‍MODULE 1 - Networking  Concepts

1. Networking Fundamentals

• What is a network? LAN, WAN, MAN
• Types of networks
• OSI Model
• TCP/IP Model – mapping with OSI
• IP Addresses, Subnetting, CIDR
• Public vs Private IP
• MAC Address, ARP, RARP
• DHCP, DNS, NAT, PAT
• Proxy, VPN, Tor

2. Network Devices

• Router, Switch, Hub, Bridge
• Access Points, Firewalls, IDS/IPS
• Load balancers, Gateways

3. Network Protocols

• TCP vs UDP
• HTTP/HTTPS
• FTP, SFTP, SSH
• SMTP, POP3, IMAP
• SMB, SNMP
• ICMP, IGMP

4. Packet Analysis

• Introduction to Wireshark
• Packet structure (Ethernet, IP, TCP)
• Capturing & analyzing packets
• Real-time traffic analysis
• Common network attacks visible in packets

MODULE 2 - Linux OS  Concepts

1. Linux Installation

2. Linux Basics

• Linux architecture
• File system structure
• Shell & terminal basics
• User & group management
• File permissions (chmod, chown)
• Sudo, root privileges

3. Essential Linux Commands

• Navigation (cd, ls, pwd)
• File operations (cp, mv, rm, mkdir)
• Viewing files (cat, less, nano, vi)
• System commands (top, ps, kill)
• Using grep, awk, sed
• Networking commands (ifconfig/ip, netstat/ss, ping, traceroute)

4. Bash Scripting

• Writing automation scripts
• Scheduling tasks (cron)
• Script for recon automation

5. Practical Linux for Hackers

• SSH usage
• Editing configs
• Managing services (systemctl)
• Package management (apt, yum)
• Installing hacking tools
• Building a hacking lab in Linux

MODULE 3 — Cyber Security Basics

1. Introduction to Cyber Security

• CIA Triad
• AAA( Authentication, Authorization, Accounting)
• Security controls (Technical, Admin, Physical)
• Red vs Blue vs Purple Teams
• Threats, Vulnerabilities, Exploits

2. Malware Concepts

• Types: Virus, Worm, Trojan, Ransomware, Spyware
• Attack lifecycle
• Real-world attack case studies

3. Networking Security Basics

• Firewalls
• IDS/IPS
• VPNs
• Zero Trust

4. OWASP Top 10 (Basic Overview)

• Injection
• Broken Authentication
• XSS
• SSRF
• RCE
• Security Misconfiguration
• Broken Access Control

5. Cyber Kill Chain & MITRE ATT&CK

• Reconnaissance
• Weaponization
• Delivery
• Exploitation
• Installation
• C2
• Actions on Objectives

6. Security Tools Overview

• Nmap
• Burp Suite
• Metasploit
• Wireshark
• Nikto
• Gobuster
• FFUF

MODULE 4 — Ethical Hacking

1.  Introduction to Ethical Hacking

• What is ethical hacking?
• Footprinting & recon
• Passive vs active reconnaissance
• Types of hackers
• Rules of engagement
• Legal & responsible disclosure

2. Reconnaissance Techniques

a. Passive Recon

• OSINT basics
• Whois, dig, nslookup
• Email OSINT
• Subdomain enumeration
• Shodan, Censys

b. Active Recon

• Port scanning with Nmap
• Service enumeration
• Banner grabbing
• Identifying versions & vulnerabilities

3. Vulnerability Scanning

• Automated scanners
• Nessus, OpenVAS
• VA scanning best practices

4. System Hacking Basics

• Password attacks
• Hashes & cracking (John, Hashcat)
• Privilege escalation fundamentals
• Windows & Linux attack fundamentals

5. Web Application Hacking Basics

• Introduction to HTTP/HTTPS
• Burp Suite basics
• Common web vulnerabilities (high-level)

6. Exploitation Basics

• Working with Metasploit
• Creating payloads
• Reverse shell vs bind shell
• Basic post-exploitation

MODULE 5 - Penetration Testing

1. Web Application Penetration Testing

A. Web Fundamentals

• HTTP methods
• Cookies, sessions, tokens
• CORS
• JWT

B. OWASP Top 10 Deep-Dive

1. Authentication Vulnerabilities

• Broken auth
• Bypass methods
• 2FA bypass

2. Access Control Attacks

• IDOR
• Horizontal & vertical privilege escalation

3. Injection Attacks

• SQL Injection (manual + tools)
• NoSQL Injection
• Command Injection
• LDAP, XML Injection

4. Cross-Site Scripting (XSS)

• Reflected, Stored, Blind
• Cookie stealing
• Payload building

5. SSRF

• Blind SSRF
• Cloud metadata exploitation

6. File Upload Attacks

• Web shells
• Filter bypass

7. Deserialization Vulnerabilities

8. Business Logic Vulnerabilities

9. LFI & RFI

10.  P4 Vulnerabilities

C. Tools & Automation

• Burp Suite Pro / Community
• FFUF / Gobuster
• Dirsearch
• SQLMap
• XSStrike
• Nuclei

2. API Penetration Testing

A. API Basics

• REST, SOAP
• HTTP verbs
• JWT, OAuth2

B. API Enumeration

• Swagger
• Postman
• API discovery using tools

C. API Vulnerabilities

• Broken object level authorization (BOLA)
• Broken auth
• Mass assignment
• Rate limit bypass
• Injection in APIs

D. Real-world API attack labs

3. Network Penetration Testing

1. Information Gathering

• Network mapping
• Host discovery
• Nmap advanced scanning

2. Enumeration Techniques

• SMB, FTP, SSH, SNMP enumeration
• NetBIOS, RPC enumeration

3. Exploitation

• Exploiting Windows vulnerabilities
• EternalBlue, MS17-010
• Linux exploitation
• Buffer overflow basics

4. Password Attacks

• Hydra, Medusa
• Cracking Windows hashes

5. Post-Exploitation

• Privilege escalation (Windows & Linux)
• Persistence methods
• Credential dumping
• Pass-the-hash attacks

4 - Android Penetration Testing

1. Introduction to Android Architecture

• APK structure
• Manifest file
• Dalvik & ART

2. Static Analysis

• Decompiling APKs
• JADX, apktool
• Code review basics

3. Dynamic Analysis

• Using emulator
• Frida basics
• Burp Suite Android setup

4. Android Vulnerabilities

• Insecure data storage
• Hardcoded keys
• WebView vulnerabilities
• Unsafe authentication
• Root detection bypass
• SSL pinning bypass

5. API + Mobile combined attacks

‍