Week
1: Computer & Networking Basics
- Monday:
Computer basics (OS, files, hardware/software) – practice creating
folders, files, and command line commands.
- Tuesday:
Networking fundamentals (IP, TCP/IP, HTTP/HTTPS) – practice ping and tracert.
- Wednesday:
Network devices (routers, switches, modems) – draw network diagrams, check
connected devices.
- Thursday:
Network security basics (firewalls, VPNs) – enable firewall, configure
rules, try VPN.
- Friday:
Test – theory + practical (configure firewall, ping test).
- Saturday & Sunday: Free / revision.
Absolutely! Let’s create a full,
detailed Week 1 teaching note in a student-friendly format,
explaining everything you need to know, including concepts, practicals, and
examples. I will write it as if a student is taking notes for studying.
Week 1: Computer & Networking Basics – Student
Notes
Absolutely! Let’s rewrite Monday: Computer Basics using student-centered teaching methods, with simple language, practicals, and how-to steps so that students can actively learn and do the exercises themselves.
Monday: Computer Basics (OS, Files, Hardware/Software)
1. Operating System (OS)
Definition:
An Operating System (OS) is software that controls and manages
all the hardware (like CPU, RAM, hard drive) and software (apps) on a computer.
Examples:
· Windows
· Linux
· macOS
Functions of an OS:
1. Controls hardware: Makes sure CPU, memory, and storage work properly.
2. Provides a user interface: Lets users interact with the computer using GUI (windows, icons, menus) or Command Line.
3. Manages files and applications: Helps save, open, and organize files.
4. Handles security: Controls user access and permissions.
Why We Learn It:
· Understanding the OS helps you use the computer efficiently.
· Helps you install, troubleshoot, and manage software.
Where We Use It:
· Every computer, laptop, or server you work on.
· Smartphones and tablets (mobile OS like Android, iOS).
How (Practical Student-Centered Work):
1. Exploring OS GUI:
o Open your computer. Explore start menu, taskbar, file explorer.
o Identify where apps are installed and how to open files.
2. Command Line Practice:
o Open Command Prompt (Windows) or Terminal (Linux/macOS).
o
Try commands like:
§ dir / ls → lists files in a folder
§ cd folder_name → change
directory
§ mkdir testfolder →
create a new folder
§ rmdir testfolder →
remove a folder
3. Reflection:
o Ask: “How does the OS help me find and open a file?”
o Discuss with a partner and write one example.
2. Files and Folders
Definition:
Files are digital documents (like Word, PDF, images), and folders are
containers that organize files.
Why We Learn It:
· To store, find, and manage data easily.
Where We Use It:
· School assignments, business documents, photos, apps, and project files.
How (Practical Student-Centered Work):
1. Creating Files and Folders:
o Create a folder on Desktop called “MyPractice”
o
Inside it, create 3 files:
§ notes.txt
§ assignment.docx
§ data.xlsx
2. Moving Files:
o
Drag notes.txt into a new folder called “Notes”
inside MyPractice.
3. Renaming and Deleting:
o
Rename assignment.docx → assignment_week1.docx
o
Delete data.xlsx and check recycle bin.
4. Reflection:
o Discuss why organizing files in folders is helpful.
3. Hardware vs Software
Definition:
· Hardware: Physical parts of the computer (keyboard, CPU, monitor, hard drive)
· Software: Programs or apps that tell the hardware what to do (Word, Chrome, games)
Why We Learn It:
· To understand the tools we work with and troubleshoot problems.
Where We Use It:
· All devices, from laptops to ATMs, use hardware and software together.
How (Practical Student-Centered Work):
1. Identify Hardware:
o Look at your computer/laptop and list at least 5 hardware parts.
2. Identify Software:
o List at least 5 apps or programs installed on your machine.
3. Reflection:
o Ask: “If one hardware part fails, what software feature will stop working?”
Friday Mini-Test (Theory + Practical)
Theory Questions:
1. What is an Operating System (OS)? Give 2 examples.
2. List 2 functions of an OS.
3. Define files and folders.
4. Give 2 examples of hardware and 2 examples of software.
Practical Tasks:
1. Create a folder called “Week1Practice” on Desktop.
2. Inside
it, create 3 files: file1.txt,
file2.docx, file3.xlsx.
3. Move
file1.txt into a
new folder called “Notes” inside Week1Practice.
4. Open
Command Prompt or Terminal and use:
o
mkdir
LabFolder → create a folder
o
cd
LabFolder → enter folder
o
dir
/ ls → list files
Perfect! Let’s do Tuesday: Networking Fundamentals in full student-centered, detailed style, just like Monday, with practicals, how-to steps, reflections, and Friday mini-test.
Tuesday: Networking Fundamentals (IP, TCP/IP, HTTP/HTTPS)
1. Introduction to Networking
Definition:
A network is a group of two or more computers connected
together to share resources like files, internet, or printers.
Why We Learn It:
· Networking is the backbone of all internet and computer communication.
· Helps us understand how devices talk to each other.
Where We Use It:
· Home Wi-Fi, offices, schools, hospitals, and data centers.
How (Practical Student-Centered Work):
1. Check your Wi-Fi or LAN connection.
2. Identify all devices connected to the same network (e.g., laptop, phone, printer).
3. Draw a small diagram showing your network at home or school.
2. IP Address
Definition:
An IP address is a unique number assigned to every device on a
network so they can communicate.
Examples:
·
IPv4: 192.168.1.2
·
IPv6: 2001:0db8:85a3:0000:0000:8a2e:0370:7334
Why We Learn It:
· Helps us locate devices on a network.
· Important for troubleshooting network problems.
Where We Use It:
· Accessing websites, sending files, or connecting devices over LAN/Wi-Fi.
How (Practical Student-Centered Work):
1. Find your IP address:
o
Windows: ipconfig in Command Prompt
o
Linux/macOS: ifconfig or ip a in Terminal
2. Identify the IPv4 address, Subnet Mask, and Default Gateway.
3. Write down your results and discuss what each value represents.
3. TCP/IP (Transmission Control Protocol / Internet Protocol)
Definition:
TCP/IP is the set of rules that computers use to communicate
over the internet.
Why We Learn It:
· TCP/IP is the standard for networking and allows data to travel safely between devices.
· Helps understand how websites and apps send/receive data.
Where We Use It:
· Internet browsing, emails, messaging apps, online games.
How (Practical Student-Centered Work):
1. Open Command Prompt / Terminal.
2. Test network connection with ping:
o
Example: ping google.com → checks if your computer can reach
Google.
3. Test route of data with tracert / traceroute:
o
Example: tracert google.com (Windows) or traceroute google.com (Linux/macOS)
4. Discuss: How many “hops” does data take to reach Google? What does each hop mean?
4. HTTP / HTTPS
Definition:
· HTTP (Hypertext Transfer Protocol): Protocol used to send web pages over the internet.
· HTTPS (HTTP Secure): Same as HTTP but encrypted for security.
Why We Learn It:
· Understand safe vs unsafe websites.
· Learn why HTTPS protects data from hackers.
Where We Use It:
· Browsing websites, online banking, e-commerce, social media.
How (Practical Student-Centered Work):
1. Open
a browser and visit:
o
http://example.com
(not secure)
o
https://example.com
(secure)
2. Look for the padlock icon in the browser address bar.
3. Discuss: What information is safe with HTTPS and what could be at risk with HTTP?
5. Reflection and Discussion
· Ask students: “How does your IP address help your device communicate?”
· Discuss “Why is HTTPS important for online banking?”
· Encourage peer discussion on network safety and secure websites.
Friday Mini-Test (Theory + Practical)
Theory Questions:
1. Define a network and give two examples.
2. What is an IP address? Mention two types.
3. Explain TCP/IP in simple words.
4. Difference between HTTP and HTTPS.
5. Why is networking important for computers?
Practical Tasks:
1. Find your computer’s IP address and subnet mask.
2. Use
ping to test
connection to google.com.
3. Use
tracert / traceroute
to see data hops to a website.
4. Identify one HTTP website and one HTTPS website; explain which is safer.
✅ End-of-Day Goal
By the end of Tuesday, students should be able to:
· Explain what a network is and its purpose.
· Identify their device’s IP address and understand TCP/IP basics.
· Differentiate HTTP and HTTPS and understand secure browsing.
· Practice pinging and tracing routes for network troubleshooting.
Perfect! 🌟
Here’s Wednesday: Network Devices in full
student-centered detail with practicals, reflections, and
Friday mini-test.
Wednesday: Network Devices (Routers, Switches, Modems)
1. Introduction to Network Devices
Definition:
Network devices are hardware that connect computers and other devices
to form a network.
Why We Learn It:
· To understand how devices communicate in a network.
· To know how to troubleshoot network problems.
Where We Use It:
· Homes, offices, schools, internet cafes, data centers.
Examples of Network Devices:
1. Router – Connects multiple networks and directs data between them.
2. Switch – Connects devices within a local network (LAN).
3. Modem – Connects your network to the internet.
2. Routers
Definition:
A router directs data between devices and networks. It allows
multiple devices to share an internet connection.
Why We Use It:
· To connect a home or office network to the internet.
· To allow devices to communicate within and outside the network.
Where We Use It:
· Home Wi-Fi networks, offices, schools.
How (Practical Student-Centered Work):
1. Identify your home router.
2. Open
a web browser and type the router’s IP (usually 192.168.1.1).
3. Login (ask your teacher or parent for credentials).
4. Observe settings: SSID (network name), connected devices, security type.
5. Count how many devices are connected.
Reflection:
· Discuss: “What would happen if the router stops working?”
3. Switches
Definition:
A switch connects multiple devices on the same network and
ensures data reaches the correct device.
Why We Use It:
· To expand a local network without affecting speed.
· Efficiently directs traffic between devices.
Where We Use It:
· Offices, computer labs, data centers.
How (Practical Student-Centered Work):
1. If available, connect 2–3 computers to a switch.
2. Share a small file between devices to see data flow.
3. Observe: How fast does the file transfer happen?
Reflection:
· Discuss: “Why is a switch better than connecting all devices directly with cables?”
4. Modems
Definition:
A modem connects your local network to your Internet Service
Provider (ISP) and converts digital signals to analog (and vice versa).
Why We Use It:
· Without a modem, devices cannot access the internet.
Where We Use It:
· Homes, offices, internet cafes.
How (Practical Student-Centered Work):
1. Identify your modem (often combined with a router).
2. Check the lights: Power, DSL/Internet, Wi-Fi, LAN.
3. Discuss what each light indicates.
Reflection:
· Ask: “What could cause the internet to go down?”
· Write at least 2 possible causes (e.g., modem issue, ISP problem).
5. Student-Centered Activity: Draw a Network Diagram
Objective: Understand how network devices work together.
How (Practical Work):
1. Draw your home or lab network. Include:
o Modem → Router → Switch → Computers/Devices
2. Label all devices and connections.
3. Discuss: Which devices handle local traffic and which handle internet traffic?
Friday Mini-Test (Theory + Practical)
Theory Questions:
1. What is a router and why is it important?
2. Define a switch and give an example of where it is used.
3. What is a modem’s main purpose?
4. List 2 differences between a switch and a router.
5. Why is it important to know your network devices?
Practical Tasks:
1. Identify your home or school router, switch, and modem.
2. Draw a simple diagram showing how they are connected.
3. Check connected devices on your router. List at least 3.
4. Explain in one paragraph: “What happens if one network device fails?”
✅ End-of-Day Goal
By the end of Wednesday, students should be able to:
· Identify routers, switches, and modems.
· Explain how each device works and where it is used.
· Draw a simple network diagram showing connections.
· Conduct basic practicals to observe network device functionality.
Perfect! Let’s rewrite Thursday: Network Security Basics and Friday Test / Weekend Revision in a student-centered, full detailed style, with practicals, how-to steps, reflections, and simple explanations.
Thursday: Network Security Basics (Firewalls & VPNs)
1. Firewall
Definition:
A firewall is software or hardware that blocks
unauthorized access to your computer or network while allowing safe
communication.
Examples:
· Windows Defender Firewall (Windows)
· UFW (Uncomplicated Firewall) on Linux
Why We Learn It:
· Protects computers from hackers and malicious programs.
· Controls what apps or ports can send/receive data.
Where We Use It:
· Personal computers, corporate networks, servers, home routers.
How (Practical Student-Centered Work):
1. Enable Firewall:
o Windows:
§ Go to Control Panel → Windows Defender Firewall → Turn On
o Linux:
§ Open
terminal → sudo ufw enable
2. Configure Rules:
o Allow or block apps or ports.
o Example: Block port 80 to test blocking web traffic:
§ Linux:
sudo ufw deny 80
§ Windows: Use “Advanced Settings” → New Rule → Block Port
3. Reflection:
o Ask: “What happens if we don’t have a firewall?”
o Discuss with a partner why blocking unauthorized access is important.
2. VPN (Virtual Private Network)
Definition:
A VPN creates a secure, encrypted connection
over the internet. It hides your IP address and protects your data from
hackers.
Why We Learn It:
· Keeps your online activities private, especially on public Wi-Fi.
· Prevents hackers from stealing sensitive information.
Where We Use It:
· Public Wi-Fi (cafes, airports)
· Remote work for companies
· Accessing restricted websites safely
How (Practical Student-Centered Work):
1. Install and Use a VPN:
o Download a free VPN like ProtonVPN
o Connect to a server
o Check your IP address before and after connecting → it should change
2. Test Data Security:
o Visit a public Wi-Fi and check if your connection is encrypted via VPN
3. Reflection:
o Discuss: “How does a VPN make browsing safer?”
o Write one example of where you would use a VPN.
Friday: Test – Theory + Practical
Theory Questions:
1. Explain the difference between hardware and software.
2. What is an IP address and why is it important?
3. Name three network devices and describe their functions.
4. Why are firewalls and VPNs important in cybersecurity?
Practical Exercises:
1. Create a folder and file using command line:
o
Windows CMD: mkdir Week1Lab → cd Week1Lab → echo Hello > test.txt
o
Linux Terminal: mkdir Week1Lab → cd Week1Lab → touch test.txt
2. Ping
a website:
o
ping
google.com → note response time
3. Enable Firewall and block a test application:
o Windows: Control Panel → Windows Defender Firewall → Block an app
o
Linux: sudo ufw deny 80
Saturday & Sunday: Free / Revision
Activities:
· Review all Week 1 lessons:
o Computer basics (OS, files, hardware/software)
o Networking fundamentals (IP, TCP/IP, HTTP/HTTPS)
o Network devices (router, switch, modem)
o Firewalls and VPNs
· Practice hands-on exercises:
o Create folders/files, ping websites, check connected devices, enable firewall, connect VPN.
· Rest and prepare for Week 2 topics: Cybersecurity Foundations
✅ Outcome after Week 1
By the end of Week 1, students should:
· Understand computer basics, operating systems, files, and hardware/software.
· Know networking fundamentals and can identify IP addresses, TCP/IP, HTTP/HTTPS.
· Recognize network devices and their functions.
· Gain hands-on experience with command line commands, network testing, firewalls, and VPNs.
· Be ready for more advanced cybersecurity topics in Week 2.
Week
2: Cybersecurity Foundations
- Monday:
CIA Triad – confidentiality, integrity, availability – practice passwords,
backups, uptime monitoring.
- Tuesday:
Types of cyber attacks (malware, phishing, ransomware, SQL injection) –
study case studies, simulate phishing safely.
- Wednesday:
Authentication & authorization – enable 2FA, create user roles.
- Thursday:
Security policies & best practices – create password policy, backup
policy.
- Friday:
Test – scenario-based practical and theory.
- Saturday & Sunday: Free / revision.
Absolutely! Here’s Week 2: Cybersecurity Foundations written as detailed student notes, with explanations, practical examples, and Friday test included.
Week 2: Cybersecurity Foundations – Student Notes
Monday: CIA Triad – Confidentiality, Integrity, Availability
1. What it is:
The CIA Triad is the foundation of cybersecurity:
· Confidentiality: Protecting data so only authorized people can access it.
· Integrity: Ensuring data is accurate and has not been tampered with.
· Availability: Ensuring data and systems are accessible when needed.
2. Why it’s important:
· Helps protect sensitive information from unauthorized access.
· Ensures that the system and data remain reliable and available.
3. Practical – How to practice:
1. Confidentiality:
o
Create strong passwords (example: P@ssw0rd123!)
o
Encrypt a file (Windows: Right-click →
Properties → Encrypt; Linux: use gpg -c
file.txt)
2. Integrity:
o Make a backup of a document and verify it hasn’t changed
o
Use checksums (Linux: sha256sum file.txt) to check file
integrity
3. Availability:
o Monitor system uptime
o Test restoring data from backup to ensure availability
Tuesday: Types of Cyber Attacks
1. What it is:
Common types of cyber attacks include:
· Malware: Software designed to harm computers (viruses, worms, trojans)
· Phishing: Fake emails/websites tricking users into giving sensitive info
· Ransomware: Malware that locks files and demands payment
· SQL Injection: Attackers manipulate website databases by injecting malicious code
2. Why it’s important:
· Knowing attacks helps you prevent them and secure systems.
3. Practical – How to practice:
1. Study case studies: Read examples of malware or phishing attacks.
2. Simulate phishing safely:
o Create a fake email in a test lab environment
o Send it to a test account
o Identify red flags (suspicious links, poor grammar)
3. Observe effects of malware in a sandbox lab:
o Use virtual machines to safely run infected files and see what happens
Wednesday: Authentication & Authorization
1. What it is:
· Authentication: Verifying a user’s identity (passwords, biometrics)
· Authorization: Granting permissions based on user roles (what a user can/can’t do)
2. Why it’s important:
· Prevents unauthorized access and ensures only the right users can access sensitive data.
3. Practical – How to practice:
1. Enable 2FA (Two-Factor Authentication):
o Gmail example: Settings → Security → 2-Step Verification → Follow instructions
2. Create user roles on a system:
o Windows: Control Panel → User Accounts → Add user → Assign roles (Admin, Standard)
o
Linux: sudo
adduser student → sudo
usermod -aG sudo student
3. Test access permissions:
o Log in with different users and verify what each user can access
Thursday: Security Policies & Best Practices
1. What it is:
· Security Policies: Rules to protect data and systems in an organization
· Examples: Password policies, backup policies, access policies
2. Why it’s important:
· Ensures everyone follows rules that protect the system
· Helps prevent attacks and data loss
3. Practical – How to practice:
1. Create a password policy:
o Minimum 8 characters, include uppercase, lowercase, numbers, symbols
o
Example: P@ssword2025!
2. Create a backup policy:
o Schedule daily or weekly backups
o Store backups in multiple locations (cloud + external drive)
3. Enforce rules on a system:
o Windows: Group Policy → Password Policy
o
Linux: Edit /etc/login.defs
for password rules
Friday: Test – Theory + Practical
Theory Questions:
1. Explain the CIA Triad and give one example of each.
2. List four types of cyber attacks and briefly describe them.
3. What is the difference between authentication and authorization?
Practical Exercises:
1. Create a strong password that meets policy requirements.
2. Enable 2FA on an email account.
3. Make a backup of a file and check its integrity using a checksum.
Saturday & Sunday: Free / Revision
· Review CIA Triad, types of attacks, and authentication concepts.
· Practice creating strong passwords, enabling 2FA, and making backups.
· Rest and prepare for Week 3.
✅ Outcome after Week 2:
· Understand the CIA Triad and its application in cybersecurity.
· Know common cyber attacks and how to prevent them.
· Implement authentication, authorization, and basic security policies in practical environments.
Week
3: Tools & Hands-On Security
- Monday:
Linux & command line basics – practice ls, cd, chmod, sudo.
- Tuesday:
Wireshark – capture network traffic, filter by IP/protocol.
- Wednesday:
Nmap – scan network, check open ports.
- Thursday:
Metasploit basics – safe lab exploitation.
- Friday:
Test – practical exercises using Linux commands, Nmap, Wireshark.
- Saturday & Sunday: Free / revision.
Absolutely! Here’s Week 3: Tools & Hands-On Security written as detailed student notes, with explanations, practical examples, and Friday test included.
Week 3: Tools & Hands-On Security – Student Notes
Monday: Linux & Command Line Basics
1. What it is:
· Linux: An open-source operating system widely used in cybersecurity.
· Command Line (CLI): A text-based interface to interact with the system.
2. Why it’s important:
· Many cybersecurity tools and servers run on Linux.
· CLI allows you to perform tasks faster and access powerful tools.
3. Practical – How to practice:
1. List files in a directory:
2.ls
3. Navigate directories:
4.cd foldername # Enter folder
5.cd .. # Go back one level
6. Change permissions:
7.chmod 755 file.txt # Gives read/write/execute to owner, read/execute to others
8. Run commands as admin:
9.sudo apt update # Updates system packages
10. Create a new file:
11.touch newfile.txt
Tuesday: Wireshark – Capture Network Traffic
1. What it is:
· Wireshark is a network protocol analyzer.
· It captures packets of data traveling over the network and lets you analyze them.
2. Why it’s important:
· Helps you detect suspicious traffic and understand network behavior.
3. Practical – How to practice:
1. Install Wireshark:
o Windows/Linux: Download from Wireshark.org
2. Capture traffic:
o Open Wireshark → Select network interface → Start capture
3. Filter by IP/protocol:
o
Example: ip.addr
== 192.168.1.10 (filter traffic to/from this IP)
o
Example: http
(filter HTTP traffic)
4. Analyze traffic:
o Look for unusual requests, repeated attempts, or strange destinations
Wednesday: Nmap – Scan Network
1. What it is:
· Nmap is a network scanning tool.
· It discovers devices on a network and identifies open ports and services.
2. Why it’s important:
· Helps find vulnerabilities on devices connected to the network.
3. Practical – How to practice:
1. Scan a single device:
2.nmap 192.168.1.5
3. Scan an entire network:
4.nmap -sn 192.168.1.0/24
5. Check open ports and services:
6.nmap -sV 192.168.1.5
7. Observe results:
o Identify which ports are open (e.g., 22 for SSH, 80 for HTTP)
Thursday: Metasploit Basics – Safe Lab Exploitation
1. What it is:
· Metasploit is a penetration testing framework.
· It allows you to safely simulate attacks to test vulnerabilities.
2. Why it’s important:
· Helps understand how attackers exploit systems.
· Learning safe exploitation prepares you for ethical hacking.
3. Practical – How to practice:
1. Start Metasploit:
2.msfconsole
3. Search for exploits:
4.search vsftpd
5. Select and configure exploit:
6.use exploit/unix/ftp/vsftpd_234_backdoor
7.set RHOST 192.168.1.10
8.run
9. Practice safely in a virtual lab:
o Always use virtual machines to avoid harming real systems
Friday: Test – Theory + Practical
Theory Questions:
1. What is Linux and why is it widely used in cybersecurity?
2. Explain the purpose of Wireshark and Nmap.
3. What is Metasploit and why should you use it in a safe lab?
Practical Exercises:
1. Use Linux CLI to create a folder, create a file, and change file permissions.
2. Capture network traffic with Wireshark and filter by IP.
3. Scan your local network with Nmap and identify open ports.
Saturday & Sunday: Free / Revision
· Review Linux commands, Wireshark filters, and Nmap scans.
· Practice creating files, changing permissions, and analyzing traffic in Wireshark.
· Rest and prepare for Week 4.
✅ Outcome after Week 3:
· Able to use Linux commands confidently.
· Can capture and analyze network traffic with Wireshark.
· Can scan networks with Nmap and identify vulnerabilities.
· Understand basic penetration testing with Metasploit in a safe environment.
Week
4: Security Practices
- Monday:
Encryption & cryptography – encrypt/decrypt files.
- Tuesday:
Patch management – apply system/software updates.
- Wednesday:
Security monitoring – check logs, configure alerts.
- Thursday:
Backup & recovery – create backup, simulate restoration.
- Friday:
Test – practical + theory exercises.
- Saturday & Sunday: Free / revision.
Absolutely! Here’s Week 4: Security Practices in detailed student-note format, including explanations, practical “how-to” exercises, and Friday test.
Week 4: Security Practices – Student Notes
Monday: Encryption & Cryptography
1. What it is:
· Encryption: Converting readable data into unreadable format using a key so only authorized users can read it.
· Cryptography: The science of protecting data using codes and algorithms.
2. Why it’s important:
· Protects sensitive data from unauthorized access.
· Ensures data privacy, even if it’s stolen.
3. Practical – How to practice:
1. Encrypt a file in Windows:
o Right-click file → Properties → Advanced → Encrypt contents to secure data → OK
2. Encrypt a file in Linux using GPG:
3.gpg -c secret.txt # Encrypt file, you’ll be prompted for a password
4.gpg secret.txt.gpg # Decrypt file
5. Test encryption:
o Try opening the encrypted file without the key/password → it should be unreadable.
Tuesday: Patch Management
1. What it is:
· Patch management: Process of updating software and systems to fix vulnerabilities, bugs, or security issues.
2. Why it’s important:
· Unpatched systems are easy targets for hackers.
· Keeps software stable and secure.
3. Practical – How to practice:
1. Windows:
o Settings → Update & Security → Check for updates → Install updates
2. Linux:
3.sudo apt update
4.sudo apt upgrade
5. Check software versions:
o
Confirm updates are applied using apt list --upgradable (Linux) or check
version in software settings.
Wednesday: Security Monitoring
1. What it is:
· Monitoring logs and system events to detect suspicious activity.
2. Why it’s important:
· Helps identify attacks early before they cause major damage.
3. Practical – How to practice:
1. Check logs in Windows:
o Event Viewer → Windows Logs → Security/System → Look for unusual events
2. Check logs in Linux:
3.tail -f /var/log/auth.log # Check login attempts
4.tail -f /var/log/syslog # Check system events
5. Configure alerts:
o
Linux: Use fail2ban
to detect repeated failed login attempts and block them automatically.
o Windows: Configure notifications in Event Viewer for critical security events.
Thursday: Backup & Recovery
1. What it is:
· Backup: Creating a copy of important data.
· Recovery: Restoring data in case of loss, corruption, or attack.
2. Why it’s important:
· Ensures data is safe during hardware failure, ransomware attacks, or accidental deletion.
3. Practical – How to practice:
1. Create a backup in Windows:
o Control Panel → Backup and Restore → Create a system image or file backup
2. Create a backup in Linux:
3.cp important.txt /path/to/backup/
4.tar -cvzf backup.tar.gz /path/to/folder
5. Simulate recovery:
o Delete original file → restore from backup → verify content is intact
Friday: Test – Theory + Practical
Theory Questions:
1. Explain the difference between encryption and cryptography.
2. Why is patch management important in cybersecurity?
3. What is security monitoring and how does it help?
4. Explain backup and recovery and give an example.
Practical Exercises:
1. Encrypt a file and then decrypt it.
2. Apply a software/system update on Windows or Linux.
3. Check system logs and identify one unusual activity.
4. Create a backup of a file and restore it.
Saturday & Sunday: Free / Revision
· Review encryption, patching, monitoring, and backup techniques.
· Practice encrypting files, checking logs, and creating/restoring backups.
· Rest and prepare for Week 5.
✅ Outcome after Week 4:
· Understand encryption and cryptography and how to protect sensitive data.
· Learn how to apply software updates to fix vulnerabilities.
· Monitor systems to detect suspicious activity.
· Create backups and perform data recovery exercises.
Week
5: Ethical Hacking & Penetration Testing
- Monday:
Reconnaissance – use whois, nslookup, Shodan in lab.
- Tuesday:
Scanning & enumeration – scan network, enumerate users.
- Wednesday:
Exploitation basics – simulate attacks in safe lab.
- Thursday:
Post-exploitation & reporting – summarize lab findings.
- Friday:
Test – scenario-based lab: scan network, find vulnerabilities,
report
Great — here’s Week 5: Ethical Hacking & Penetration Testing written as detailed student notes. It's in simple language, with what, why, how, safe commands, and a Friday practical test. Follow it step‑by‑step in a lab (never on real networks you don't own or have permission to test).
Week 5: Ethical Hacking & Penetration Testing – Student Notes
Important safety & legal note (read first)
Ethical hacking must be done only on systems you own or have explicit permission to test (e.g., your lab VM, an intentionally vulnerable VM like Metasploitable, or a CTF platform). Unauthorized scanning, exploitation, or probing of other people's systems is illegal.
Monday — Reconnaissance (Information Gathering)
What: Reconnaissance (recon) means collecting information about a target (domain, IP, company) before testing. This is the first step of any penetration test.
Why:
· To learn what services, domains, and public information exist.
· To find potential weak points without touching the target directly (passive recon).
How / Practical tools & steps (safe lab):
1. whois — get domain registration info:
2.whois example.com
What you learn: registrar, registration date, name servers, contact emails (sometimes).
3. nslookup / dig — DNS information:
4.nslookup example.com
5.# or
6.dig example.com
What you learn: A records (IP), MX (mail servers), TXT (SPF), subdomains.
7. Shodan (web) — search internet-connected devices:
o Go to shodan.io (use lab or free account).
o
Search for example IPs or device types (e.g.,
"apache", "ftp").
What you learn: Exposed services, banners, device types.
8. Passive OSINT:
o Check Google, LinkedIn, GitHub for public info about the target (only in lab/test scope).
o
Use curl
to check headers:
ocurl -I https://example.com
Notes & tips:
· Record findings in a notes file (targets, IPs, domains discovered).
· Passive recon does not interact with the target heavily — it is low/no risk.
Tuesday — Scanning & Enumeration
What: Scanning and enumeration means actively probing a target to find live hosts, open ports, and services. Enumeration digs deeper (usernames, shares, version banners).
Why:
· To map attack surface: which ports/services are open and might be vulnerable.
· Enumeration provides details attackers use to plan exploits (e.g., software versions).
How / Practical tools & steps (lab):
1. Ping sweep (discover live hosts):
2.nmap -sn 192.168.56.0/24
Shows which IPs respond.
3. Port scan (find open ports):
4.nmap -sS -p- 192.168.56.101
o
-sS
TCP SYN scan, -p- all ports.
o Or a quicker service scan:
onmap -sV -sC 192.168.56.101
-sV
detects service/version, -sC
runs default scripts.
5. Service enumeration: once you know a port is open, probe the service:
o SSH (22): try banner, version, or brute-force only with permission.
o
HTTP (80/443): use a browser, curl, or a web scanner.
ocurl -I http://192.168.56.101
o
SMB (445): enumerate shares (use smbclient):
osmbclient -L //192.168.56.101 -N
6. Web enumeration tools (for lab web apps):
o dirb/dirbuster or gobuster to find files/folders:
ogobuster dir -u http://192.168.56.101 -w /usr/share/wordlists/dirb/common.txt
Notes & tips:
·
Save Nmap scan outputs: nmap -oA scan1 192.168.56.101 creates
files you can review.
· Keep an inventory of open ports and detected service versions — important for exploitation planning.
Wednesday — Exploitation Basics (Safe Lab)
What: Exploitation is using an identified vulnerability to get access (e.g., remote shell). In ethical hacking, this is only in controlled labs.
Why:
· To demonstrate the impact of vulnerabilities and learn how to fix them.
· To practice safe remediation steps later.
How / Practical tools & steps (lab):
1. Choose a lab target (e.g., Metasploitable VM). Confirm IP, open ports, and services from previous scans.
2. Search for known exploits (Metasploit search as example):
3.msfconsole
4.search vsftpd
In Metasploit: use exploit/module_name, then show options to set RHOST, etc.
5. Exploit
with care:
Example (metasploit flow):
6.use exploit/unix/ftp/vsftpd_234_backdoor
7.set RHOST 192.168.56.101
8.run
If successful, you may get a shell. Only use in lab.
9. Manual exploitation learning:
o For web vuln (e.g., SQLi), use safe payloads on lab web app and observe results. Tools: sqlmap (lab only).
osqlmap -u "http://192.168.56.101/vuln.php?id=1" --batch
Post-exploit hygiene:
· Document exactly what you did, commands run, and outcomes.
· Do not break the lab VM or delete critical files unless your exercise requires it.
Thursday — Post-Exploitation & Reporting
What: Post‑exploitation is actions taken after gaining access (collecting evidence, pivoting). Reporting is summarizing findings and remediation steps.
Why:
· To understand attacker actions and measure the damage possible.
· To create clear reports so defenders can fix issues.
How / Practical tasks (lab & reporting):
1. Post-exploitation actions (lab):
o
List users: cat
/etc/passwd (Linux) or net
user (Windows).
o Check for credential files: search home directories.
o
Dump basic system info: uname -a, ip a, ps aux.
2. Privilege escalation (lab): attempt safe methods to gain higher privileges (only in lab). Search for SUID files, weak sudo entries, kernel exploits — but only on your VM.
3. Evidence collection: Save output of important commands to files:
4.uname -a > /tmp/uname.txt
5.id > /tmp/whoami.txt
6. Write a short report (structure):
o Summary: what you tested and why.
o Scope: IPs/hosts tested.
o Findings: vulnerabilities discovered (port, service, CVE if known).
o Impact: what an attacker could do.
o Evidence: command outputs, screenshots.
o Remediation: clear steps (patch version, disable service, change config).
o Risk level: Low/Medium/High.
Report example entry:
· Finding: FTP server (vsftpd 2.3.4) backdoor.
· Impact: Remote shell possible.
· Evidence: Nmap output + Metasploit session ID.
· Remediation: Upgrade vsftpd to patched version; block external FTP if not needed.
Friday — Test (Scenario-based practical & theory)
Theory Questions (short):
1. What is the difference between reconnaissance and scanning?
2. Why must penetration testing be done only with permission?
3. Name two common post-exploitation tasks.
Practical Scenario (lab):
You are given a lab network (e.g., 192.168.56.0/24). Perform the following and
prepare a short report:
1. Recon:
Use whois and nslookup (or equivalent lab tools) on
the lab domain and record findings.
2. Scan:
Run an Nmap ping sweep nmap -sn
and a service scan nmap -sV
on a discovered host. Save the output.
3. Enumerate:
If host runs a web server, run gobuster
or dirb to find hidden
directories.
4. Exploit (lab only): If a known vulnerable service exists in the lab VM (e.g., outdated FTP), use Metasploit to exploit it and obtain a shell. Document commands used.
5. Post-exploit:
Collect system info (uname -a,
id), list users, and save
outputs.
6. Report: Write a 1–2 page report with Summary, Findings, Evidence (command outputs), and Remediation steps.
Grading tips: Practical work is graded on: correct use of tools, clear documentation, safe conduct, and quality of remediation suggestions.
Saturday & Sunday — Free / Revision
· Review commands, notes, and your Friday report.
· Re-run safe scans in the lab to reinforce memory.
· Rest and prepare for Week 6 (Web App Security).
Quick Command Cheat-sheet (Lab-only)
·
whois
example.com — domain info
·
nslookup
example.com / dig
example.com — DNS lookup
·
nmap -sn
192.168.56.0/24 — ping sweep
·
nmap -sV
-sC 192.168.56.101 — service/version + default scripts
·
gobuster
dir -u http://IP -w /path/wordlist — directory bruteforce
·
msfconsole
→ search, use, set
RHOST, run —
metasploit flow
·
sqlmap -u
"http://IP/vuln.php?id=1" --batch — SQLi testing (lab
only)
✅ Outcome after Week 5:
· You know how to gather information, scan and enumerate hosts, safely exploit lab vulnerabilities, perform post-exploitation tasks, and write a remediation report.
· You’ve practiced ethical rules and documented findings — critical skills for any penetration tester.
Want the Week 6 (Web Application Security) notes next in the same format?
.
Week
6: Web Application Security
- Monday:
Introduction to Web Security – learn OWASP Top 10, common threats like SQL
injection and XSS. How: Study lab websites to see how inputs are
handled.
- Tuesday:
SQL Injection – learn how attackers exploit databases. How: Test
SQL injection in a safe lab environment.
- Wednesday:
Cross-Site Scripting (XSS) – learn how scripts can attack websites. How:
Test XSS safely on lab web pages.
- Thursday:
Web Security Best Practices – input validation, HTTPS, secure cookies. How:
Configure test websites to prevent SQL injection and XSS.
- Friday:
Test – practical + theory: identify and fix vulnerabilities on lab
web pages.
- Saturday & Sunday: Free / revision.
Absolutely — here is Week 6: Web Application Security written as detailed student‑notes for students. It explains what, why, and how with safe, hands‑on lab steps, tools, examples, and a Friday practical test. Follow everything only in a lab or on systems you own or have permission to test.
Week 6: Web Application Security – Student Notes
Safety & Legal Reminder (Read First)
Always do web security testing only on lab systems you control (examples: DVWA, OWASP Juice Shop, Mutillidae, WebGoat, or self-hosted test sites). Testing live websites without permission is illegal.
Monday — Introduction to Web Security (OWASP Top 10 & common threats)
What:
Web security is the practice of protecting websites and web applications from
attacks. The OWASP Top 10 lists the most common web
application risks (briefly: Injection, Broken Auth, Sensitive Data Exposure,
XML External Entities, Broken Access Control, Security Misconfig, XSS, Insecure
Deserialization, Using Components with Known Vulnerabilities, Insufficient
Logging & Monitoring).
Why:
Most online attacks target web apps. Knowing common problems helps you find and
fix them.
How / Practical steps (lab):
1. Set up a safe lab:
o Install an intentionally vulnerable web app: OWASP Juice Shop or DVWA (Damn Vulnerable Web App) in a VM or Docker.
o Example (DVWA Docker):
odocker pull vulnerables/web-dvwa
odocker run --rm -p 80:80 vulnerables/web-dvwa
2. Explore inputs and forms:
o Use the app in your browser. Click around login forms, search boxes, comment fields. Note where user input is accepted.
3. Read OWASP Top 10 (short list):
o Focus on Injection and XSS first (they’re common and teach fundamental concepts).
Tip: Keep a notebook of pages, input fields, and suspected risky inputs to test later.
Tuesday — SQL Injection (SQLi)
What:
SQL Injection allows attackers to send malicious SQL commands to a web app’s
database through user inputs (for example, in a login form or search box).
Why:
SQLi can reveal, modify, or delete sensitive data — very dangerous.
How / Practical steps (lab):
1. Use DVWA or Juice Shop:
o Set DVWA security level to low for initial testing.
2. Manual test example (login form):
o
Input ' OR
'1'='1 in username or password fields to see if login bypasses
authentication (lab only).
3. Use sqlmap (automated testing) — lab only:
4.sqlmap -u "http://localhost/vulnerable.php?id=1" --batch --dbs
o
--batch
runs default answers. --dbs
lists databases.
5. Safe checks:
o Look for visible database errors, unexpected data, or bypassed login.
6. Remediation ideas:
o Use parameterized queries / prepared statements, input validation, and least-privileged DB accounts.
Notes:
· Never run sqlmap against systems you don’t own.
· Practice extracting non-sensitive demo DBs in lab only.
Wednesday — Cross-Site Scripting (XSS)
What:
XSS lets attackers inject JavaScript into pages viewed by other users,
potentially stealing cookies, sessions, or performing actions on behalf of
users.
Why:
XSS can lead to account takeover or data theft.
How / Practical steps (lab):
1. Find user-input fields that display content back to the page (comments, search results).
2. Basic test payloads (lab only):
o
Try <script>alert('XSS')</script>
in a comment field and submit. If a popup appears for other users, it’s reflective/stored
XSS.
3. Use browser dev tools / Burp Suite to test:
o Intercept a request, modify the POST body to include script, forward it, and see how the app handles it.
4. Remediation ideas:
o Properly escape output (HTML-encode), use Content Security Policy (CSP), validate/sanitize inputs.
Notes:
· Distinguish Reflected XSS (payload reflected immediately) vs Stored XSS (payload stored and executed later).
Thursday — Web Security Best Practices
What:
Techniques and settings that prevent common attacks: input validation,
parameterized queries, HTTPS, secure cookie flags, proper session handling,
correct error handling, and least privilege.
Why:
Following best practices reduces attack surface and improves user trust.
How / Practical steps (lab):
1. Input validation & parameterized queries:
o If you have simple PHP/Python code in lab, change queries to use prepared statements. Example (PHP PDO):
o$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
o$stmt->execute([$id]);
2. Enable HTTPS in lab (self-signed cert):
o
Use openssl
to create a self-signed cert and configure your local web server (Apache/Nginx)
to use HTTPS.
3. Secure cookies / session flags:
o
Ensure Secure
and HttpOnly flags are set
for session cookies in app configuration.
4. Content Security Policy (CSP):
o Add CSP header to limit sources of scripts:
oContent-Security-Policy: default-src 'self'; script-src 'self';
5. Test fixes:
o After changes, re-run SQLi/XSS tests to confirm vulnerabilities are mitigated.
Notes:
· Keep a checklist of best practices and verify them on your test app.
Friday — Test: Practical + Theory
Theory Questions:
1. What is the OWASP Top 10? Name 3 risks and explain one.
2. Explain how SQL injection works and one way to prevent it.
3. Describe XSS and the difference between reflected and stored XSS.
Practical Lab Tasks (do in your lab app):
1. Recon & Identify:
o List 3 input fields in your lab app where user input is accepted (forms, search, comments).
2. SQLi Test (lab only):
o
On a vulnerable page (e.g., id parameter), try a simple payload like
' OR '1'='1 and observe results.
Document behavior.
o
(Optional automated) Use sqlmap against the test URL and save the
output.
3. XSS Test (lab only):
o
Insert <script>alert('XSS')</script>
into a comment field. If popup appears, note whether it's reflected or stored.
4. Fix & Verify:
o Apply a simple fix (for SQLi, change to parameterized query; for XSS, apply output encoding) in your test app code and re-test to show vulnerability is fixed.
5. Write a short report (1 page):
o Findings, evidence (screenshots/outputs), and suggested fixes.
Grading tips: You’ll be graded on safe lab practice, correct identification of vulnerabilities, ability to apply basic fixes, and clarity of your report.
Saturday & Sunday — Free / Revision
· Re-run tests on your lab app to reinforce learning.
· Read OWASP Top 10 cheat sheets for more details.
· Rest and prepare for Week 7 (Cloud Security).
Quick Tools Cheat-sheet (Lab-only)
· DVWA / Juice Shop / WebGoat — intentionally vulnerable apps for practice.
·
sqlmap
— automated SQLi testing (lab).
· Burp Suite Community — intercept and modify HTTP requests.
· Browser DevTools — test payloads in forms and view responses.
·
curl -I
http://localhost — view headers.
·
openssl
— create self-signed certs for HTTPS in lab.
✅ Outcome after Week 6:
· You will understand web app risks (OWASP Top 10), be able to test SQL Injection and XSS in a safe lab, and apply simple defenses (parameterized queries, output encoding, HTTPS, secure cookies). You’ll also be able to document findings and propose fixes.
Week
7: Cloud Security
- Monday:
Introduction to Cloud Security – AWS, Azure, GCP basics. How:
Explore free cloud accounts, understand cloud architecture.
- Tuesday:
Identity & Access Management (IAM) – control permissions. How:
Configure roles, users, and policies in cloud lab.
- Wednesday:
Data Security in Cloud – encryption, backups, and secure storage. How:
Enable encryption for cloud storage and test data restoration.
- Thursday:
Cloud Monitoring & Alerts – detect unusual activity. How: Set
up alerts in AWS CloudWatch or equivalent tools.
- Friday:
Test – practical: create IAM roles, encrypt storage, and simulate
alert.
- Saturday & Sunday: Free / revision.
Perfect 👍 — here’s your Week 7: Cloud Security written as a complete student note, explained in simple language for average learners. It includes what, why, and how (practical) for each day, along with a Friday test and weekend revision plan.
Week 7: Cloud Security – Student Notes
Introduction
Cloud Security is about keeping data, applications, and services safe when
stored or run on cloud platforms like AWS (Amazon Web Services),
Microsoft Azure, or Google Cloud Platform (GCP).
Since many companies now store information online, cloud security helps protect
that data from loss, hacking, or unauthorized access.
By the end of this week, you will understand how cloud services work, how to manage user access, how to secure stored data, and how to monitor your cloud systems for safety.
Monday – Introduction to Cloud Security
What:
Cloud computing allows us to use online services like storage, databases, or
servers without owning physical hardware. Examples:
· AWS (Amazon Web Services)
· Azure (Microsoft)
· GCP (Google Cloud Platform)
Why:
Companies use the cloud because it’s cheaper, flexible, and accessible
anywhere. But since data is online, we must ensure it’s secure.
How (Practical Steps):
1. Create a free account:
o Go to AWS Free Tier, Azure Free Account, or GCP Free Tier.
o Use student or personal email to sign up.
2. Explore your dashboard:
o Find services like:
§ Compute (EC2 / Virtual Machines)
§ Storage (S3 / Blob Storage)
§ Database (RDS / Firestore)
o Learn how resources are organized under projects or subscriptions.
3. Understand the architecture:
o Cloud systems have regions (locations of servers) and availability zones (backup areas).
o Draw a simple diagram showing:
§ User → Internet → Cloud Server → Storage.
4. Security Concept:
o Cloud security = shared responsibility:
§ Cloud provider secures the physical systems.
§ You secure your own data, accounts, and configurations.
Tuesday – Identity & Access Management (IAM)
What:
IAM (Identity and Access Management) is how you control who can access
your cloud resources and what they can do.
Why:
Not every user should have full control. For example, a student might only view
data, while an admin can create or delete data. IAM prevents mistakes or
misuse.
How (Practical Steps):
1. Open IAM on your cloud platform:
o In AWS → Search for IAM.
o In Azure → Use Azure Active Directory.
o In GCP → Go to IAM & Admin.
2. Create new users and roles:
o Example (AWS):
§ User 1: Viewer → can only see resources.
§ User 2: Editor → can modify files but not delete accounts.
3. Attach policies (permissions):
o Example:
§ Attach “AmazonS3ReadOnlyAccess” to the Viewer role.
§ Attach “AmazonEC2FullAccess” to the Admin role.
4. Test the permissions:
o Log in with each user account.
o Try actions (upload file, delete bucket) and see what is allowed or denied.
Tip:
Always give the least privilege — only the permissions a user
truly needs.
Wednesday – Data Security in the Cloud
What:
This involves protecting stored data using encryption,
backups, and secure storage settings.
Why:
If hackers access your account or servers fail, encryption and backups ensure
your data stays safe and recoverable.
How (Practical Steps):
1. Create a storage bucket:
o AWS → S3, Azure → Blob Storage, GCP → Cloud Storage.
o Upload a test file like “student_records.txt”.
2. Enable encryption:
o Choose “Enable Encryption” → use “AWS-managed keys (SSE-S3)” or “Customer-managed keys”.
o This means even if someone steals your data, they can’t read it.
3. Set up backup:
o Create a scheduled backup of your file or database.
o Example: Enable versioning on S3 bucket to keep older versions of files.
4. Test recovery:
o Delete your file, then restore it from backup or previous version.
Tip:
Always back up to a different region or cloud provider
for extra safety.
Thursday – Cloud Monitoring & Alerts
What:
Monitoring means watching your cloud systems for unusual activities, like
failed logins, sudden data transfers, or high server usage.
Why:
Early detection helps stop attacks before they cause harm.
How (Practical Steps):
1. Open monitoring service:
o AWS → CloudWatch
o Azure → Monitor
o GCP → Cloud Monitoring
2. Create an alert rule:
o Example: Alert when storage space is above 80% or login fails more than 5 times.
o Set email notification to your inbox.
3. Generate an event (simulate):
o Try uploading large files or attempt wrong password login to trigger the alert.
4. Check logs:
o View the activity logs or dashboard to confirm alert triggered.
Tip:
You can also use AWS GuardDuty, Azure Security Center,
or GCP Security Command Center for automatic threat detection.
Friday – Test (Practical + Theory)
Theory Questions:
1. What is cloud security and why is it important?
2. Explain IAM and why we use it.
3. What is encryption, and how does it protect data?
4. Why should we enable monitoring and alerts in the cloud?
Practical Tasks:
1. Create two IAM users — one admin and one viewer — and test permissions.
2. Create a cloud storage bucket, upload a file, and enable encryption.
3. Set up an alert that triggers when a file is deleted or storage is 80% full.
4. Take screenshots or notes to show your work.
5. Submit a short report explaining what you did, what worked, and what you learned.
Saturday & Sunday – Free / Revision
· Review your IAM settings, encryption options, and alert logs.
· Read short articles about Cloud Security Best Practices from AWS or Azure documentation.
· Take time to rest and reflect on how cloud security relates to real-world jobs (e.g., cloud engineer, security analyst, or DevOps).
✅ End-of-Week Goal
By the end of Week 7, you should:
· Understand how the cloud works (AWS, Azure, GCP).
· Know how to control user access with IAM.
· Be able to secure data using encryption and backups.
· Monitor your cloud environment and set alerts for unusual activity.
Week
8: Forensics, Malware Analysis & Incident Response
- Monday:
Cyber Forensics Basics – learn to investigate breaches. How:
Analyze system logs, track file changes in lab VM.
- Tuesday:
Malware Analysis – study malware behavior safely. How: Use
sandboxed lab environment to observe malware effects.
- Wednesday:
Incident Response – steps to respond to attacks. How: Simulate an
attack on lab VM and practice response procedures.
- Thursday:
Reporting & Documentation – write incident reports. How:
Document findings from lab exercises, summarize vulnerabilities and fixes.
- Friday:
Test – scenario-based practical: analyze attack, respond, and
report.
- Saturday & Sunday: Free / revision.
Excellent 👏! Let’s now go through your Week 8: Forensics, Malware Analysis & Incident Response in a complete student-note format, using clear and simple language with what, why, how (practical) and Friday test. This week focuses on real-world cybersecurity investigation skills — what professionals do after an attack.
Week 8: Forensics, Malware Analysis & Incident Response – Student Notes
Introduction
When a cyberattack happens, it’s not enough to just stop it — you must also find
out how it happened, analyze the damage, and respond
correctly.
This week, we’ll learn how cybersecurity experts investigate digital crimes,
study malware safely, and create professional reports about incidents.
By the end of this week, you’ll be able to:
· Investigate what caused a system breach,
· Identify and study malware behavior safely,
· Respond correctly to attacks, and
· Write clear reports about what happened and how to fix it.
Monday – Cyber Forensics Basics
What:
Digital Forensics is the process of collecting and analyzing
computer evidence to find out how a system was attacked or misused.
Why:
It helps track who attacked the system, what they did, and how to prevent it
next time.
Forensics is used in police investigations, company breaches, and legal cases.
How (Practical Steps):
1. Set up a lab VM (Virtual Machine):
o Install a clean version of Windows or Linux in VirtualBox.
o This will be your test environment (not your main computer).
2. Analyze system logs:
o Windows: Open Event Viewer → Windows Logs → Security/System.
§ Look for failed logins or unusual access times.
o Linux:
ocat /var/log/auth.log
ocat /var/log/syslog
3. Track file changes:
o Create a test folder and files, then modify or delete one.
o Use a tool like WinMerge or fc (file compare) to see what changed.
o Note timestamps and user actions.
Tip:
Always record evidence (time, file names, user accounts) carefully — it’s
useful for reports and legal purposes.
Tuesday – Malware Analysis
What:
Malware Analysis means studying how malicious software (like
viruses, worms, or ransomware) behaves and spreads.
Why:
It helps understand how malware works and how to defend systems against it.
⚠️ Important:
Never test real malware on your main computer. Always use a sandboxed
or isolated virtual machine.
How (Practical Steps):
1. Set up a safe lab (sandbox):
o Use VirtualBox or Any.Run / Hybrid Analysis online sandbox tools.
o Disconnect the lab from the internet.
2. Obtain safe sample (educational or simulated malware):
o Use harmless test files like EICAR test file (used for antivirus testing).
o Save the file and watch how your antivirus reacts.
3. Observe behavior:
o Use Task Manager / Process Explorer to see which programs start or stop.
o Check if any new files or registry entries appear.
o Use command line:
onetstat -an # See network connections
otasklist # Check running processes
4. Take notes:
o Record what changed in the system, CPU usage, or any alerts triggered.
Tip:
Real malware can encrypt files, steal data, or disable security — understanding
its patterns helps you detect it faster.
Wednesday – Incident Response (IR)
What:
Incident Response is the process of handling and recovering from a cyberattack
step by step.
Why:
Without a proper response, an attack can spread, cause panic, or destroy
evidence.
The 6 Key Steps of Incident Response:
1. Preparation: Create a plan and security team.
2. Identification: Detect the incident (alerts, reports, logs).
3. Containment: Stop the attack from spreading.
4. Eradication: Remove the threat completely.
5. Recovery: Restore systems and data.
6. Lessons Learned: Improve for next time.
How (Practical Steps):
1. Simulate a mini attack in your VM:
o Create a suspicious file or user account (pretend hacker).
o Identify it using your logs or antivirus.
2. Respond:
o Contain → Disable the account or block the file.
o Eradicate → Delete the fake malware file.
o Recover → Restore the system from backup.
3. Document everything:
o Record what happened, when, and what steps you took.
Tip:
Quick and organized response prevents small issues from becoming big disasters.
Thursday – Reporting & Documentation
What:
Reporting means writing a clear summary of what happened during a security
incident, what you found, and how you fixed it.
Why:
Reports help managers understand the problem and help prevent future attacks.
They also serve as legal records or training materials.
How (Practical Steps):
1. Create a report document:
o Sections to include:
§ Title: e.g. “Malware Infection on Training Lab”
§ Date & Time
§ Incident Summary
§ Investigation Findings
§ Response Actions Taken
§ Recommendations
2. Example Report:
3.Title: Unauthorized Login Attempt Detected
4.Date: 5th October 2025
5.Summary: Detected repeated failed login attempts on test VM.
6.Findings: IP address 192.168.1.45 attempted login 10 times.
7.Actions Taken: Blocked IP, changed admin password.
8.Recommendations: Enable two-factor authentication and monitor logs daily.
9. Submit or save report:
o Keep in folder “Incident Reports Week 8”.
Tip:
Use clear language — avoid technical terms when writing for non-technical
readers.
Friday – Test (Scenario-Based Practical + Theory)
Theory Questions:
1. What is cyber forensics and why is it important?
2. What’s the difference between malware and a virus?
3. List and explain the 6 steps in incident response.
4. Why is reporting important after a cyber incident?
Practical Tasks:
1. Analyze your VM logs for unusual login attempts.
2. Test a safe malware sample (like EICAR file) and note your antivirus reaction.
3. Simulate an attack (fake file or user), respond using containment and recovery steps.
4. Write and submit a short incident report (half a page).
Grading:
· 10 marks – log analysis
· 10 marks – malware test & observation
· 10 marks – incident response steps
· 10 marks – report clarity
Total: 40 marks
Saturday & Sunday – Free / Revision
Take a break and review all you learned this week:
· How to track attacks using logs
· How malware behaves and how to analyze it safely
· How to respond and document incidents
Optional:
· Watch YouTube tutorials on digital forensics tools (like Autopsy, FTK Imager, or Volatility).
· Read case studies on real cyberattacks (e.g., WannaCry ransomware).
✅ End-of-Week Goal
By the end of Week 8, you should be able to:
· Investigate system breaches using log files
· Identify malware behavior safely in a sandbox
· Respond correctly to security incidents
· Write professional incident reports
Perfect 👍
Here’s the detailed student-style teaching note for Week 8: Forensics, Malware Analysis & Incident Response — written in the same clear, lesson-note format you’ve been following.
WEEK 8: Forensics, Malware Analysis & Incident Response
Monday: Cyber Forensics Basics
Topic: Introduction to Cyber Forensics
Objective: To understand how to investigate and gather digital
evidence after a cyberattack.
Meaning:
Cyber Forensics is the process of collecting, analyzing, and preserving digital
evidence from computers, networks, and storage devices to investigate
cybercrimes or security incidents.
Key Points:
1. Purpose: To find out what happened, how it happened, and who is responsible.
2. Evidence Sources: Computer logs, emails, deleted files, USB drives, and internet history.
3. Steps in Forensics:
o Identification: Detect that a crime or breach has occurred.
o Preservation: Secure the evidence without tampering.
o Analysis: Examine files, logs, and data for clues.
o Documentation: Record all findings.
o Presentation: Report evidence clearly for legal or administrative action.
How (Practical Work):
· Use a lab virtual machine (VM) to inspect logs.
· Check event viewer, file history, and user activity after a simulated breach.
Tuesday: Malware Analysis
Topic: Understanding Malware and How It Behaves
Objective: To learn how to safely study and detect malware
activity.
Meaning:
Malware means malicious software created to harm systems,
steal data, or gain unauthorized access.
Types of Malware:
1. Virus – attaches to files and spreads.
2. Worm – spreads by itself through networks.
3. Trojan – pretends to be a good app but is harmful.
4. Spyware – secretly records user activity.
5. Ransomware – locks files until payment is made.
Malware Analysis Steps:
· Static Analysis: Check malware file without running it (e.g., use VirusTotal, check file properties).
· Dynamic Analysis: Run it in a sandbox environment to observe what it does.
How (Practical Work):
· Use a sandbox tool (e.g., Any.Run or REMnux VM) to open malware safely.
· Observe what changes it makes to files or processes.
Wednesday: Incident Response
Topic: Handling a Security Attack or Breach
Objective: To understand how to respond when an organization
faces a cyberattack.
Meaning:
Incident Response (IR) is the organized process of identifying, containing, and
recovering from cybersecurity incidents.
Incident Response Stages (6 Steps):
1. Preparation: Create plans, form teams, and practice responses.
2. Identification: Detect the attack or abnormal activity.
3. Containment: Stop the attack from spreading.
4. Eradication: Remove the cause (delete malware, close ports).
5. Recovery: Restore systems and services.
6. Lessons Learned: Review what happened and improve.
How (Practical Work):
· Simulate a ransomware attack in the lab.
· Practice identifying and isolating infected systems.
· Record actions taken to recover files.
Thursday: Reporting & Documentation
Topic: Writing an Incident Report
Objective: To document investigation findings clearly and
professionally.
Meaning:
An incident report is a written record of what happened, how
it happened, its impact, and the corrective actions taken.
Report Format:
1. Title and Date of Incident
2. Summary of the Event
3. Systems Affected
4. Steps Taken During Response
5. Evidence Collected
6. Recommendations to Prevent Future Attacks
How (Practical Work):
· Write a report about your simulated attack from Wednesday.
· Include screenshots, steps taken, and your recommendations.
Friday: Test (Practical + Theory)
Theory Questions (Examples):
1. Define Cyber Forensics.
2. List and explain three types of malware.
3. What are the six stages of incident response?
4. Why is documentation important after a cyber incident?
Practical Test:
· Analyze a given “infected” lab system.
· Identify what malware was used.
· Show your incident response actions.
· Submit a brief report of your findings.
Saturday & Sunday:
Free / Revision Days
· Review all week’s topics.
· Watch short tutorials on malware analysis and forensic tools.
· Prepare notes for Week 9.
Excellent 👍
Here’s your full student-style teaching note for
WEEK 9: Ethical Hacking and Penetration Testing
Monday: Introduction to Ethical Hacking
Topic: Meaning and Purpose of Ethical Hacking
Objective: To understand what ethical hacking is and why
organizations need it.
Meaning:
Ethical hacking is the legal and authorized act of breaking
into a computer system, network, or application to find weaknesses before
malicious hackers do. It helps protect systems by identifying and fixing
vulnerabilities.
Key Points:
1. Ethical Hackers are also called White Hat Hackers — they use their skills for good purposes.
2. Black Hat Hackers attack systems illegally.
3. Gray Hat Hackers sometimes break rules but not for personal gain.
Importance of Ethical Hacking:
· Helps organizations discover security flaws.
· Prevents data theft and loss.
· Builds safer computer systems.
· Improves overall cybersecurity awareness.
Ethical Hacking Rules:
1. Get written permission before testing.
2. Report all findings responsibly.
3. Do not damage systems or steal data.
4. Maintain confidentiality.
How (Practical Work):
· Create a short list of ethical hacking rules.
· Study real-life examples of companies hiring ethical hackers.
Tuesday: Phases of Penetration Testing
Topic: Stages in Ethical Hacking and Penetration Testing
Objective: To learn how ethical hackers plan and perform their
tests step by step.
Meaning:
Penetration Testing (Pen Testing) is the process of simulating
cyberattacks to check system security.
The 5 Phases of Ethical Hacking:
1. Reconnaissance (Information Gathering):
o Learn about the target using open-source tools (e.g., websites, social media, WHOIS).
o Example tools: Maltego, Nmap, Shodan.
2. Scanning:
o Find open ports, running services, and vulnerabilities.
o Example tools: Nmap, Nessus, OpenVAS.
3. Gaining Access:
o Try to exploit vulnerabilities using controlled attacks.
o Example tools: Metasploit, Hydra.
4. Maintaining Access:
o Simulate how hackers stay hidden after entering a system.
o Example: Backdoors or remote shells (done ethically in labs only).
5. Clearing Tracks:
o Ethical hackers demonstrate how attackers hide their traces but document every step instead of deleting evidence.
How (Practical Work):
· Use Nmap to scan your local network (for learning only).
· Draw a flow chart of the 5 hacking phases.
Wednesday: Tools Used in Ethical Hacking
Topic: Common Tools and Their Uses
Objective: To understand how various tools help in security
testing.
Popular Ethical Hacking Tools:
|
Tool |
Purpose |
Example Use |
|
Nmap |
Network scanning |
Detect open ports |
|
Wireshark |
Network traffic capture |
Analyze data packets |
|
Metasploit |
Exploitation framework |
Test system vulnerabilities |
|
Burp Suite |
Web application testing |
Test input fields and cookies |
|
John the Ripper |
Password cracking |
Test weak passwords |
How (Practical Work):
· Open Wireshark and observe network traffic on your lab network.
· Identify packets, source, and destination addresses.
· Document your findings.
Thursday: Vulnerability Assessment and Reporting
Topic: Finding and Reporting Weaknesses
Objective: To learn how to identify and communicate system
vulnerabilities clearly.
Meaning:
A vulnerability assessment is a process of scanning systems to
find potential weaknesses that hackers could exploit.
Steps in Vulnerability Assessment:
1. Identify Assets: What systems or data need protection?
2. Scan Systems: Use tools to find weaknesses.
3. Analyze Results: Study the report to find real risks.
4. Fix Issues: Apply patches, change settings, or improve defenses.
5. Document Everything: Create a report showing findings and solutions.
How (Practical Work):
· Use an online vulnerability scanner like Detectify (trial) or OpenVAS (lab use).
· Write a mini-report that includes:
o Vulnerability name
o Risk level (low, medium, high)
o Recommended fix
Friday: Test (Theory + Practical)
Theory Questions (Examples):
1. What is ethical hacking?
2. List and explain the five phases of ethical hacking.
3. Mention three tools used in ethical hacking and their functions.
4. Why is reporting important after a penetration test?
Practical Test:
· Perform a basic scan on a lab or local network using Nmap.
· Identify open ports and services.
· Write a short report with your findings and safety recommendations.
Saturday & Sunday: Free / Revision
Activities:
· Review all tools used during the week.
· Watch short tutorials on Metasploit and Wireshark.
· Revise definitions and steps for your upcoming comprehensive test.
Perfect! 🌟
Here’s your Week 10: Artificial Intelligence (AI) in Cybersecurity
— written like a detailed student note, simple, clear, and
practical.
WEEK 10: Artificial Intelligence (AI) in Cybersecurity)
Monday: Introduction to AI in Cybersecurity
Topic: What is Artificial Intelligence (AI) in
Cybersecurity?
Objective: To understand how AI helps in protecting computer
systems and networks.
Meaning:
Artificial Intelligence (AI) means teaching computers to
think, learn, and make decisions like humans.
In cybersecurity, AI is used to detect attacks, identify
patterns, and protect systems automatically.
Why we need it:
1. Speed: AI can detect and stop attacks faster than humans.
2. Accuracy: AI reduces human error by continuously learning from data.
3. 24/7 Protection: AI works all the time, even when humans are asleep.
4. Handling Big Data: AI can analyze millions of events at once.
Where it is used:
· Detecting malware and viruses.
· Monitoring network traffic for unusual behavior.
· Identifying phishing emails.
· Predicting possible attacks before they happen.
How (Practical Work):
· Use a free AI-based antivirus like Windows Defender or Bitdefender Free.
· Observe how it automatically detects and removes threats.
· Record how it behaves when a suspicious file is downloaded.
Tuesday: Machine Learning (ML) in Cybersecurity
Topic: How Machine Learning Works in Security
Objective: To learn how computers use data to identify threats
automatically.
Meaning:
Machine Learning (ML) is a part of AI that allows systems to
learn from data.
In cybersecurity, ML helps detect new and unknown threats by recognizing
patterns from old data.
Why we use ML:
1. To detect new types of malware (not yet in antivirus lists).
2. To recognize anomalous activities on networks.
3. To classify emails as spam or phishing.
4. To automatically respond to some cyber threats.
Where to use ML in Cybersecurity:
· Email filtering: Detect phishing and spam.
· Network security: Monitor data traffic for strange behavior.
· Fraud detection: Identify unusual user actions in banking systems.
How (Practical Work):
· Go to Google’s Teachable Machine (https://teachablemachine.withgoogle.com).
· Train a simple model to recognize two objects (for example: pen and phone).
· Understand how the system “learns” through examples — similar to how it learns to spot cyber threats.
Wednesday: AI Threat Detection & Prevention
Topic: Using AI to Detect and Prevent Cyber Attacks
Objective: To know how AI systems identify and stop attacks
automatically.
Meaning:
AI-based systems can monitor, detect, and block
attacks in real time.
They learn what normal activity looks like and raise an alert when something
unusual happens.
Why we need AI threat detection:
· Human analysts cannot check all data manually.
· AI spots patterns that humans might miss.
· It prevents attacks before serious damage happens.
Where it is used:
· Intrusion Detection Systems (IDS) like Snort and Suricata.
· SIEM tools (Security Information and Event Management) like Splunk or IBM QRadar.
· Firewall automation to block suspicious IPs automatically.
How (Practical Work):
· Install or observe Snort or OSSEC (open-source security monitoring tools) in lab.
· View how alerts are generated when unusual network traffic is detected.
· Note how “AI behavior” changes when you simulate normal vs. strange traffic.
Thursday: AI Challenges and Ethics in Cybersecurity
Topic: Challenges and Ethical Use of AI
Objective: To understand the risks, limitations, and moral use
of AI in cybersecurity.
Challenges of Using AI:
1. False Positives: Sometimes, AI flags safe activities as threats.
2. Cost: Setting up AI systems can be expensive.
3. Data Dependency: AI needs large, quality data to learn correctly.
4. Hackers using AI: Attackers can also use AI to plan smarter attacks.
Ethical Issues:
· AI should only be used to protect, not to spy or attack.
· Respect user privacy when collecting data.
· Always get permission before testing AI systems.
Why ethics is important:
It ensures that technology helps humanity instead of harming it.
Cybersecurity experts must use AI responsibly.
How (Practical Work):
· Write five ethical rules for AI use in cybersecurity.
· Discuss or present how AI could be misused if not handled responsibly.
Friday: Test (Theory + Practical)
Theory Questions:
1. Define Artificial Intelligence in cybersecurity.
2. List three uses of AI in protecting computer systems.
3. Explain how Machine Learning helps detect new malware.
4. Mention two challenges of using AI for security.
5. State two ethical rules for AI use.
Practical Test:
1. Use an antivirus or AI-based security app to scan your system.
2. Observe and write what actions the AI took automatically (alert, quarantine, or delete).
3. Create a small flowchart showing how AI detects and responds to an attack.
Saturday & Sunday: Free / Revision
Activities:
· Watch a short YouTube video on “How AI Detects Cyber Attacks.”
· Revise the difference between AI, ML, and traditional security methods.
· Write a short summary in your notebook: “How AI makes cybersecurity stronger.”
Perfect! 🌟
Here’s your Week 11: Careers and Certifications in Cybersecurity
in the same detailed student-note style with practical tips.
WEEK 11: Careers and Certifications in Cybersecurity
Monday: Overview of Cybersecurity Careers
Topic: What Jobs Exist in Cybersecurity
Objective: To understand the different career paths available.
Meaning:
Cybersecurity is a fast-growing field with many jobs that protect computers,
networks, and data from attacks.
Why:
Knowing career paths helps you plan what skills to focus on and where to
specialize.
Where Used:
· Government agencies (protect sensitive data)
· Private companies (banks, tech firms)
· Healthcare, education, and any organization with networks
Common Job Roles:
1. Security Analyst: Monitors networks, detects attacks, responds to incidents.
2. Penetration Tester (Ethical Hacker): Tests systems for vulnerabilities.
3. Forensics Expert: Investigates breaches and collects digital evidence.
4. Security Engineer: Designs and maintains secure systems.
5. Cybersecurity Consultant: Advises companies on improving security.
How (Practical Work):
· Make a list of 5 cybersecurity job roles.
· For each role, write down one key skill required (e.g., Security Analyst → log analysis).
Tuesday: Entry-Level Skills Required
Topic: Skills You Need to Start
Objective: To know the essential technical and soft skills.
Key Skills:
· Technical: Networking, operating systems, Linux, Windows security, Python basics
· Tools: Wireshark, Nmap, Metasploit, SIEM tools
· Soft Skills: Problem-solving, attention to detail, communication, teamwork
Why:
Entry-level skills help you get your first cybersecurity job and build
experience.
Where Used:
· Security monitoring
· Penetration testing labs
· IT support in companies
How (Practical Work):
· Open a lab VM and practice:
o
ping
and tracert commands for network
basics
o
Linux commands: ls, cd,
chmod
· Document what each command does
Wednesday: Certifications in Cybersecurity
Topic: Popular Certifications and Their Purpose
Objective: To understand which certifications boost your
career
Certifications:
1. CompTIA Security+ – foundational knowledge of security concepts
2. Certified Ethical Hacker (CEH) – skills in penetration testing
3. Certified Information Systems Security Professional (CISSP) – advanced security management
4. Cisco CCNA Security – network security knowledge
5. AWS/Azure Security Certification – cloud security skills
Why:
Certifications show employers you have verified skills and improve job
prospects.
Where Used:
· Government and corporate cybersecurity roles
· IT consulting and security operations centers
How (Practical Work):
· Research one certification online
· Write down:
o Requirements
o Cost
o Skills it validates
Thursday: Career Planning & Growth
Topic: How to Build a Cybersecurity Career
Objective: To plan long-term career growth
Steps for Career Growth:
1. Start with entry-level jobs (e.g., Security Analyst or IT Support)
2. Gain hands-on experience using lab VMs or internships
3. Earn certifications to advance knowledge
4. Specialize in areas like penetration testing, cloud security, or AI security
5. Network with professionals and join cybersecurity communities
How (Practical Work):
· Create a personal career plan:
o Year 1: Learn basic skills and tools
o Year 2: Get an internship or junior role
o Year 3: Earn Security+ or CEH
o Year 4+: Specialize in a cybersecurity field
Friday: Test (Theory + Practical)
Theory Questions:
1. List five common jobs in cybersecurity.
2. Why are certifications important?
3. Name three essential skills for an entry-level cybersecurity professional.
4. Give an example of a career growth path in cybersecurity.
Practical Task:
1. Make a small table in your notebook:
o Column 1: Job Role
o Column 2: Key Skill Needed
o Column 3: Certification Recommended
2. Draw a simple 4-year career plan showing growth steps.
Saturday & Sunday: Free / Revision
Activities:
· Review notes from Week 1–Week 11.
· Watch career videos on YouTube: “How to Start a Cybersecurity Career.”
· Explore job postings online to see skills and certifications employers want.
✅ End-of-Week Goal
By the end of Week 11, you should be able to:
· Name different cybersecurity jobs and their responsibilities
· Identify entry-level skills required for the field
· Understand certifications and which ones to pursue
· Create a simple career plan for growth in cybersecurity
Awesome! 🌟
Here’s Week 12: Final Project and Practical Assessment in the
same student-note style, designed to combine all your learning
from Weeks 1–11 into a complete hands-on lab project.
WEEK 12: Final Project and Practical Assessment
Monday: Project Planning
Topic: Designing Your Cybersecurity Lab Project
Objective: To plan a mini cybersecurity project using all the
skills learned so far.
Meaning:
The final project is a simulation of a real-world cybersecurity
scenario. You will apply networking, security, ethical hacking, AI
concepts, and incident response to a lab environment.
Why:
· Reinforces all the knowledge you’ve learned.
· Prepares you for real-world situations.
· Tests both practical and theoretical skills.
How (Practical Work):
1. Set up your lab environment:
o VirtualBox VM for Windows and Linux.
o Use a simple network setup: VM1 (server), VM2 (client), VM3 (attacker simulation).
2. Project Idea Examples:
o Simulate a phishing attack and defend against it.
o Perform vulnerability scanning on the lab network.
o Detect malware using AI-based antivirus.
o Document and report the findings.
3. Plan your project steps:
o Step 1: Network setup
o Step 2: Introduce a simulated threat
o Step 3: Detect and respond
o Step 4: Record logs and report
Tuesday: Implementing the Lab Network
Topic: Setting Up Network and Security Tools
Objective: To configure a controlled lab environment for
testing
How (Practical Work):
1. Configure VM1 as a server (Linux or Windows).
2. Configure VM2 as a client (Windows).
3. Configure VM3 as the attacker or testing machine.
4. Install tools:
o Wireshark (network monitoring)
o Nmap (network scanning)
o Snort or OSSEC (intrusion detection)
o Sandbox VM for malware simulation
Tip:
Label each VM clearly. Document IP addresses, roles, and tools installed.
Wednesday: Simulate Cybersecurity Threats
Topic: Testing Attacks and Defenses
Objective: To apply your knowledge of ethical hacking and AI
detection
How (Practical Work):
1. Reconnaissance:
o Use Nmap from VM3 to scan the network.
2. Simulated Attack:
o Launch a safe phishing email or test malware in sandbox VM.
3. Defense:
o Detect attack using AI antivirus or IDS tool.
o Enable firewall rules and containment measures.
Tip:
Record every step, including commands used and results observed.
Thursday: Incident Response and Reporting
Topic: Responding to the Simulated Attack
Objective: To practice professional incident response and
documentation
How (Practical Work):
1. Contain the threat: Block malicious IPs, quarantine files.
2. Eradicate: Remove malware or phishing simulation.
3. Recover systems: Restore any modified files from backup.
4. Document:
o Summary of attack
o Tools used
o Steps taken to resolve
o Recommendations for future prevention
Example Report Table:
|
Step |
Action Taken |
Tool Used |
Outcome |
|
Recon |
Nmap scan |
Nmap |
Open ports detected |
|
Malware Test |
Run EICAR file |
Sandbox VM |
Quarantined |
|
Response |
Block IP, firewall |
Windows Firewall |
Threat contained |
|
Report |
Documented steps |
Word/Notebook |
Complete |
Friday: Final Project Assessment
Theory Questions:
1. Describe your lab setup and why you chose it.
2. What types of threats did you simulate and why?
3. Explain your incident response process.
4. How did AI or monitoring tools help in your project?
Practical Assessment:
1. Demonstrate your lab network working (server, client, attacker VM).
2. Show one simulated attack and how you detected it.
3. Perform containment and recovery.
4. Submit a full project report with screenshots, observations, and recommendations.
Grading:
· 20 marks – Lab setup correctness
· 20 marks – Threat simulation and detection
· 20 marks – Incident response effectiveness
· 20 marks – Project report quality
· 20 marks – Overall understanding and presentation
Saturday & Sunday: Free / Revision
Activities:
· Review all 12 weeks’ notes.
· Watch videos on lab tools like Wireshark, Nmap, Metasploit, and sandbox testing.
· Practice commands and techniques in your lab.
✅ End-of-Week Goal / Certification Prep
After Week 12, you should be able to:
· Plan and set up a cybersecurity lab environment
· Simulate attacks safely and detect threats
· Respond professionally using incident response techniques
· Write detailed cybersecurity reports
· Demonstrate practical and theoretical mastery of the full course
0 comments:
Post a Comment