Ethical Hacking Course Syllabus
Module 1: Introduction to Ethical Hacking
Topics covered:
- Understanding Cybersecurity Basics
- Ethical Hacking vs. Malicious Hacking
- Legal and Ethical Considerations
- Overview of Security Standards (ISO, NIST, etc.)
- Types of Hackers: White Hat, Black Hat, and Gray Hat
Module 2: Reconnaissance and Information Gathering
Topics covered:
- Passive and Active Reconnaissance Techniques
- Open Source Intelligence (OSINT) Tools
- Network Scanning and Enumeration
- Social Engineering Basics
- Tools: Maltego, Nmap, Wireshark
Module 3: Network Security and Vulnerability Assessment
Topics covered:
- Network Architecture and Security Fundamentals
- Firewall, IDS/IPS, and VPN Basics
- Vulnerability Assessment Tools and Techniques
- Introduction to Nessus and OpenVAS
- Identifying and Assessing Weak Points in Networks
Module 4: System Hacking
Topics covered:
- Understanding System Vulnerabilities
- User Account Management and Privilege Escalation
- Exploiting Operating System Vulnerabilities (Windows, Linux)
- Malware and Rootkits Introduction
- Tools: Metasploit, Netcat, Mimikatz
Module 5: Web Application Security
Topics covered:
- Web Application Basics: HTTP, HTTPS, SSL/TLS
- OWASP Top 10 Vulnerabilities
- SQL Injection, XSS, and CSRF Attacks
- Testing Web Applications for Vulnerabilities
- Tools: Burp Suite, OWASP ZAP
Module 6: Wireless Network Security
Topics covered:
- Basics of Wireless Networks (Wi-Fi Protocols)
- Types of Wireless Attacks (WEP, WPA, WPA2 Cracking)
- Wi-Fi Security and Encryption Standards
- Rogue Access Points and Evil Twin Attacks
- Tools: Aircrack-ng, Kismet
Module 7: Mobile Device Security
Topics covered:
- Overview of Mobile Operating Systems (iOS, Android)
- Common Vulnerabilities in Mobile Apps
- Security Testing for Mobile Applications
- Protecting Mobile Devices from Attacks
- Tools: APKTool, MobSF, Drozer
Module 8: Exploitation Techniques
Topics covered:
- Types of Exploits: Local vs. Remote
- Exploit Development Basics
- Buffer Overflows and Code Execution
- Understanding Shellcode
- Tools: Immunity Debugger, IDA Pro
Module 9: Social Engineering and Phishing Attacks
Topics covered:
- Introduction to Social Engineering
- Types of Phishing: Email, Spear Phishing, Whaling
- Pretexting, Baiting, and Quid Pro Quo Techniques
- Detecting and Preventing Phishing Attacks
- Tools: SET, Gophish
Module 10: Malware Analysis and Threat Detection
Topics covered:
- Types of Malware: Viruses, Trojans, Worms, Ransomware
- Static and Dynamic Malware Analysis
- Anti-Forensics and Evasion Techniques
- Tools: Cuckoo Sandbox, PEiD, ProcMon
Module 11: Penetration Testing Process
Topics covered:
- Planning and Scoping a Penetration Test
- Penetration Testing Phases: Reconnaissance, Scanning, Exploitation, Reporting
- Building and Presenting a Penetration Test Report
- Common Penetration Testing Tools
- Tools: Metasploit, Burp Suite, SQLmap
Module 12: Post-Exploitation Techniques
Topics covered:
- Privilege Escalation and Lateral Movement
- Covering Tracks and Data Exfiltration
- Creating Persistent Access
- Hiding Evidence and Logs
- Tools: PowerShell, Veil