Advanced Diploma in Ethical Hacking
and Cyber Security
Semester 1
(Introduction to Hacker’s World)
1.1) Hacker’s Interest Area
 What is Hacking
 What is Ethical Hacking
 Need of Hacking
 Scope of Ethical Hacking
 Types of Hacking
 Effects of Hacking
 Essential Terminologies
 Who is a Hacker
 Classes of Hackers
 Phases of Hacking
 Hackers World
 Current News and Concepts of Hacking World
1.2) TCP/IP Fundamentals
 Networking Introduction
 OSI Model
 TCP/IP Working
1
CYBER OCTET PRIVATE LIMITED
 Router & Switches
1.3) System Fundamentals
 Introduction with Operating System
 Basics and Advanced Level System based knowledge
 Hardware & Software
 Installation & Configuration
1.4) Basics of Linux
 Introduction to Linux
 History of Linux
 Why Linux
 Installation & Configuration
 Basic and Advanced Commands
 Tools of Hacking for Linux
1.5) Desktop & Server Security
 OS Security
 Manual Security configurations
 Tools used for Desktop Security
 Server Security Tools
 Basics attacks for Desktop and Server
1.6) 100% Anonymity – Being Anonymous on Internet
 Introduction with Proxies
 Proxy Servers
 Different Methods used for being Anonymous
 Proxies Websites
2
CYBER OCTET PRIVATE LIMITED
 Manual Configuration
 VPN
 SSH Putty
1.7) Internet Security
 Stay Secure Online
 Different Tools used for Internet Security
 Manual Methods of Security while surfing
 Antivirus and Add-ons of Security
1.8) Scanning, Fingerprinting, and Information Gathering
 Scanning Introduction
 Port Scanning
 Different Tools used for port Scanning
 Network Scanning
 Different Tools used for Network Scanning
 Sniffers
 Fingerprinting
 Information Gathering using Tools
 Information Gathering via Internet
 Malicious Information Gathering
 Different Methods of Information Gathering and Foot printing
1.9) Technical Attacks & Password Cracking
 What are Technical Attacks
 Internal Attacks
 External Attacks
3
CYBER OCTET PRIVATE LIMITED
 Different Scanning and Network Based attacks
 Different Password Attacks
 Tools for Password Cracking
 OS Based Password Attacks
1.10) Virus, Worms and Trojans
 What are Virus
 Different Virus
 Impact and Properties of Virus
 What are Worms
 Different Worms
 Impact and Properties of Worms
 What are Trojans
 Different Trojans
 Impact and Properties of Trojans
 Creation of Trojan
 What are Spyware and Adware
 Removal of Virus, Worms and Trojans
 Security for Virus, Worms and Trojans
1.11) Malware Analysis
 What are Malwares
 Different Malwares
 Facts of Malwares
 Malware Analysis
 Static & Dynamic Analysis
4
CYBER OCTET PRIVATE LIMITED
 Tools used for Analysis
1.12) Botnets and DDos
 What are Bots
 What are Botnets
 How to Develop a Bot
 Real World Case Study of Bots and Botnets
 What is DDOS
 DDOS Attack
 How to Prevent DDOS Attack
 Tools used for DDOS Attack
1.13) Reverse Engineering
 Introduction to Reverse Engineering
 Assembly Language
 Tools used for Reverse Engineering
 Demo
1.14) Mobile Hacking & Security/BYOD
 Introduction to Mobile Phones and Smart Phones
 GSM and Mobile Networking Technologies
 Smart Phones Operating System
 Different Attacks on Mobile Phone
 Bluetooth Hacking
 Protocols Vulnerable in Mobile Telephony
 Hacking Smart Phones with Smart Attacks
 Mobile Phone Security
5
CYBER OCTET PRIVATE LIMITED
1.15) Hacking the Bio-Metric Systems
 Introduction to Bio-Metric Systems
 Understanding to Bio-Metric Systems
 Internal Testing
 External Testing
1.16) Cryptography, steganography
 Introduction with Cryptography
 Encryption
 Decryption
 DES
 AES
 Various Others Methods of Encryption
 Tools for Cryptography
 Introduction with steganography
 Steganography Tools
1.17) Google Hacking
 Use of Google for Malicious Information Gathering
 Use of Google to Hack
 Google Hacking Tools
 Google Hacking Database
1.18) Active directory server
 How to configure server in virtual machine
 How to configure DNS
 How to configure DHCP
6
CYBER OCTET PRIVATE LIMITED
 How to configure ADDS
 How to create OU and Child OU
 Create users and group
 Configuration of users and group
 Create and configure policy
 Network sharing
 NTFS network sharing
 Network drive mapping
1.19) EPS and DLP
 Configuration
 Monitoring
 Configuration of rules and policy
1.20) Server hardening
 User configuration
 Network configuration
 Features and roles configuration
 Update installation
 NTP configuration
 Firewall configuration
 Remove access configuration
 Service configuration
 Further hardening
 Logging and monitoring
 Frequently asked questions
7
CYBER OCTET PRIVATE LIMITED
1.21) Operating system based Virtualization
 What is Operating System Virtualization?
 Uses of Operating System Virtualization
 How Operating System Virtualization Works?
 Types of OS Virtualization
 Types of Disks in OS Virtualization
1.22) The rise of ransomware
 Introduction
 Understand Ransomware Entry Points and Your Vulnerabilities
 Know the Preventive Steps to Take
 Build Your Incident-Response Plan
 Next-Generation Protection for a New Reality
 Ransomware before 2016
 The pivot to targeted attacks: 2016-2021
 2021 The professionalization of ransomware
1.24) Basics of IT
 Introduction of Computer
 Data and Network Communication
 Computer System & I/O Devices
 An Introduction to Database Management System
 Data Modelling using the Entity Relationship Model
 Introduction to Microprocessors and Microcomputers
 The Architecture of a Microprocessor
8
CYBER OCTET PRIVATE LIMITED
 Introduction to Cloud Computing
 Cloud Security
 Cloud Computing Security Architecture
1.25) Server architecture
9
CYBER OCTET PRIVATE LIMITED
Semester 2
(Professional Ethical Hacking)
2.1) Social Engineering
 What is Social Engineering
 Types of Social Engineering
 Different Laws mention for Social Engineering
 Techniques used for Social Engineering
 Tools used for Social Engineering
 Case Study of Social Engineering
2.2) Honeypot and Honeynets
 What are Honeypots and Honeynets
 Types of Honeypots
 How to Develop Honeypot
 Deploying Honeypot
 Real world Honeypots
2.3) Firewall, IDS & IPS
 Introduction with Firewall
 Types of Firewalls
 Firewall Configuration
 Firewall Planning and Designing
 Introduction with IDS
 Types of IDS
 IDS Configuration
10
CYBER OCTET PRIVATE LIMITED
 Introduction of IPS
 Types of IPS
 IPS Configuration
2.4) Network Scanning & vulnerabilities
 Scanning Network
 Types of Network Scan
 Tools used for Network Scanning
 Searching for network-based Vulnerabilities
 Hacking Network
 Network Security
 Different Security Policies for Network Security
2.5) WIFI Hacking and Security
 Introduction with WIFI
 Different Standards for Wireless Network
 Hacking WIFI
 Different Tools used for WIFI Hacking
 WIFI Configuration
 WIFI Security
2.6) Browser Security
 Browser Configurations and Services
 Browser based Hacking
 Browser Security
 Add-ons and Tools used
 BEEF (Browser Exploitation Framework)
11
CYBER OCTET PRIVATE LIMITED
2.7) Application Security Architecture
 Multi Tired Systems
 Risk Approach
 Mitigating Risk
 Different Architecture Designed
2.8) Programming
 Pop vs oop
 SDLC
 SDLC phases
 Database and ER diagram
 Different SDLC models
 Programming language
 Interpreter vs compiler
 Programming grammar
 Array
 Stack
 Queue
 Linked list
2.9) JavaScript and Ajax Security
 Introduction to Java and Ajax
 Attacking Java and Ajax
 Security for JavaScript and Ajax
2.10) Database Security
 Introduction
12
CYBER OCTET PRIVATE LIMITED
 Common Database Vulnerabilities
 Privileges
 Database Communication Protocol Vulnerabilities
 Weak Authentication and Password Attacks
 Backup Data Exposure
 Monitoring Methods
 Policies
 Keys and Management
 Certificates
2.11) Secure Coding & Practices
 Introduction
 Authentication
 Session Management
 Access Control
 Input Validation
 Output Encoding
 Secure Transmission
 File Uploads
2.12) Web Application Security
 Information Gathering
 Configuration Management
 Security Transmission
 Authentication
 Session Management
13
CYBER OCTET PRIVATE LIMITED
 Authorization
 Data Validation
 Cryptology
 Risk Functionality
 HTML5
 Error Handling & Logging
2.13) Business logical vulnerability
 Email spoofing
 Demo
 How to Prevent email spoofing
 Union base injection
 Demo
 How to Prevent union base injection
 Boolean base injection
 Demo
 How to Prevent Boolean base injection
 Text base injection
 Demo
 How to Prevent text base injection
 Html injection
 Demo
 How to Prevent html injection
 Session hijacking
 Demo
14
CYBER OCTET PRIVATE LIMITED
 How to Prevent session hijacking
 Invalidate redirection
 Demo
 How to Prevent invalidate redirection
 Click jacking
 Demo
 How to Prevent click jacking
 File Uploads
 Demo
 How to Prevent file upload
 Cross site scripting (xss)
 Demo
 How to Prevent cross site scripting (xss)
2.14) OWASP (Top Ten Vulnerabilities)
 What is OWASP
 What are Vulnerabilities
 Broken Access Control
 Demo
 How to Prevent Broken Access Control
 Cryptographic Failures
 Demo
 How to Prevent Cryptographic Failures
 Injection
 Demo
15
CYBER OCTET PRIVATE LIMITED
 How to Prevent Injection
 Insecure Design
 Demo
 How to prevent Insecure Design
 Security Misconfiguration
 Demo
 How to prevent Security Misconfiguration
 Vulnerable and Outdated Components
 Demo
 How to prevent Vulnerable and Outdated Components
 Identification and Authentication Failures
 Demo
 How to prevent Identification and Authentication Failures
 Software and Data Integrity Failures
 Demo
 How to Prevent Software and Data Integrity Failures
 Security Logging and Monitoring Failures
 Demo
 How to Prevent Security Logging and Monitoring Failures
 Server-Side Request Forgery
 Demo
 How to Prevent Server-Side Request Forgery
2.15) OWASP Testing Framework
 Different Phases
16
CYBER OCTET PRIVATE LIMITED
 Web Application Penetration Testing
 Types of Testing
 Methodology
 Information Gathering
 Business Logic testing
 Authentication Testing
 Session Management testing
 Data Validation Testing
 Denial of Service Testing
 Web Service Testing
 Ajax Testing
 Testing Report
 What to Fix
 Writing the Report
2.16) SANS 25 Vulnerabilities in Web applications
 What is SANS
 SANS Top 25 Dangerous Programming Errors
 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
 Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection')
 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
 Improper Neutralization of Input During Web Page Generation ('Cross-site
 Scripting
 Missing Authentication for Critical Function
17
CYBER OCTET PRIVATE LIMITED
 Missing Authorization
 Use of Hard-coded Credentials
 Missing Encryption of Sensitive Data
 Unrestricted Upload of File with Dangerous Type
 Reliance on Untrusted Inputs in a Security Decision
 Execution with Unnecessary Privileges
 Cross-Site Request Forgery (CSRF)
 Improper Limitation of a Pathname to a Restricted Directory ('Path
 Understanding Vulnerability Assessment
 Vulnerability Scanning
 Server Assessment
 Security Configuration
 Website Assessment
 Vulnerability Research and Verification
 Understanding Penetration Testing
 Application Security Testing and Code Review
 OS Fingerprinting
 Service Fingerprinting
 Access Control Mapping
 Denial of Service (DoS)
 Distributed DoS
 Authorization Testing
 Lockout Testing
 Password Cracking
18
CYBER OCTET PRIVATE LIMITED
 Cookie Security
 Functionality Testing (Input validation of login fields, Transaction Testing etc.)
 Difference Between Vulnerability Assessment and Penetration Testing
2.17) VA/PT Frameworks
 Scope
 Detail about Target
 Approach
 Techniques
 Acquisition and Information gathering
 Risk analysis
 Traversal
 Download of Code Without Integrity Check
 Incorrect Authorization
 Inclusion of Functionality from Untrusted Control Sphere
 Incorrect Permission Assignment for Critical Resource
 Use of Potentially Dangerous Function
 Use of a Broken or Risky Cryptographic Algorithm
 Incorrect Calculation of Buffer Size
 Improper Restriction of Excessive Authentication Attempts
 URL Redirection to Untrusted Site ('Open Redirect')
 Uncontrolled Format String
 Integer Overflow or Wraparound
 Use of a One-Way Hash without a Salt
2.18) OWASP Top Ten Mobile Application Vulnerabilities
19
CYBER OCTET PRIVATE LIMITED
 Improper Platform Usage
 Insecure Data Storage
 Insecure Communication
 Insecure Authentication
 Insufficient Cryptography
 Insecure Authorization
 Client Code Quality
 Code Tampering
 Reverse Engineering
 Extraneous Functionality
2.19) OWASP Top Ten IOT Vulnerabilities
 Weak, Guessable, or Hardcoded Passwords
 Insecure Network Services
 Insecure Ecosystem Interfaces
 Lack of Secure Update Mechanisms
 Use of Insecure or Outdated Components
 Insufficient Privacy Protection
 Insecure Data Transfer and Storage
 Lack of Device Management
 Insecure Default Settings
 Lack of Physical Hardening
2.20) OWASP Top Ten API Vulnerabilities
 Broken Object Level Authorization
 Broken User Authentication
20
CYBER OCTET PRIVATE LIMITED
 Excessive Data Exposure
 Lack of Resources & Rate Limiting
 Broken Function Level Authorization
 Mass Assignment
 Security Misconfiguration
 Injection
 Improper Assets Management
 Insufficient Logging & Monitoring
2.21) Vulnerability Assessment and Penetration Testing (VA/PT)
 Social Engineering
 Vulnerability Assessment
 Penetration Testing
 Post Testing
 Reporting
2.22) VA/PT Tools
 Acunetix Web Vulnerability Scanner
 Netsparker
 Burp-Suite
 Nessus
 w3af
2.23) VA/PT Report and Documentation Writing
 Executive Summary
 Core Findings with Risk Analysis
 Detailed Findings/Checklist
21
CYBER OCTET PRIVATE LIMITED
 Vulnerability Description
 Vulnerability Mitigation
2.24) Kali Linux (Hackers Operating System)
 Introduction with Kali Linux Operating System
 Tools used in Kali Linux
 Reconnaissance (3 Tools)
 Scanning (3 Tools)
 Enumeration (3 Tools)
 Vulnerability Scanners (3 Tools)
 Password Crackers (3 Tools)
 Exploitation (3 Tools)
 Bluetooth (2 Tools)
 Forensics (2 Tools)
 Intrusion Detection (2 Tools)
 Wireless (2 Tools)
2.25) AWS Security, Identity, & Compliance services
 Identity & access management
 Detection
 Network and application protection
 Data protection
 Incident response
 Compliance
 2.26) Metasploit
 2.27) DevSecOps
22
CYBER OCTET PRIVATE LIMITED
Semester 3
(Professional Forensics Expert)
3.1) Hacking Incidents
 Introduction with Hacking Attacks
 Recent Case Studies
 Famous Case Studies
3.2) Incident Handling
 Crime Scene
 Seizing Incident Scene
 Guidelines
 How and what to
3.3) Cyber Forensics & Mobile Forensics
 Introduction with Forensics
 Security Threats and Vulnerabilities
 ACPO Guidelines
 Different File Systems
 Forensics Process and Approach
 Mobile Phone Forensics
 Tools used for Cyber Forensics
 Tools used for Mobile Forensics
3.4) Basic Steps In Forensics Analysis
 Understanding Evidence
 Preparation
23
CYBER OCTET PRIVATE LIMITED
 Imaging
 Collection
 Examination
 Analysis
 Reporting
3.5) Data Recovery and Documents Analysis
 Introduction to Data Recovery
 Tools used to Data Recovery
 Digital Analysis
 Documents Analysis
3.6) Understanding Anti-Forensics
 What are Anti-Forensics
 Tools used for Anti-Forensics
 Techniques used for Anti-Forensics
 Detecting Anti-Forensics
3.7) Forensics Documentation
 Preparing Case
 Checklist
 Questioning
3.8) Cyber Crime Investigation
 What is Cyber Crime
 Who are Cyber Criminals
 Types of Cyber Crimes
 Investigation
24
CYBER OCTET PRIVATE LIMITED
 Reverse Investigation
 From Incident to Court of Order
3.9) Case Studies
 Bomb Blast
 Phishing
 Source Code Theft
 Credit Card
 Domain Theft
 Website Hacking
 Fake Profile case
 Pornography case
 Many Famous Cases
3.10) U.S. Federal Laws
3.11) Cyber Law (IT ACT)
 Introduction with Information Technology Act 2000
 Indian Cyber laws
 Computer Software Copyright Act
 Pornography Act
 IPC and IT ACT
 Real world Case Studies
 IT Act Amendment
25
CYBER OCTET PRIVATE LIMITED
Semester 4
(Professional IT Security Manager & Auditor)
4.1) Information Security Management
 Introduction to Information Security Management
 Process - PDCA
 Do's and Don'ts
 Guidelines
 Terms & Definitions
4.2) ISO 27001 Implementation & Audit
 Information Security
 CIA Model
 Information Security Policy
 Assets Classification
 Organization
 HR Security
 Physical & Environmental
 Access Control
 Software Development
 Incident Management
 Business Continuity
 RART
 Compliance
4.3) PCI/DSS
26
CYBER OCTET PRIVATE LIMITED
 Introduction to PCI/DSS
 Protect Card Holder Data
 Maintain Vulnerability Program
 Access Control
 Regulations
 Maintain
 Compliance
 Process Flow
4.4) COBIT
 Introduction to COBIT
 COBIT Framework
 Understanding COBIT
 Scope
 Internal Control
 COSO
 Planning & organization
 Acquisition and Implementation
 Delivery & Support
 Monitoring
4.5) Security Integration in Software Development Lifecycle
 Facts & Figures
 How to do it
 Application Risk Security Categorisation
 Application Security Project Plan
27
CYBER OCTET PRIVATE LIMITED
 Application Security Requirement
 Design Reviews
 Analysis
 Testing
4.6) Operational Securities & Functional Security
 Introduction to OPSEC
 Identification in OPSEC
 Analysis of Threats in OPSEC
 Analysis of Vulnerabilities in OPSEC
 Assessment of Risk in OPSEC
 OPSEC Measures
 What is Functional Security
 Model based approach for Functional Security
4.7) Business Logic Attacks
 Introduction to Business Logic Attacks
 Types of Business Logic Attacks
 Mitigating BATS
4.8) Threat Modelling
 What is Threat
 High Level Process
 Diagram Software Structure
 Identifying Assets
 Identifying Threat Agents
 Enumerate Doomsday Attacks
28
CYBER OCTET PRIVATE LIMITED
 Documents Misuse
 Review
4.9) Risk Assessment, Business Continuity and Disaster
 What is Risk Management
 Who uses Risk Management
 How is it used
 Risk Management process
 What is Disaster
 what is Business Continuity
 Standards for BCP & DRP
 Business Impact Assessment
 Emergency Response
4.10) Security Architecture and Designs
 Different Security Architecture
 Criteria
 Certification & Accreditation
 Computer Components
 Software
 Software Security Threats and Countermeasures
4.11) Data Leakage Protection Tools
4.12) Security Management Practices and Framework
4.13) Demonstration on Internal Audits
4.14) GDPR
4.15) AI & Machine Learning
29
CYBER OCTET PRIVATE LIMITED
4.16) Block Chain
4.17) Python
4.18) Database Introduction
4.19) OOPS Concept
4.20) Project Management
4.21) Information Technology Service Management
4.22) Threat Hunting
4.23) Industrial Control Systems & Operations Systems
4.24) Data Science
4.25) Data Analytics
4.26) Cyber Threat Management
4.27) Cyber Warfare Management
4.28) Cloud Security (Cloudflare, AWS & Azure)
30
CYBER OCTET PRIVATE LIMITED
Semester 5
(A Corporate Level Efficiency Training for the Candidates)
 Presentation Skills
 Public Speaking
 Corporate Email Drafting
 Email Etiquette
 Power Dressing
 Interview Preparation
 Negotiation Skills
 Marketing & Sales Training
 Time Management
Internship + Project
Hands on Live Project/Cases, Training by Experienced and renowned Trainers, Research
Paper Publication in Magazines.
Exams: Exams would be conducted on regular basis & on the Basis of the Project Submitted and
the course covered in above semesters. Practical & Theoretical both Exams would be
compulsory for the candidates. 60% would be passing Marks.
Eligibility & Prerequisite: 10th & 12th Pass Student with
Computers/Diploma/Degree Students are eligible to register for this course.
31
Basics
of
CYBER OCTET PRIVATE LIMITED