Cybersecurity & AI Bootcamp

Presentation of the curriculum, work tools, program operation and presentation of the group.

You will learn what information security, IT security and cybersecurity are and how to differentiate between them. In addition, you will learn the basic concepts and principles of auditing.

1. Introduction to cybersecurity:
   • Basic concepts of cybersecurity.
   • Importance of information security.
   • Main threats, vulnerabilities and cyber attacks.
2. Fundamentals of Computer Security:
   • Principles of computer security.
   • Cryptography and its application in data protection.
   • Security policies and access management.
   • Attack surface and attack vectors
   • Legal and regulatory framework
3. Secure Operating Systems
   • Security in operating systems.
   • Secure system configuration.
   • Monitoring and intrusion detection.
4. Networking and Secure Communications:
   • Computer network security.
   • Secure protocols and data encryption.
   • Firewalls and intrusion detection/prevention systems.
5. Practical and laboratory work:
   • 1. Virtual Lab: Configuring and Securing Systems in a Virtual Environment
     • Practice 1: Implementing a firewall
     • Practical 2: Vulnerability analysis in an operating system
     • Practice 3: Penetration testing of a web application
     • Practice 4: Data encryption and key management
     • Practice 5: Analysis of a real case of cyber-attack

In this module we will learn how to program in Python language. Python is a very popular and powerful programming language. It is used to do many different things, such as creating web applications, analysing data, creating artificial intelligence programs and even controlling robots. It is a very easy language to learn and has a clear and simple syntax, which means it is easy to read and write. We will learn the different fundamentals of Python such as control structures, lists, dictionaries or functions, so that at the end of the module we will have the basis to safely continue the rest of the bootcamp.

1. Introduction to Programming:
   • Programming basics
   • Programming languages
   • Variables, data types and operators
   • Control structures (conditionals, loops)
   • Functions and modules
2. Object Oriented Programming
   • OOP basics (classes, objects, inheritance)
   • Polymorphism and encapsulation
   • Class design and class diagrams
3. Data Structures and Algorithms
   • Lists, dictionaries and sets
   • Search and sort algorithms
   • Efficiency and computational complexity
4. Programming Security
   • Common vulnerabilities in web applications
   • SQL Injection, XSS and CSRF
   • Authentication and authorisation
   • Good security practices in programming
5. Internships and Case Studies
   • Development of a simple Python program
   • Implementing a class in Python
   • Analysis of vulnerable code
   • Development of a secure web application project
   • Analysis of a real case of cyber-attack

You will learn the basic techniques for conducting attacks on different targets with technical approaches that will be adapted to the needs of each scenario. You begin by learning the techniques of target analysis, creating profiles to make decisions about the attack. In addition, you will assess the state of the target's infrastructures and systems. You will identify insecure configurations, vulnerabilities, etc.

1. Introduction to Pentesting
   • Pentesting basics
   • Pentesting methodology
   • Phases of pentesting
   • Pentesting tools
2. Acknowledgement
   • information gathering
   • Asset identification
   • List of services and ports
   • Vulnerability analysis
3. Exploitation
   • Network layer attacks
   • Attacks on the application layer
   • Social engineering attacks
   • Attacks on web systems
4. Post-Exploitation
   • Escalation of privileges
   • Persistence in the system
   • Obtaining sensitive information
   • Footprint coverage
5. Internships and Case Studies
   • Practice 1: Network recognition
   • Practice 2: Exploiting a web vulnerability
   • Practice 3: Carrying out a phishing attack
   • Practice 4: Pentesting a mobile application
   • Practice 5: Analysis of a real case of pentesting

You will learn advanced pentesting techniques, applied once you have gained access to the target systems, to try to detect more advanced vulnerabilities.‍ In addition, you will learn different exploit techniques that will take advantage of existing vulnerabilities in the system by gaining access to confidential information, executing code on the attacked system or causing denial of service situations.

1. Advanced Web Application Pentesting
   • OWASP Top 10 Attacks
   • Exploitation of CER vulnerabilities
   • API attacks
   • Mobile application pentesting
2. Cloud Infrastructure Pentesting
   • Attacks on cloud providers (AWS, Azure, GCP)
   • Exploiting vulnerabilities in containers
   • Serverless Computing Pentesting
   • Cloud security and hardening
3. Network and Systems Pentesting
   • Advanced network attacks (ARP Spoofing, DNS Spoofing)
   • Exploitation of zero-day vulnerabilities
   • Attacks on operating systems and applications
   • Advanced malware scanning
4. Social Pentesting and Social Engineering
   • Phishing and spear phishing attacks
   • Advanced social engineering (vishing, baiting)
   • Supply chain attacks
   • Physical security and facility analysis
5. Internships and Case Studies
   • Practice 1: Advanced pentesting of a web application
   • Practice 2: Pentesting of a cloud infrastructure
   • Practice 3: Performing an advanced network attack
   • Practice 4: Operating system pentesting
   • Practical 5: Analysis of a real case of advanced pentesting

We will learn the big difference in the industrial OT world, protocols, obsolescence and how to protect these critical environments almost every time.

1. Introduction to Industrial Cybersecurity OT2. What is a startup and what stages of development do they go through?
2. Industrial Networks and Systems4. The five phases and tools of the process:
3. Security in Industrial Devices and SoftwareUnderstanding the problem to determine the opportunity
4. Threat Analysis and Detection in OT Environments
5. Critical Infrastructure Protection
6. Internships and Case Studies
   • Practical laboratories for vulnerability analysis in OT environments.
   • Simulations of cyber attacks in OT environments.

Exploiting and reverse engineering are branches of cybersecurity for the most advanced researchers. Knowing how a program or process works inside to try to modify its behaviour is not trivial, but it is exciting. You will acquire the knowledge and skills necessary to perform debugging tasks and the process of creating malicious code, also known as an "exploit".

1. Introduction to Exploiting and Reverse Engineering
   • Exploiting and reverse engineering basics
   • Working environment and tools
   • Fundamentals of malware analysis
   • Reverse engineering techniques
2. Exploiting Vulnerabilities
   • Exploitation of memory vulnerabilities (buffer overflows)
   • Exploitation of web vulnerabilities (XSS, SQL injection)
   • Exploiting vulnerabilities in applications
   • Exploitation of zero-day vulnerabilities
3. Advanced Reverse Engineering
   • Binary code analysis and decompilation
   • Code modification and exploit creation
   • Advanced malware analysis (ransomware, cryptojacking)
   • Anti-analysis and anti-debugging techniques
4. Internships and Case Studies
   • Practice 1: Analysis of simple malware
   • Practice 2: Exploiting a buffer overflow vulnerability
   • Practice 3: Reverse engineering an application
   • Practice 4: Analysis of a real case of exploiting and reverse engineering
   • Practice 5: Developing an exploit for a web vulnerability

You will become familiar with the Security Information and Event Management systems, SIEM, and with which you will be able to monitor the security of all network systems. You will learn how to protect assets, minimising areas of exposure and reducing the risk and diversity of attacks that may occur. You will control the techniques to reduce an attack against an entity, counteracting the attackers, identifying the entry vector and defining the measures to be taken to stop or mitigate the attack.

1. Defensive Security Fundamentals
   • Defensive security basics
   • Legal and regulatory framework
   • Risk management and threat analysis
   • Implementation of security controls
2. Perimeter and Network Security
   • Firewalls and network segmentation
   • Intrusion detection systems (IDS/IPS)
   • Virtual Private Networks (VPN)
   • Cloud security
3. Application and Endpoint Security
   • Security in application development (SDLC)
   • Application security testing
   • Endpoint protection and device control
   • Security in web browsing
4. Data and Identity Security
   • Personal data protection and privacy
   • Identity and Access Management (IAM)
   • Cryptography and information security
   • Data backup and recovery
5. Internships and Case Studies
   • Practice 1: Implementing a firewall
   • Practice 2: Setting up an intrusion detection system
   • Practice 3: Performing security tests on a web application
   • Practice 4: Implementing an identity management system
   • Practice 5: Analysis of a real case of cyber-attack

You will learn how to carry out a forensic analysis process in different environments and you will learn how the professionals who work every day strive to provide answers to organisations work. You will also acquire the knowledge of forensic analysis, tasks that allow you to analyse the events that occur during a security incident in order to analyse what happened in order to implement actions and improve cyber resilience. You will analyse malware both statically and dynamically and will be able to produce reports afterwards.

1. Fundamentals of Forensic Analysis
   • Digital forensics basics
   • Legal and regulatory framework
   • Digital crime scene processing
   • Acquisition and analysis of digital evidence
2. File System Analysis
   • File systems and data structures
   • Deleted file recovery and metadata analysis
   • Malware and ransomware scanning
   • Analysis of mobile devices
3. Network Analysis and Applications
   • Analysis of network traffic and logs
   • Intrusion and cyber attack analysis
   • Analysis of web and mobile applications
   • Cloud analysis
4. Analysis Tools and Techniques
   • Use of forensic tools
   • Analysis of disk images and volumes
   • Analysis of encrypted data
   • Advanced analytical techniques
5. Internships and Case Studies
   • Practice 1: Analysing a disk image
   • Practice 2: Recovering deleted files
   • Practice 3: Malware analysis
   • Practice 4: Analysing a cyber attack
   • Practice 5: Analysis of a real case of forensic investigation

The module aims to present the opportunities for entrepreneurship in cybersecurity and to apply design thinking to make this journey, reducing uncertainties and prioritising problem solving and market orientation over technology.

The course describes techniques and tools that can be used for the development and modelling of a business opportunity. It is a basic orientation for the construction of the Capstone Project.

1. Entrepreneurship in cybersecurity. Opportunities and challenges.
2. What is a startup and what stages of development do they follow?
3. What is design thinking and how it can help us
4. The five phases and tools of the process:
   • Empathy
   • Define
   • Idear
   • Prototyping
   • Validate
5. Keys to success:
   • Understanding the problem to determine the opportunity
   • Devise a solution to determine its feasibility
   • How to determine business viability
6. Applying what we have learned in a cybersecurity project.

An asynchronous module in which time will be provided to prepare for and take the certification exams included in the program. IMMUNE, in this case, acts as a facilitator in connecting the certifying entity and the student, easing the process but without having authority over the exam or the grades obtained by the students.

• Team building.
• Choice of topic for final project.
• Assignment of tutors.
• Development of the project with an assigned tutor.
• Project delivery.

Presentation of the final project before a panel of experts.