Team of Professional IT Developers Have a Meeting, Speaker Shows Growth Data with Graphs, Charts, Software UI. Shown on TV. Concept: Software UI Development, Deep Learning, Graphs, Charts.

Post-Graduate Certificate in Offensive Cyber Security

Post-Graduate Certificate in Offensive Cyber Security

Next Enrolment

May 9th, January 13th

Tuition

$7,992 (Domestic)

$18,264 (International)

Overview

Learn to identify potential threats, test security controls, and document vulnerabilities to prevent data breaches.

What you will learn

Offensive cybersecurity uses ethical hacking techniques to mimic cyber attacks. This method exploits security vulnerabilities, allowing cyber security professionals to anticipate what may happen during an attack and how to act against a real threat.

In the full-time Post-Graduate Certificate in Offensive Cyber Security, you will learn to:

  • Conduct a vulnerability assessment and develop a professional penetration testing plan or technical report
  • Apply the seven phases of penetration testing to various use-cases to determine vulnerabilities, analyze impact, and determine remediation
  • Analyze and evaluate the various Tactics, Techniques, and Procedures (TTPs) suspicious entities leverage to steal data
  • Install, configure, utilize, and troubleshoot various offensive cyber security tools and software for web applications and operating systems
  • Produce a comprehensive offensive security report with recommendations along with an information security risk rating scale

Program benefits

  • The only full-time Post-graduate Certificate in Offensive Cyber Security offered by a Canadian University
  • Aligns to the body of knowledge domains for the OSCP (Offensive Security) designation
  • Access to training labs to practice penetration testing skills in real-world use cases
  • Engage in practical labs and case studies where you will directly apply the knowledge gained in the program
  • Developed and taught by leading offensive cyber security professionals who have worked in Canada’s top industries including financial services, health care and government
  • Participate in a comprehensive capstone project where you will showcase your cumulative knowledge and skills in offensive cyber security
  • Advance through the program with the same cohort of peers and build your professional network

Format: Full-time
Delivery: In-class
Term Starts: Spring
Program Length: 8 months

Please note: Course titles are not final and are subject to change.

Official OffSec Learning Partner

Career Potential

Adopting cloud platform solutions is a core element of an organization’s digital transformation, with many applying a hybrid approach to their operations (cloud and on-premises). This has prompted organizations to identify and mitigate potential security risks to their digital assets and application security by investing heavily in offensive cybersecurity teams.

The demand for cyber security professionals in Canada is strong and becoming increasingly specialized, driving persistent demand for multi-skilled cybersecurity professionals.

Certifications

The Post-Graduate Certificate in Offensive Cyber Security aligns with the OSCP (Offensive Security) body of knowledge.

Get Hired for Jobs Like:
  • Manager Offensive Security
  • Penetration Tester
  • Offensive Security Specialist
  • Offensive Security and Incident Management Consultant
  • Offensive Security Engineer
  • Offensive Security Advisor
  • Vulnerability Management Specialist
Gain these cross-functional skills:
  • Report writing and documentation
  • Drive projects across cross functional teams
  • Identify and address complex problems

Who should take this program?

The Post-Graduate Certificate in Offensive Cyber Security is suited for:
  • Those who have completed the Post-Graduate Certificate in Cyber Security Operations
  • Those who have obtained the CISSP designation
Admission Requirements:
  • IELTS 6.5, application, resume and video; and
  • Undergrad degree in computer science, IT or a related field; and
  • Completion of the post-grad certificate in cyber security operations; OR
  • Holder of the CISSP designation; OR
  • Holder of the CEH (Certified Ethical Hacker) or CPT (Certified Penetration Tester) or CEPT (Certificate Expert Penetration Tester) or CMWAPT (Certified Mobile and Web App Penetration Tester) or CRTOP (Certified Red Team Operations), or CompTIA PenTest+, or GIAC or GPEN (Global Information Assurance Certifications); OR
  • 2-3 years of technical experience in Cybersecurity as a practitioner and a strong foundational knowledge of operating systems, system architecture and networking.

Delivery Format

Full-Time

  • Courses are conducted in-person at York University main campus
  • Courses are typically scheduled four days per week, 3 hours per day
  • In addition to the live instruction, students should budget approximately 8-10 hours per course each week for readings, discussion boards, and practice opportunities such as lab work, assignments, etc

Courses

CSOC1000 Fundamentals of Programming, Linux, and Command Line Interpretation

This course provides an introduction to fundamental concepts in the areas of networking, operating systems and scripting languages commonly utilized in the field of offensive security and security assessments. The knowledge introduced in the course will act as a fundamental basis for advanced knowledge presented in the rest of the courses in this program. Students will learn about: different components in information systems; the operating systems running on such systems, with focus on Linux operating systems and specifically KALI Linux, including installation; operating system basic functions and commands; scripting fundamentals and networking basics; relevant terminology and concepts used in the world of offensive cybersecurity, IT and related disciplines. The course will use a hands-on approach and students will also develop cross functional competencies in time management, teamwork, Internet-based research analysis, and critical thinking. This course applies an active learning environment, integrating online and in class activities to accomplish its learning objectives.

13 Classes

39 Hours

CSOC1010 Fundamentals of Penetration Testing

To stand out and excel in your career as professional in the offensive security field, you will need more than just technical capabilities to succeed. The aim of the Fundamentals of Penetration Testing course is to introduce students to key considerations and activities professional penetration testers must plan for throughout an offensive security engagement. Starting with legal and ethical considerations, and adapting industry testing and risk assessment frameworks to varying requirements, students will learn to apply knowledge gained to successfully develop test plans, and develop and acquire resources required to accomplish engagement objectives. This course is focused on the planning, reconnaissance, and resource development stages of an offensive security engagement. It will include a mix of theoretical work introducing and adapting key concepts, and hands-on assignments practicing reconnaissance activities required to identify areas of vulnerability, and planning the path for successful exploitation.

13 Classes

39 Hours

CSOC1020 Advanced Concepts in Network Penetration Testing I

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to introduce students to network penetration testing tools, techniques, and procedures necessary to evaluate infrastructure targets for a wide variety of security flaws and to exploit those flaws to demonstrate impact. Students will apply concepts learned in lecture and technical walkthrough sessions to exploiting a series of curated vulnerable lab systems. By the end of this course, students should be prepared to enumerate network infrastructure targets; to identify known vulnerabilities and misconfigurations affecting network services and local systems; to exploit identified vulnerabilities, demonstrating impact; and to present their findings and accompanying recommended mitigations in a technical findings report. This introductory network penetration testing course will begin to prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

CSOC1030 Web Application Penetration Testing

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct basic web application penetration tests and write technical findings reports detailing identified vulnerabilities with accompanying recommended mitigations. Starting with an overview of modern web application technologies and infrastructure, the course will guide students through the process of enumerating web applications to identify weaknesses and vulnerabilities. Students will learn how to exploit file upload, SQL injection, business logic, authentication, and authorization vulnerabilities through a series of lectures and hands-on assignments. By the end of this course, students should be prepared to enumerate web applications; identify their underlying technologies, infrastructure configurations, and common vulnerabilities; exploit the identified vulnerabilities; and present their findings and accompanying recommended mitigations in a technical findings report. This course should prepare students to overcome the web application challenges they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

CSOC1040 Advanced Concepts in Network Penetration Testing II

Cybercrime has evolved into a multi-billion-dollar industry in which nation states, sophisticated criminal gangs, and other threat actors form a complex ecosystem centered on monetization of unauthorized access to systems and data. Network intrusions represent one of the core pillars of this underground economy. Beginning with a phishing email or compromised network service, attackers pivot and escalate throughout corporate environments toward sensitive data to be sold for profit, to be held for ransom, or to be leveraged in fraud against an organization’s users, and toward the widespread network access necessary to conduct catastrophic ransomware attacks. Securing IT infrastructure against today’s sophisticated threat landscape can be achieved in part by proactive security testing conducted from an offensive, adversary-minded perspective. This course aims to continue students’ infrastructure penetration testing education by introducing contemporary topics in phishing, Active Directory attacks, and command-and-control frameworks. By the end of this course, students should be prepared to identify simple vulnerabilities and misconfigurations affecting Active Directory environments; to exploit identified Active Directory vulnerabilities; to use exploitation and command-and-control framework Metasploit; and to present their findings and accompanying recommended mitigations in a technical findings report. This intermediate-level network penetration testing course will prepare students to overcome the network exploitation challenges they will encounter in the PEN-200 labs and on the OSCP exam.

13 Classes

39 Hours

CSOC1050 Advanced Web Application Penetration Testing

Complex internet-facing web applications have become ubiquitous over the last decade as organizations of all sizes work to capture users with rich web experiences. While these increasingly complex and featured web applications represent an opportunity for organizations to engage and provide value to users in new and exciting ways, they also represent a large attack surface for financially motivated adversaries who would seek to exploit security flaws to steal sensitive data, serve malware, and establish footholds in corporate environments. To develop and maintain secure web applications, it is becoming essential that defenders understand how to find and remediate vulnerabilities before they are exploited by adversaries. This course aims to equip students with the knowledge and hands-on skills necessary to conduct advanced web application penetration tests and write technical findings reports detailing complex vulnerabilities with accompanying recommended mitigations. Building on the fundamentals taught in CSOC 1030, students will learn how to exploit a variety of injection, insecure deserialization, cross-site-scripting, and cryptographic failure-based vulnerabilities. Students will also learn how to automate their own custom exploits, perform impactful client-side attacks, and learn how to adapt their web application penetration testing skills to desktop and mobile applications. By the end of this course, students should be prepared to perform technically challenging web application assessments and present their findings and recommended mitigations in technical findings report. This course should prepare students to overcome web application challenges beyond those they will encounter in the PEN-200 labs and OSCP exam.

13 Classes

39 Hours

CSOC1060 Technical Writing and Reporting

Organizations, large and small, are realizing the importance of maintaining a robust security posture that combines a variety of cybersecurity-related tools and techniques. These companies understand that establishing a strong defensive practice to protecting their most critical assets is not complete unless they conduct proactive security testing from an adversarial perspective to identify and remediate vulnerabilities before they themselves are victimized by a malicious actor. Whether the requisite ethical hacking team is cultivated within the organization, or the role is outsourced to a trusted provider, the team responsible for performing the offensive security activities must not only be well-versed in the latest exploitation techniques, but they must also be able to articulate their findings into a technical report or presentation that targets the appropriate audience. This course will aim to empower students with the knowledge necessary to articulate the outcomes of their offensive security activities into a variety of technical report styles that communicates concisely and effectively to the target audience. Starting with an overview of the challenges of creating effective technical reports, the course will guide students through the process of identifying and understanding the intended consumer of the report, developing authentic content that communicates the intended outcome in a clear and concise fashion, avoiding unintended emotion or bias, and creating effective presentations to accompany a technical report. Through a series of lectures and hands-on assignments, students will have the opportunity to view, modify and create content based on the material discussed. By the end of this course, students should be prepared to create reports and presentations based on a variety of testing and results scenarios and target that same content for different audiences, both technical and non-technical.

15 Classes

45 Hours

CSOC1070 Applied Offensive Cyber Security Capstone

This capstone course serves as the culminating experience in the program, bringing together the knowledge and skills acquired in previous courses to prepare students for real-world challenges. In this advanced course, students will be guided through the end-to-end process of performing a comprehensive penetration test on a complex simulated enterprise environment. This environment is carefully designed to mirror real-world scenarios, encompassing numerous networked systems distributed across multiple network segments and active directory domains. It includes a diverse range of operating systems, network services, and applications, providing students with a dynamic and challenging environment to assess. Throughout this capstone course, students will be given the opportunity to apply the latest penetration testing techniques and methodologies they learned in prior courses, honing their skills in identifying vulnerabilities, exploiting weaknesses, and ultimately reporting on the discovered issues and providing recommendations for fortifying the security posture of the simulated enterprise environment. The course emphasizes practical experience and critical thinking, enabling students to address complex security issues and make informed decisions during engagements. In addition to hands-on exercises, students are tasked with compiling a formal engagement report that documents their findings, recommendations, and the steps taken during the penetration test. This immersive capstone experience equips students with the practical skills and confidence needed to excel in the field of cyber security and provides a solid foundation for those seeking to obtain the OSCP certification.

15 Classes

45 Hours

Instructors

Konrad_2022_cropped

Konrad Haase

Steven Ferrigni

Steven Ferrigni

ConnorMcMillan_prof_pic

Connor McMillan

Post-Graduate Certificate in Offensive Cyber Security

Summer 2024

On Campus Classes

Course Details +

$7,992.00 (Domestic)

Summer 2024

On Campus Classes

Course Details +

$18,264.00 (International)

Winter 2025

On Campus Classes

Course Details +

$7,992.00 (Domestic)

Winter 2025

On Campus Classes

Course Details +

$18,264.00 (International)

Policies and more information

Technology Requirements for Remote/Online Courses

Please review the technology and software requirements you will need to access our courses remotely.

School Policies

Funding and Payments

Contact Us

Ask us anything about this program and we’ll get back to you within 2 business days.