Zorba Softed

Every Monday and Thursday - 3 PM CST

Join our Webinar

Cyber Security

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users via ransomware; or interrupting normal business processes.

Overview

Cyber security is the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing, and can be divided into a few common categories.

This comprehensive course is designed to equip participants with both foundational and advanced skills in cyber security, ethical hacking, penetration testing, digital forensics, and legal compliance. By the end of this course, learners will be able to:

1. Understand the Fundamentals of Cyber Security

  • Grasp key terminologies, team roles, and domains within cyber security.
  • Learn the essentials of Information, Application, and Infrastructure Security.
  • Gain hands-on experience with Kali Linux, Linux CLI/GUI, and system commands.

2. Perform Web Application Penetration Testing

  • Understand HTTP protocols, WAFs, and security frameworks such as OWASP Top 10, SANS 25, and ATT&CK MITRE.
  • Conduct comprehensive reconnaissance using active and passive techniques.
  • Identify and exploit a wide range of web application vulnerabilities including XSS, SQLi, CSRF, SSRF, authentication bypass, CORS issues, and more.
  • Automate testing using tools like Burp Suite, Python scripting, and Nuclei.

3. Execute Infrastructure Vulnerability Assessment and Penetration Testing (VAPT)

  • Conduct manual and automated VAPT on Linux, Windows, and network devices.
  • Use industry tools like Nmap, Metasploit, Nessus, OpenVAS, and Rapid7.
  • Evaluate Firewall, IDS/IPS, and network device security postures.

4. Assess and Exploit API Vulnerabilities

  • Test REST, SOAP, and GraphQL APIs using Postman, OWASP ZAP, and Burp Suite.
  • Identify and exploit common API vulnerabilities like injection flaws, broken access control, mass assignment, and data exposure.

5. Understand and Operate in SOC/NOC Environments

  • Use SIEM tools and engage in secure network architecture practices.
  • Learn incident handling, VPN configuration, and secure web gateway implementation.
  • Develop skills for advanced SOC and NOC operations.

6. Apply Digital Forensics for Cybercrime Investigations

  • Conduct forensic investigations across systems, networks, and web applications.
  • Understand data acquisition, anti-forensics, and recovery techniques.
  • Analyze artifacts from Windows, Linux, and macOS.
  • Learn to handle legal evidence and comply with forensic standards.

7. Design and Implement Network Security Solutions

  • Configure firewall rules and advanced security devices (IDS/IPS, DMZ, Bastion Host).
  • Develop disaster recovery strategies and effective post-attack responses.

8. Comprehend Legal and Ethical Frameworks in Cyber Security

  • Understand cyber laws, data protection acts, and ethical hacking guidelines.
  • Ensure compliance with privacy regulations and industry standards like PCIDSS and HIPAA.
Basic IT Knowledge: Understanding fundamental concepts of computer networks, operating systems, and programming languages is essential. Knowledge of hardware, software, and how they interact is foundational.

Understanding of Networking: Familiarity with networking concepts such as TCP/IP, DNS, DHCP, routing, and subnetting is crucial. Knowledge of how data moves across networks and the internet is fundamental to cybersecurity.

Operating Systems: Proficiency in at least one operating system, such as Windows, Linux, or macOS, is necessary. Understanding their architecture, file systems, permissions, and security features is important.

System Conf: Processor: i7, i9(intel only) RAM: 16 GB to 64GB Storagse: 500GB should be free

Cyber Security 

S.N.

Modules

Duration

Subtopics / Details

1

Introduction to Cyber Security

7 Hours

  • Teams in Cyber Security
  • Understanding Important Terminologies
  • Basic Concepts of Information Security, Application Security and Infra Security
  • Kali Linux Installation

Linux CLI and GUI Basics

  • Basic to Advanced Linux Commands

2

Web Application Penetration Testing

10 Hours

  • HTTP Status Codes
  • HTTP Methods
  • Web Application and WAF Basics
  • Hacking Methodology
  • Cyber Kill Chain Methodology
  • ATT&CK MITRE Framework
  • OWASP Top 10 for Web App
  • SANS Top 25
  • PCIDSS and HIPPA Compliance Basics
 

Reconnaissance

90 Hours

  • Information Gathering
  • Foot-printing

1. Sub-Domain Enumeration  

a. Active Sub-domain Enumeration  

b. Passive Sub-domain Enumeration  

c. Permutation and Combination Method

2. Endpoint Enumeration  

a. Active Endpoint Enumeration (Fuzzing, Python Script)  

b. Passive Endpoint Enumeration (Waybackurls, Gau)

3. Technology Detection (Nuclei, Wappalyzer)

4. Dorking (Google Dorking, GitHub Dorking)

 

Web Vulnerability Analysis and Penetration Testing

 

1. Injection  

  • Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind, Self  
  • HTML Injection  
  • SQL Injection  
  • Remote Code Execution  
  • Command Injection  
  • Host Header Injection

2. Subdomain and Cloud Endpoints Takeover

3. Authentication Bypass Techniques:  

a. Response Manipulation  

b. Status Code Manipulation  

c. OTP Exposure in Response  

d. Null OTP  

e. No Rate Limit Abuse  

f. X-Forwarded-Host Trick  

g. Null Byte Exploitation  

h. Race Condition

4. Sensitive Information Hardcoded in Web App

5. Cross-Site Request Forgery (CSRF)

6. Server-Side Request Forgery (SSRF): Internal, External, Hybrid

7. Broken Access Control:  

a. Horizontal Privilege Escalation (IDOR, DOR)  

b. Vertical Privilege Escalation (IDOR, DOR)

8. Clickjacking

9. Broken Link Hijacking

10. EXIF Metadata Extraction

11. CORS Misconfigurations

12. Nuclei Custom Scripting

13. Python Scripting to Automate WAPT

14. Advanced Burp Suite (Community & Professional Editions)

3

Infrastructure VAPT

21 Hours

Server VAPT:

  • Manual Black Box VAPT
  • Advanced Nmap and Metasploit
  • Practical: Hacking Two Linux and One Windows Machines

Automated Server VAPT (Authenticated & Unauthenticated):

  • Nessus
  • OpenVAS
  • Rapid7

Firewall, IDS, IPS, and Networking Device VAPT:

  • Nessus
  • OpenVAS
  • Rapid7

4

API Penetration Testing (REST, SOAP, GraphQL)

16 Hours

  • OWASP Top 10 for API
  • Postman Tool Basics
  • API Collection (Headers, Params, Body)
  • OWASP ZAP (Zap Proxy)
  • Burp Suite API VAPT

API Vulnerabilities:

1. Injection  

  • Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind  
  • SQL Injection  
  • File Upload Command Injection

2. Sensitive Info in Response

3. Mass Assignment

4. Broken Access Control:  

a. Horizontal Escalation (IDOR, DOR)  

b. Vertical Escalation (IDOR, DOR)

5. CSRF

6. REST, SOAP, GraphQL API Vulnerabilities

5

SOC and NOC

15 Hours (2 Weeks)

  • SIEM Tools and Process
  • Secure Network Design and Architecture
  • VPNs and Secure Web Gateways
  • Advanced SOC Operations
  • Advanced NOC Operations
  • Incident Handling Procedures

6

Digital Forensics

100 Hours

  • Fundamentals of Computer Forensics
  • Cybercrime Investigations
  • Digital Evidence and eDiscovery
  • Forensic Readiness
  • Processes and Technologies
  • Investigator Roles
  • Investigation Challenges
  • Standards and Legal Compliance

Phases of Forensic Investigation:

  • First Response
  • Pre-Investigation
  • Investigation
  • Post-Investigation

Storage and File Systems:

  • Hard Disk & Logical Structures
  • OS Boot Process (Windows, Linux, macOS)
  • File Systems Analysis

Data Acquisition:

  • Imaging, Duplication, Deleted File Recovery

Anti-Forensics & Detection Techniques:

  • Data Deletion, File Carving
  • Password Cracking
  • Steganography, Metadata Forensics
  • Obfuscation Detection
  • SSD File Carving

System Forensics:

  • Windows (Memory, Registry, Artifacts)
  • Linux (Volatile/Non-Volatile, Memory)
  • Mac (Volatile/Non-Volatile, Tools)

Network Forensics:

  • IoCs, Traffic Analysis, Incident Detection
  • Wireless Network Investigation

Web Application Forensics:

  • IIS and Apache Logs
  • Web Attack Investigation

7

Network Security

20 Hours

  • Blocking and Rule Configuration
  • Policy Routes for Active Attacks
  • Advanced F/W, IDS, IPS, DMZ, Bastion Host
  • Understanding Disaster Recovery
  • Post-attack Response Actions

8

Legal and Ethical Aspects of Cyber Security

8 Hours

  • Cyber Laws and Regulations
  • Data Protection and Privacy
  • Ethical Hacking Guidelines

Cybersecurity professionals are in high demand across the globe, with opportunities spanning from entry-level roles to advanced, specialized positions. With the right training and certifications, individuals can pursue careers such as:

  • Identity and Access Management (IAM) Specialist – Managing user identities and permissions across digital systems.
  • Endpoint Security Specialist – Protecting devices like computers and mobile phones from cyber threats.
  • Incident Response Specialist – Investigating, containing, and mitigating cybersecurity incidents.
  • Cybersecurity Analyst – Monitoring networks and systems to detect and respond to security breaches.
  • Offensive Security Analyst / Penetration Tester – Conducting simulated attacks to identify and fix security vulnerabilities.
  • Defensive Security Analyst / SOC Analyst – Monitoring and defending organizational assets from cyber threats in real-time.
  • Application Security (AppSec) Analyst – Ensuring that software applications are free from security flaws.
  • Cloud Security Analyst – Securing data and applications hosted in cloud environments.
  • Security Operations Centre (SOC) / Network Operations Centre (NOC) Analyst – Handling operational security tasks and network performance.
  • Security Auditor – Evaluating an organization’s compliance with security policies and standards.
  • Network Security Analyst – Designing and implementing measures to protect the integrity of network infrastructure.

Industries Hiring Cybersecurity Professionals

Cybersecurity experts are essential in nearly every sector due to the increasing reliance on digital infrastructure and the growing threat of cyberattacks. Key industries actively hiring cybersecurity professionals include:

  • Financial Services
  • Healthcare
  • Government and Defense
  • Information Technology and Services
  • E-commerce and Retail
  • Telecommunications
  • Education
  • Energy and Utilities

This comprehensive course is designed to equip participants with both foundational and advanced skills in cyber security, ethical hacking, penetration testing, digital forensics, and legal compliance. By the end of this course, learners will be able to:

1. Understand the Fundamentals of Cyber Security

  • Grasp key terminologies, team roles, and domains within cyber security.
  • Learn the essentials of Information, Application, and Infrastructure Security.
  • Gain hands-on experience with Kali Linux, Linux CLI/GUI, and system commands.

2. Perform Web Application Penetration Testing

  • Understand HTTP protocols, WAFs, and security frameworks such as OWASP Top 10, SANS 25, and ATT&CK MITRE.
  • Conduct comprehensive reconnaissance using active and passive techniques.
  • Identify and exploit a wide range of web application vulnerabilities including XSS, SQLi, CSRF, SSRF, authentication bypass, CORS issues, and more.
  • Automate testing using tools like Burp Suite, Python scripting, and Nuclei.

3. Execute Infrastructure Vulnerability Assessment and Penetration Testing (VAPT)

  • Conduct manual and automated VAPT on Linux, Windows, and network devices.
  • Use industry tools like Nmap, Metasploit, Nessus, OpenVAS, and Rapid7.
  • Evaluate Firewall, IDS/IPS, and network device security postures.

4. Assess and Exploit API Vulnerabilities

  • Test REST, SOAP, and GraphQL APIs using Postman, OWASP ZAP, and Burp Suite.
  • Identify and exploit common API vulnerabilities like injection flaws, broken access control, mass assignment, and data exposure.

5. Understand and Operate in SOC/NOC Environments

  • Use SIEM tools and engage in secure network architecture practices.
  • Learn incident handling, VPN configuration, and secure web gateway implementation.
  • Develop skills for advanced SOC and NOC operations.

6. Apply Digital Forensics for Cybercrime Investigations

  • Conduct forensic investigations across systems, networks, and web applications.
  • Understand data acquisition, anti-forensics, and recovery techniques.
  • Analyze artifacts from Windows, Linux, and macOS.
  • Learn to handle legal evidence and comply with forensic standards.

7. Design and Implement Network Security Solutions

  • Configure firewall rules and advanced security devices (IDS/IPS, DMZ, Bastion Host).
  • Develop disaster recovery strategies and effective post-attack responses.

8. Comprehend Legal and Ethical Frameworks in Cyber Security

  • Understand cyber laws, data protection acts, and ethical hacking guidelines.
  • Ensure compliance with privacy regulations and industry standards like PCIDSS and HIPAA.
Basic IT Knowledge: Understanding fundamental concepts of computer networks, operating systems, and programming languages is essential. Knowledge of hardware, software, and how they interact is foundational.

Understanding of Networking: Familiarity with networking concepts such as TCP/IP, DNS, DHCP, routing, and subnetting is crucial. Knowledge of how data moves across networks and the internet is fundamental to cybersecurity.

Operating Systems: Proficiency in at least one operating system, such as Windows, Linux, or macOS, is necessary. Understanding their architecture, file systems, permissions, and security features is important.

System Conf: Processor: i7, i9(intel only) RAM: 16 GB to 64GB Storagse: 500GB should be free

Module 1:Introduction to Cyber Security (7h)

  • Teams in Cyber Security
  • Understanding Important Terminologies
  • Basic Concepts of Information Security, Application Security and Infra Security
  • Kali Linux Installation
  • Linux CLI and GUI Basics
  • Basic to Advanced Linux Commands

Module 2: Web Application Penetration Testing (10h)

  • HTTP Status Codes
  • HTTP Methods
  • Web Application and WAF Basics
  • Hacking Methodology
  • Cyber Kill Chain Methodology
  • ATT&CK MITRE Framework
  • OWASP Top 10 for Web App
  • SANS Top 25
  • PCIDSS and HIPPA Compliance Basics

Reconnaissance (90h)

  • Information Gathering
  • Foot-printing
  • 1. Sub-Domain Enumeration  
  • a. Active Sub-domain Enumeration  
  • b. Passive Sub-domain Enumeration  
  • c. Permutation and Combination Method
  • 2. Endpoint Enumeration  
  • a. Active Endpoint Enumeration (Fuzzing, Python Script)  
  • b. Passive Endpoint Enumeration (Waybackurls, Gau)
  • 3. Technology Detection (Nuclei, Wappalyzer)
  • 4. Dorking (Google Dorking, GitHub Dorking)

Web Vulnerability Analysis and Penetration Testing

  • 1. Injection  
  • Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind, Self  
  • HTML Injection  
  • SQL Injection  
  • Remote Code Execution  
  • Command Injection  
  • Host Header Injection
  • 2. Subdomain and Cloud Endpoints Takeover
  • 3. Authentication Bypass Techniques:  
  • a. Response Manipulation  
  • b. Status Code Manipulation  
  • c. OTP Exposure in Response  
  • d. Null OTP  
  • e. No Rate Limit Abuse  
  • f. X-Forwarded-Host Trick  
  • g. Null Byte Exploitation  
  • h. Race Condition
  • 4. Sensitive Information Hardcoded in Web App
  • 5. Cross-Site Request Forgery (CSRF)
  • 6. Server-Side Request Forgery (SSRF): Internal, External, Hybrid
  • 7. Broken Access Control:  
  • a. Horizontal Privilege Escalation (IDOR, DOR)  
  • b. Vertical Privilege Escalation (IDOR, DOR)
  • 8. Clickjacking
  • 9. Broken Link Hijacking
  • 10. EXIF Metadata Extraction
  • 11. CORS Misconfigurations
  • 12. Nuclei Custom Scripting
  • 13. Python Scripting to Automate WAPT
  • 14. Advanced Burp Suite (Community & Professional Editions)

Module 3: Infrastructure VAPT (21h)

  • Server VAPT:
  • Manual Black Box VAPT
  • Advanced Nmap and Metasploit
  • Practical: Hacking Two Linux and One Windows Machines
  • Automated Server VAPT (Authenticated & Unauthenticated):
  • Nessus
  • OpenVAS
  • Rapid7
  • Firewall, IDS, IPS, and Networking Device VAPT:
  • Nessus
  • OpenVAS
  • Rapid7

Module 4: API Penetration Testing (REST, SOAP, GraphQL) (16h)

  • OWASP Top 10 for API
  • Postman Tool Basics
  • API Collection (Headers, Params, Body)
  • OWASP ZAP (Zap Proxy)
  • Burp Suite API VAPT
  • API Vulnerabilities:
  • 1. Injection  
  • Cross-Site Scripting (XSS): Reflected, Stored, DOM, Blind  
  • SQL Injection  
  • File Upload Command Injection
  • 2. Sensitive Info in Response
  • 3. Mass Assignment
  • 4. Broken Access Control:  
  • a. Horizontal Escalation (IDOR, DOR)  
  • b. Vertical Escalation (IDOR, DOR)
  • 5. CSRF
  • 6. REST, SOAP, GraphQL API Vulnerabilities

Module 5: SOC and NOC (2 Weeks)

  • SIEM Tools and Process
  • Secure Network Design and Architecture
  • VPNs and Secure Web Gateways
  • Advanced SOC Operations
  • Advanced NOC Operations
  • Incident Handling Procedures

Module 6: Digital Forensics (100h)

  • Fundamentals of Computer Forensics
  • Cybercrime Investigations
  • Digital Evidence and eDiscovery
  • Forensic Readiness
  • Processes and Technologies
  • Investigator Roles
  • Investigation Challenges
  • Standards and Legal Compliance
  • Phases of Forensic Investigation:
  • First Response
  • Pre-Investigation
  • Investigation
  • Post-Investigation
  • Storage and File Systems:
  • Hard Disk & Logical Structures
  • OS Boot Process (Windows, Linux, macOS)
  • File Systems Analysis
  • Data Acquisition:
  • Imaging, Duplication, Deleted File Recovery
  • Anti-Forensics & Detection Techniques:
  • Data Deletion, File Carving
  • Password Cracking
  •  Steganography, Metadata Forensics
  • Obfuscation Detection
  • SSD File Carving
  • System Forensics:
  • Windows (Memory, Registry, Artifacts)
  •  Linux (Volatile/Non-Volatile, Memory)
  •  Mac (Volatile/Non-Volatile, Tools)
  • Network Forensics:
  •  IoCs, Traffic Analysis, Incident Detection
  • Wireless Network Investigation
  • Web Application Forensics:
  •  IIS and Apache Logs
  • Web Attack Investigation

Module 7: Network Security (20h)

  • Blocking and Rule Configuration
  • Policy Routes for Active Attacks
  • Advanced F/W, IDS, IPS, DMZ, Bastion Host
  • Understanding Disaster Recovery
  • Post-attack Response Actions

Module 8: Legal and Ethical Aspects of Cyber Security (8h)

  • Cyber Laws and Regulations
  • Data Protection and Privacy
  • Ethical Hacking Guidelines

Cybersecurity professionals are in high demand across the globe, with opportunities spanning from entry-level roles to advanced, specialized positions. With the right training and certifications, individuals can pursue careers such as:

  • Identity and Access Management (IAM) Specialist – Managing user identities and permissions across digital systems.
  • Endpoint Security Specialist – Protecting devices like computers and mobile phones from cyber threats.
  • Incident Response Specialist – Investigating, containing, and mitigating cybersecurity incidents.
  • Cybersecurity Analyst – Monitoring networks and systems to detect and respond to security breaches.
  • Offensive Security Analyst / Penetration Tester – Conducting simulated attacks to identify and fix security vulnerabilities.
  • Defensive Security Analyst / SOC Analyst – Monitoring and defending organizational assets from cyber threats in real-time.
  • Application Security (AppSec) Analyst – Ensuring that software applications are free from security flaws.
  • Cloud Security Analyst – Securing data and applications hosted in cloud environments.
  • Security Operations Centre (SOC) / Network Operations Centre (NOC) Analyst – Handling operational security tasks and network performance.
  • Security Auditor – Evaluating an organization’s compliance with security policies and standards.
  • Network Security Analyst – Designing and implementing measures to protect the integrity of network infrastructure.

Industries Hiring Cybersecurity Professionals

Cybersecurity experts are essential in nearly every sector due to the increasing reliance on digital infrastructure and the growing threat of cyberattacks. Key industries actively hiring cybersecurity professionals include:

  • Financial Services
  • Healthcare
  • Government and Defense
  • Information Technology and Services
  • E-commerce and Retail
  • Telecommunications
  • Education
  • Energy and Utilities