Ethical Hacking and SOC Engineering

Prepares learners to work confidently with Windows Server and UNIX/Linux systems—building the operating system knowledge required for security testing, system enumeration, and penetration testing lab environments.

Module Lessons:

1. ➠ Windows Server Installation, Roles, and Basic Hardening
2. ➠ User, Group, and Permission Management in Windows & Linux
3. ➠ Linux/UNIX Command Line Fundamentals for Security Tasks
4. ➠ Service Management, Logs, and Process Monitoring
5. ➠ Hands-on OS Setup and Configuration for Pentest Labs

Tools and Technologies Covered:

Prepares learners to understand and build enterprise network environments—covering core networking concepts, Active Directory, and DNS configurations required for security testing and lab-based attack simulations.

Module Lessons:

1. ➠ Networking Fundamentals, TCP/IP, and OSI Model Breakdown
2. ➠ IP Addressing, Subnetting, and Traffic Flow Analysis
3. ➠ Active Directory Components: Domains, Users, and Groups
4. ➠ DNS Records, Name Resolution, and Attack Surface Overview
5. ➠ Domain Controller and DNS Deployment for Lab Environments

Tools and Technologies Covered:

Prepares learners to automate tasks and perform system enumeration using scripting—building practical PowerShell and Bash skills required for security assessments, exploitation workflows, and lab-based attack simulations.

Module Lessons:

1. ➠ Scripting Fundamentals: Variables, Loops, and Conditions
2. ➠ Automating System Tasks and Command Execution
3. ➠ PowerShell for Windows Enumeration and Data Collection
4. ➠ Bash Scripting for Linux Enumeration and Automation

Tools and Technologies Covered:

Prepares learners to operate within enterprise incident, problem, and change management processes,understanding how security events are handled, escalated, documented, and resolved in real-world IT and SOC environments.

Module Lessons:

1. ➠ ITIL Fundamentals and Service Management Concepts
2. ➠ Incident Handling Lifecycle in Cybersecurity Operations
3. ➠ Problem Management and Root Cause Analysis
4. ➠ Change Management, Risk Approval, and Rollback Planning
5. ➠ Security Incident Documentation and Post-Incident Review

Tools and Technologies Covered:

Prepares learners to design and deploy complete cybersecurity lab environments—building local and cloud-based infrastructures required for realistic Red Team, Blue Team, and penetration testing exercises.

Module Lessons:

1. ➠ Designing a Virtual Lab Architecture for Security Testing
2. ➠ Local Lab Setup using Virtual Machines and Networking
3. ➠ Cloud-Based Lab Deployment on AWS and Azure
4. ➠ Installing and Integrating Active Directory and Kali Linux
5. ➠ VPN Configuration and Secure Remote Access for Labs

Tools and Technologies Covered:

Covers widely used cybersecurity frameworks and compliance standards, helping learners understand governance, risk, controls mapping, and how organizations align security programs with industry and regulatory requirements.

Module Lessons:

1. ➠NIST CSF: Identify, Protect, Detect, Respond, Recover
2. ➠ISO/IEC 27001: ISMS Concepts and Control Overview
3. ➠CIS Controls: Practical Security Baselines
4. ➠COBIT for Governance and Control Alignment
5. ➠PCI-DSS, HIPAA, and MITRE ATT&CK Mapping Concepts

Frameworks and Standards Covered:

Focuses on reconnaissance and discovery workflows used in real penetration tests—enabling learners to identify attack surfaces, collect intelligence, and profile targets using both passive and active techniques.

Module Lessons:

1. ➠Recon Methodology: Passive vs Active Recon
2. ➠Network and Service Discovery for Target Mapping
3. ➠Web Recon and Proxy-Based Inspection
4. ➠OSINT and External Exposure Identification
5. ➠Vulnerability Scanning and Target Profiling

Tools and Technologies Covered:

Covers practical Active Directory attack paths, enabling learners to enumerate AD environments, exploit authentication weaknesses, and demonstrate credential access and lateral movement techniques in a controlled lab.

Module Lessons:

1. ➠Building and Validating an AD Lab Environment
2. ➠AD Enumeration with PowerShell Techniques
3. ➠NTLM and Kerberos: Common Attack Vectors
4. ➠Credential Access: Dumping, Reuse, and Abuse
5. ➠Lateral Movement and Kerberoasting Techniques

Tools and Technologies Covered:

Focuses on end-to-end enterprise penetration testing, enabling learners to scope assessments, gain access, escalate privileges, establish controlled remote access, and deliver professional vulnerability reporting.

Module Lessons:

1. ➠Penetration Testing Workflow: Planning and Scoping
2. ➠Initial Access Techniques and Attack Validation
3. ➠Privilege Escalation and Post-Exploitation Basics
4. ➠Controlled Remote Access using C2 Concepts
5. ➠Reporting: Findings, Evidence, Risk, and Remediation

Tools and Technologies Covered:

Covers exploitation techniques across common network services and privilege escalation methods, enabling learners to identify weaknesses, exploit services, and elevate access on both Windows and UNIX/Linux systems.

Module Lessons:

1. ➠Exploiting Network Services: FTP/SMB Attack Scenarios
2. ➠Man-in-the-Middle (MITM) Attacks and Credential Interception
3. ➠UNIX/Linux Privilege Escalation Fundamentals
4. ➠Windows Privilege Escalation Fundamentals
5. ➠Local Exploits: Misconfigurations and Code Vulnerabilities

Tools and Technologies Covered:

Focuses on commonly abused network-level weaknesses, enabling learners to identify misconfigurations, exploit protocol flaws, and understand how attackers compromise enterprise and hybrid environments.

Module Lessons:

1. ➠NBNS and LLMNR Spoofing Attacks
2. ➠IPv6 DNS Abuse and mDNS-Based Attacks
3. ➠Kerberos Weaknesses and Exploitation Scenarios
4. ➠SSL/TLS Misconfigurations and Critical RCE Cases
5. ➠Default Credentials and Weak Security Configurations
6. ➠IoT Devices and Cloud Storage Exploitation Basics

Tools and Technologies Covered:

Covers end-to-end web application security testing—enabling learners to identify design flaws, exploit common vulnerabilities, and assess application risk using industry-standard methodologies.

Module Lessons:

1. ➠Secure SDLC and DevSecOps Security Integration
2. ➠Threat Modeling and Application Testing Methodologies
3. ➠SAST, DAST, and Software Composition Analysis (SCA)
4. ➠OWASP Top 10 Vulnerabilities: Practical Analysis
5. ➠Client-Side and Authorization Flaws (XSS, CSRF, IDOR)
6. ➠File Upload, JWT, Open Redirect, and Session Issues
7. ➠SQL Injection Testing and Burp Suite Exploitation Labs

Tools and Technologies Covered:

Focuses on offensive security operations, enabling learners to simulate real-world red team activities, maintain persistence, move laterally, and operate stealthily within compromised environments.

Module Lessons:

1. ➠SMB Relay Attacks and Defensive Mitigations
2. ➠Shell Access and Post-Compromise Enumeration
3. ➠PowerView for Active Directory Reconnaissance
4. ➠BloodHound Setup and Attack Path Analysis
5. ➠Windows Privilege Escalation Techniques
6. ➠Persistence, Lateral Movement, Pivoting, and OPSEC

Tools and Technologies Covered:

Covers professional penetration testing documentation, enabling learners to clearly communicate findings, assess risk impact, and deliver reports suitable for technical teams and executive stakeholders.

Module Lessons:

1. ➠ Network and Web Application Pentest Report Structure
2. ➠ Best Practices for Clear, Actionable, and Professional Reporting

Tools and Technologies Covered:

Focuses on translating security findings into actionable remediation plans, enabling learners to prioritize risk, align fixes with business objectives, and coordinate effectively with technical and non-technical stakeholders.

Module Lessons:

1. ➠ Designing Practical and Risk-Based Remediation Strategies
2. ➠ Handling Exceptions, Compensating Controls, and Exemptions
3. ➠ Communicating Findings and Fixes with Business Stakeholders
4. ➠ Mapping Vulnerabilities to Compliance Frameworks (NIST, PCI-DSS)
5. ➠ Prioritization Based on Risk Severity and Business Impact
6. ➠ Coordinating Patch Management and Secure Configuration Changes
7. ➠ Re-testing and Validation of Remediation Effectiveness

Tools and Technologies Covered:

A comprehensive, hands-on capstone that simulates a real enterprise engagement, enabling learners to apply offensive techniques, document findings, and deliver end-to-end penetration testing and red team outcomes.

Module Lessons:

1. ➠ Defining Scope, Rules of Engagement, and Asset Inventory
2. ➠ Passive Reconnaissance using OSINT Techniques
3. ➠ Active Scanning and Service Enumeration
4. ➠ Active Directory Enumeration and Privilege Escalation Paths
5. ➠ Exploiting Network, System, and Authentication Weaknesses
6. ➠ Web Application Attacks and Input Validation Flaws
7. ➠ Lateral Movement, Persistence, and Attack Expansion
8. ➠ Remote Access via Command-and-Control Frameworks
9. ➠ Credential Access and Sensitive Data Extraction
10. ➠ Evidence Collection, Risk Rating, and Documentation
11. ➠ Final Reporting, Presentation, and Lessons Learned

Tools and Technologies Covered:

Prepares learners for cybersecurity job roles, enabling them to confidently face technical interviews, articulate hands-on experience, and position themselves effectively for entry-level and mid-level security roles.

Module Lessons:

1. ➠ Technical and Behavioral Interview Preparation Strategies
2. ➠ Frequently Asked Cybersecurity Interview Questions and Model Answers

Tools and Technologies Covered: