Zorba Softed

Every Monday and Thursday - 1 PM CST

Join our Webinar

Courses>> Cyber Security

Cyber Security

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.

Overview

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

Basic IT Knowledge: Understanding fundamental concepts of computer networks, operating systems, and programming languages is essential. Knowledge of hardware, software, and how they interact is foundational.

Understanding of Networking: Familiarity with networking concepts such as TCP/IP, DNS, DHCP, routing, and subnetting is crucial. Knowledge of how data moves across networks and the internet is fundamental to cybersecurity.

Operating Systems: Proficiency in at least one operating system, such as Windows, Linux, or macOS, is necessary. Understanding their architecture, file systems, permissions, and security features is important.

System Conf: Processor: i7, i9(intel only) RAM: 16 GB to 64GB Storagse: 500GB should be free

Cyber Security Training Program

Module

Topic

Hours

Subtopics / Details

Module 1

Introduction to Cyber Security

7

– Teams in Cyber Security

– Understanding Important Terminologies

– Basic Concepts of Information Security, Application Security and Infra Security

– Kali Linux Installation

– Linux CLI and GUI Basics

– Basic to Advanced Linux Commands

Module 2

Web Application Penetration Testing

10

– HTTP Status Codes

– HTTP Methods

– Web Application and WAF Basics

– Hacking Methodology

– Cyber Kill Chain Methodology

– ATT&CK MITRE Framework

– OWASP Top 10 for Web App

– SANS Top 25

– PCIDSS and HIPPA Compliance Basics

 

Reconnaissance

90

– Information Gathering

– Foot-printing

1. Sub-Domain Enumeration  

a. Active Sub-domain Enumeration  

b. Passive Sub-domain Enumeration  

c. Permutation and Combination Method

2. Endpoint Enumeration  

a. Active Endpoint Enumeration (Fuzzing, Python Script)  

b. Passive Endpoint Enumeration (Waybackurls, Gau)

3. Technology Detection (Nuclei, Wappalyzer)

4. Dorking (Google Dorking, GitHub Dorking)

 

Web Vulnerability Analysis and Penetration Testing

 

1. Injection  

– Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind, Self  

– HTML Injection  

– SQL Injection  

– Remote Code Execution  

– Command Injection  

– Host Header Injection

2. Subdomain and Cloud Endpoints Takeover

3. Authentication Bypass Techniques:  

a. Response Manipulation  

b. Status Code Manipulation  

c. OTP Exposure in Response  

d. Null OTP  

e. No Rate Limit Abuse  

f. X-Forwarded-Host Trick  

g. Null Byte Exploitation  

h. Race Condition

4. Sensitive Information Hardcoded in Web App

5. Cross-Site Request Forgery (CSRF)

6. Server-Side Request Forgery (SSRF): Internal, External, Hybrid

7. Broken Access Control:  

a. Horizontal Privilege Escalation (IDOR, DOR)  

b. Vertical Privilege Escalation (IDOR, DOR)

8. Clickjacking

9. Broken Link Hijacking

10. EXIF Metadata Extraction

11. CORS Misconfigurations

12. Nuclei Custom Scripting

13. Python Scripting to Automate WAPT

14. Advanced Burp Suite (Community & Professional Editions)

Module 3

Infrastructure VAPT

21

Server VAPT:

– Manual Black Box VAPT

– Advanced Nmap and Metasploit

– Practical: Hacking Two Linux and One Windows Machines

Automated Server VAPT (Authenticated & Unauthenticated):

– Nessus

– OpenVAS

– Rapid7

Firewall, IDS, IPS, and Networking Device VAPT:

– Nessus

– OpenVAS

– Rapid7

Module 4

API Penetration Testing (REST, SOAP, GraphQL)

16

– OWASP Top 10 for API

– Postman Tool Basics

– API Collection (Headers, Params, Body)

– OWASP ZAP (Zap Proxy)

– Burp Suite API VAPT

API Vulnerabilities:

1. Injection  

– Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind  

– SQL Injection  

– File Upload Command Injection

2. Sensitive Info in Response

3. Mass Assignment

4. Broken Access Control:  

a. Horizontal Escalation (IDOR, DOR)  

b. Vertical Escalation (IDOR, DOR)

5. CSRF

6. REST, SOAP, GraphQL API Vulnerabilities

Module 5

SOC and NOC

15 (2 Weeks)

– SIEM Tools and Process

– Secure Network Design and Architecture

– VPNs and Secure Web Gateways

– Advanced SOC Operations

– Advanced NOC Operations

– Incident Handling Procedures

Module 6

Digital Forensics

100

– Fundamentals of Computer Forensics

– Cybercrime Investigations

– Digital Evidence and eDiscovery

– Forensic Readiness

– Processes and Technologies

– Investigator Roles

– Investigation Challenges

– Standards and Legal Compliance

Phases of Forensic Investigation:

– First Response

– Pre-Investigation

– Investigation

– Post-Investigation

Storage and File Systems:

– Hard Disk & Logical Structures

– OS Boot Process (Windows, Linux, macOS)

– File Systems Analysis

Data Acquisition:

– Imaging, Duplication, Deleted File Recovery

Anti-Forensics & Detection Techniques:

– Data Deletion, File Carving

– Password Cracking

– Steganography, Metadata Forensics

– Obfuscation Detection

– SSD File Carving

System Forensics:

– Windows (Memory, Registry, Artifacts)

– Linux (Volatile/Non-Volatile, Memory)

– Mac (Volatile/Non-Volatile, Tools)

Network Forensics:

– IoCs, Traffic Analysis, Incident Detection

– Wireless Network Investigation

Web Application Forensics:

– IIS and Apache Logs

– Web Attack Investigation

Module 7

Network Security

20

– Blocking and Rule Configuration

– Policy Routes for Active Attacks

– Advanced F/W, IDS, IPS, DMZ, Bastion Host

– Understanding Disaster Recovery

– Post-attack Response Actions

Module 8

Legal and Ethical Aspects of Cyber Security

8

– Cyber Laws and Regulations

– Data Protection and Privacy

– Ethical Hacking Guidelines

Cybersecurity professionals are in high demand across the globe, with opportunities spanning from entry-level roles to advanced, specialized positions. With the right training and certifications, individuals can pursue careers such as:

  • Identity and Access Management (IAM) Specialist – Managing user identities and permissions across digital systems.
  • Endpoint Security Specialist – Protecting devices like computers and mobile phones from cyber threats.
  • Incident Response Specialist – Investigating, containing, and mitigating cybersecurity incidents.
  • Cybersecurity Analyst – Monitoring networks and systems to detect and respond to security breaches.
  • Offensive Security Analyst / Penetration Tester – Conducting simulated attacks to identify and fix security vulnerabilities.
  • Defensive Security Analyst / SOC Analyst – Monitoring and defending organizational assets from cyber threats in real-time.
  • Application Security (AppSec) Analyst – Ensuring that software applications are free from security flaws.
  • Cloud Security Analyst – Securing data and applications hosted in cloud environments.
  • Security Operations Centre (SOC) / Network Operations Centre (NOC) Analyst – Handling operational security tasks and network performance.
  • Security Auditor – Evaluating an organization’s compliance with security policies and standards.
  • Network Security Analyst – Designing and implementing measures to protect the integrity of network infrastructure.

Industries Hiring Cybersecurity Professionals

Cybersecurity experts are essential in nearly every sector due to the increasing reliance on digital infrastructure and the growing threat of cyberattacks. Key industries actively hiring cybersecurity professionals include:

  • Financial Services
  • Healthcare
  • Government and Defense
  • Information Technology and Services
  • E-commerce and Retail
  • Telecommunications
  • Education
  • Energy and Utilities
Basic IT Knowledge: Understanding fundamental concepts of computer networks, operating systems, and programming languages is essential. Knowledge of hardware, software, and how they interact is foundational.

Understanding of Networking: Familiarity with networking concepts such as TCP/IP, DNS, DHCP, routing, and subnetting is crucial. Knowledge of how data moves across networks and the internet is fundamental to cybersecurity.

Operating Systems: Proficiency in at least one operating system, such as Windows, Linux, or macOS, is necessary. Understanding their architecture, file systems, permissions, and security features is important.

System Conf: Processor: i7, i9(intel only) RAM: 16 GB to 64GB Storagse: 500GB should be free

Module 1: Introduction to Cyber Security (7 hours)

  • Teams in Cyber Security
  • Understanding Important Terminologies
  • Basic Concepts of Information Security, Application Security and Infra Security
  • Kali Linux Installation
  • Linux CLI and GUI Basics
  • Basic to Advanced Linux Commands

Module 2: Web Application Penetration Testing (10 hours)

  • HTTP Status Codes
  • HTTP Methods
  • Web Application and WAF Basics
  • Hacking Methodology
  • Cyber Kill Chain Methodology
  • ATT&CK MITRE Framework
  • OWASP Top 10 for Web App
  • SANS Top 25
  • PCIDSS and HIPPA Compliance Basics

Reconnaissance (90 hours)

– Information Gathering

– Foot-printing

1. Sub-Domain Enumeration

a. Active Sub-domain Enumeration

b. Passive Sub-domain Enumeration

c. Permutation and Combination Method


2. Endpoint Enumeration

a. Active Endpoint Enumeration (Fuzzing, Python

Script)

b. Passive Endpoint Enumeration (Waybackurls, Gau)

3. Technology Detection (Nuclei, Wappalyzer)

4. Dorking (Google Dorking, GitHub Dorking)

Web Vulnerability Analysis and Penetration Testing

1. Injection

Blind, Self

– HTML Injection

– SQL Injection

– Remote Code Execution

– Command Injection

– Host Header Injection

– Cross-Site Scripting (XSS): Reflected, Stored, DOM,

2. Subdomain and Cloud Endpoints Takeover

3. Authentication Bypass Techniques:

a. Response Manipulation

b. Status Code Manipulation

c. OTP Exposure in Response

d. Null OTP

e. No Rate Limit Abuse

f. X-Forwarded-Host Trick

g. Null Byte Exploitation

h. Race Condition

4. Sensitive Information Hardcoded in Web App

5. Cross-Site Request Forgery (CSRF)

6. Server-Side Request Forgery (SSRF): Internal,

External, Hybrid

7. Broken Access Control:

a. Horizontal Privilege Escalation (IDOR, DOR)

b. Vertical Privilege Escalation (IDOR, DOR)


8. Clickjacking


9. Broken Link Hijacking


10. EXIF Metadata Extraction


11. CORS Misconfigurations


12. Nuclei Custom Scripting


13. Python Scripting to Automate WAPT

14. Advanced Burp Suite (Community & Professional Editions)

Module 3: Infrastructure VAPT (21 hours)

Server VAPT:

– Manual Black Box VAPT

– Advanced Nmap and Metasploit

– Practical: Hacking Two Linux and One Windows

Machines

Automated Server VAPT (Authenticated & Unauthenticated):

– Nessus

– OpenVAS

– Rapid7

Firewall, IDS, IPS, and Networking Device VAPT:

– Nessus

– OpenVAS

– Rapid7

Module 4: API Penetration Testing (REST, SOAP, GraphQL) (16 hours)

– OWASP Top 10 for API

– Postman Tool Basics

– API Collection (Headers, Params, Body)

– OWASP ZAP (Zap Proxy)

– Burp Suite API VAPT

API Vulnerabilities:

1. Injection

– Cross-Site Scripting (XSS): Reflected, Stored, DOM,

Blind

– SQL Injection

– File Upload Command Injection

2. Sensitive Info in Response

3. Mass Assignment

4. Broken Access Control:

a. Horizontal Escalation (IDOR, DOR)

b. Vertical Escalation (IDOR, DOR)

5. CSRF6. 

6. REST, SOAP, GraphQL API Vulnerabilities

Module 5: SOC and NOC15 (2 Weeks)

– SIEM Tools and Process

– Secure Network Design and Architecture

– VPNs and Secure Web Gateways

– Advanced SOC Operations

– Advanced NOC Operations

– Incident Handling Procedures

Module 6: Digital Forensics (100 hours)

– Fundamentals of Computer Forensics

– Cybercrime Investigations

– Digital Evidence and eDiscovery

– Forensic Readiness

– Processes and Technologies

– Investigator Roles

– Investigation Challenges

– Standards and Legal Compliance

Phases of Forensic Investigation:

– First Response

– Pre-Investigation

– Investigation

– Post-Investigation

Storage and File Systems:

– Hard Disk & Logical Structures

– OS Boot Process (Windows, Linux, macOS)

– File Systems Analysis

Data Acquisition:

– Imaging, Duplication, Deleted File Recovery

Anti-Forensics & Detection Techniques:

– Data Deletion, File Carving

– Password Cracking

– Steganography, Metadata Forensics

– Obfuscation Detection

– SSD File Carving

System Forensics:

– Windows (Memory, Registry, Artifacts)

– Linux (Volatile/Non-Volatile, Memory)

– Mac (Volatile/Non-Volatile, Tools)

Network Forensics:

– IoCs, Traffic Analysis, Incident Detection

– Wireless Network Investigation

Web Application Forensics:

– IIS and Apache Logs

– Web Attack Investigation

 

Module 7: Network Security (20 hours)

– Blocking and Rule Configuration

– Policy Routes for Active Attacks

– Advanced F/W, IDS, IPS, DMZ, Bastion Host

– Understanding Disaster Recovery

– Post-attack Response Actions

Module 8 : Legal and Ethical Aspects of Cyber Security (8 hours)

– Cyber Laws and Regulations

– Data Protection and Privacy

– Ethical Hacking Guidelines

Cybersecurity professionals are in high demand across the globe, with opportunities spanning from entry-level roles to advanced, specialized positions. With the right training and certifications, individuals can pursue careers such as:

  • Identity and Access Management (IAM) Specialist – Managing user identities and permissions across digital systems.
  • Endpoint Security Specialist – Protecting devices like computers and mobile phones from cyber threats.
  • Incident Response Specialist – Investigating, containing, and mitigating cybersecurity incidents.
  • Cybersecurity Analyst – Monitoring networks and systems to detect and respond to security breaches.
  • Offensive Security Analyst / Penetration Tester – Conducting simulated attacks to identify and fix security vulnerabilities.
  • Defensive Security Analyst / SOC Analyst – Monitoring and defending organizational assets from cyber threats in real-time.
  • Application Security (AppSec) Analyst – Ensuring that software applications are free from security flaws.
  • Cloud Security Analyst – Securing data and applications hosted in cloud environments.
  • Security Operations Centre (SOC) / Network Operations Centre (NOC) Analyst – Handling operational security tasks and network performance.
  • Security Auditor – Evaluating an organization’s compliance with security policies and standards.
  • Network Security Analyst – Designing and implementing measures to protect the integrity of network infrastructure.

Industries Hiring Cybersecurity Professionals

Cybersecurity experts are essential in nearly every sector due to the increasing reliance on digital infrastructure and the growing threat of cyberattacks. Key industries actively hiring cybersecurity professionals include:

  • Financial Services
  • Healthcare
  • Government and Defense
  • Information Technology and Services
  • E-commerce and Retail
  • Telecommunications
  • Education
  • Energy and Utilities