Cybersecurity

Week 1: Network Security & Defensive Fundamentals

• Security Architecture: Understanding the OSI Model through a security lens; implementing the “Defense in Depth” strategy and Zero Trust architecture.

• Networking Protocols & Vulnerabilities: Deep dive into TCP/IP, DNS, and DHCP; analyzing how protocols like HTTP, FTP, and Telnet are exploited via sniffing and man-in-the-middle (MITM) attacks.

• Firewalls & Intrusion Detection: Configuring Stateful vs. Stateless firewalls; setting up IDS/IPS (Snort/Suricata) to detect and block malicious traffic patterns.

• Cryptography Essentials: Implementing Symmetric and Asymmetric encryption (AES, RSA); understanding Hashing (SHA-256) for data integrity and Digital Certificates/SSL/TLS for secure communication.

• Identity & Access Management (IAM): Mastering Multi-Factor Authentication (MFA), Role-Based Access Control (RBAC), and the principle of Least Privilege.

Week 2: Ethical Hacking & Incident Response

• The Cyber Kill Chain: Understanding the phases of an attack: Reconnaissance, Scanning, Gaining Access, Maintaining Access, and Clearing Tracks.

• Vulnerability Assessment: Using industry-standard tools like Nmap for network mapping and Nessus/OpenVAS for automated vulnerability scanning.

• Exploitation Basics (Metasploit): Introduction to the Metasploit Framework; understanding payloads, exploits, and listeners in a controlled lab environment.

• Web Application Security: Identifying the OWASP Top 10 vulnerabilities, including SQL Injection (SQLi), Cross-Site Scripting (XSS), and Broken Authentication.

• Incident Response & Digital Forensics: Developing an incident response plan (Preparation, Identification, Containment, Eradication, Recovery); introduction to log analysis and disk imaging.

• Capstone Project: “Capture the Flag” (CTF) Challenge—Securing a vulnerable server by identifying its weaknesses, patching them, and performing a final penetration test to verify the fix.