Cybersecurity Expertise & Enterprise Defense

1.1 Understanding Cybersecurity (Advanced Perspective)

• Enterprise definition of cybersecurity
• Cybersecurity vs Information Security vs Risk Management
• Evolution of cyber threats (from script attacks to APT campaigns)
• Modern attack lifecycle (Kill Chain & ATT&CK overview)
• Business impact of cyber incidents

Cyber Threat Actors (Deep Dive):

• Hacktivists – motivations & techniques
• Cybercriminal ecosystems & dark web economy
• Nation-state actors & cyber warfare
• Insider threats (malicious & negligent)
• Organized cybercrime & ransomware cartels
• Advanced Persistent Threats (APT groups)
• Malware authors & exploit developers
• Phishing-as-a-Service (PhaaS)

1.2 CIA Triad in Enterprise Environments

• Confidentiality – IAM, encryption, zero trust
• Integrity – hashing, code signing, database integrity
• Availability – DR, BCP, redundancy, DDoS protection

2.1 Data Protection Regulations & Cyber Security Framework
NEW 2.3 NIST Cybersecurity & Risk Frameworks

• NIST Cybersecurity Framework (CSF 2.0) Purpose and structure of NIST CSF
• Five core functions:
  • Identify
  • Protect
  • Detect
  • Respond
  • Recover
• Mapping NIST CSF to:
  • ISO 27001:2022
  • SOC 2
  • Enterprise security controls
• GDPR – lawful processing, DPIA, breach notification
• HIPAA – healthcare data protection
• SOC 2 – Trust Service Criteria
• CCPA / CPRA – consumer data rights
• PDPL / DPDPA – regional compliance
• ISO 27001:2022 – ISMS framework

Compliance in Real Organizations

• Mapping technical controls to compliance
• Security vs compliance gap analysis
• Audit evidence & documentation

2.2 Privacy Engineering & Practices

• Data classification & handling
• Consent management systems
• Privacy Impact Assessments (PIA/DPIA)
• Data retention & deletion policies

3.1 Types of Cyber Attacks (Technical Analysis)

• Malware families (ransomware, spyware, RATs)
• Phishing campaigns & payload delivery
• DDoS attack types (Volumetric, Protocol, App-layer)
• MITM attacks (ARP poisoning, SSL stripping)
• SQL Injection & injection flaws
• Social engineering psychology

3.2 Attack Vectors (Hands-On Focus)
Email Attack Techniques

• Phishing & spear phishing
• Business Email Compromise (BEC)
• Malware & ransomware delivery
• Email spoofing & impersonation
• Attachment & macro-based attacks
• Credential harvesting

Web & Network Attack Vectors

• Web application exploitation
• Network lateral movement
• Credential abuse

3.3 Cloud Security Threats

• Cloud misconfigurations
• IAM abuse in cloud
• Cloud network exposure
• Securing cloud data & workloads

4.1 Technical, Administrative & Physical Controls

• Password policies, MFA & PAM
• Encryption (data at rest & in transit)
• Patch & vulnerability management)
• Backup & disaster recovery strategies
• Data Loss Prevention (DLP)
• User & Entity Behavior Analytics (UEBA)

Security Platforms

• SIEM architecture & use cases
• SOAR workflows & automation
• Integrating SIEM, SOAR & EDR

4.2 Cybersecurity Roles in Enterprise

• SOC L1/L2/L3 responsibilities
• Security engineering vs operations
• Red Team vs Blue Team vs Purple Team
• GRC & Risk Management roles

• Secure email gateways
• Anti-phishing technologies
• DMARC, SPF, DKIM
• BEC detection & response

• Web application firewalls (WAF)
• OWASP Top 10 overview
• Secure browsing & proxy gateways

• Shared responsibility model
• Cloud network segmentation
• Securing workloads & storage
• Cloud logging & monitoring

Network Security

• Firewalls (Stateful, NGFW)
• IDS / IPS deployment & tuning
• Network segmentation & zero trust
• Secure remote access (VPNs)

Wireless Security

• Wi-Fi attack techniques
• WPA2/WPA3 security
• Rogue AP detection
• Guest network isolation

• Endpoint protection architecture
• Antivirus vs EDR vs XDR
• Behavioral detection
• Endpoint threat hunting
• Windows & Linux server security
• Endpoint incident response

• Incident identification & classification
• Alert triage & escalation
• Incident response lifecycle
• IR playbooks
• Ransomware response
• Digital forensics basics
• Log & evidence preservation

9.1 VAPT Fundamentals

• Vulnerability Assessment vs Penetration Testing
• Black box, Grey box, White box testing
• Kali & Parrot linux
• Rules of engagement
• Legal & ethical considerations

9.2 Reconnaissance & Enumeration

• Passive & active reconnaissance
• OSINT techniques
• DNS & subdomain enumeration
• Network discovery

Hands-On Tools

• Nmap
• Netcat
• Whois
• Shodan (theory + demo)

9.3 Network Penetration Testing

• Port scanning & service detection
• Exploiting weak services
• SMB, FTP, SSH attacks
• Lateral movement basics

Hands-On Labs

• Internal network exploitation
• Privilege escalation (Windows/Linux)

9.4 Web Application Penetration Testing

• OWASP Top 10 deep dive
• SQL Injection (manual & automated)
• XSS (stored, reflected, DOM)
• Authentication & session attacks
• File upload vulnerabilities

Hands-On Labs

• Vulnerable web apps testing
• Manual exploitation techniques

9.5 Email & Phishing Simulation Testing

• Phishing campaign planning
• Payload delivery methods
• Credential harvesting labs
• Security awareness testing

9.6 Exploitation, Post-Exploitation & Reporting

• Exploit frameworks (conceptual use)
• Persistence techniques
• Data exfiltration simulations
• Cleaning tracks (theory)

Professional VAPT Reporting

• Executive summary
• Risk ratings (CVSS)
• Proof of concept
• Remediation guidance

Students must complete:

• Full VAPT assessment (network + web)
• SOC incident handling simulation
• Compliance gap assessment
• Final presentation & defense