN Modes
• Encrypting Files
  • Backing Up The EFS Key
  • Restoring The EFS Key
• BitLocker
  • BitLocker Screenshot
• Disk Encryption Software: VeraCrypt
• Common Cryptography Mistakes
• Steganography
  • Steganography Terms
  • Historical Steganography
  • Steganography Details
  • Other Forms of Steganography
  • How To Embed?
  • Steganographic File Systems
  • Steganography Implementations
  • Demonstration
• Steganalysis
  • Steganalysis - Raw Quick Pair
  • Steganalysis - Chi-Square Analysis
  • Steganalysis - Audio Steganalysis
• National Security Agency and Cryptography
  • NSA Suite A Encryption Algorithms
  • NSA Suite B Encryption Algorithms
  • National Security Agency: Type 1 Algorithms
  • National Security Agency: Type 2 Algorithms
  • National Security Agency: Type 3 Algorithms
  • National Security Agency: Type 4 Algorithms
• Unbreakable Encryption
• Blockchain

Module 05: Cryptanalysis

• Breaking Ciphers
• Cryptanalysis
• Frequency Analysis
• Kasiski
• Cracking Modern Cryptography
  • Cracking Modern Cryptography: Chosen Plaintext Attack
  • Cracking Modern Cryptography: Ciphertext-only and Related-key Attack
• Linear Cryptanalysis
• Differential Cryptanalysis
• Integral Cryptanalysis
• Cryptanalysis Resources
• Cryptanalysis Success
• Rainbow Tables
• Password Cracking
• Tools

Module 06: Quantum Computing and Cryptography

• Quantum Computing And Cryptography
• Timeline
• Issues For QC
• Two Branches
  • Quantum Key Distribution (QKD)
  • Quantum Computers
• NIST
• Major Approaches
• Lattice-Based Crypto
• Learning With Errors
• GGH
• NTRU
• Overview

Certified Network Defender Certification Course Outline

Module 1: Network Attacks and Defence Strategies

• Attack
• Threat
• Threat Sources
• Threat Actors
• Vulnerability
• Risk
• Network Attacks
• Application Attacks
• Social Engineering Attacks
• Email Attacks
• Mobile Attacks
• Cloud Attacks
• Supply Chain Attacks
• Wireless Attacks
• Hacking Methodologies and Frameworks
• Adaptive Security Strategy
• Defence-in-depth Security

Module 2: Administrative Network Security

• Compliance
• Regulatory Frameworks
• Security Policies
• Security Awareness
• Asset Management
• Recent Cybersecurity Trends

Module 3: Technical Network Security

• Access Controls
• Authentication
• Authorisation
• Accounting (AAA)
• IAM
• Cryptography
• Network Segmentation
• Zero Trust
• Network Security Controls
• Network Security Protocols

Module 4: Network Perimeter Security

• Firewalls
• Firewall Types
• Firewall Topologies
• Firewall Selection
• Firewall Implementation and Deployment
• Firewall Administration
• IDS/IPS
• IDS/IPS Classification
• IDS/IPS Selection
• False Positives
• False Negatives
• Router Security
• Switch Security
• Software-defined Perimeter (SDP)

Module 5: Endpoint Security-Windows Systems

• Windows Security Risks
• Windows Security Components
• Windows Security Features
• Windows Security Baseline Configurations
• User Account and Password Management
• Windows Patch Management
• Windows User Access Management
• Active Directory Security
• Windows Network Services and Protocol Security
• Windows Security Best Practices

Module 6: Endpoint Security-Linux Systems

• Linux Security Risks
• Linux Installation and Patching
• Linux User Access and Password Management
• Linux OS Hardening Techniques
• Linux Network and Remote Access Security
• Linux Security Tools and Frameworks

Module 7: Endpoint Security- Mobile Devices

• Bring Your Own Device (BYOD)
• Choose Your Own Device (CYOD)
• Corporate Owned, Personally Enabled (COPE)
• Company Owned, Business Only (COBO)
• Mobile Device Management (MDM)
• Mobile Application Management (MAM)
• Mobile Threat Defence (MTD)
• Unified Endpoint Management (UEM)
• Mobile Email Management (MEM)
• Mobile Content Management (MCM)
• Enterprise Mobility Management (EMM)
• Mobile Device Security
• Android Security
• iPhone Security

Module 8: Endpoint Security-IoT Devices

• IoT Devices
• IoT Application Areas
• IoT Ecosystem
• IoT Communication Models
• IoT-Enabled Environments
• IoT Security Risk and Challenges
• IoT Security in IoT-Enabled IT Environments
• IoT Security Tools
• IoT Security Best Practices
• IoT Security Standards, Initiatives, and Efforts

Module 9: Administrative Application Security

• Application Whitelisting
• Application Blacklisting
• Application Sandboxing
• Application Patch Management
• Web Application Firewalls (WAFs)

Module 10: Data Security

• Data Security
• Data Encryption Data at Rest
• Data Encryption at Transit
• Data Masking
• Data Backup
• Data Retention
• Data Destruction
• Data Loss Prevention (DLP)
• Data Integrity

Module 11: Enterprise Virtual Network Security

• Network Virtualisation (NV)
• Software-defined Network (SDN)
• Network Function Virtualisation (NFV) Security
• OS Virtualisation Security
• Container Security
• Docker Security
• Kubernetes Security

Module 12: Enterprise Cloud Network Security

• Cloud Computing
• Cloud Security
• Shared Responsibility Model
• Amazon Cloud (AWS) Security
• Microsoft Azure Cloud Security
• Google Cloud Platform (GCP) Security

Module 13: Enterprise Wireless Network Security

• Wireless Network
• Wireless Standards
• Wireless Topologies
• Wireless Network Components
• Wireless Network Encryption
• Wireless Network Authentication
• Wireless Network Security Measures
• Wi-Fi Security Tools

Module 14: Network Traffic Monitoring and Analysis

• Network Traffic Monitoring
• Baseline Traffic Signatures
• Suspicious Network Traffic Signatures
• Threat Detection with Wireshark
• Bandwidth Monitoring
• Performance Monitoring
• Network Anomaly Detection
• Behaviour Analysis

Module 15: Network Logs Monitoring and Analysis

• Logs
• Windows Log Analysis
• Linux Log Analysis
• Mac Log Analysis
• Firewall Log Analysis
• Router Log Analysis
• Web Server Log Analysis
• Centralised Log Management

Module 16: Incident Response and Forensic Investigation

• First Responder
• Incident Handling and Response Process
• SOAR
• Endpoint Detection and Response (EDR)
• Extended Detection and Response (XDR)
• Forensics Investigation

Module 17: Business Continuity and Disaster Recovery

• Business Continuity (BC)
• Disaster Recovery (DR)
• Business Continuity Management (BCM)
• BC/DR Activities
• Business Impact Analysis (BIA)
• Recovery Time Objective (RTO)
• Recovery Point Objective (RPO)
• Business Continuity Plan (BCP)
• Disaster Recovery Plan (DRP)

Module 18: Risk Anticipation with Risk Management

• Risk Management
• Risk Identification
• Risk Assessment
• Risk Treatment
• Risk Treatment Steps
• Risk Tracking and Review
• Risk Management Frameworks (RMFs)
• Vulnerability Management
• Vulnerability Scanning
• Vulnerability Reporting
• Privacy Impact Assessment (PIA)

Module 19: Threat Assessment with Attack Surface Analysis

• Attack Surface
• Attack Surface Analysis
• System Attack Surface
• Network Attack Surface
• Software Attack Surface
• Physical Attack Surface
• Human Attack Surface
• Indicators of Exposures (IoEs)
• Attack Simulation
• Attack Surface Reduction
• Attack Surface Monitoring Tools
• Cloud and IoT Attack Surface Analysis

Module 20: Threat Prediction with Cyber Threat Intelligence

• Cyber Threat Intelligence
• Threat Intelligence Types
• Indicators of Compromise (IoCs)
• Indicators of Attack (IoA)
• Threat Intelligence Layers
• Threat Intelligence Sources
• Threat Intelligence Feeds
• Threat Intelligence Platforms (TIP)
• Threat Hunting

Certified SOC Analyst Certification Course Outline

Module 1: Security Operations and Management

• Understand the SOC Fundamentals
• Discuss the Components of SOC
  • People
  • Processes
  • Technology
• Understand the Implementation of SOC

Module 2: Understanding Cyber Threats, IoCs, and Attack Methodology

• Describe the term Cyber Threats and Attacks
• Understand the Network Level Attacks
• Understand the Host Level Attacks
• Understand the Application Level Attacks
• Understand the Indicators of Compromise (IoCs)
• Discuss the Attacker’s Hacking Methodology

Module 3: Incidents, Events, and Logging

• Understand the Fundamentals of Incidents, Events, and Logging
• Explain the Concepts of Local Logging
• Explain the Concepts of Centralised Logging

Module 4: Incident Detection with Security Information and Event Management (SIEM)

• Understand the Basic Concepts of Security Information and Event Management (SIEM)
• Discuss the Different SIEM Solutions
• Understand the SIEM Deployment
• Learn Different Use Case Examples for Application Level Incident Detection
• Learn Different Use Case Examples for Insider Incident Detection
• Learn Different Use Case Examples for Network Level Incident Detection
• Learn Different Use Case Examples for Host Level Incident Detection
• Learn Different Use Case Examples for Compliance
• Understand the Concept of Handling Alert Triaging and Analysis

Module 5: Enhanced Incident Detection with Threat Intelligence

• Learn Fundamental Concepts on Threat Intelligence
• Learn Different Types of Threat Intelligence
• Understand How Threat Intelligence Strategy is Developed
• Learn Different Threat Intelligence Sources from which Intelligence can be Obtained
• Learn Different Threat Intelligence Platform (TIP)
• Understand the Need of Threat Intelligence-driven SOC

Module 6: Incident Response

• Understand the Fundamental Concepts of Incident Response
• Learn Various Phases in Incident Response Process
• Learn How to Respond to Network Security Incidents
• Learn How to Respond to Application Security Incidents
• Learn How to Respond to Email Security Incidents
• Learn How to Respond to Insider Incidents
• Learn How to Respond to Malware Incidents

Certified Application Security Engineer Certification Course Outline

Module 1: Understanding Application Security, Threats and Attacks

• What is a Secure Application?
• Need for Application Security
• Most Common Application Level Attacks
• Why Applications become Vulnerable to Attacks?
• What Constitutes Comprehensive Application Security?
• Insecure Application: A Software Development Problem
• Software Security Standards, Models and Frameworks

Module 2: Security Requirements Gathering

• Importance of Gathering Security Requirements
• Security Requirement Engineering (SRE)
• Abuse Case and Security Use Case Modelling
• Abuser and Security Stories
• Security Quality Requirements Engineering (SQUARE)
• Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

Module 3: Secure Application Design and Architecture

• Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
• Secure Application Design and Architecture
• Goal of Secure Design Process
• Secure Design Actions
• Secure Design Principles
• Threat Modelling
• Decompose Application
• Secure Application Architecture

Module 4: Secure Coding Practices for Input Validation

• Input Validation
• Why Input Validation?
• Input Validation Specification
• Input Validation Approaches
• Input Filtering
• Secure Coding Practices for Input Validation: Web Forms
• Secure Coding Practices for Input Validation: ASP.NET Core
• Secure Coding Practices for Input Validation: MVC

Module 5: Secure Coding Practices for Authentication and Authorisation

• Authentication and Authorisation
• Common Threats on User Authentication and Authorisation
• Authentication and Authorisation: Web Forms
• Authentication and Authorisation: ASP .NET Core
• Authentication and Authorisation: MVC
• Authentication and Authorisation Defensive Techniques: Web Forms
• Authentication and Authorisation Defensive Techniques: ASP .NET Core
• Authentication and Authorisation Defensive Techniques: MVC

Module 6: Secure Coding Practices for Cryptography

• Cryptographic
• Ciphers
• Block Ciphers Modes
• Symmetric Encryption Keys
• Asymmetric Encryption Keys
• Functions of Cryptography
• Use of Cryptography to Mitigate Common Application Security Threats
• Cryptographic Attacks
• Techniques Attackers Use to Steal Cryptographic Keys
• What should you do to Secure .Net Applications for Cryptographic Attacks?
• .NET Cryptographic Name Spaces
• .NET Cryptographic Class Hierarchy
• Symmetric Encryption
• Symmetric Encryption: Defensive Coding Techniques
• Asymmetric Encryption
• Asymmetric Encryption: Defensive Coding Techniques
• Hashing
• Digital Signatures
• Digital Certificates
• XML Signature
• ASP.NET Core Specific Secure Cryptography Practices

Module 7: Secure Coding Practices for Session Management

• What are Exceptions/Runtime Errors?
• Need for Secure Error/Exception Handling
• Consequences of Detailed Error Message
• Exposing Detailed Error Messages
• Considerations: Designing Secure Error Messages
• Secure Exception Handling
• Handling Exceptions in an Application
• Defensive Coding practices against Information Disclosure
• Defensive Coding practices against Improper Error Handling
• ASP .NET Core: Secure Error Handling Practices
• Secure Auditing and Logging
• Tracing .NET
• Auditing and Logging Security Checklists

Module 8: Static and Dynamic Application Security Testing (SAST and DAST)

• Static Application Security Testing
• Manual Secure Code Review for Most Common Vulnerabilities
• Code Review: Check List Approach
• SAST Finding
• SAST Report
• Dynamic Application Security Testing
• Automated Application Vulnerability Scanning Tools
• Proxy-Based Security Testing Tools
• Choosing between SAST and DAST

Module 9: Secure Deployment and Maintenance

• Secure Deployment
• Prior Deployment Activity
• Deployment Activities: Ensuring Security at Various Levels
• Ensuring Security at Host Level
• Ensuring Security at Network Level
• Ensuring Security at Application Level
• Web Application Firewall (WAF)
• Ensuring Security at IIS Level
• Sites and Virtual Directories
• ISAPI Filters
• Ensuring Security at .NET Level
• Ensuring Security at SQL Server Level
• Security Maintenance and Monitoring

Certified DevSecOps Engineer Certification Course Outline

Module 1: Understanding DevOps Culture

• Evolution of DevOps
• Role of DevOps in Software Development Life Cycle
• Implementing DevOps in Various Environments
  • On-Premises
  • AWS
  • Azure
• DevOps Frameworks and Maturity Models
• Integrating Security in DevOps
  • Security Silos
  • DevOps Culture

Module 2: Introduction to DevSecOps

• Security Challenges in DevOps Processes
• Essence and Cultural Aspects of DevSecOps
• Continuous Security Integration in DevSecOps Pipeline
• DevSecOps Tools and Strategies
• Bridging the Gap Between Development, Operations, and Security

Module 3: DevSecOps Pipeline-Plan Stage

• Fortifying the CI/CD Pipeline
• Continuous Threat Modeling Practices
• Gathering Security Requirements from Business Functionalities
• Addressing Technical Security Debts
• Pre-Commit Checks and Secure Code Practices

Module 4: DevSecOps Pipeline-Code Stage

• Integrating Security in Code-Writing Process
• Security Plugins in Integrated Development Environments (IDEs)
• Configuring Code Scanning for GitHub Repositories
• Implementing and Scanning Source Code Repositories
• Integrating Software Composition Analysis (SCA) Tools

Module 5: DevSecOps Pipeline-Build and Test Stage

• Integrating Security Testing Tools and Frameworks
• Static Application Security Testing (SAST) Tools
• Manual Secure Code Review Techniques
• Dynamic Application Security Testing (DAST) Tools
• Interactive Application Security Testing (IAST) Tools

Module 6: DevSecOps Pipeline—Release and Deploy Stage

• Strengthening Security During Software Release and Deployment
• Integrating Security Tools
  • RASP
  • Penetration Testing
• Vulnerability Scanning and Bug Bounty Programs
• Infrastructure as Code (IaC) Principles
  • Terraform
  • AWS CloudFormation
• Configuration Orchestration Tools
  • Ansible
  • Chef
  • Puppet
  • Azure Resource Management

Module 7: DevSecOps Pipeline—Operate and Monitor Stage

• Maintaining Security During Software Operations and Monitoring
• Scanning for Vulnerabilities in Infrastructure as Code (IaC)
• Securing Containers and Integrating Monitoring Tools
• Compliance as Code (CaC) Practices
• Monitoring Features in AWS and Azure, Web Application Firewall (WAF), Continuous Feedback

Certified Secure Computer User Certification Course Outline

Module 1: Introduction To Data Security

• Data - Digital Building Blocks
• Importance of Data in the Information Age
• Threats to Data
• Data Security
• Potential Losses Due to Security Attacks
• Implementing Security

Module 2: Securing Operating Systems

• Guidelines to Secure Windows
• Guidelines to Secure Mac OS X

Module 3: Malware and Antiviruses

• What is Malware
• Types of Malware
• Symptoms of Malware Infection
• Antivirus
• Configuring and Using Antivirus Software
• How to Test if an Antivirus is Working

Module 4: Internet Security

• Understanding Web Browser Concepts
• Understanding IM Security
• Understanding Child Online Safety

Module 5: Security On Social Networking Sites

• Understanding Social Networking Concepts
• Understanding Various Social Networking Security Threats
• Understanding Facebook Security Settings
• Understanding Twitter Security Settings

Module 6: Securing Email Communications

• Understanding Email Security Concepts
• Understanding Various Email Security Threats
• Understanding Various Email Security Procedures

Module 7: Securing Mobile Devices

• Understanding Mobile Device Security Concepts
• Understanding Threats to a Mobile Device
• Understanding Various Mobile Security Procedures
• Understanding How to Secure iPhone and iPad Devices
• Understanding How to Secure Android Devices
• Understanding How to Secure Windows Device
• Mobile Security Tools

Module 8: Securing the Cloud

• Concept of Cloud
• How Cloud Works
• Threats to Cloud Security
• Safeguarding Against Cloud Security Threats
• Cloud Privacy Issues
• Addressing Cloud Privacy Issues
• Choosing a Cloud Service Provider

Module 9: Securing Network Connections

• Understanding Various Networking Concepts
• Understanding Setting Up a Wireless Network in Windows
• Understanding Setting Up a Wireless Network in Mac
• Understanding Threats to Wireless Network Security and Countermeasures
• Measures to Secure Network Connections

Module 10: Data Backup and Disaster Recovery

• Data Backup Concepts
• Types of Data Backups
• Windows Backup and Restore Procedures
• MAC OS X Backup and Restore Procedures
• Understanding Secure Data Destruction

Certified Ethical Hacker Course Outline

Module 1: Introduction to Ethical Hacking

• Elements of Information Security
• Classification of Attacks
• Hacker Classes
• Ethical Hacking
• AI-Driven Ethical Hacking
• ChatGPT-Powered AI Tools for Ethical Hackers
• CEH Ethical Hacking Framework
• Cyber Kill Chain Methodology
• MITRE ATT&CK Framework
• Information Assurance (IA)
• Risk Management
• Threat Intelligence Lifecycle
• Incident Management
• PCI DSS
• HIPPA
• SOX
• GDPR
• DPA

Module 2: Foot Printing and Reconnaissance

• Reconnaissance
• Footprinting Using Advanced Google Hacking Techniques
• Footprinting through People Search Services
• Dark Web Footprinting
• Competitive Intelligence Gathering
• Footprinting through Social Networking Sites
• Whois Lookup
• DNS Footprinting
• Traceroute Analysis
• Email Footprinting
• Footprinting through Social Engineering
• AI-Powered OSINT Tools

Hands-on Labs:

• Perform footprinting on the target network using search engines, internet research services, and social networking sites
• Perform whois, DNS, network, and email footprinting on the target network
• Perform Footprinting using AI

Module 3: Scanning Networks

• Network Scanning
• Scanning Tools
• Host Discovery Techniques
• Port Scanning Techniques
• Host Discovery and Port Scanning with AI
• Service Version Discovery
• OS Discovery/Banner Grabbing
• Scanning Beyond IDS and Firewall
• Scanning Detection and Prevention

Hands-on Labs:

• Perform host, port, service, and OS discovery on the target network
• Perform scanning on the target network beyond IDS and Firewall
• Perform scanning using AI

Module 4: Enumeration

• Enumeration, NetBIOS Enumeration
• SNMP Enumeration
• LDAP Enumeration
• NTP Enumeration
• NFS Enumeration
• SMTP Enumeration
• DNS Cache Snooping
• DNSSEC Zone Walking
• IPsec Enumeration
• VoIP Enumeration
• RPC Enumeration
• Unix/Linux User Enumeration
• SMB Enumeration
• Enumeration using AI
• Enumeration Countermeasures

Hands-on Labs:

• Perform NetBIOS, SNMP, LDAP, NFS, DNS, SMTP, RPC, SMB, and FTP Enumeration
• Perform Enumeration using AI

Module 5: Vulnerability Analysis

• Vulnerability Classification
• Vulnerability Scoring Systems and Databases
• Vulnerability-Management Life Cycle
• Vulnerability Research
• Vulnerability Scanning and Analysis 
• Vulnerability Assessment Tools
• Vulnerability Assessment Reports
• AI-Powered Vulnerability Assessment Tools

Module 6: System Hacking

• Password Cracking
• Password Attacks
• Password-Cracking Tools
• Vulnerability Exploitation
• Metasploit Framework
• AI-Powered Vulnerability Exploitation Tools
• Buffer Overflow
• Buffer Overflow Detection Tools
• Active Directory (AD) Enumeration
• Privilege Escalation
• Privilege Escalation Tools
• Executing Applications
• Keylogger
• Spyware
• Rootkits
• Steganography
• Steganalysis
• Steganography Detection Tools
• Maintaining Persistence
• Linux and Windows Post Exploitation
• Covering Tracks
• Clearing Logs
• Track-Covering Tools

Hands-on Labs:

• Perform an Active Online Attack to Crack the System’s Password
• Perform Buffer Overflow Attack to Gain Access to a Remote System
• Escalate Privileges using Privilege Escalation Tools
• Escalate Privileges in Linux Machine
• Hide Data using Steganography
• Clear Windows and Linux Machine Logs using Various Utilities
• Hiding Artifacts in Windows and Linux Machines
• Perform System Hacking using AI

Module 7: Malware Threats

• Malware
• Advanced Persistent Threat Lifecycle
• Trojan
• Virus
• Ransomware
• Computer Worms
• Fileless Malware
• AI-based Malware
• Malware Analysis
• Static Malware Analysis
• Dynamic Malware Analysis
• Virus Detection Methods
• Malware Countermeasures
• Anti-Trojan Software
• AI-Powered Malware Detection and Analysis Tools

Hands-on Labs:

• Gain Control over a Victim Machine using Trojan
• Infect the Target System using a Virus
• Perform Static and Dynamic Malware Analysis

Module 8: Sniffing

• Network Sniffing
• MAC Flooding
• DHCP Starvation Attack
• ARP Spoofing
• ARP Spoofing/Poisoning Tools
• MAC Spoofing
• VLAN Hopping
• STP Attack
• DNS Poisoning Techniques
• DNS Poisoning Tools
• Sniffing Tools, Sniffer Detection Techniques
• Promiscuous Detection Tools

Hands-on Labs:

• Perform MAC Flooding, ARP Poisoning, MITM and DHCP Starvation Attack
• Spoof a MAC Address of a Linux Machine
• Perform Network Sniffing using Various Sniffing Tools
• Detect ARP Poisoning in a Switch-Based Network

Module 9: Social Engineering

• Social Engineering
• Types of Social Engineering
• Human-based Social Engineering Techniques
• Impersonation
• Computer-based Social Engineering Techniques
• Phishing
• Phishing Tools
• Perform Impersonation using AI
• Identity Theft
• Mobile-based Social Engineering Techniques
• Social Engineering Countermeasures
• Anti-Phishing Toolbar

Hands-on Labs:

• Perform Social Engineering using Various Techniques
• Detect a Phishing Attack
• Social Engineering using AI

Module 10: Denial-of-Service

• DoS Attack
• DDoS Attack
• Botnets
• DoS/DDoS Attack Techniques
• DoS/DDoS Attack Toolkits
• DoS/DDoS Attack Detection Techniques
• DoS/DDoS Protection Tools
• DoS/DDoS Protection Services

Hands-on Labs:

• Perform a DoS and DDoS attack on a Target Host
• Detect and Protect Against DoS and DDoS Attacks

Module 11: Session High jacking

• Session Hijacking
• Application-Level Session Hijacking
• Compromising Session IDs
• Session Hijacking
• Network-Level Session Hijacking
• TCP/IP Hijacking
• RST Hijacking
• Blind Hijacking
• Session Hijacking Tools
• Session Hijacking Detection Methods
• Session Hijacking Detection Tools
• Approaches to Prevent Session Hijacking

Hands-on Labs:

• Perform Session Hijacking using various Tools
• Detect Session Hijacking

Module 12: Evading IDS, Firewalls, and Honeypots

• Intrusion Detection System (IDS)
• Intrusion Prevention System (IPS)
• Firewall
• Types of Firewalls
• Intrusion Detection Tools
• Intrusion Prevention Tools
• IDS/Firewall Evasion Techniques
• NAC and Endpoint Security Evasion Techniques
• IDS/Firewall Evading Tools
• Honeypot
• Types of Honeypots
• Honeypot Tools
• IDS/Firewall Evasion Countermeasures

Hands-on Labs:

• Perform Intrusion Detection using Various Tools
• Deploy Honeypot to Detect Malicious Network Traffic
• Bypass Firewall Rules using Tunneling
• Bypass Antivirus

Module 13: Hacking Web Servers

• Web Server Architecture
• Web Server Vulnerabilities
• Web Server Attacks
• DNS Server Hijacking
• Web Cache Poisoning Attack
• Web Server Footprinting/Banner Grabbing
• Directory Brute Forcing
• Vulnerability Scanning
• Web Server Password Hacking
• Web Server Attack Tools
• Web Server Attack Countermeasures
• Detecting Web Server Hacking Attempts
• Web Server Security Tools

Hands-on Labs:

• Perform Web Server Reconnaissance using Various Tools
• Enumerate Web Server Information
• Perform a Web Server Attack
• Perform a Web Server Hacking using AI

Module 14: Hacking Web Applications

• Web Application
• OWASP Top 10 Application Security Risks – 2021
• Web Application Attacks
• Footprint Web Infrastructure
• Analyze Web Applications
• Bypass Client-side Controls
• Attack Access Controls
• Attack Web Services
• Web API
• Webhooks
• Web API Hacking Methodology
• API Security Risks and Solutions
• Web Application Security Testing
• Web Application Fuzz Testing
• Encoding Schemes
• Web Application Attack Countermeasures
• Web Application Security Testing Tools

Hands-on Labs:

• Perform Web Application Reconnaissance using Various Tools
• Perform Web Spidering
• Perform Web Application Vulnerability Scanning
• Perform Web Application Attacks
• Detect Web Application Vulnerabilities using Various Web Application Security Tools
• Perform Web Application Hacking using AI

Module 15: SQL Injection

• SQL Injection
• Types of SQL Injection
• Error Based SQL Injection
• Union SQL Injection
• Blind/Inferential SQL Injection
• SQL Injection Methodology
• Information Gathering and SQL Injection Vulnerability Detection
• Launch SQL Injection Attacks
• Advanced SQL Injection
• SQL Injection Tools
• SQL Injection with AI
• Evasion Techniques
• SQL Injection Countermeasures
• SQL Injection Detection Tools

Hands-on Labs:

• Perform an SQL Injection Attack Against MSSQL to Extract Databases
• Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools
• Perform SQL Injection using AI

Module 16: Hacking Wireless Networks

• Wireless Networks
• Wireless Standards
• Wireless Encryption
• Wireless Threats
• Wireless Hacking Methodology
• Wi-Fi Discovery
• Wireless Traffic Analysis
• Launch of Wireless Attacks
• Wi-Fi Encryption Cracking
• Wireless Attack Countermeasures
• Wi-Fi Security Auditing Tools

Hands-on Labs:

• Footprint a Wireless Network
• Perform Wireless Traffic Analysis
• Crack a WPA2 Network
• Create a Rogue Access Point

Module 17: Hacking Mobile Platforms

• OWASP Top 10 Mobile Risks – 2024
• Anatomy of a Mobile Attack
• App Sandboxing Issues
• SMS Phishing Attack (SMiShing)
• Call Spoofing
• OTP Hijacking/Two-Factor Authentication Hijacking
• Camera/Microphone Capture Attacks
• Android Rooting
• Hacking Android Devices
• Android Hacking Tools
• Android Security Tools
• Jailbreaking iOS
• Hacking iOS Devices
• iOS Device Security Tools
• Mobile Device Management (MDM)
• OWASP Top 10 Mobile Risks and Solutions
• Mobile Security Guidelines
• Mobile Security Tools

Hands-on Labs:

• Hack an Android Device by Creating Binary Payloads
• Exploit the Android Platform through ADB
• Hack an Android Device by Creating APK File
• Secure Android Devices using Various Android Security Tools

Module 18: IoT and OT Hacking

• IoT Architecture
• IoT Technologies and Protocols
• OWASP Top 10 IoT Threats
• IoT Vulnerabilities
• IoT Threats
• IoT Attacks
• IoT Hacking Methodology
• IoT Hacking Tools
• IoT Security Tools
• IT/OT Convergence (IIOT)
• OT Technologies and Protocols
• OT Vulnerabilities
• OT Threats
• OT Attacks
• OT Hacking Methodology
• OT Hacking Tools
• OT Security Tools

Hands-on Labs:

• Gather Information using Online Footprinting Tools
• Capture and Analyse IoT Device Traffic
• Perform IoT Attacks

Module 19: Cloud Computing

• Cloud Computing
• Fog Computing
• Edge Computing
• Container
• Docker
• Kubernetes
• Serverless Computing
• OWASP Top 10 Cloud Security Risks
• Cloud Computing Threats
• Container Vulnerabilities
• Kubernetes Vulnerabilities
• Cloud Attacks
• Cloud Hacking Methodology
• AWS Hacking
• Microsoft Azure Hacking
• Google Cloud Hacking
• Container Hacking
• Cloud Network Security
• Cloud Security Controls
• Cloud Security Tools

Hands-on Labs:

• Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools
• Exploit Open S3 Buckets
• Escalate IAM User Privileges by Exploiting Misconfigured User Policy
• Perform Vulnerability Assessment on Docker Images

Module 20: Cryptography

• Cryptography, Ciphers
• Symmetric Encryption Algorithms
• Asymmetric Encryption Algorithms
• Message Digest Functions
• Quantum Cryptography
• Cryptography Tools
• Public Key Infrastructure (PKI)
• Signed Certificate
• Digital Signature
• Email Encryption
• Disk Encryption
• Blockchain
• Cryptanalysis Methods
• Cryptography Attacks
• Attacks on Blockchain
• Quantum Computing Attacks
• Cryptanalysis Tools

Hands-on Labs:

• Encrypt the Information using Various Cryptography Tools
• Create and Use Self-signed Certificates
• Perform Email and Disk Encryption
• Perform Cryptanalysis using Various Cryptanalysis Tools
• Perform Cryptography using AI

Digital Forensics Essentials Certification Course Outline

Module 1: Computer Forensics Fundamentals

• Fundamentals of Computer Forensics
• Digital Evidence
• Forensic Readiness
• Roles and Responsibilities of a Forensic Investigator
• Legal Compliance in Computer Forensics

Module 2: Computer Forensics Investigation Process

• Forensic Investigation Process and its Importance
• Forensic Investigation Process – Pre-investigation Phase
• Forensic Investigation Process – Investigation Phase
• Forensic Investigation Process – Post-investigation Phase

Labs:

• Performing Hash or HMAC Calculations
• Comparing Hash Values of Files to Check their Integrity or Viewing Files of Various Formats
• Creating a Disk Image File of a Hard Disk Partition

Module 3: Understanding Hard Disks and File Systems

• Different Types of Disk Drives and their Characteristics
• Logical Structure of a Disk
• Booting Process of Windows, Linux, and Mac Operating Systems
• File Systems of Windows, Linux, and Mac Operating Systems
• File System Examination

Labs:

• Analysing File System of a Linux Image
• Recovering Deleted Files from Hard Disks

Module 4: Data Acquisition and Duplication

• Data Acquisition Fundamentals
• Types of Data Acquisition
• Data Acquisition Format
• Data Acquisition Methodology

Labs:

• Creating a dd Image of a System Drive
• Converting Acquired Image File to a Bootable Virtual Machine
• Acquiring RAM from Windows Workstations
• Viewing Contents of Forensic Image File

Module 5: Defeating Anti-forensics Techniques

• Anti-forensics and its Techniques
• Anti-forensics Countermeasures

Labs:

• SSD File Carving on a Windows File System
• Recovering Data from Lost / Deleted Disk Partition
• Cracking Application Passwords
• Detecting Steganography

Module 6: Windows Forensics

• Volatile and Non-Volatile Information
• Windows Memory and Registry Analysis
• Cache, Cookie, and History Recorded in Web Browsers
• Windows Files and Metadata

Labs:

• Acquiring Volatile Information from a Live Windows System
• Investigating Forensic Image of Windows RAM
• Examining Web Browser artefacts
• Extracting Information about Loaded Processes on a Computer

Module 7: Linux and Mac Forensics

• Volatile and Non-Volatile Data in Linux
• Analyse Filesystem Images Using the Sleuth Kit
• Memory Forensics
• Mac Forensics

Labs:

• Forensic Investigation on a Linux Memory Dump
• Recovering Data from a Linux Memory Dump

Module 8: Network Forensics

• Network Forensics Fundamentals
• Event Correlation Concepts and Types
• Identify Indicators of Compromise (IoCs) from Network Logs
• Investigate Network Traffic

Labs:

• Identifying and Investigating Various Network Attacks using Wireshark

Module 9: Investigating Web Attacks

• Web Application Forensics
• IIS and Apache Web Server Logs
• Investigating Web Attacks on Windows-based Servers
• Detect and Investigate Attacks on Web Applications

Labs:

• Identifying and Investigating Web Application Attacks Using Splunk

Module 10: Dark Web Forensics

• Dark Web
• Dark Web Forensics
• Tor Browser Forensics

Labs:

• Detecting TOR Browser on a Machine
• Analysing RAM Dumps to Retrieve TOR Browser Artefacts

Module 11: Investigating Email Crimes

• Email Basics
• Email Crime Investigation and its Steps

Labs:

• Investigating a Suspicious Email

Module 12: Malware Forensics

• Malware, Its Components and Distribution Methods
• Malware Forensics Fundamentals and Recognise Types of Malware Analysis
• Static Malware Analysis
• Analyse Suspicious Word Documents
• Dynamic Malware Analysis
• System Behaviour Analysis
• Network Behaviour Analysis

Labs:

• Performing Static Analysis on a Suspicious File
• Forensic Examination of a Suspicious Microsoft Office Document
• Performing System Behaviour Analysis

Certified Threat Intelligence Analyst Certification Course Outline

Module 1: Introduction to Threat Intelligence

• Intelligence
• Cyber Threat Intelligence Concepts
• Threat Intelligence Lifecycle and Frameworks
• Threat Intelligence Platforms (TIPs)
• Threat Intelligence in the Cloud Environment
• Future Trends and Continuous Learning

Module 2: Cyber Threats and Attack Frameworks

• Cyber Threats
• Advanced Persistent Threats
• Cyber Kill Chain
• MITRE ATT&CK and Diamond Model
• Indicators of Compromise

Module 3: Requirements, Planning, Direction, and Review

• Organisation’s Current Threat Landscape
• Requirements Analysis
• Plan a Threat Intelligence Program
• Establish Management Support
• Build a Threat Intelligence Team
• Threat Intelligence Sharing
• Review Threat Intelligence Program

Module 4: Data Collection and Processing

• Threat Intelligence Data Collection
• Threat Intelligence Collection Management
• Threat Intelligence Feeds and Sources
• Threat Intelligence Data Collection and Acquisition
• Bulk Data Collection
• Data Processing and Exploitation
• Threat Data Collection and Enrichment in Cloud Environments

Module 5: Data Analysis

• Data Analysis
• Data Analysis Techniques
• Threat Analysis
• Threat Analysis Process
• Fine-Tuning Threat Analysis
• Threat Intelligence Evaluation
• Create Runbooks and Knowledge Base
• Threat Intelligence Tools

Module 6: Intelligence Reporting and Dissemination

• Threat Intelligence Reports
• Dissemination
• Participate in Sharing Relationships
• Sharing Threat Intelligence
• Delivery Mechanisms
• Threat Intelligence Sharing Platforms
• Intelligence Sharing Acts and Regulations
• Threat Intelligence Integration
• Threat Intelligence Sharing and Collaboration using Python Scripting

Module 7: Threat Hunting and Detection

• Threat Hunting Concepts
• Threat Hunting Automation

Module 8: Threat Intelligence in SOC Operations, Incident Response, & Risk Management

• Threat Intelligence in SOC Operations
• Threat Intelligence in Risk Management
• Threat Intelligence in Incident Response

Certified Cloud Security Engineer Certification Course Outline

Module 1: Introduction to Cloud Security

• Core Concepts of Cloud Computing
• Cloud Service Models
• Cloud-Based Threats and Vulnerabilities
• Service Provider Components
• Shared Security Responsibility Model
• Configuring a Secure Cloud Environment
• Protecting Organisational Resources

Module 2: Platform and Infrastructure Security in the Cloud

• Components and Technologies of Cloud Architecture
• Securing Multi-Tenant, Virtualised, Physical, and Logical Cloud Components
• Securing Physical Data Centres and Cloud Infrastructures
• Tools and Techniques for Cloud Security in Azure, AWS, and GCP

Module 3: Application Security in the Cloud

• Securing Cloud Applications
• Secure Software Development Lifecycle Changes
• Services and Tools for Application Security

Module 4: Data Security in the Cloud

• Basics of Cloud Data Storage and Lifecycle
• Controls for Protecting Data at Rest and Data in Transit
• Data Storage Features in the Cloud
• Services and Tools for Securing Data in Azure, AWS, and GCP

Module 5: Operation Security in the Cloud

• Security Controls for Cloud Infrastructures
• Building Cloud Infrastructures
• Implementing Cloud Infrastructures
• Operating Cloud Infrastructures
• Managing Cloud Infrastructures
• Maintaining Cloud Infrastructures
• Services, Features, and Tools for Operational Security

Module 6: Penetration Testing in the Cloud

• Implementing Comprehensive Penetration Testing
• Assessing the Security of Cloud Infrastructure
• Services and Tools for Penetration Testing

Module 7: Incident Detection and Response in the Cloud

• Incident Response Lifecycle
• Tools and Techniques for Incident Detection and Response
• Using SOAR Technologies
• Incident Response Capabilities

Module 8: Forensics Investigation in the Cloud

• Forensic Investigation Process
• Cloud Forensic Challenges
• Data Collection Methods
• Investigating Security Incidents

Module 9: Business Continuity and Disaster Recovery in the Cloud

• Importance of Business Continuity
• Disaster Recovery Planning
• Backup and Recovery Tools, Services, and Features
• Monitoring Business Continuity Issues

Module 10: Governance, Risk Management, and Compliance in the Cloud

• Governance Frameworks, Models, and Regulations
• Design and Implementation of Governance Frameworks
• Cloud Compliance Frameworks
• Governance Modules

Module 11: Standards, Policies, and Legal Issues in the Cloud

• Standards
• Policies
• Legal Issues
• Compliance and Auditing Features, Services, and Tools

Certified Chief Information Security Officer Certification Course Outline

Domain 1: Governance

Module 1: Qualifying areas under Governance

• Define and Maintain Information Security Governance Program
• Align Governance Framework with Organisational Goals and Policies
• Establish Information Security Management Structure
• Establish Governance Monitoring Framework for Controls And ROI
• Understand Standards Policies Regulations and Legal Issues
• Manage Enterprise Information Security Compliance Program
• Analyse External Laws Regulations and Best Practices
• Understand Laws Affecting Organisational Security Such as HIPAA FISMA Sarbanes Oxley
• Be Familiar with ISO 27000 Series and Federal Information Processing Standards
• Understand Federal and Organisation Published Documents for Operations
• Assess Enterprise Risk Factors for Compliance
• Coordinate Application of Security Strategies Plans and Policies
• Understand Role of Regulatory Security Organisations and Industry Groups
• Understand Security Changes Trends and Best Practices
• Manage Enterprise Compliance Program Controls
• Understand Compliance Processes and Procedures
• Compile Analyse and Report Compliance Programs
• Understand Compliance Auditing and Certification Programs
• Follow Organisational Ethics

Domain 2: Management Controls and Auditing Management

Module 2: Information Security Management Controls

• Identify Operational Process Objectives and Risk Tolerance
• Design Information Systems Controls Aligned with Needs and Goals
• Identify and Select Resources for Implementing Information Systems Controls
• Supervise Information Systems Control Process Within Budget and Scope
• Design and Implement Controls to Mitigate Risk and Monitor Performance
• Conduct Testing of Information Security Controls for Effectiveness
• Implement Processes to Remediate Deficiencies and Resolve Errors
• Assess and Implement Tools to Automate Control Processes
• Produce Information Systems Control Status Reports for Stakeholders

Module 3: Auditing Management

• Understand IT Audit Process and Standards
• Apply Audit Principles and Techniques for Risk Based Strategy
• Execute Audit Process and Interpret Results Against Standards
• Evaluate Audit Results for Relevancy Accuracy and Evidence
• Assess Exposures from Ineffective or Missing Control Practices
• Develop IT Audit Documentation and Share Reports with Stakeholders
• Ensure Changes Based on Audit Findings Are Implemented Timely

Domain 3: Management Projects and Operations

Module 4: Qualifying areas under Management Projects and Operations

• Develop Clear Project Scope Statement Aligned with Organisational Objectives
• Define Activities Needed for Information Systems Program Execution and Develop Schedule and Staffing Plan
• Develop Manage and Monitor Information Systems Program Budget and Control Project Costs
• Identify Negotiate Acquire and Manage Resources for Successful Program Implementation
• Acquire Develop and Manage Information Security Project Team
• Assign Clear Job Functions and Provide Training for Effective Performance
• Direct Information Security Personnel and Establish Communication Between Teams
• Resolve Personnel and Teamwork Issues Within Time Cost and Quality Constraints
• Identify Negotiate and Manage Vendor Agreements and Communications
• Participate with Vendors and Stakeholders to Review and Assess Solutions
• Evaluate Project Management Practices to Achieve Cost-Effective Business Requirements
• Develop Plan to Measure Effectiveness of Information Systems Projects
• Identify Stakeholders Manage Expectations and Communicate Progress
• Ensure Necessary Changes and Improvements Are Implemented

Domain 4: Information Security Core Competence

Module 5: Access Control

• Identify Criteria for Mandatory and Discretionary Access Control
• Implement and Manage Access Control Plan Aligned with Basic Principles
• Identify Different Access Control Systems Such as ID Cards and Biometrics
• Develop Procedures to Ensure User Awareness of IA Responsibilities

Module 6: Social Engineering Phishing Attacks Identity Theft

• Understand Social Engineering Concepts and Their Role in Insider Attacks
• Design Response Plan to Identity Theft Incidences
• Identify and Design Plan to Overcome Phishing Attacks

Module 7: Physical Security

• Identify Standards Policies Regulations and Laws for Physical Security
• Determine Value of Physical Assets and Impact If Unavailable
• Identify Resources Needed for Physical Security Plan Implementation
• Design Implement and Manage Physical Security Plan
• Establish Objectives for Personnel Security and Overall Organisational Security
• Design and Manage Physical Security Audit and Update Issues
• Establish Physical Security Performance Measurement System

Module 8: Risk Management

• Identify Risk Mitigation and Risk Treatment Processes and Understand Acceptable Risk
• Identify Resource Requirements for Risk Management Plan Implementation
• Design Structured Risk Assessment Process Aligned with Organisational Goals
• Develop Coordinate and Manage Risk Management Teams
• Establish Relationships Between Incident Response Team and Other Groups
• Develop Incident Management Measurement Program and Manage Risk Tools
• Understand Residual Risk in Information Infrastructure
• Assess Threats and Vulnerabilities to Identify Security Risks
• Identify Changes to Risk Management Policies and Processes
• Ensure Security Controls and Processes Are Integrated into Investment Planning

Module 9: Disaster Recovery and Business Continuity Planning

• Develop Implement and Monitor Business Continuity Plans Aligned with Organisational Goals
• Define Scope of Continuity of Operations Program to Address Business Recovery
• Identify Resources and Roles of Stakeholders in Business Continuity Programs
• Identify and Prioritise Critical Business Functions and Design Emergency Delegations
• Direct Contingency Planning Operations and Programs to Manage Risk
• Understand Importance of Lessons Learned from Testing and Crisis Events
• Design Documentation Process as Part of Continuity of Operations Program
• Design and Execute Testing and Updating Plans for Continuity of Operations
• Integrate IA Requirements into Continuity of Operations Plan (COOP)
• Identify Measures to Increase Emergency Preparedness Such as Backup Solutions

Module 10: Firewall IDS/IPS And Network Defense Systems

• Identify Intrusion Detection and Prevention Systems for Information Security
• Design Program to Monitor Firewalls and Identify Configuration Issues
• Understand Perimeter Defense Systems Such As Grid Sensors And Access Control Lists
• Identify Basic Network Architecture Models And Components In Network Security
• Understand Network Segmentation And VPN Management
• Identify Network Vulnerabilities And Explore Network Security Controls

Module 11: Wireless Security

• Identify Vulnerabilities And Attacks In Wireless Networks
• Manage Wireless Network Security Tools

Module 12: Virus Trojans And Malware Threats

• Assess Threat Of Virus Trojan And Malware To Organisational Security
• Deploy And Manage Anti-Virus Systems
• Develop Process To Counter Virus Trojan And Malware Threats

Module 13: Secure Coding Best Practices And Securing Web Applications

• Develop And Maintain Software Assurance Programs Aligned With Secure Coding Principles
• Understand Various System-Engineering Practices
• Configure And Run Tools To Develop Secure Programs
• Understand Software Vulnerability Analysis Techniques
• Install And Operate IT Systems In Test Configuration Without Altering Code
• Identify Web Application Vulnerabilities And Counter Web Security Attacks

Module 14: Hardening OS

• Identify OS Vulnerabilities And Develop Hardening Plan
• Understand System Logs Patch Management Process And Configuration Management

Module 15: Encryption Technologies

• Understand Concept Of Encryption And Decryption Digital Certificates And PKI
• Identify Components Of A Cryptosystem
• Develop Plan For Information Security Encryption Techniques

Module 16: Vulnerability Assessment And Penetration Testing

• Design Develop And Implement Penetration Testing Program
• Identify Vulnerabilities And Legal Issues In Penetration Testing
• Develop Pre And Post Testing Procedures
• Develop Pen Test Reporting Plan And Vulnerability Correction Implementation
• Develop Vulnerability Management Systems

Module 17: Computer Forensics And Incident Response

• Develop Plan To Identify And Report Security Violations
• Comply With System Termination And Incident Reporting Procedures
• Assess Security Violations And Preserve Evidence
• Diagnose And Resolve IA Problems In Response To Incidents
• Design Incident Response Procedures
• Develop Guidelines For Security Incidents Requiring Legal Action
• Identify Volatile And Persistent System Information
• Understand Digital Media Devices E-Discovery Principles And File Systems
• Develop And Manage Digital Forensic Program
• Establish And Manage Forensic Investigation Teams
• Design Investigation Processes Such As Evidence Collection Imaging And Data Acquisition
• Identify Best Practices For Acquiring Storing And Processing Digital Evidence
• Configure And Use Forensic Investigation Tools
• Design Anti-Forensic Techniques

Domain 5: Strategic Planning And Finance

Module 18: Strategic Planning

• Design Develop And Maintain Enterprise Information Security Architecture
• Perform External And Internal Organisational Analysis To Align Security Program
• Identify And Consult Key Stakeholders To Ensure Understanding Of Objectives
• Define Visionary Strategic Plan For Information Security Program
• Define Key Performance Indicators And Measure Effectiveness Continuously
• Assess And Adjust IT Investments to Support Strategic Objectives
• Monitor and Update Activities to Ensure Accountability and Progress

Module 19: Finance

• Analyse Forecast and Develop Operational Budget of IT Department
• Acquire And Manage Necessary Resources For Implementation And Management of Information Security Plan
• Allocate Financial Resources To Projects Processes and Units Within Information Security Program
• Monitor And Oversee Cost Management Of Information Security Projects And ROI Of Key Purchases Related To IT Infrastructure And Security
• Identify And Report Financial Metrics To Stakeholders
• Balance IT Security Investment Portfolio Based On EISA Considerations And Enterprise Security Priorities
• Understand Acquisition Life Cycle And Perform Business Impact Analysis For Procurement
• Identify Different Procurement Strategies And Understand Importance Of Cost Benefit Analysis
• Understand Basic Procurement Concepts Such As SOO SOW And TCO
• Collaborate With Stakeholders On Procurement Of IT Security Products And Services
• Ensure Inclusion Of Risk-Based IT Security Requirements In Acquisition Plans And Documents
• Design Vendor Selection Process And Management Policy
• Develop Contract Administration Policies For Evaluation And Acceptance Of IT Security Products And Services

Certified Cybersecurity Technician Certification Course Outline

Module 1: Information Security Threats and Vulnerabilities

• Identifying Common Threats
• Vulnerability Assessment
• Risk Evaluation

Module 2: Information Security Attacks

• Social Engineering Attacks
• Network Attacks
• Application-Level Attacks

Module 3: Network Security Fundamentals

• Basics of Network Layers
• Security Protocols
• Network Architecture Security

Module 4: Identification, Authentication, and Authorisation

• Types of Authentication Methods
• Role-Based Access Control (RBAC) Systems
• Biometric Systems

Module 5: Network Security Controls – Administrative Controls

• Security Policies and Procedures
• Compliance and Auditing
• User Training and Awareness Programs

Module 6: Network Security Controls – Physical Controls

• Access Control Mechanisms
• Surveillance and Monitoring
• Environmental Controls

Module 7: Network Security Controls – Technical Controls

• Firewalls and Intrusion Detection Systems
• Encryption Technologies
• Endpoint Security

Module 8: Network Security Assessment Techniques and Tools

• Penetration Testing
• Vulnerability Scanning
• Security Audits

Module 9: Business Continuity and Disaster Recovery

• Disaster Recovery Planning
• Business Continuity Strategies
• Data Backup and Recovery Solutions

Module 10: Application Security

• Secure Software Development Lifecycle (SDLC)
• Application Vulnerability Testing
• Code Review and Security Testing

Module 11: Virtualisation and Cloud Computing

• Securing Virtual Environments
• Cloud Security Architectures
• Cloud Service Models and Security

Module 12: Wireless Network Security

• Wireless Protocols and Encryption
• Securing Wireless Networks
• Wireless Vulnerability Assessments

Module 13: Mobile Device Security

• Mobile Security Best Practices
• Mobile Device Management (MDM)
• Securing Mobile Applications

Module 14: IoT and OT Security

• Security Challenges in IoT
• Securing IoT Devices
• Security in Operational Technology

Module 15: Cryptography

• Fundamentals of Cryptography
• Cryptographic Algorithms
• Cryptography Applications

Module 16: Data Security

• Data Encryption
• Data Masking Techniques
• Secure Data Storage

Module 17: Network Troubleshooting

• Troubleshooting Methodologies
• Common Network Problems
• Tools for Troubleshooting

Module 18: Network Traffic Monitoring

• Techniques for Monitoring Traffic
• Tools and Applications for Traffic Analysis
• Real-Time Traffic Analysis

Module 19: Network Logs Monitoring and Analysis

• Log Management and Analysis Techniques
• Security Information and Event Management (SIEM)
• Log Analysis Tools

Module 20: Incident Response

• Incident Response Lifecycle
• Preparation and Identification
• Containment, Eradication, and Recovery

Module 21: Computer Forensics

• Fundamentals of Computer Forensics
• Forensic Analysis Techniques
• Legal Considerations in Forensics

Module 22: Risk Management

• Risk Assessment Methods
• Mitigation Strategies
• Continuous Monitoring and Review

Certified Penetration Testing Professional Certification Course Outline

Module 1: Introduction to Penetration Testing and Methodologies

• Principles and Objectives of Penetration Testing
• Penetration Testing Methodologies and Frameworks
• Best Practices and Guidelines for Penetration Testing
• Role of Artificial Intelligence in Penetration Testing
• Role of Penetration Testing in Compliance with Laws, Acts, and Standards

Module 2: Penetration Testing Scoping and Engagement

• Penetration Testing: Pre-engagement Activities
• Key Elements Required to Respond to Penetration Testing RFPs
• Drafting Effective Rules of Engagement (ROE)
• Legal and Regulatory Considerations Critical to Penetration Testing
• Resources and Tools for Successful Penetration Testing
• Strategies to Effectively Manage Scope Creep

Module 3: Open-Source Intelligence (OSINT)

• Collect Open-Source Intelligence (OSINT) on Target’s Domain Name
• Collect OSINT about Target Organisation on the Web
• Perform OSINT on Target’s Employees
• OSINT Using Automation Tools
• Map the Attack Surface

Labs:

• Collect OSINT on Target’s Domain Name, Web, and Employees
• Collect OSINT Using Automation Tools
• Identify and Map Attack Surface

Module 4: Social Engineering Penetration Testing

• Social Engineering Penetration Testing Concepts
• Off-site Social Engineering Penetration Testing
• On-site Social Engineering Penetration Testing
• Document Findings with Countermeasure Recommendations

Labs:

• Sniff Credentials Using the Social-Engineer Toolkit (SET)

Module 5: Web Application Penetration Testing

• Web Application Footprinting and Enumeration Techniques
• Techniques for Web Vulnerability Scanning
• Test for Vulnerabilities in Application Deployment and Configuration
• Techniques to Assess Identity Management, Authentication, and Authorisation Mechanisms
• Evaluate Session Management Security
• Evaluate Input Validation Mechanisms
• Detect and Exploit SQL Injection Vulnerabilities
• Techniques for Identifying and Testing Injection Vulnerabilities
• Exploit Improper Error Handling Vulnerabilities
• Identify Weak Cryptography Vulnerabilities
• Test for Business Logic Flaws in Web Applications
• Evaluate Applications for Client-Side Vulnerabilities

Labs:

• Perform Website Footprinting
• Perform Web Vulnerability Scanning Using AI
• Perform Various Attacks on Target Web Application

Module 6: API and Java Web Token Penetration Testing

• Techniques and Tools to Perform API Reconnaissance
• Test APIs for Authentication and Authorisation Vulnerabilities
• Evaluate the Security of JSON Web Tokens (JWT)
• Test APIs for Input Validation and Injection Vulnerabilities
• Test APIs for Security Misconfiguration Vulnerabilities
• Test APIs for Rate Limiting and Denial of Service (DoS) Attacks
• Test APIs for Security of GraphQL Implementations
• Test APIs for Business Logic Flaws and Session Management

Labs:

• Perform API Reconnaissance Using AI
• Scan and Identify Vulnerabilities in APIs
• Exploit Various Vulnerabilities to Gather Information on the Target Application

Module 7: Perimeter Defense Evasion Techniques

• Techniques to Evaluate Firewall Security Implementations
• Techniques to Evaluate IDS Security Implementations
• Techniques to Evaluate the Security of Routers
• Techniques to Evaluate the Security of Switches

Labs:

• Identify and Bypass a Firewall
• Evade Perimeter Defenses Using Social-Engineer Toolkit 
• Perform WAF Fingerprinting

Module 8: Windows Exploitation and Privilege Escalation

• Windows Pen Testing Methodology
• Techniques to Perform Reconnaissance on a Windows Target
• Techniques to Perform Vulnerability Assessment and Exploit Verification
• Methods to Gain Initial Access to Windows Systems
• Techniques to Perform Enumeration with User Privilege
• Techniques to Perform Privilege Escalation
• Post-Exploitation Activities

Labs:

• Exploit Windows OS Vulnerability
• Exploit and Escalate Privileges on a Windows Operating System
• Gain Access to a Remote System
• Exploit Buffer Overflow Vulnerability on a Windows Machine

Module 9: Active Directory Penetration Testing

• Architecture and Components of Active Directory
• Active Directory Reconnaissance
• Active Directory Enumeration
• Exploit Identified Active Directory Vulnerabilities
• Role of Artificial Intelligence in AD Penetration Testing Strategies

Labs:

• Explore the Active Directory Environment
• Perform Active Directory Enumeration
• Perform Horizontal Privilege Escalation and Lateral Movement
• Retrieve Cached Active Directory Credentials

Module 10: Linux Exploitation and Privilege Escalation

• Linux Exploitation and Penetration Testing Methodologies
• Linux Reconnaissance and Vulnerability Scanning
• Techniques to Gain Initial Access to Linux Systems
• Linux Privilege Escalation Techniques

Labs:

• Perform Reconnaissance and Vulnerability Assessment on Linux
• Gain Access and Perform Enumeration
• Identify Misconfigurations for Privilege Escalation

Module 11: Reverse Engineering, Fuzzing, and Binary Exploitation

• Concepts and Methodology for Analysing Linux Binaries
• Methodologies for Examining Windows Binaries
• Buffer Overflow Attacks and Exploitation Methods
• Concepts, Methodologies, and Tools for Application Fuzzing

Labs:

• Perform Binary Analysis
• Explore Binary Analysis Methodology
• Write an Exploit Code
• Reverse Engineer a Binary
• Identify and Debug Stack Buffer Overflows
• Fuzzing an Application

Module 12: Lateral Movement and Pivoting

• Advanced Lateral Movement Techniques
• Advanced Pivoting and Tunneling Techniques to Maintain Access

Labs:

• Perform Pivoting
• Perform DNS Tunneling and HTTP Tunneling

Module 13: IoT Penetration Testing

• Fundamental Concepts of IoT Pentesting
• Information Gathering and Attack Surface Mapping
• Analyse IoT Device Firmware
• In-depth Analysis of IoT Software
• Assess the Security of IoT Networks and Protocols
• Post-Exploitation Strategies and Persistence Techniques
• Comprehensive Pentesting Reports

Labs:

• Perform IoT Firmware Acquisition, Extraction, Analysis, and Emulation
• Probe IoT Devices

Module 14: Report Writing and Post-Testing Actions

• Purpose and Structure of a Penetration Testing Report
• Essential Components of a Penetration Testing Report
• Phases of a Pen Test Report Writing
• Skills to Deliver a Penetration Testing Report Effectively
• Post-Testing Actions for Organisations

Labs:

• Generate Penetration Test Reports

Ethical Hacking Essentials Certification Course Outline

Module 1: Information Security Fundamentals

• Information Security Fundamentals
• Information Security Laws and Regulations

Module 2: Ethical Hacking Fundamentals

• Cyber Kill Chain Methodology
• Hacking Concepts and Hacker Classes
• Different Phases of Hacking Cycle
• Ethical Hacking Concepts, Scope, and Limitations
• Ethical Hacking Tools

Module 3: Information Security Threats and Vulnerability Assessment

• Threat and Threat Sources
• Malware and its Types
• Malware Countermeasures
• Vulnerabilities
• Vulnerability Assessment

Module 4: Password Cracking Techniques and Countermeasures

• Password Cracking Techniques
• Password Cracking Tools
• Password Cracking Countermeasures

Module 5: Social Engineering Techniques and Countermeasures

• Social Engineering Concepts and its Phases
• Social Engineering Techniques
• Insider Threats and Identity Theft
• Social Engineering Countermeasures

Module 6: Network Level Attacks and Countermeasures

• Packet Sniffing Concepts
• Sniffing Techniques
• Sniffing Countermeasures
• DoS and DDoS Attacks
• DoS and DDoS Attack Countermeasures
• Session Hijacking Attacks
• Session Hijacking Attack Countermeasures

Module 7: Web Application Attacks and Countermeasures

• Web Server Attacks
• Web Server Attack Countermeasures
• Web Application Architecture and Vulnerability Stack
• Web Application Threats and Attacks
• Web Application Attack Countermeasures
• SQL Injection Attacks
• SQL Injection Attack Countermeasures

Module 8: Wireless Attacks and Countermeasures

• Wireless Terminology
• Wireless Encryption
• Wireless Network-Specific Attack Techniques
• Bluetooth Attacks
• Wireless Attack Countermeasures

Module 9: Mobile Attacks and Countermeasures

• Mobile Attack Anatomy
• Mobile Platform Attack Vectors and Vulnerabilities
• Mobile Device Management (MDM) Concept
• Mobile Attack Countermeasures

Module 10: IoT and OT Attacks and Countermeasures

• IoT Concepts
• IoT Threats and Attacks
• IoT Attack Countermeasures
• OT Concepts
• OT Threats and Attacks
• OT Attack Countermeasures

Module 11: Cloud Computing Threats and Countermeasures

• Cloud Computing Concepts
• Container Technologies
• Cloud Computing Threats
• Cloud Attack Countermeasures

Module 12: Penetration Testing Fundamentals

• Fundamentals of Penetration Testing and its Benefits
• Strategies and Phases of Penetration Testing
• Guidelines and Recommendations for Penetration Testing

Disaster Recovery Professional Certification Course Outline

Module 01: Introduction to Disaster Recovery and Business Continuity

• Definition, Objectives, and Regulatory Context
• Role of Continuity in Enterprise Risk Management

Module 02: Business Continuity Management (BCM)

• Governance
• Framework
• Programme Establishment

Module 03: Risk Assessment

• Risk Identification
• Analysis
• Evaluation Techniques

Module 04: Business Impact Analysis (BIA)

• Identifying Mission-Critical Functions
• Quantifying Impacts

Module 05: Business Continuity Planning (BCP)

• Strategy Formulation
• Planning Documentation

Module 06: Disaster Recovery Planning Process

• Developing
• Implementing
• Testing DR Plans

Module 07: Data Backup Strategies

• Backup Models
• Retention Policies
• Storage Options

Module 08: Data Recovery Strategies

• Recovery Point Objectives (RPO)
• Recovery Time Objectives (RTO)
• Integrity Checks

Module 09: Virtualisation-Based Disaster Recovery

• Use Of Virtual Machines in Continuity Planning

Module 10: System Recovery

• Rebuilding Systems
• OS Restoration
• Patch Management

Module 11: Centralised and Decentralised System Recovery

• Recovery Architecture Options
• Execution Models

Module 12: BCP Testing, Maintenance, and Training

• Plan Validation
• Awareness Campaigns
• Continuous Improvement

Network Defense Essentials Certification Course Outline

Module 1: Network Security Fundamentals

• Fundamentals of Network Security
• Network Security Protocols

Module 2: Identification, Authentication and Authorisation

• Access Control Principles, Terminologies, and Models
• Identity and Access Management (IAM) Concepts

Lab Exercise:

• Implementing Access Controls in Windows Machine
• Managing Access Controls in Linux Machine
• Implementing Role-Based Access Control in Windows Admin Centre (WAC)

Module 3: Network Security Controls – Administrative Controls

• Regulatory Frameworks, Laws, and Acts
• Design and Develop Security Policies
• Conduct Different Types of Security and Awareness Training

Lab Exercise:

• Implementing Password Policies Using Windows Group Policy

Module 4: Network Security Controls – Physical Controls

• Importance of Physical Security
• Physical Security Controls
• Workplace Security
• Environmental Controls

Module 5: Network Security Controls – Technical Controls

• Types of Network Segmentation
• Types of Firewalls and their Role
• Types of IDS/IPS and their Role
• Types of Honeypots
• Types of Proxy Servers and their Benefits
• Fundamentals of VPN and its importance in Network Security
• Security Incident and Event Management (SIEM)
• User Behaviour Analytics (UBA)
• Antivirus/Anti-Malware Software

Lab Exercise:

• Implementing Host-Based Firewall Protection with iptables
• Implementing Host-Based Firewall Functionality Using Windows Firewall
• Implementing Network-Based Firewall Functionality: Blocking Unwanted Website access using pfSense Firewall
• Implementing Network-Based Firewall Functionality: Blocking Insecure Ports using pfSense Firewall
• Implementing Host-Based IDS Functionality using Wazuh HIDS
• Implementing Network-based IDS Functionality Using Suricata IDS
• Detect Malicious Network Traffic using HoneyBOT
• Establishing Virtual Private Network Connection using SoftEther VPN

Module 6: Virtualisation and Cloud Computing

• Virtualisation Essential Concepts and OS
• Virtualisation Security
• Cloud Computing Fundamentals
• Insights of Cloud Security and Best Practices

Lab Exercise:

• Auditing Docker Host Security Using Docker-Bench-Security Tool
• Implementing AWS Identity and Access Management
• Securing Amazon Web Services Storage

Module 7: Wireless Network Security

• Wireless Network Fundamentals
• Wireless Network Encryption Mechanisms
• Types of Wireless Network Authentication Methods
• Implement Wireless Network Security Measures

Lab Exercise:

• Configuring Security on a Wireless Router

Module 8: Mobile Device Security

• Mobile Device Connection Methods
• Mobile Device Management Concepts
• Common Mobile Usage Policies in Enterprises
• Security Risks and Guidelines Associated with Enterprises Mobile Usage Policies
• Implement Enterprise-level Mobile Security Management Solutions
• Implement General Security Guidelines and Best Practices on Mobile Platforms
• Lab Exercise:
• Implementing Enterprise Mobile Security Using Miradore MDM Solution

Module 9: IoT Device Security

• IoT Devices, Application Areas, and Communication Models
• Security in IoT-Enabled Environments

Lab Exercise:

• Securing IoT Device Communication Using TLS/SSL

Module 10: Cryptography and PKI

• Cryptographic Techniques
• Cryptographic Algorithms
• Cryptography Tools
• Public Key Infrastructure (PKI)

Lab Exercise:

• Calculate One-way Hashes using HashCalc
• Calculate MD5 Hashes using HashMyFiles
• Create a Self-signed Certificate

Module 11: Data Security

• Data Security and its Importance
• Security Controls for Data Encryption 8
• Data Backup and Retention
• Data Loss Prevention Concepts

Lab Exercise:

• Perform Disk Encryption using VeraCrypt
• File Recovery Using EaseUS Data Recovery Wizard
• Backing Up and Restoring Data in Windows

Module 12: Network Traffic Monitoring

• Need and Advantages of Network Traffic Monitoring
• Determine Baseline Traffic Signatures for Normal and Suspicious Network Traffic
• Perform Network Monitoring for Suspicious Traffic

Lab Exercise:

• Capturing Network Traffic using Wireshark
• Applying Various Filters in Wireshark
• Analysing and Examining Various Network Packet Headers in Linux using tcpdump

Certified Application Security Engineer Certification Course Outline

Module 1: Understanding Application Security, Threats and Attacks

• What is a Secure Application
• Need for Application Security
• Most Common Application Level Attacks
• Why Applications become Vulnerable to Attacks
• What Consistutes Comprehensive Application Security
• Insecure Application: A Software Development Problem
• Software Security Standards, Models and Frameworks

Module 2: Security Requirements Gathering

• Importance of Gathering Security Requirements
• Security Requirement Engineering (SRE)
• Abuse Case and Security Use Case Modeling
• Abuser amd Security Stories
• Security Quality Requirements Engneering (SQUARE)
• Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)

Module 3: Secure Application Design and Architecture

• Relative Cost of Fixing Vulnerabilities at Different Phases of SDLC
• Secure Application Design and Architecture
• Goal of Secure Design Process
• Secure Design Actions
• Secure Design Principles
• Threat Modeling
• Decompose Application
• Secure Application Architecture

Module 4: Secure Coding Practices for Input Validation

• Input Validation Pattern
• Validation and Security Issues
• Impact of Invalid Data Input
• Data Validation Techniques
• Input Validation using Frameworks and APIs
• Open Source Validation Framework for Java
• Servlet Filters Validation Filters for Servlet
• Data Validation using OWASP ESAPI
• Data Validation: Struts Framework
• Data Validation: Spring Framework
• Input Validation Errors
• Common Secure Coding Practices

Module 5: Secure Coding Practices for Authentication and Authorisation

• Introduction to Authentication
• Types of Authentication
• Authentication Weaknesses and Prevention
• Introduction to Authorisation
• Access Control Model
• EJB Authorisation
• Java Authentication and Authorisation (JAAS)
• Java EE Security
• Authorisation Common Mistakes and Countermeasures
• Authentication and Authorisation in Spring Security Framework
• Defensive Coding Practices against Broken Authentication and Authorisation
• Secure Development Checklists: Broken Authentication and Session Management

Module 6: Secure Coding Practices for Cryptography

• Java Cryptographic
• Encryption and Secret Keys
• Cipher Class
• Digital Signatures
• Secure Socket Layer (SSL)
• Key Management
• Digital Signatures
• Signed Code Sources
• Hashing
• Java Card Cryptography
• Spring Security: Crypto Module
• Do's and Dont's in Java Cryptography
• Best Practices for Java Cryptography

Module 7: Secure Coding Practices for Session Management

• Session Management
• Session Tracking
• Session Management in Spring Security
• Session Vulnerabilities and their Mitigation Techniques
• Best Practices and Guidelines for Secured Sessions Management
• Checklist to Secure Credentials and Session ID's
• Guidelines for Secured Session Management

Module 8: Secure Coding Practices for Error Handling

• Introduction to exceptions
• Erroneous Exceptional Behaviors
• Dos and Don'ts in Error Handling
• Spring MVC Error Handling
• Exception Handling in Struts 2
• Best Practices for Error Handling
• Introduction to Logging
• Logging using Log4j
• Secure Coding in Logging

Module 9: Static and Dynamic Application Security Testing (SAST and DAST)

• Static Application Security Testing
• Manual Secure Code Review for Most Common Vulnerabilities
• Code Review: Check List Approach
• SAST Finding
• SAST Report
• Dynamic Application Security Testing
• Automated Application Vulnerability Scanning Tools
• Proxy-based Security Testing Tools
• Choosing between SAST and DAST

Module 10: Secure Deployment and Maintenance

• Secure Deployment
• Prior Deployment Activity
• Deployment Activities: Ensuring Security at Various Levels
• Ensuring Security at Host Level
• Ensuring Security at Network Level
• Ensuring Security at Application Level
• Ensuring Security at Web Container Level (Tomcat)
• Ensuring Security in Orcale
• Security Maintenance and Monitoring

ICS/SCADA Cybersecurity Certification Course Outline

Module 1: Introduction to ICS/SCADA Network Defence

LAB: Security Model

• IT Security Model
• ICS/SCADA Security Model

LAB: Allowing a Service

• Security Posture
• Risk Management in ICS/SCADA
• Risk Assessment
• Defining Types of Risk
• Security Policy

Module 2: TCP/IP 101

• Introduction and Overview
• Introducing TCP/IP Networks
• Internet RFCs and STDs
• TCP/IP Protocol Architecture
• Protocol Layering Concepts
• TCP/IP Layering
• Components of TCP/IP Networks
• ICS/SCADA Protocols

Module 3: Introduction to Hacking

• Review of the Hacking Process
• Hacking Methodology
• Intelligence Gathering
• Foot printing
• Scanning
• Enumeration
• Identify Vulnerabilities
• Exploitation
• Covering Tracks

LAB: Hacking ICS/SCADA Networks Protocols

• How ICS/SCADA Are Targeted?
• Study of ICS/SCADA Attacks
• ICS/SCADA as a High-Value Target
• Attack Methodologies In ICS

Module 4: Vulnerability Management

• Challenges of Vulnerability Assessment
• System Vulnerabilities
• Desktop Vulnerabilities
• ICS/SCADA Vulnerabilities
• Interpreting Advisory Notices
• CVE
• ICS/SCADA Vulnerability Sites
• Life Cycle of a Vulnerability and Exploit
• Challenges of Zero-Day Vulnerability
• Exploitation of a Vulnerability
• Vulnerability Scanners
• ICS/SCADA Vulnerability Uniqueness
• Challenges of Vulnerability Management Within ICS/SCADA

LAB: Vulnerability Assessment

• Prioritising Vulnerabilities
• CVSS
• OVAL

Module 5: Standards and Regulations for Cybersecurity

• ISO 27001
• ICS/SCADA
• NERC CIP
• CFATS
• ISA99
• IEC 62443
• NIST SP 800-82

Module 6: Securing the ICS Network

• Physical Security
• Establishing Policy – ISO Roadmap
• Securing the Protocols Unique to the ICS
• Performing a Vulnerability Assessment
• Selecting and Applying Controls to Mitigate Risk
• Monitoring
• Mitigating the Risk of Legacy Machines

Module 7: Bridging the Air Gap

• Do You Really Want to Do This?
• Advantages and Disadvantages
• Guard
• Data Diode
• Next Generation Firewalls

Module 8: Introduction to Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS)

• What IDS Can and Cannot Do
• Types IDS
• Network
• Host
• Network Node
• Advantages of IDS
• Limitations of IDS
• Stealth the IDS
• Detecting Intrusions

Ethical Hacking Core Skills Certification Course Outline

Module 1: Introduction to Required Skills for Security

• Understanding Foundational Security Skills
• Packet and Binary Level Traffic Analysis
• TCP/IP Protocol Fundamentals
• Understanding Threats and Vulnerabilities at Lower Layers
• Essential UNIX/Linux Survival Skills
• What Skills are Needed to Succeed in Ethical Hacking and Security Roles

Module 2: Introduction and Overview

• Definition and Scope of Ethical Hacking
• Ethical Hacking Lifecycle and Methodology
• Legal and Compliance Considerations
• Role of an Ethical Hacker in Organisations
• Course Objectives and How EHCS Bridges to CEH

Module 3: UNIX / Linux

• Basic Commands for File System Navigation and Manipulation
• Users, Groups, Permissions, and Ownership
• Process Management and Monitoring
• Shell Basics and Scripting Essentials
• System Logs and Basic Administration Tasks
• Networking Commands

Module 4: Introducing Linux

• Installation Basics and Environment Setup
• Using Both GUI and CLI Effectively
• File Systems, Partitions, and Disk Management
• Managing System Services
• Package Management and System Updates
• Basic System Hardening and Security Configuration

Module 5: Overview of Virtual Machines

• Purpose of VMs in Security and Ethical Hacking
• Installing and Configuring Virtual Machines
• Using Snapshots, Cloning, and Restoring Environments
• Network Configurations
• Isolating Labs to Avoid Interference with Host OS
• Safe Experimentation in Virtual Labs

Module 6: Introduction to Vulnerability Assessment

• Definition of Vulnerabilities, Threats, and Risks
• Common Types of Vulnerabilities
• Tools and Techniques for Vulnerability Scanning
• Analysing and Interpreting Scan Results
• Prioritising and Remediating Vulnerabilities
• Reference to Vulnerability Databases

Module 7: Introduction to the Hacking Process

• Phases of Ethical Hacking
• Packet and Binary-Level Protocol Analysis
• Identifying Crafted and Malformed Packets
• Mapping Methodology to Attack Simulations
• Understanding Attacker Mindset vs Ethical Boundaries
• Live Demonstrations of Basic Attack Flows

Module 8: Challenges of Staying Current

• Importance of Staying up to Date in Cybersecurity
• Emerging Vulnerabilities, Zero-Day Exploits, and Patches
• Continuous Updates to Tools and Methodologies
• Using Threat Intelligence and Community Resources
• Legal and Regulatory Changes Impacting Cybersecurity
• Best Practices for Continuous Learning and Research

Malware and Memory Forensics Certification Course Outline

Module 1: Types of Analysis

• Swap Space Analysis
• Memory Analysis
• Data Acquisition As Per RFC 3227

Module 2: In-memory Data

• Current Processes
• Memory Mapped Files
• Caches
• Open Ports

Module 3: Memory Architectural Issues

• Data Structures
• Windows Objects
• Processes
• Handles
• Pool-tag Scanning
• %SystemDrive%/hiberfil.sys
• Page/Swap File

Module 4: Tools Used

• Using Volatility
• Dumpit.exe
• hibr2bin
• Win32dd
• Win64dd
• OSForensics

Module 5: Registry in Memory

• Overview of Registry in Memory

Certified Project Management Training Course Outline

Module 1: Introduction to Project Management

• Definition and Importance of Project Management
• Project Management Frameworks and Methodologies
• Roles and Responsibilities of a Project Manager
• Project Life Cycle Phases
• Key Project Management Terminologies
• Introduction to Project Management Software Tools