Weeks 1–2: Introduction to Cybersecurity and Linux Fundamentals
This foundational module introduces the core concepts of cybersecurity and equips you with essential Linux command-line skills, preparing your environment for the hands-on labs ahead. You will build your virtual lab and learn the language of hackers: the command line.
- Cybersecurity overview: CIA triad, threat landscape, and career paths.
- Types of cyberattacks: Malware, phishing, social engineering, and DDoS.
- Linux basics: File system, commands (
ls, cd, cat, grep, chmod, find, sudo), and bash scripting. - Setting up a virtual lab: Kali Linux, Parrot OS, VirtualBox/VMware.
- Introduction to virtualization and sandboxing.
- Case studies of real-world breaches (e.g., Target 2013, WannaCry).
- Role of Linux in penetration testing and SOC operations.
- Install and configure Kali Linux in a VM.
- Write bash scripts for file manipulation and automation.
- Set up a secure lab environment for testing.
- Solve OverTheWire Bandit challenges (Levels 0–10).
- Participate in a beginner-friendly CTF.
Weeks 3–4: Networking Fundamentals
Dive into how devices communicate. This module covers essential networking models, protocols, and the tools used to analyze and scan networks, forming the backbone of cybersecurity. Understanding the network is essential for finding vulnerabilities.
- Networking basics: OSI and TCP/IP models, IP addressing, subnets, and ports.
- Protocols: HTTP, HTTPS, FTP, SSH, DNS, and SNMP.
- Packet analysis with Wireshark and tcpdump.
- Network scanning and enumeration with Nmap and Netcat.
- Introduction to firewalls and network security basics.
- Networking in enterprise security and SOC monitoring.
- Real-world network attacks (e.g., MitM, DNS spoofing).
- Perform Nmap scans to identify open ports and services.
- Analyze HTTP and DNS traffic using Wireshark.
- Configure a basic firewall using iptables.
- Solve TryHackMe’s “Network Fundamentals” and “Nmap” rooms.
- Participate in a networking-focused mini-CTF.
Weeks 5–6: Web Security Basics
Explore the most common attack surface: web applications. Learn about web architecture, vulnerabilities like the OWASP Top 10, and how to use tools like Burp Suite to find and test them.
- Web architecture: Client-server model, HTTP methods, cookies, and sessions.
- Common web vulnerabilities: XSS, SQL injection, CSRF, and file inclusion.
- Introduction to Burp Suite: Proxy, Intruder, and Repeater.
- Secure coding practices: Input validation and sanitization.
- Introduction to OWASP Top 10.
- Web security in DevSecOps and application development.
- Case studies of web-based attacks (e.g., Equifax SQL injection).
- Set up Burp Suite and intercept HTTP requests.
- Exploit XSS and SQL injection.
- Practice secure coding with a simple web app.
- Solve web challenges on TryHackMe or PortSwigger Web Security Academy.
- Compete in a web-focused CTF event.
Weeks 7–8: Cryptography and Steganography
Uncover the art of secrets. This module covers the basics of modern encryption, hashing, and digital signatures, as well as the techniques used to hide data in plain sight. You'll learn how information is secured and how to break those security measures when weak.
- Cryptography basics: Symmetric vs. asymmetric encryption, hashing, and digital signatures.
- Algorithms: AES, RSA, SHA, MD5, and HMAC.
- Steganography: Hiding data in images, audio, and text.
- Tools: OpenSSL, GPG, Steghide, and Hashcat.
- Password security and cracking techniques.
- Encryption in data protection (e.g., GDPR, HIPAA compliance).
- Case studies of cryptography failures (e.g., Heartbleed).
- Encrypt/decrypt files using OpenSSL and GPG.
- Extract hidden data from images with Steghide.
- Crack weak passwords using Hashcat.
- Solve crypto and stegno challenges on CryptoHack and OverTheWire.
- Participate in a crypto-focused mini-CTF.
Weeks 9–10: System Security and Exploitation
Learn to think like an attacker. This module focuses on securing operating systems, finding and exploiting vulnerabilities, and escalating privileges using powerful tools like Metasploit. This is where your foundational skills are applied to real systems.
- Operating system security: Windows and Linux architecture.
- Privilege escalation: Linux (SUID, sudo misconfigurations) and Windows (token impersonation).
- Introduction to Metasploit: Modules, payloads, and exploits.
- Common vulnerabilities: Buffer overflows, misconfigurations, and weak permissions.
- Password cracking with John the Ripper and Hashcat.
- System security in enterprise environments (e.g., Active Directory).
- Case studies of privilege escalation attacks (e.g., NotPetya).
- Perform Linux and Windows privilege escalation in a lab environment.
- Use Metasploit to exploit a vulnerable service.
- Crack password hashes in a controlled environment.
- Solve privilege escalation challenges on TryHackMe or HackTheBox.
- Compete in a system-focused CTF event.
Weeks 11–12: Introduction to CTFs and Capstone Project
Put your skills to the test. The final module prepares you for Capture The Flag competitions and culminates in a capstone project where you'll solve challenges and produce a professional write-up. This module synthesizes everything you've learned.
- CTF formats: Jeopardy-style, Attack-Defense, and King of the Hill.
- Platforms: HackTheBox, TryHackMe, OverTheWire, and CTFtime.
- Teamwork, documentation, and CTF write-up skills.
- Capstone project: Solve a beginner-level CTF challenge set and submit a detailed write-up.
- CTF skills in penetration testing and bug bounty programs.
- Importance of documentation in SOC and Red Team roles.
- Participate in beginner-friendly CTFs (e.g., TryHackMe weekly challenges).
- Write and present a professional CTF write-up.
- Compete in a mock CTF organized by the club.
- Solve 30–40 beginner challenges across platforms.