Geek Certified Cyber Security Professional (GCCSP)
Course Description:
This intensive year-long course is designed to equip participants with a deep understanding of cyber security principles, practices, and ethical hacking techniques. The curriculum covers a wide range of topics, from foundational concepts to advanced penetration testing skills, while emphasizing the ethical and responsible use of hacking methodologies.
Prerequisites:
Strong understanding of computer networks, operating systems, and programming languages
Familiarity with basic cyber security concepts
Proficiency in using computers and the internet
The evolution of cyber threats and attacks
Principles of cyber security: confidentiality, integrity, availability
Risk management and threat modeling
Legal and ethical considerations in cyber security
OSI model and TCP/IP stack review
IP addressing and subnetting
Network protocols and vulnerabilities
Network topologies and architecture
Network architecture and segmentation for security
Intrusion Detection and Prevention Systems (IDS/IPS)
Installing Linux Oprating System
Getting Started with Linux Operating System
Accessing the Command Line
Managing Files from the command Line
Creating, Viewing & Editing Test Files
Managing Local Users and Groups
Controlling Access to Files
Monitoring and Managing Linux Process
Controlling Services and Daemons
Configuring and Securing SSH
Configuring Network File Sharing
Samba Server Configuration
FTP Server Configuration
Virtual Host Configuration (Apache2 & Nginx)
Dark web Server Configuration
Analysing and Storing Logs
Archiving and Transferring Files
Managing Networking
Firewall Configurations
Accessing Linux File System
Installing and Updating Software Packages
Operating system concepts and types
Common OS vulnerabilities and exploits
User authentication mechanisms and access controls
Securing operating systems: Windows, Linux, macOS and Android
Patch management and system hardening
Understanding ethical hacking and penetration testing
Principles of ethical hacking and penetration testing
Information gathering and reconnaissance techniques
Scanning and enumeration: tools and methodologies
Vulnerability assessment and reporting
Web application architecture and components
OWASP Top Ten vulnerabilities
Secure coding practices and frameworks
Web application firewalls and security tools
Firewalls, VPNs, Intrusion Detection Systems (IDS)
Virtual Private Networks (VPNs) and encryption
Wireless network security: WEP, WPA, WPA2, WPA3
Network monitoring and incident response
Network architecture design for security
Cryptographic algorithms and protocols
Public key infrastructure (PKI) and digital certificates
Secure communication channels: SSL/TLS, SSH
Implementing encryption in various applications
Introduction to Ethical Hacking
Foot-printing Active & Passive Approach
In-depth Network Scanning
Enumeration User Identification
System Hacking & Password Cracking
Malware, Viruses, Worms, Trojan and backdoor
Sniffers MITM with Kali Linux
Bots and Botnets
Social Engineering Techniques with Practical
Denial of Service DOS & DDOS Attack
Hacking Web servers Server Rooting
Hacking Wireless Networks (Wi-Fi, Bluetooth and RF)
Honeypots
Evading IDS, Firewall
Buffer Overflow
Computer and Mobile Hacking
Advanced SQL injection techniques
Cross-Site Scripting (XSS) variants
Understanding the vulnerabilities and way of Exploiting:
SQL Injection (SQLi)
SQL Authentication Bypass
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Remote Code Execution (RCE)
File Inclusion Vulnerabilities (LFI/RFI)
Server-Side Request Forgery (SSRF)
XML External Entity (XXE) Attacks
Web Session Hijacking
File Upload Vulnerability
Security Misconfigurations
Insecure Deserialization
Broken Authentication
JWT Token Attack
Insecure Direct Object References (IDOR)
Sensitive Data Exposure
Multi Factor Authentication Bypass
HTTP Request Smuggling
Source Code Disclosure
Directory Path Traversal
HTML Injection
Host Header Injection
Clickjacking
Unvalidated Redirects and Forwards
Server-Side Template Injection (SSTI)
Flood Attack on Web
Application security assessments: Source code review, DAST, SAST
Secure DevOps and continuous security testing
Vulnerability assessment and reporting
Cloud computing models and security challenges
Cloud service provider security features
Securing virtual environments and containers
Identity and access management in the cloud
Mobile app security assessments
Securing mobile devices and APIs
IoT security challenges and best practices
Security implications of wearable technology
Bash Shell Scripting
Using Public Exploits
Antivirus Evasion Techniques
Windows Privilege Escalation
Payload Deployments and File Transfers
Password Attacks
Linux Privilege Escalation
Active Directory Penetration Testing
Port Forwading and Tunnelling
Power Shell Empire
Lab Solving (HackTheBox, VulnHub, TryHackMe, PortSwigger etc.)
In-depth network penetration testing methodologies
Advanced reconnaissance and OSINT techniques
Exploiting complex network vulnerabilities
Reporting and communicating findings effectively
Kernel-level vulnerabilities and exploitation
Advanced memory corruption attacks
Writing custom exploits and payloads
Mitigations and defenses against advanced attacks
Exploiting vulnerabilities: Metasploit, Exploit-DB
Privilege escalation and maintaining access
Covering tracks and post-exploitation activities
Legal and ethical aspects of penetration testing
Introduction to Mobile Penetration testing
Lab Setup
Android Architecture
APK File Structure
Reversing Application with Apktool & MobSF
Static Application Analysis
Scanning Vulnerability
Insecure data storage
Insecure Communication
Insecure Authentication
Insufficient Cryptography
Insecure Authorization
Code Tempering
Reverse Engineering
SSL Pinning
Intercepting network traffic
Excessive Permissions
Runtime Manipulation
Anti Hooking/Debugging
Binary Protection
Application Patching
Sensitive Information in Memory
Overview of Cyber Forensics
Key terminology and concepts
Chain of custody and evidence handling
Digital Evidence Fundamentals
Types of digital evidence (files, logs, metadata)
Evidence collection methods
Tools and software for evidence acquisition
Techniques for creating forensic images
Tools for imaging (autopsy, guymager, bulk-extractor,metagoofill , FTK Imager, EnCase , NetworkMiner)
Understanding file systems (NTFS, FAT32, ext4)
File recovery techniques
Analyzing file metadata and timestamps
Introduction to Network Forensics
Network traffic analysis and capture using Wireshark
Analyzing network logs and packet data
Identifying and tracking network-based attacks
Malware Analysis and Forensics
Types of malware (viruses, worms, ransomware)
Techniques for analyzing malware behavior
Tools for malware analysis (gdb, redare2, Ghidra, IDA Pro, OllyDbg, x64dbg, AndroGuard)
Introduction to IoT
Sensor Network & Wireless Protocol
Review of Electronic Platform, Production and Cost Projection
Mobile App Platform and Middleware for IoT
Machine learning for Intelligent IoT
Analytic Engine for IoT
Cyber laws and regulations worldwide
Ethics in cyber security and hacking
Liability and responsibility of ethical hackers
Understanding blockchain technology
Cryptocurrency vulnerabilities and risks
Smart contract security and auditing
C/C++ Programming
x86_64 Assembly Language
PHP Programming for Vulnerable WebApps Development
Course Objectives:
By the end of this program, students should be able to:
-
Understanding Cyber Security Fundamentals: This course aims to educate students about the fundamental concepts of cybersecurity, including the importance of information security, the threat landscape, and the need for ethical hacking.
-
Ethical Hacking Skills: : One of the primary goals is to teach students how to ethically hack and assess the security of computer systems, networks, and applications. This includes learning penetration testing techniques, vulnerability assessment, and exploitation
-
Defensive Security Knowledge: Students learn how to defend against various cyber threats, such as malware, phishing, and social engineering. Defensive security topics may include firewall configuration, intrusion detection systems (IDS), and incident response.
-
Security Tools and Technologies: This course introduces students to a range of cyber security tools and technologies used in both offensive and defensive roles. This includes tools for scanning, enumeration, exploitation, and monitoring.
-
Cyber Security Best Practices: This course covers best practices for securing computer systems, networks, and data. This includes topics like access control, encryption, and secure coding
