Post-Graduate Certificate in Offensive Cyber Security

This course provides an introduction to fundamental concepts in the areas of networking, operating systems and scripting languages commonly utilized in the field of offensive security and security assessments. The knowledge introduced in the course will act as a fundamental basis for advanced knowledge presented in the rest of the courses in this program. Students will learn about: different components in information systems; the operating systems running on such systems, with focus on Linux operating systems and specifically KALI Linux, including installation; operating system basic functions and commands; scripting fundamentals and networking basics; relevant terminology and concepts used in the world of offensive cybersecurity, IT and related disciplines. The course will use a hands-on approach and students will also develop cross functional competencies in time management, teamwork, Internet-based research analysis, and critical thinking. This course applies an active learning environment, integrating online and in class activities to accomplish its learning objectives.

13 Classes

39 Hours

Schedule

May 08 to June 21, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (08 May 2023 to 21 Jun 2023)

To stand out and excel in your career as professional in the offensive security field, you will need more than just technical capabilities to succeed. The aim of the Fundamentals of Penetration Testing course is to introduce students to key considerations and activities professional penetration testers must plan for throughout an offensive security engagement. Starting with legal and ethical considerations, and adapting industry testing and risk assessment frameworks to varying requirements, students will learn to apply knowledge gained to successfully develop test plans, and develop and acquire resources required to accomplish engagement objectives. This course is focused on the planning, reconnaissance, and resource development stages of an offensive security engagement. It will include a mix of theoretical work introducing and adapting key concepts, and hands-on assignments practicing reconnaissance activities required to identify areas of vulnerability, and planning the path for successful exploitation.

13 Classes

39 Hours

Schedule

May 09 to June 20, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (09 May 2023 to 20 Jun 2023)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to introduce students to network penetration testing tools, techniques, and procedures necessary to evaluate infrastructure targets for a wide variety of security flaws and to exploit those flaws to demonstrate impact. Students will apply concepts learned in lecture and technical walkthrough sessions to exploiting a series of curated vulnerable lab systems. By the end of this course, students should be prepared to enumerate network infrastructure targets; to identify known vulnerabilities and misconfigurations affecting network services and local systems; to exploit identified vulnerabilities, demonstrating impact; and to present their findings and accompanying recommended mitigations in a technical findings report. This introductory network penetration testing course will begin to prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

June 26 to August 09, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (26 Jun 2023 to 09 Aug 2023)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct basic web application penetration tests and write technical findings reports detailing identified vulnerabilities with accompanying recommended mitigations. Starting with an overview of modern web application technologies and infrastructure, the course will guide students through the process of enumerating web applications to identify weaknesses and vulnerabilities. Students will learn how to exploit file upload, SQL injection, business logic, authentication, and authorization vulnerabilities through a series of lectures and hands-on assignments. By the end of this course, students should be prepared to enumerate web applications; identify their underlying technologies, infrastructure configurations, and common vulnerabilities; exploit the identified vulnerabilities; and present their findings and accompanying recommended mitigations in a technical findings report. This course should prepare students to overcome the web application challenges they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

June 27 to August 08, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (27 Jun 2023 to 08 Aug 2023)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to continue students’ infrastructure penetration testing education by introducing contemporary topics in phishing, Active Directory attacks, and command-and-control frameworks. By the end of this course, students should be prepared to identify simple vulnerabilities and misconfigurations affecting Active Directory environments; to exploit identified Active Directory vulnerabilities; to use exploitation and command-and-control framework Metasploit; and to present their findings and accompanying recommended mitigations in a technical findings report. This intermediate-level network penetration testing course will prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

August 21 to October 04, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (21 Aug 2023 to 04 Oct 2023)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct advanced web application penetration tests and write technical findings reports detailing complex vulnerabilities with accompanying recommended mitigations. Building on the fundamentals taught in CSOC 1030, students will learn how to exploit a variety of injection, insecure deserialization, cross-site-scripting, and cryptographic failure-based vulnerabilities. Students will also learn how to automate their own custom exploits, perform impactful client-side attacks, and learn how to adapt their web application penetration testing skills to desktop and mobile applications. By the end of this course, students should be prepared to perform technically challenging web application assessments and present their findings and recommended mitigations in technical findings report. This course should prepare students to overcome web application challenges beyond those they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

August 22 to October 03, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (22 Aug 2023 to 03 Oct 2023)

Organizations, large and small, are realizing the importance of maintaining a robust security posture that combines a variety of cybersecurity-related tools and techniques. These companies understand that establishing a strong defensive practice to protecting their most critical assets is not complete unless they conduct proactive security testing from an adversarial perspective to identify and remediate vulnerabilities before they themselves are victimized by a malicious actor. Whether the requisite ethical hacking team is cultivated within the organization, or the role is outsourced to a trusted provider, the team responsible for performing the offensive security activities must not only be well-versed in the latest exploitation techniques, but they must also be able to articulate their findings into a technical report or presentation that targets the appropriate audience. This course will aim to empower students with the knowledge necessary to articulate the outcomes of their offensive security activities into a variety of technical report styles that communicates concisely and effectively to the target audience. Starting with an overview of the challenges of creating effective technical reports, the course will guide students through the process of identifying and understanding the intended consumer of the report, developing authentic content that communicates the intended outcome in a clear and concise fashion, avoiding unintended emotion or bias, and creating effective presentations to accompany a technical report. Through a series of lectures and hands-on assignments, students will have the opportunity to view, modify and create content based on the material discussed. By the end of this course, students should be prepared to create reports and presentations based on a variety of testing and results scenarios and target that same content for different audiences, both technical and non-technical.

15 Classes

45 Hours

Schedule

October 16 to December 04, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (16 Oct 2023 to 04 Dec 2023)

This capstone course serves as the culminating experience in the program, bringing together the knowledge and skills acquired in previous courses to prepare students for real-world challenges. In this advanced course, students will be guided through the end-to-end process of performing a comprehensive penetration test on a complex simulated enterprise environment. This environment is carefully designed to mirror real-world scenarios, encompassing numerous networked systems distributed across multiple network segments and active directory domains. It includes a diverse range of operating systems, network services, and applications, providing students with a dynamic and challenging environment to assess. Throughout this capstone course, students will be given the opportunity to apply the latest penetration testing techniques and methodologies they learned in prior courses, honing their skills in identifying vulnerabilities, exploiting weaknesses, and ultimately reporting on the discovered issues and providing recommendations for fortifying the security posture of the simulated enterprise environment. The course emphasizes practical experience and critical thinking, enabling students to address complex security issues and make informed decisions during engagements. In addition to hands-on exercises, students are tasked with compiling a formal engagement report that documents their findings, recommendations, and the steps taken during the penetration test. This immersive capstone experience equips students with the practical skills and confidence needed to excel in the field of cyber security and provides a solid foundation for those seeking to obtain the OSCP certification.

15 Classes

45 Hours

Schedule

October 17 to December 05, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (17 Oct 2023 to 05 Dec 2023)

This course provides an introduction to fundamental concepts in the areas of networking, operating systems and scripting languages commonly utilized in the field of offensive security and security assessments. The knowledge introduced in the course will act as a fundamental basis for advanced knowledge presented in the rest of the courses in this program. Students will learn about: different components in information systems; the operating systems running on such systems, with focus on Linux operating systems and specifically KALI Linux, including installation; operating system basic functions and commands; scripting fundamentals and networking basics; relevant terminology and concepts used in the world of offensive cybersecurity, IT and related disciplines. The course will use a hands-on approach and students will also develop cross functional competencies in time management, teamwork, Internet-based research analysis, and critical thinking. This course applies an active learning environment, integrating online and in class activities to accomplish its learning objectives.

13 Classes

39 Hours

Schedule

May 08 to June 21, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (08 May 2023 to 21 Jun 2023)

To stand out and excel in your career as professional in the offensive security field, you will need more than just technical capabilities to succeed. The aim of the Fundamentals of Penetration Testing course is to introduce students to key considerations and activities professional penetration testers must plan for throughout an offensive security engagement. Starting with legal and ethical considerations, and adapting industry testing and risk assessment frameworks to varying requirements, students will learn to apply knowledge gained to successfully develop test plans, and develop and acquire resources required to accomplish engagement objectives. This course is focused on the planning, reconnaissance, and resource development stages of an offensive security engagement. It will include a mix of theoretical work introducing and adapting key concepts, and hands-on assignments practicing reconnaissance activities required to identify areas of vulnerability, and planning the path for successful exploitation.

13 Classes

39 Hours

Schedule

May 09 to June 20, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (09 May 2023 to 20 Jun 2023)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to introduce students to network penetration testing tools, techniques, and procedures necessary to evaluate infrastructure targets for a wide variety of security flaws and to exploit those flaws to demonstrate impact. Students will apply concepts learned in lecture and technical walkthrough sessions to exploiting a series of curated vulnerable lab systems. By the end of this course, students should be prepared to enumerate network infrastructure targets; to identify known vulnerabilities and misconfigurations affecting network services and local systems; to exploit identified vulnerabilities, demonstrating impact; and to present their findings and accompanying recommended mitigations in a technical findings report. This introductory network penetration testing course will begin to prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

June 26 to August 09, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (26 Jun 2023 to 09 Aug 2023)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct basic web application penetration tests and write technical findings reports detailing identified vulnerabilities with accompanying recommended mitigations. Starting with an overview of modern web application technologies and infrastructure, the course will guide students through the process of enumerating web applications to identify weaknesses and vulnerabilities. Students will learn how to exploit file upload, SQL injection, business logic, authentication, and authorization vulnerabilities through a series of lectures and hands-on assignments. By the end of this course, students should be prepared to enumerate web applications; identify their underlying technologies, infrastructure configurations, and common vulnerabilities; exploit the identified vulnerabilities; and present their findings and accompanying recommended mitigations in a technical findings report. This course should prepare students to overcome the web application challenges they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

June 27 to August 08, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (27 Jun 2023 to 08 Aug 2023)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to continue students’ infrastructure penetration testing education by introducing contemporary topics in phishing, Active Directory attacks, and command-and-control frameworks. By the end of this course, students should be prepared to identify simple vulnerabilities and misconfigurations affecting Active Directory environments; to exploit identified Active Directory vulnerabilities; to use exploitation and command-and-control framework Metasploit; and to present their findings and accompanying recommended mitigations in a technical findings report. This intermediate-level network penetration testing course will prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

August 21 to October 04, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (21 Aug 2023 to 04 Oct 2023)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct advanced web application penetration tests and write technical findings reports detailing complex vulnerabilities with accompanying recommended mitigations. Building on the fundamentals taught in CSOC 1030, students will learn how to exploit a variety of injection, insecure deserialization, cross-site-scripting, and cryptographic failure-based vulnerabilities. Students will also learn how to automate their own custom exploits, perform impactful client-side attacks, and learn how to adapt their web application penetration testing skills to desktop and mobile applications. By the end of this course, students should be prepared to perform technically challenging web application assessments and present their findings and recommended mitigations in technical findings report. This course should prepare students to overcome web application challenges beyond those they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

August 22 to October 03, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (22 Aug 2023 to 03 Oct 2023)

Organizations, large and small, are realizing the importance of maintaining a robust security posture that combines a variety of cybersecurity-related tools and techniques. These companies understand that establishing a strong defensive practice to protecting their most critical assets is not complete unless they conduct proactive security testing from an adversarial perspective to identify and remediate vulnerabilities before they themselves are victimized by a malicious actor. Whether the requisite ethical hacking team is cultivated within the organization, or the role is outsourced to a trusted provider, the team responsible for performing the offensive security activities must not only be well-versed in the latest exploitation techniques, but they must also be able to articulate their findings into a technical report or presentation that targets the appropriate audience. This course will aim to empower students with the knowledge necessary to articulate the outcomes of their offensive security activities into a variety of technical report styles that communicates concisely and effectively to the target audience. Starting with an overview of the challenges of creating effective technical reports, the course will guide students through the process of identifying and understanding the intended consumer of the report, developing authentic content that communicates the intended outcome in a clear and concise fashion, avoiding unintended emotion or bias, and creating effective presentations to accompany a technical report. Through a series of lectures and hands-on assignments, students will have the opportunity to view, modify and create content based on the material discussed. By the end of this course, students should be prepared to create reports and presentations based on a variety of testing and results scenarios and target that same content for different audiences, both technical and non-technical.

15 Classes

45 Hours

Schedule

October 16 to December 04, 2023

Classes Mon,Wed 6:45 PM-9:45 PM (16 Oct 2023 to 04 Dec 2023)

This capstone course serves as the culminating experience in the program, bringing together the knowledge and skills acquired in previous courses to prepare students for real-world challenges. In this advanced course, students will be guided through the end-to-end process of performing a comprehensive penetration test on a complex simulated enterprise environment. This environment is carefully designed to mirror real-world scenarios, encompassing numerous networked systems distributed across multiple network segments and active directory domains. It includes a diverse range of operating systems, network services, and applications, providing students with a dynamic and challenging environment to assess. Throughout this capstone course, students will be given the opportunity to apply the latest penetration testing techniques and methodologies they learned in prior courses, honing their skills in identifying vulnerabilities, exploiting weaknesses, and ultimately reporting on the discovered issues and providing recommendations for fortifying the security posture of the simulated enterprise environment. The course emphasizes practical experience and critical thinking, enabling students to address complex security issues and make informed decisions during engagements. In addition to hands-on exercises, students are tasked with compiling a formal engagement report that documents their findings, recommendations, and the steps taken during the penetration test. This immersive capstone experience equips students with the practical skills and confidence needed to excel in the field of cyber security and provides a solid foundation for those seeking to obtain the OSCP certification.

15 Classes

45 Hours

Schedule

October 17 to December 05, 2023

Classes Tue,Thu 6:45 PM-9:45 PM (17 Oct 2023 to 05 Dec 2023)

This course provides an introduction to fundamental concepts in the areas of networking, operating systems and scripting languages commonly utilized in the field of offensive security and security assessments. The knowledge introduced in the course will act as a fundamental basis for advanced knowledge presented in the rest of the courses in this program. Students will learn about: different components in information systems; the operating systems running on such systems, with focus on Linux operating systems and specifically KALI Linux, including installation; operating system basic functions and commands; scripting fundamentals and networking basics; relevant terminology and concepts used in the world of offensive cybersecurity, IT and related disciplines. The course will use a hands-on approach and students will also develop cross functional competencies in time management, teamwork, Internet-based research analysis, and critical thinking. This course applies an active learning environment, integrating online and in class activities to accomplish its learning objectives.

13 Classes

39 Hours

Schedule

January 13 to February 24, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (13 Jan 2025 to 24 Feb 2025); Fri 6:45 PM-9:45 PM (21 Feb 2025)

To stand out and excel in your career as professional in the offensive security field, you will need more than just technical capabilities to succeed. The aim of the Fundamentals of Penetration Testing course is to introduce students to key considerations and activities professional penetration testers must plan for throughout an offensive security engagement. Starting with legal and ethical considerations, and adapting industry testing and risk assessment frameworks to varying requirements, students will learn to apply knowledge gained to successfully develop test plans, and develop and acquire resources required to accomplish engagement objectives. This course is focused on the planning, reconnaissance, and resource development stages of an offensive security engagement. It will include a mix of theoretical work introducing and adapting key concepts, and hands-on assignments practicing reconnaissance activities required to identify areas of vulnerability, and planning the path for successful exploitation.

13 Classes

39 Hours

Schedule

January 14 to February 25, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (14 Jan 2025 to 25 Feb 2025)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to introduce students to network penetration testing tools, techniques, and procedures necessary to evaluate infrastructure targets for a wide variety of security flaws and to exploit those flaws to demonstrate impact. Students will apply concepts learned in lecture and technical walkthrough sessions to exploiting a series of curated vulnerable lab systems. By the end of this course, students should be prepared to enumerate network infrastructure targets; to identify known vulnerabilities and misconfigurations affecting network services and local systems; to exploit identified vulnerabilities, demonstrating impact; and to present their findings and accompanying recommended mitigations in a technical findings report. This introductory network penetration testing course will begin to prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

March 10 to April 21, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (10 Mar 2025 to 21 Apr 2025)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct basic web application penetration tests and write technical findings reports detailing identified vulnerabilities with accompanying recommended mitigations. Starting with an overview of modern web application technologies and infrastructure, the course will guide students through the process of enumerating web applications to identify weaknesses and vulnerabilities. Students will learn how to exploit file upload, SQL injection, business logic, authentication, and authorization vulnerabilities through a series of lectures and hands-on assignments. By the end of this course, students should be prepared to enumerate web applications; identify their underlying technologies, infrastructure configurations, and common vulnerabilities; exploit the identified vulnerabilities; and present their findings and accompanying recommended mitigations in a technical findings report. This course should prepare students to overcome the web application challenges they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

March 11 to April 22, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (11 Mar 2025 to 22 Apr 2025)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to continue students’ infrastructure penetration testing education by introducing contemporary topics in phishing, Active Directory attacks, and command-and-control frameworks. By the end of this course, students should be prepared to identify simple vulnerabilities and misconfigurations affecting Active Directory environments; to exploit identified Active Directory vulnerabilities; to use exploitation and command-and-control framework Metasploit; and to present their findings and accompanying recommended mitigations in a technical findings report. This intermediate-level network penetration testing course will prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

May 05 to June 16, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (05 May 2025 to 16 Jun 2025); Fri 6:45 PM-9:45 PM (23 May 2025)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct advanced web application penetration tests and write technical findings reports detailing complex vulnerabilities with accompanying recommended mitigations. Building on the fundamentals taught in CSOC 1030, students will learn how to exploit a variety of injection, insecure deserialization, cross-site-scripting, and cryptographic failure-based vulnerabilities. Students will also learn how to automate their own custom exploits, perform impactful client-side attacks, and learn how to adapt their web application penetration testing skills to desktop and mobile applications. By the end of this course, students should be prepared to perform technically challenging web application assessments and present their findings and recommended mitigations in technical findings report. This course should prepare students to overcome web application challenges beyond those they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

May 06 to June 17, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (06 May 2025 to 17 Jun 2025)

Organizations, large and small, are realizing the importance of maintaining a robust security posture that combines a variety of cybersecurity-related tools and techniques. These companies understand that establishing a strong defensive practice to protecting their most critical assets is not complete unless they conduct proactive security testing from an adversarial perspective to identify and remediate vulnerabilities before they themselves are victimized by a malicious actor. Whether the requisite ethical hacking team is cultivated within the organization, or the role is outsourced to a trusted provider, the team responsible for performing the offensive security activities must not only be well-versed in the latest exploitation techniques, but they must also be able to articulate their findings into a technical report or presentation that targets the appropriate audience. This course will aim to empower students with the knowledge necessary to articulate the outcomes of their offensive security activities into a variety of technical report styles that communicates concisely and effectively to the target audience. Starting with an overview of the challenges of creating effective technical reports, the course will guide students through the process of identifying and understanding the intended consumer of the report, developing authentic content that communicates the intended outcome in a clear and concise fashion, avoiding unintended emotion or bias, and creating effective presentations to accompany a technical report. Through a series of lectures and hands-on assignments, students will have the opportunity to view, modify and create content based on the material discussed. By the end of this course, students should be prepared to create reports and presentations based on a variety of testing and results scenarios and target that same content for different audiences, both technical and non-technical.

12 Classes

36 Hours

Schedule

June 30 to August 11, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (30 Jun 2025 to 11 Aug 2025)

This capstone course serves as the culminating experience in the program, bringing together the knowledge and skills acquired in previous courses to prepare students for real-world challenges. In this advanced course, students will be guided through the end-to-end process of performing a comprehensive penetration test on a complex simulated enterprise environment. This environment is carefully designed to mirror real-world scenarios, encompassing numerous networked systems distributed across multiple network segments and active directory domains. It includes a diverse range of operating systems, network services, and applications, providing students with a dynamic and challenging environment to assess. Throughout this capstone course, students will be given the opportunity to apply the latest penetration testing techniques and methodologies they learned in prior courses, honing their skills in identifying vulnerabilities, exploiting weaknesses, and ultimately reporting on the discovered issues and providing recommendations for fortifying the security posture of the simulated enterprise environment. The course emphasizes practical experience and critical thinking, enabling students to address complex security issues and make informed decisions during engagements. In addition to hands-on exercises, students are tasked with compiling a formal engagement report that documents their findings, recommendations, and the steps taken during the penetration test. This immersive capstone experience equips students with the practical skills and confidence needed to excel in the field of cyber security and provides a solid foundation for those seeking to obtain the OSCP certification.

13 Classes

39 Hours

Schedule

July 03 to August 14, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (03 Jul 2025 to 14 Aug 2025)

This course provides an introduction to fundamental concepts in the areas of networking, operating systems and scripting languages commonly utilized in the field of offensive security and security assessments. The knowledge introduced in the course will act as a fundamental basis for advanced knowledge presented in the rest of the courses in this program. Students will learn about: different components in information systems; the operating systems running on such systems, with focus on Linux operating systems and specifically KALI Linux, including installation; operating system basic functions and commands; scripting fundamentals and networking basics; relevant terminology and concepts used in the world of offensive cybersecurity, IT and related disciplines. The course will use a hands-on approach and students will also develop cross functional competencies in time management, teamwork, Internet-based research analysis, and critical thinking. This course applies an active learning environment, integrating online and in class activities to accomplish its learning objectives.

13 Classes

39 Hours

Schedule

January 13 to February 24, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (13 Jan 2025 to 24 Feb 2025); Fri 6:45 PM-9:45 PM (21 Feb 2025)

To stand out and excel in your career as professional in the offensive security field, you will need more than just technical capabilities to succeed. The aim of the Fundamentals of Penetration Testing course is to introduce students to key considerations and activities professional penetration testers must plan for throughout an offensive security engagement. Starting with legal and ethical considerations, and adapting industry testing and risk assessment frameworks to varying requirements, students will learn to apply knowledge gained to successfully develop test plans, and develop and acquire resources required to accomplish engagement objectives. This course is focused on the planning, reconnaissance, and resource development stages of an offensive security engagement. It will include a mix of theoretical work introducing and adapting key concepts, and hands-on assignments practicing reconnaissance activities required to identify areas of vulnerability, and planning the path for successful exploitation.

13 Classes

39 Hours

Schedule

January 14 to February 25, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (14 Jan 2025 to 25 Feb 2025)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to introduce students to network penetration testing tools, techniques, and procedures necessary to evaluate infrastructure targets for a wide variety of security flaws and to exploit those flaws to demonstrate impact. Students will apply concepts learned in lecture and technical walkthrough sessions to exploiting a series of curated vulnerable lab systems. By the end of this course, students should be prepared to enumerate network infrastructure targets; to identify known vulnerabilities and misconfigurations affecting network services and local systems; to exploit identified vulnerabilities, demonstrating impact; and to present their findings and accompanying recommended mitigations in a technical findings report. This introductory network penetration testing course will begin to prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

March 10 to April 21, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (10 Mar 2025 to 21 Apr 2025)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct basic web application penetration tests and write technical findings reports detailing identified vulnerabilities with accompanying recommended mitigations. Starting with an overview of modern web application technologies and infrastructure, the course will guide students through the process of enumerating web applications to identify weaknesses and vulnerabilities. Students will learn how to exploit file upload, SQL injection, business logic, authentication, and authorization vulnerabilities through a series of lectures and hands-on assignments. By the end of this course, students should be prepared to enumerate web applications; identify their underlying technologies, infrastructure configurations, and common vulnerabilities; exploit the identified vulnerabilities; and present their findings and accompanying recommended mitigations in a technical findings report. This course should prepare students to overcome the web application challenges they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

March 11 to April 22, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (11 Mar 2025 to 22 Apr 2025)

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to continue students’ infrastructure penetration testing education by introducing contemporary topics in phishing, Active Directory attacks, and command-and-control frameworks. By the end of this course, students should be prepared to identify simple vulnerabilities and misconfigurations affecting Active Directory environments; to exploit identified Active Directory vulnerabilities; to use exploitation and command-and-control framework Metasploit; and to present their findings and accompanying recommended mitigations in a technical findings report. This intermediate-level network penetration testing course will prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

Schedule

May 05 to June 16, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (05 May 2025 to 16 Jun 2025); Fri 6:45 PM-9:45 PM (23 May 2025)

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct advanced web application penetration tests and write technical findings reports detailing complex vulnerabilities with accompanying recommended mitigations. Building on the fundamentals taught in CSOC 1030, students will learn how to exploit a variety of injection, insecure deserialization, cross-site-scripting, and cryptographic failure-based vulnerabilities. Students will also learn how to automate their own custom exploits, perform impactful client-side attacks, and learn how to adapt their web application penetration testing skills to desktop and mobile applications. By the end of this course, students should be prepared to perform technically challenging web application assessments and present their findings and recommended mitigations in technical findings report. This course should prepare students to overcome web application challenges beyond those they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

Schedule

May 06 to June 17, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (06 May 2025 to 17 Jun 2025)

Organizations, large and small, are realizing the importance of maintaining a robust security posture that combines a variety of cybersecurity-related tools and techniques. These companies understand that establishing a strong defensive practice to protecting their most critical assets is not complete unless they conduct proactive security testing from an adversarial perspective to identify and remediate vulnerabilities before they themselves are victimized by a malicious actor. Whether the requisite ethical hacking team is cultivated within the organization, or the role is outsourced to a trusted provider, the team responsible for performing the offensive security activities must not only be well-versed in the latest exploitation techniques, but they must also be able to articulate their findings into a technical report or presentation that targets the appropriate audience. This course will aim to empower students with the knowledge necessary to articulate the outcomes of their offensive security activities into a variety of technical report styles that communicates concisely and effectively to the target audience. Starting with an overview of the challenges of creating effective technical reports, the course will guide students through the process of identifying and understanding the intended consumer of the report, developing authentic content that communicates the intended outcome in a clear and concise fashion, avoiding unintended emotion or bias, and creating effective presentations to accompany a technical report. Through a series of lectures and hands-on assignments, students will have the opportunity to view, modify and create content based on the material discussed. By the end of this course, students should be prepared to create reports and presentations based on a variety of testing and results scenarios and target that same content for different audiences, both technical and non-technical.

12 Classes

36 Hours

Schedule

June 30 to August 11, 2025

Classes Mon,Wed 6:45 PM-9:45 PM (30 Jun 2025 to 11 Aug 2025)

This capstone course serves as the culminating experience in the program, bringing together the knowledge and skills acquired in previous courses to prepare students for real-world challenges. In this advanced course, students will be guided through the end-to-end process of performing a comprehensive penetration test on a complex simulated enterprise environment. This environment is carefully designed to mirror real-world scenarios, encompassing numerous networked systems distributed across multiple network segments and active directory domains. It includes a diverse range of operating systems, network services, and applications, providing students with a dynamic and challenging environment to assess. Throughout this capstone course, students will be given the opportunity to apply the latest penetration testing techniques and methodologies they learned in prior courses, honing their skills in identifying vulnerabilities, exploiting weaknesses, and ultimately reporting on the discovered issues and providing recommendations for fortifying the security posture of the simulated enterprise environment. The course emphasizes practical experience and critical thinking, enabling students to address complex security issues and make informed decisions during engagements. In addition to hands-on exercises, students are tasked with compiling a formal engagement report that documents their findings, recommendations, and the steps taken during the penetration test. This immersive capstone experience equips students with the practical skills and confidence needed to excel in the field of cyber security and provides a solid foundation for those seeking to obtain the OSCP certification.

13 Classes

39 Hours

Schedule

July 03 to August 14, 2025

Classes Tue,Thu 6:45 PM-9:45 PM (03 Jul 2025 to 14 Aug 2025)