SmartHb

Cyber Security (online)

Home

Courses

Infrastructure & Security

Cyber Security (online)

6 months duration
13 modules
Updated Apr 23, 2026
Infrastructure & Security
Cyber Security (online)
Recently Updated

Course Overview

Get to know what this course is all about and what you'll learn

Course Description

Master the complete cybersecurity workflow from reconnaissance to ethical exploitation with this comprehensive, practice-driven program. Learn core security concepts through networking fundamentals, Windows and Linux administration, vulnerability assessment, and structured hacking methodology while working inside a dedicated lab environment that mirrors real-world attack surfaces. This hands-on course combines defensive and offensive security techniques to prepare you for modern cybersecurity roles.

Through real-world exercises and guided simulations, you'll develop expertise in network exploitation, social engineering, web application penetration testing, and Active Directory attacks, as well as anonymity practices and dark web operations. You’ll also investigate advanced persistent threat (APT) behaviors and strengthen your ability to document findings through professional report writing. By completion, you'll confidently identify, exploit, and remediate vulnerabilities while demonstrating your skills and practical assessments.

What You'll Learn

This comprehensive program develops your expertise across the complete cybersecurity pipeline through integrated technical modules. You begin with foundational networking concepts and core Windows/Linux operating system administration, building the technical groundwork necessary for modern security operations and ethical hacking practices. You progress into structured hacking methodology, mastering reconnaissance, enumeration, scanning, and exploitation techniques while working within a controlled lab environment designed to simulate real-world attack surfaces. Vulnerability assessment skills follow as you learn to identify, analyze, and prioritize security flaws across networks, applications, and systems, ensuring you understand both offensive and defensive approaches.

Core cybersecurity tooling forms the program’s technical backbone as you explore network exploitation techniques, web application penetration testing, and advanced concepts such as Active Directory compromise and Advanced Persistent Threat (APT) strategies. Social engineering modules teach psychological manipulation tactics used in real attacks, while anonymity and dark web operations broaden your understanding of threat actor behavior and operational security. Capture The Flag (CTF) challenges sharpen your problem-solving skills and reinforce practical exploitation methods through hands-on scenarios that mirror real-life engagements.

This comprehensive approach ensures you understand not just how to execute attacks ethically, but how to evaluate, defend, and strengthen digital infrastructure against evolving threats. Each module integrates theoretical cybersecurity concepts with practical labs, culminating in capstone-style assessments where you perform full-scope penetration tests, document findings, and deliver professional security reports.

This program serves aspiring ethical hackers, IT professionals transitioning into cybersecurity, system administrators enhancing their security posture, and individuals seeking to build offensive and defensive security skills.

Course Curriculum

13 modules • Learn at your own pace • Hands-on experience

Course Modules

Master the fundamental tool that every professional developer uses daily. Learn to track changes, collaborate with others, and manage your code like a pro from the very beginning of your development journey.

What you'll learn

  • Understand version control concepts and why Git is essential for modern software development
  • Use GitHub effectively for remote repositories, collaboration, and showcasing your work to potential employers
  • Master Git basics including repositories, commits, branches, and merging for effective code management.
The foundation every cybersecurity professional must master. From the OSI model and TCP/IP stack to subnetting, DNS, NAT, routing, switching, and security devices like firewalls and IDS/IPS — with a first hands-on look at packet analysis in Wireshark. Hands-on project: Configure a simulated network topology in Cisco Packet Tracer with segmented VLANs, assign IP ranges, and document the network map.

What you'll learn

  • OSI Model and TCP/IP stack — layers, protocols, and how data flows
  • IP addressing, subnetting, CIDR blocks, and VLANs
  • DNS, DHCP, ARP, NAT — how the internet actually works
  • Routing and switching fundamentals (routers, switches, hubs)
  • Network topologies: LAN, WAN, MAN, and cloud networking
  • Firewalls, proxies, IDS/IPS — network security devices overview
  • Packet analysis introduction using Wireshark
Master the OS that runs most enterprise environments. Windows architecture, Active Directory, file system permissions, PowerShell administration, and the built-in defensive tooling every analyst needs at hand. Hands-on project: Set up a Windows Server VM, create user accounts with role-based permissions, and apply Group Policy restrictions.

What you'll learn

  • Windows architecture: kernel, registry, services, and processes
  • Active Directory basics — users, groups, and policies (GPO)
  • File system permissions: NTFS, ACLs, and sharing
  • Windows CLI and PowerShell essentials for administration
  • Task Manager, Event Viewer, and built-in diagnostic tools
  • Windows Firewall and Defender configuration
Command the operating system that runs the cloud and cybersecurity tools. Filesystem layout, essential CLI, permissions, shell scripting, scheduled tasks, package management, and log-driven system monitoring. Hands-on project: Write a shell script that performs automated server backups on a schedule, sends alert emails on failure, and logs all activity.

What you'll learn

  • Linux filesystem hierarchy: /, /etc, /var, /proc, /home
  • Essential CLI commands: ls, cd, chmod, chown, grep, find, curl
  • Users, groups, permissions, and sudo privilege management
  • Shell scripting: variables, loops, conditionals, and automation
  • Cron jobs, background processes, and systemd services
  • Package management: apt, yum, and pip
  • Log files and system monitoring (/var/log)
Build the defender's mindset before picking up offensive tools. The CIA triad, threat taxonomies, security frameworks, authentication models, cryptography basics, and risk-driven prioritisation. Hands-on project: Perform a basic threat model on a fictional company and present a risk matrix with recommended mitigations.

What you'll learn

  • CIA Triad: Confidentiality, Integrity, Availability
  • Types of threats: malware, social engineering, insider threats, APTs
  • Security frameworks: NIST CSF, ISO 27001, CIS Controls
  • Authentication models: MFA, SSO, and Zero Trust
  • Cryptography basics: symmetric, asymmetric, hashing, PKI
  • Risk management: threat modeling and vulnerability prioritization
Learn to think like an attacker — before the first packet is sent. Passive vs. active recon, OSINT tooling, DNS and certificate-transparency enumeration, social-media profiling, and the legal/ethical guardrails. Hands-on project: Conduct a full passive OSINT report on an assigned target domain — map subdomains, identify exposed employees, technologies, and potential attack vectors.

What you'll learn

  • Passive vs. active reconnaissance techniques
  • OSINT: Google dorking, Shodan, Maltego, and TheHarvester
  • WHOIS, DNS enumeration, and certificate transparency logs
  • Social media profiling and employee information gathering
  • Footprinting a target: subdomains, emails, and technologies
  • Legal and ethical boundaries of reconnaissance
Discover what's alive, open, and vulnerable on any network. Nmap deep-dive, scan-type trade-offs, service enumeration across SMB/SNMP/FTP/SSH/RDP, banner grabbing, OS fingerprinting, mass-scanning with Masscan, and evasion under firewall + IDS coverage. Hands-on project: Scan a lab network (TryHackMe/HackTheBox room), enumerate all open services, and produce a structured enumeration report.

What you'll learn

  • Nmap: host discovery, port scanning, service/version detection
  • Scan types: SYN, UDP, stealth, and aggressive scans
  • Service enumeration: SMB (Enum4linux), SNMP, FTP, SSH, RDP
  • Banner grabbing and OS fingerprinting
  • Network mapping with Netdiscover and Masscan
  • Evading firewalls and IDS during scanning
From finding weaknesses to proving they can be exploited. Nessus + OpenVAS scanning, CVE and CVSS literacy, Metasploit modules and payloads, manual exploitation, and the post-exploitation basics that decide whether a finding is academic or actionable. Hands-on project: Exploit a vulnerable machine (e.g., Metasploitable), document all findings with CVE references, and write a full assessment report with remediation recommendations.

What you'll learn

  • Vulnerability scanning with Nessus and OpenVAS
  • CVE, CVSS scoring, and vulnerability databases (NVD, Exploit-DB)
  • Metasploit Framework: modules, payloads, and sessions
  • Manual exploitation: buffer overflows, unpatched services
  • Post-exploitation fundamentals: persistence, lateral movement basics
  • Writing a professional vulnerability assessment report
Crack credentials, understand why passwords fail, and learn how to defend them. Storage formats and salting, dictionary attacks with Hashcat + John, custom wordlist generation, pass-the-hash, spraying vs. brute force, and credential dumping. Hands-on project: Capture and crack password hashes from a lab environment using multiple attack methods. Document the methodology and time-to-crack for each hash type.

What you'll learn

  • Password storage: plaintext, MD5, bcrypt, NTLM, and salting
  • Dictionary attacks with Hashcat and John the Ripper
  • Wordlist generation: CeWL, crunch, and custom rules
  • Pass-the-Hash and credential reuse attacks
  • Spraying vs. brute force — when to use each
  • Credential dumping: Mimikatz, secretsdump
Go from low-privilege shell to full system control — on both Windows and Linux. SUID/SGID + cron abuse, sudo misconfigurations, unquoted paths, token impersonation, automated enumeration with LinPEAS/WinPEAS, kernel exploits, and persistence patterns. Hands-on project: Complete a privilege escalation challenge box on TryHackMe or HackTheBox. Write a full walkthrough documenting every step from initial foothold to root/SYSTEM.

What you'll learn

  • Linux PrivEsc: SUID/SGID binaries, writable cron jobs, sudo misconfigurations
  • Windows PrivEsc: unquoted service paths, weak registry permissions, token impersonation
  • Automated enumeration: LinPEAS, WinPEAS, and PowerUp
  • Kernel exploits: identification and safe usage
  • Abusing sudo rules and PATH hijacking
  • Maintaining access: scheduled tasks, startup scripts, and backdoors
Run and defend against phishing — the #1 attack vector in the real world. Phishing taxonomies, GoPhish campaign mechanics, pretext design, email-spoofing bypass of SPF/DKIM/DMARC, campaign analytics, and awareness training design. Hands-on project: Design and execute a controlled phishing simulation for a fictional company. Analyse results and produce a security awareness training recommendation report.

What you'll learn

  • Phishing types: spear phishing, vishing, smishing, and whaling
  • Building phishing campaigns with GoPhish
  • Crafting convincing pretexts and lure documents
  • Email spoofing techniques: SPF, DKIM, and DMARC bypass
  • Tracking campaign success: open rates, click rates, credential captures
  • Employee awareness training design
Attack and defend the web — the most targeted surface in modern security. OWASP Top 10 end to end, manual + automated SQLi, XSS variants, broken auth and session hijacking, IDOR, SSRF, path traversal, Burp Suite tradecraft, and REST + GraphQL API testing. Hands-on project: Complete the PortSwigger Web Security Academy labs for SQL Injection and XSS. Write up findings in professional bug bounty format for each vulnerability exploited.

What you'll learn

  • OWASP Top 10 — theory, exploitation, and remediation for each
  • SQL Injection: manual and automated (sqlmap), blind SQLi
  • Cross-Site Scripting (XSS): reflected, stored, DOM-based
  • Broken authentication, session hijacking, and CSRF
  • IDOR, path traversal, and SSRF vulnerabilities
  • Burp Suite: intercepting, modifying, and repeating requests
  • API security testing: REST and GraphQL
Embed security into every stage of the development pipeline. Shift-left mindset, SAST with Semgrep + Bandit, DAST with OWASP ZAP, SCA with Snyk + Dependabot, secrets management, container scanning with Trivy, and IaC checks for Terraform via Checkov. Hands-on project: Build a secure CI/CD pipeline in GitHub Actions for a sample application — integrate SAST, dependency scanning, and Docker image scanning. Produce a pipeline security report.

What you'll learn

  • DevSecOps principles: shift-left security and the CI/CD pipeline
  • Static Application Security Testing (SAST): Semgrep, Bandit
  • Dynamic Application Security Testing (DAST): OWASP ZAP
  • Software Composition Analysis (SCA): Snyk, Dependabot
  • Secrets management: Vault, environment variables, and .gitignore hygiene
  • Container security: Docker image scanning with Trivy
  • Infrastructure as Code (IaC) security: Terraform and Checkov