Cyber Security

Introduction to Information Security

• What is Information

• Data v/s Information

• Need for security

• SDLC

• Security SDLC

Introduction to Cyber Security

• What is Cyber Security?

• History of Cyber Security

• Importance of Cyber Security

• Introduction to Cyber Security tools & Cyber Attacks

• Cybersecurity Definition

• Cyber Security Domains

• CIA Triad

• Non - Repudiation - How does it apply to CIA

• Access Management

• Cybersecurity Compliance and Audit Overview

• Vulnerability, Threat and Risk

• The Impact of 9/11 on Cybersecurity

• Cybersecurity Today

• Beyond Technology: Critical Thinking in Cybersecurity

Networking Fundamentals

• Computer Networks and Types of Networks

• Network Devices

• IP and MAC Address

• IPv4 and IPV6 Packet Structure

• Addressing and Subnetting

• OSI Model and TCP/IP Model

• Network Protocols (TCP, UDP, ICMP, ARP)

• Network Services (DNS, DHCP, SNMP, FTP)

• Packet Analysis using Wireshark

Network Security

• Internet, Intranet, and Extranet

• DMZ

• DNSSEC

• Firewalls

• IDS, IPS and IDPS

• VPN and tunneling

• Network Address Translation (NAT) and PAT

• Honeypots & Deception Technology

• Practical Assignment - I

Vulnerability Management

• Fundamentals of Vulnerability Assessment and Management

• Vulnerability Assessment tool Deployment Strategy

• Scanning Methodologies

• Authenticated vs Non-Authenticated Scanning

• Planning and Performing Infrastructure Security Assessment

• Interpreting and Calculating CVSS Score

• Risk Identification and Categorization

• Reporting

• Patches and Updates

Network Penetration Testing

• Introduction to Penetration Testing

• Types of Penetration Testing

• Pentesting Services

• Penetration Testing Phases

• Pre-Engagement Actions

• OSINT

• Exploitation (Automated)

• Password Cracking

Advanced Network Pentesting

• Manual Exploitation of System Vulnerabilities

• Post-Exploitation

• Privilege Escalation (Linux and Windows)

• Pivoting and Double Pivoting

• Resolution & Retesting

• File Security

Cryptography

• Introduction to Cryptography

• Symmetric Ciphers

• Asymmetric Ciphers

• Pseudo-Random Number Generator

• Building SSL certificates

• Digital Certificates and Digital Signatures

• Disk Encryption

• Hashing

• Encoding

• Steganography

Web Fundamentals

• Web application Technologies

• Web Application offence and defence

• Web Reconnaissance

• Web Application Vulnerability Assessment

• CMS Enumeration and Exploitation

• Tools - Nikto, OWASP-Zap, gobuster, wpscan

Web Application Pentesting

• OWASP Top 10 Web Risks

• Web Application Pentesting Checklist

• Authentication & Authorization

• Session Management

• File Security

• Web Application Firewalls

• Tools - BurpSuite, Sqlmap, wafw00f

• Practical Assignment - III & Capture The Flag (CTF) - II

Social Engineering

• Phishing Attacks

• Social Engineering Campaigns

• Human based attacks

• Defense against Social Engineering

Cloud Security

• Architectural Concept and Design Requirements

• Deployment Models and Security

• Cloud Platform and Infrastructure Security

• Container Security

• Cloud Data Security

• Legal and Compliance Implications

Scripting Basics for Pentesting

• Basics of Shell Scripting

• Basics of Python Programming

• Automating Pentesting with Python

Binary Exploitation

• - Understanding Buffer Overflow

• - Exploiting Buffer Overflow Vulnerability

• - Writing Exploit Code using Python

Activities:

1. Assess cyber security risk management policies in order to protect an

organizations critical information

2. Ability to formulate, update and communicate short- and long-term

organization cyber security strategies and policies

3. Improve the analytical knowledge of the students to design a cyber security

model to secure the data using modern tools and techniques