Cyber Security

Theory Topics:
- Need for Cybersecurity
- CIA Triad
- Security Architecture & Governance
- Security Auditing
- Regulations & Frameworks
- Types of Hackers, Phases of Ethical Hacking
- Introduction to MITRE ATT&CK & Cyber Kill Chain
Hands-On:
- Foot printing a website manually and via tools
- Domain info using WHOIS, TheHarvester, nslookup, dig
- Tools: WHOIS, nslookup, Recon-ng, theHarvester, Sublist3r

Theory Topics:
- What is Linux, Origins, Distros
- File System Hierarchy
- Important directories (/etc, /bin, /var, etc.)
- Sudo, Root, Permissions
Hands-On:
- Commands: ls, cd, mkdir, touch, cp, mv, rm, cat, nano, vim, chmod, chown
- Permission & Ownership practice
- Tools: Kali Linux Terminal

Theory Topics:
- Types: Symmetric, Asymmetric
- Hash Functions
- Digital Signatures
- PKI, Attacks on cryptosystems
Hands-On:
- Generate SHA-256, MD5 Hashes
- Sign files using GPG
- Validate digital signatures
- Tools: openssl, gpg, hashcat

Theory Topics:
- OSI & TCP/IP Models
- Network Architecture
- Network Scanning & Enumeration
- Common Network Attacks
Hands-On:
- Network path tracing
- DNS Lookup and Reverse Lookup
- Network scanning (Nmap)
- Packet sniffing with Wireshark
- Tools: Nmap, Wireshark, Netstat, Traceroute, DNSenum

Theory Topics:
- Web Server & Application Architecture
- OWASP Top 10 Web Attacks
- Patch Management
Hands-On:
- Capture Session ID using Burp Suite
- Perform LFI on bWAPP
- Identify vulnerable endpoints
- Tools: Burp Suite, OWASP ZAP, bWAPP, DVWA

Theory Topics:
- Authentication vs Authorization
- Access Administration, Password Security
- Identity Theft & Prevention
Hands-On:
- Grant/restrict permissions in Linux
- Create phishing website simulation
- Analyze phishing indicators
- Tools: Linux Terminal, Gophish, URLScan, WHOIS

Theory Topics:
- VA Lifecycle, Types & Tools
- Vulnerability Scoring (CVSS)
- Password Cracking, Privilege Escalation
- Log Cleaning, File Hiding
Hands-On:
- Vulnerability scanning (Nessus/OpenVAS)
- Password Cracking with Hashcat/John
- Keylogger & Log deletion simulation
- Tools: Nessus, OpenVAS, JohnTheRipper, Hashcat, Metasploit

Theory Topics:
- Malware Types & Components
- Sniffing: Passive vs Active
- SQLi Types & Methodologies
Hands-On:
- Sniff traffic using Wireshark
- Perform SQLi using SQLMap/Burp
- Bypass Login Auth via SQLi
- Tools: Wireshark, SQLMap, Burp Suite, bWAPP

Theory Topics:
- DoS & Don'tS: Symptoms, Vectors, Detection
- Application-Level Session Hijacking
Hands-On:
- Launch safe DoS via LOIC (in lab)
- Cookie theft & Session Hijack demo
- Tools: LOIC, Ettercap, Burp Suite

Theory Topics:
- Phishing Detection
- Types of Social Engineering Attacks
- Email Encryption Basics
Hands-On:
- Analyze phishing emails
- Simulate Social Engineering via SET Toolkit
- Create Fake Login Page (phishing)
Tools: SET (Social Engineering Toolkit), Gophish

Theory Topics:
- Threat Feeds, SIEM Basics
- Log Management & Correlation
- Incident Response Phases
- Basics of Digital Forensics
Hands-On:
- Use Splunk/ELK to monitor logs
- Analyze alerts
- Simulate Incident Response flow
- Tools: Splunk, ELK Stack, Wazuh, Graylog

Theory Topics:
- LLM API Exploits
- Indirect Prompt Injection
- Insecure Output Handling
- Final Q/A + Review
Hands-On:
- Craft prompt injection examples
- Exploit LLM’s output handling
- Secure LLM API outputs
- Tools: OpenAI Playground / Custom GPT4 API Setup