This module introduces the core ideas behind enterprise applications and explains how N-Tier architecture organizes systems into presentation, business, and data layers for better performance, security, and maintainability. It also covers how enterprise systems achieve scalability, reliability, and high availability, with real-world examples that show how these concepts are applied in modern architectures.
Ethical Hacking and SOC Engineering
Ethical Hacking and SOC Engineering is an intensive, hands-on cybersecurity bootcamp designed to build real-world skills in cyber defense, penetration testing, and SOC operations. The course covers enterprise systems, Active Directory, networks, web applications, and cloud security through practical labs, red team exercises, and a capstone project preparing learners for roles like SOC Analyst, Penetration Tester, and Cyber Defense Engineer.
Module 2: Operating Systems – Windows Server and UNIX/Linux
Builds practical operating system skills in Windows Server and UNIX/Linux required for security testing and penetration testing labs. Learners gain hands-on experience with server installation, basic hardening, user and permission management, Linux command-line operations, service and process monitoring, and OS configuration to support effective system enumeration and pentest workflows.
Module 3: Networking Fundamentals, Active Directory, and DNS
Prepares learners to design and work with enterprise network environments by building strong foundations in TCP/IP, the OSI model, IP addressing, subnetting, and traffic flow analysis. It also develops practical understanding of Active Directory (domains, users, groups) and DNS (records, name resolution, and attack surface), with hands-on practice deploying a Domain Controller and DNS to support security testing and realistic lab-based attack simulations.
Module 4: PowerShell, Batch, and Shell Scripting
Prepares learners to automate security tasks and strengthen system enumeration through practical PowerShell and Bash scripting. Learners build core scripting skills—variables, loops, and conditions—then apply them to automate command execution, collect system and network data, and support enumeration workflows used in security assessments, exploitation processes, and lab-based attack simulations.
Module 5: Incident, Problem, and Change Management Process
Prepares learners to work confidently within enterprise incident, problem, and change management practices by understanding how security events are identified, escalated, documented, and resolved in real IT and SOC environments. Learners explore ITIL service management basics, the cybersecurity incident handling lifecycle, problem management and root cause analysis, and structured change management processes including risk approval and rollback planning, along with clear security documentation and post-incident reviews.
Module 6: Infrastructure Lab Setup
Prepares learners to design and deploy full cybersecurity lab environments, combining local and cloud-based infrastructure for realistic Red Team, Blue Team, and penetration testing exercises. Learners gain hands-on experience designing virtual lab architectures, setting up virtual machines and networks, deploying labs on AWS and Azure, integrating Active Directory and Kali Linux, and configuring VPNs and secure remote access to support safe, scalable security testing.
Module 7: Cybersecurity Frameworks and Standards
Explores widely used cybersecurity frameworks and compliance standards to help learners understand governance, risk management, and control mapping in real organizations. Key topics include NIST CSF functions, ISO/IEC 27001 ISMS concepts and controls, CIS Controls as practical security baselines, and COBIT for governance alignment, along with mapping concepts across requirements such as PCI-DSS, HIPAA, and MITRE ATT&CK for structured security program planning and assessment.
Module 8: Discovery and Reconnaissance
Focuses on reconnaissance and discovery workflows used in penetration testing to help learners identify attack surfaces, gather intelligence, and build accurate target profiles using passive and active techniques. Learners practice recon methodology, network and service discovery for target mapping, web recon with proxy-based inspection, OSINT for external exposure identification, and vulnerability scanning to support informed testing and next-step exploitation planning.
Module 9: Active Directory Attacks
Covers practical Active Directory attack paths by teaching learners how to enumerate AD environments, exploit common authentication weaknesses, and demonstrate credential access and lateral movement techniques in a controlled lab. Learners build and validate an AD lab, perform enumeration using PowerShell-based methods, analyze NTLM and Kerberos attack vectors, practice credential dumping and reuse scenarios, and apply techniques such as lateral movement and Kerberoasting to understand real-world AD exploitation workflows.
Module 10: Network and Infrastructure Penetration Testing
Focuses on end-to-end enterprise penetration testing by building skills to plan and scope assessments, validate initial access, escalate privileges, and manage post-exploitation activities in a controlled and ethical way. Learners also explore safe remote access concepts using C2-style approaches and finish with professional reporting practices—documenting findings with evidence, explaining risk clearly, and providing actionable remediation recommendations.
Module 11: Network Exploits and Privilege Escalation
Covers practical exploitation across common network services and privilege escalation techniques, helping learners identify weaknesses, exploit service-level issues, and elevate access on both Windows and UNIX/Linux systems. Learners work through FTP/SMB attack scenarios, MITM-based credential interception concepts, core privilege escalation fundamentals for Linux and Windows, and local exploit paths driven by misconfigurations and code-level vulnerabilities in controlled lab environments.
Module 12: Common Network Exploit Techniques
Focuses on commonly abused network-level weaknesses by teaching learners how to spot misconfigurations, exploit protocol-level flaws, and understand attacker methods used to compromise enterprise and hybrid environments. Learners explore attacks such as NBNS/LLMNR spoofing, IPv6 DNS and mDNS abuse, Kerberos-related exploitation scenarios, SSL/TLS misconfigurations linked to high-impact vulnerabilities, and common gaps like default credentials, weak configurations, and basic exposure risks in IoT devices and cloud storage.
Module 13: Web Application Penetration Testing
Covers end-to-end web application security testing by teaching learners how to evaluate application design, identify and exploit common vulnerabilities, and measure risk using industry-standard methodologies. Learners explore Secure SDLC and DevSecOps integration, threat modeling and testing approaches, SAST/DAST/SCA practices, and hands-on analysis of OWASP Top 10 issues—including client-side and authorization flaws (XSS, CSRF, IDOR), file upload and session weaknesses, JWT and open redirect risks, and SQL injection testing through Burp Suite–based exploitation labs.
Module 14: Red Teaming Operations
Focuses on offensive security operations by training learners to simulate real-world red team activities, establish and manage post-compromise access, and operate with stealth and discipline inside compromised environments. Learners explore SMB relay concepts and mitigations, shell access with post-exploitation enumeration, AD reconnaissance using PowerView, attack path analysis with BloodHound, Windows privilege escalation techniques, and practical workflows for persistence, lateral movement, pivoting, and OPSEC in controlled labs.
Module 15: Penetration Testing Reports
Covers professional penetration testing documentation by teaching learners how to clearly communicate findings, explain business and technical risk, and produce reports that work for both engineering teams and executive stakeholders. Learners practice structuring network and web application reports and applying best practices to write concise, evidence-backed, actionable recommendations with appropriate severity and remediation guidance.
Module 16: Remediation Planning
Focuses on turning security findings into practical remediation plans by helping learners prioritize risk, align fixes with business objectives, and coordinate smoothly with technical and non-technical stakeholders. Learners develop risk-based remediation strategies, manage exceptions and compensating controls, map vulnerabilities to frameworks like NIST and PCI-DSS, plan patching and secure configuration changes, and complete the cycle through re-testing and validation to confirm remediation effectiveness.
Module 17: Capstone Project
Delivers a comprehensive, hands-on capstone that mirrors a real enterprise security engagement, allowing learners to apply offensive techniques from start to finish. Participants define scope and rules of engagement, perform passive and active reconnaissance, enumerate services and Active Directory, exploit network, system, authentication, and web application weaknesses, and execute lateral movement, persistence, and controlled remote access. The engagement concludes with credential access, evidence collection, risk rating, and professional reporting—culminating in a final presentation that captures findings, impact, and lessons learned.
Module 18: Real-World Job Preparation
Prepares learners for cybersecurity job roles by helping them confidently handle technical and behavioral interviews and clearly communicate their hands-on experience. Learners practice common cybersecurity interview questions with structured model answers, refine how they explain labs and real-world scenarios, and develop strategies to position themselves effectively for entry-level and mid-level security roles.
Pay With
All rights reserved PeopleNTech Software