Course Objective:
This course provides a comprehensive overview of cybersecurity concepts, practices, and technologies, starting from foundational principles to advanced techniques. Students will learn to identify, assess, and mitigate cybersecurity threats across various domains, including networks, systems, applications, and data. Through a combination of theoretical lectures, practical demonstrations, and hands-on exercises, participants will develop the necessary skills to protect digital assets and enhance cybersecurity posture in both personal and organizational contexts.
This course provides a comprehensive review of information systems security concepts, industry best practices and terminology, covering the twelve modules below:
FOUNDATION:
Network Security
– Basics of Networking (IP, TCP/IP, DNS, Firewalls, VPNs)
– Common Network Threats (MITM, DDoS, Sniffing)
– Securing Networks with Firewalls & Intrusion Detection Systems (IDS)
– Hands-on: Setting Up a Basic Firewall and Packet Analysis with Wireshark
Endpoint Security
– Understanding Endpoints (Workstations, Mobile, IoT)
– Common Endpoint Threats (Malware, Ransomware, Phishing)
– Endpoint Protection Solutions (Antivirus, EDR, DLP)
– Hands-on: Configuring Endpoint Security Software & Conducting Malware Scans
Offensive Security (Ethical Hacking)
– Understanding Ethical Hacking & Pentesting Methodology
– Basics of Reconnaissance & Footprinting
– Common Exploits (SQL Injection, XSS, Buffer Overflow)
– Hands-on: Using Kali Linux for Basic Scanning (Nmap, Metasploit)
Defensive Security (Blue Teaming)
– Security Monitoring & Incident Detection (SIEM, Log Analysis)
– Security Policies & Compliance (ISO 27001, NIST)
– Incident Response Basics (SOC Operations)
– Hands-on: Setting Up a SIEM (e.g., Splunk, ELK) & Analysing Logs
Incident Response & Digital Forensics
– Incident Response Lifecycle (Preparation, Detection, Containment, Eradication, Recovery)
– Basics of Digital Forensics (File System Analysis, Memory Forensics)
– Hands-on: Capturing and Analysing Logs from a Cyber Incident
Malware Analysis & Reverse Engineering
– Types of Malwares & Their Behaviours – Static & Dynamic Malware Analysis Techniques
– Basics of Reverse Engineering (Disassemblers, Debuggers)
– Hands-on: Analysing a Malware Sample in a Safe Lab Environment
Threat Intelligence & Cyber Threat Hunting
– Understanding Threat Intelligence (TTPs, Cyber Kill Chain, MITRE ATT&CK)
– Proactive Threat Hunting Techniques
– Threat Intelligence Sources & Tools (OSINT, VirusTotal, Threat Feeds)
– Hands-on: Conducting a Threat Hunt Using Open-Source Tools
Cost & Duration:
FOUNDATION: N250,000 (2 Months)
INTERMEDIATE: N400,000 (3 Months)
INTERMEDIATE (HANDS-ON):
Vulnerability Management
Vulnerabilities are the weaknesses in our systems which hackers use to attack the system. We’ll start this lesson by learning how to scan for vulnerabilities using automated tools. Then we will learn how to manage any found vulnerabilities in a central dashboard, prioritize them based on risk levels, and track response efforts and management decisions. We’ll also learn how to manually calculate risk scores and assign risk ratings to the vulnerabilities. We’ll conclude the lesson with a discussion of false positives and false negatives.
System Auditing
In this lesson, we will learn how to read a test scope document and start gathering information about our target system. We will learn how to research the vulnerabilities find their exploits and how to validate the vulnerabilities by executing an exploit. Then we’ll learn how to prepare a report on our findings. We will end this lesson with a discussion about why some exploits are intentionally written with bugs.
Application Auditing
We will start learning about application auditing by looking at the OWASP Web Security Testing Guide and how it can be used in our testing. Next, we will learn how to send requests to a web application and analyse the response that comes back. We will use semi-automated tools to increase the efficiency and accuracy of our tests. We’ll also use fully automated tools to perform specific tasks to create output we can use in further testing. Finally, we’ll look at other systems and products that are vulnerable to hacking.
Social Engineering
In this lesson, we will take a look at the human side of Ethical Hacking. We will begin with a discussion of five opportunities in human psychology that hackers use to manipulate our employees. Then we will learn how to perform an enterprise-level phishing simulation and create malware. We will also learn how to create an effective landing page for social engineering attempts. We will wrap up our lesson with a discussion about the ethics of social engineering.
Open-Source Intelligence (OSINT)
We’ll start gathering open-source intelligence by using Exploratory Link Analysis. Next, we’ll learn how to do data mining. After we have gathered information, we will start grouping information and building links using a tool called Maltego. Then we will learn how to analyse the links and relationships we have established to create new information and draw conclusions based on the information we have uncovered. We will end the lesson with a brief discussion about using OSINT to uncover a hacker’s identity.
Benefits of learning Cyber Security:
- Enhanced customer trust
- Computer security
- High salaries
- Rapid career growth
- Job security
- Protecting personal data
PREREQUISITE:
Let’s Confirm That You Are Prepared for This Course!
There are some prerequisite concepts that you should understand before starting this course to ensure that you have a successful experience with the material. In addition, there are some other concepts that are not necessarily required for this course but will be helpful as you continue in your Ethical Hacking career.
Essential Security Concepts
You should have a basic understanding of the CIA Triad:
- Confidentiality: protects our data against unauthorized access
- Integrity: protects our data and systems against any unauthorized alterations
- Availability: protects our data and systems against unauthorized destruction or other disruptions to an authorized user’s access
These three are the most fundamental goals of security.
You should also understand IAAA which is an acronym for
-
- Identification: a user must have an identity like a username.
- Authentication: a user should be able to prove the identity using authentication methods like a password.
- Authorization: a system should check for access rights before granting the user access.
- Auditing: everything the user does should be securely logged.
