Study Plan
Prework
Students obtain basic knowledge of hardware and computer virtualization and working with Linux and Windows operating systems. Participants learn to install and set up virtual machines and discover the architecture and features of Windows 10 and Kali Linux operating systems.
- Virtualization fundamental concepts
- Basic commands in terminal
- Introduction to networks and protocols
Security and System Fundamental concepts
Learn about and differentiate between information security, IT security and cybersecurity. Students also learn the basic concepts and principles of auditing.
- Introduction to cybersecurity:
- Conceptos básicos de ciberseguridad.
- Importancia de la seguridad de la información.
- Leading threats, vulnerabilities and cyber-attacks
- IT Security fundamental concepts:
- Principios de seguridad informática.
- Criptografía y su aplicación en la protección de datos.
- Políticas de seguridad y gestión de accesos.
- Attack surface and attack vectors
- Legal and regulatory framework
- Secure operating systems:
- Seguridad en sistemas operativos.
- Configuración segura de sistemas.
- Monitoreo y detección de intrusiones.
- Secure networks and communications:
- Seguridad en redes informáticas.
- Secure protocols and data encryption
- Firewalls y sistemas de detección/prevención de intrusiones.
- Practical work and laboratory:
- 1. Laboratorio Virtual: Configuración y aseguramiento de sistemas en un entorno virtual
- Practical task 1: Implementing a firewall
- Práctica 2: Análisis de vulnerabilidades en un sistema operativo
- Práctica 3: Pruebas de penetración en una aplicación web
- Práctica 4: Cifrado de datos y gestión de claves
- Práctica 5: Análisis de un caso real de ciberataque
- 1. Laboratorio Virtual: Configuración y aseguramiento de sistemas en un entorno virtual
Fundamental Concepts of Programming
Students learn to program in Python. Python is a popular and powerful programming language used in many contexts, such as creating web applications, analyzing data, creating artificial intelligence programs, and even controlling robots. It is an easy language to learn and has clear and simple syntax, making it easy to read and write. Students learn the various fundamental concepts of Python, including control structures, lists, dictionaries or functions, so by the end of the module they will have the basic knowledge required to get through the rest of the bootcamp.
- Introduction to programming:
- Programming basics
- Programming languages
- Variables, data types and operators
- Control structures (conditionals, loops)
- Functions and modules
- Object-oriented programming:
- OOP basics (classes, objects, inheritance)
- Polymorphism and encapsulation
- Class and class diagram design
- Data structures and algorithms
- Lists, dictionaries and sets
- Search and sorting algorithms
- Computational efficiency and complexity
- Programming for security
- Common vulnerabilities in web applications
- SQL injection, XSS and CSRF
- Authentication and authorization
- Security best practices in programming
- Practical work and real-world cases
- Developing a simple program in Python
- Implementing a class in Python
- Analyzing vulnerable code
- Secure web application project
- Analyzing a real-world cyber attack
Basic Pentesting
Students learn basic techniques for attacks on different objectives with the technical focus corresponding to each scenario. Initially learning target analysis techniques, students create profiles to make decisions about the attack. Additionally, students evaluate the status of the target's infrastructure and systems, identifying insecure configurations, vulnerabilities, etc.
- Introduction to Pentesting
- Pentesting basics
- Pentesting methodology
- Pentesting phases
- Pentesting tools
- Reconnaissance
- Gathering information
- Asset identification
- Scanning ports and services
- Vulnerability assessment
- Exploitation
- Network layer attacks
- Application layer attacks
- Social engineering attacks
- Attacks on web systems
- Post-exploitation
- Privilege escalation
- Persistence
- Obtaining sensitive information
- Covering tracks
- Practical work and real-world cases
- Práctica 1: Reconocimiento de una red
- Práctica 2: Explotación de una vulnerabilidad web
- Práctica 3: Realización de un ataque de phishing
- Práctica 4: Pentesting de una aplicación móvil
- Práctica 5: Análisis de un caso real de pentesting
Advanced pentesting
Students learn advanced pentesting techniques, applied after gaining access to the target systems, in order to detect more advanced vulnerabilities. In addition, students learn various exploit techniques that take advantage of vulnerabilities on a system, gaining access to confidential information, executing code on the target system, or causing denial of service scenarios.
- Advanced pentesting of web applications
- Top 10 OWASP Attacks
- Exploitation of RCE vulnerabilities
- API attacks
- Pentesting mobile apps
- Cloud infrastructure pentesting
- Attacks on cloud providers (AWS, Azure, GCP)
- Exploiting container vulnerabilities
- Serverless computing pentesting
- Cloud security and hardening
- Pentesting networks and systems
- Advanced network attacks (ARP Spoofing, DNS Spoofing)
- Exploitation of zero-day vulnerabilitiesExploitation of zero-day vulnerabilities
- Attacks on operating systems and applications
- Analysis of advanced malware
- Social pentesting and social engineering
- Phishing and spear phishing attacks
- Advanced social engineering (vishing, baiting)
- Supply chain attacks
- Physical security and facility analysis
- Practical work and real-world cases
- Práctica 1: Pentesting avanzado de una aplicación web
- Práctica 2: Pentesting de una infraestructura en la nube
- Práctica 3: Realización de un ataque de red avanzado
- Práctica 4: Pentesting de un sistema operativo
- Práctica 5: Análisis de un caso real de pentesting avanzado
Industrial Cybersecurity
Students learn the key difference in industrial operational technology (OT), protocols, obsolescence and how to protect such critical environments.
- Introduction to Industrial Cybersecurity OT2. What are startups and what are their stages of development?
- Industrial networks and systems. The five phases and tools of the process:
- Security for industrial devices and software. Understanding the problem in order to determine the opportunity.
- Analysis and detection of threats in OT environments
- Protecting critical infrastructure
- Practical work and real-world cases
- Practical laboratories for vulnerability assessment in OT environments.
- Cyber-attacks simulations in OT environments.
Exploits and Reverse Engineering
Exploits and reverse engineering are the domains of the most advanced cybersecurity practitioners. Knowing the internal workings of a program or process in order to alter its behavior is no small thing... and it is exciting. Students acquire the knowledge and skills required to perform debugging tasks and the process of creating malicious code, also known as ‘exploits’.
- Introduction to exploits and reverse engineering
- Basic concepts of exploits and reverse engineering
- Working environment and tools
- Malware analysis fundamental concepts
- Reverse engineering techniques
- Exploiting vulnerabilities
- Exploiting memory vulnerabilities (buffer overflows)
- Exploiting web vulnerabilities (XSS, SQL injection)
- Exploiting application vulnerabilities
- Exploitation of zero-day vulnerabilitiesExploitation of zero-day vulnerabilities
- Advanced reverse engineering
- Binary code analysis and decompilation
- Code modification and exploit creation
- Advanced malware analysis (ransomware, cryptojacking)
- Anti-analysis and anti-debugging techniques
- Practical work and real-world cases
- Practical task 1: Analysis of simple malware
- Practical task 2: Exploiting a buffer overflow vulnerability
- Practical task 3: Reverse engineering an application
- Practical task 4: Analyzing a real-world case of exploits and reverse engineering
- Practical task 5: Developing an exploit for a web vulnerability
Defensive Security
Students become familiar with Security Information and Event Management (SIEM), in order to supervise the security of all network systems. They will learn how to protect assets, minimizing exposed areas and reducing the risk and diversity of attacks that may occur. The course teaches the techniques required to reduce an attack against an entity, counteract attackers, identify the entry vector and define the measures needed to block or mitigate the attack.
- Defensive security fundamental concepts:
- Defensive security basics
- Legal and regulatory framework
- Risk management and threat analysis
- Implementing security controls
- Perimeter and network security
- Firewalls and network segmentation
- Intrusion detection systems (IDS/IPS)
- Virtual private networks (VPN)
- Cloud security
- Application and endpoint security
- Application development security (SDLC)
- Application security testing
- Endpoint protection and device monitoring
- Safe web browsing
- Data and identity security
- Personal data protection and privacy
- Identity and Access Management (IAM)
- Cryptography and information security
- Data backup and recovery
- Practical work and real-world cases
- Practical task 1: Implementing a firewall
- Practical task 2: Setting up an intrusion detection system
- Practical task 3: Security testing on a web application
- Practical task 4: Implementing an identity management system
- Practical task 5: Analyzing a real-world cyber-attack case
Forensic Analysis - Blue Team
Learn how to carry out a forensic analysis process in various environments and discover how the professionals finding answers every day for the security of organizations operate. The module also provides knowledge of forensic analysis, tasks required to analyze events that occur during a security incident so as to assess what happened and implement actions to improve cyber resilience. Students analyze malware both statically and dynamically in order to generate reports.
- Forensic analysis fundamental concepts
- Digital forensics basics
- Legal and regulatory framework
- Digital crime scene processing
- Gathering and analyzing digital evidence
- File system analysis
- File systems and data structures
- Recovering deleted files and metadata analysis
- Analysis of malware and ransomware
- Mobile device forensics
- Network and application forensics
- Analysis of network traffic and logs
- Analysis of intrusions and cyber attacks
- Web and mobile application analysis
- Cloud analysis
- Forensic tools and techniques
- Using forensic tools
- Analysis of disk images and volumes
- Encrypted data analysis
- Advanced analysis techniques
- Practical work and real-world cases
- Practical task 1: Analysis of a disk image
- Practical task 2: Deleted file recovery
- Practical task 3: Malware analysis
- Practical task 4: Analysis of a cyber-attack
- Practical task 5: Analyzing a real-world forensic investigation
Entrepreneurship and Cybersecurity
The module aims to introduce business opportunities in cybersecurity and apply design thinking, reducing uncertainties and prioritizing problem solving and market orientation over technology.
The course looks at the techniques and tools that can be used to develop and define a business opportunity. It represents the basis for the generation of the Capstone Project.
- Entrepreneurship in cybersecurity. Opportunities and challenges.
- What are startups and what are their key development stages?
- What is design thinking and how can it help us?
- The five phases and tools of the process:
- Empathy
- Definition
- Devise
- Prototype
- Validation
- Keys to success:
- Understanding the problem to establish the opportunity
- Devising a solution to determine its viability
- Determining the viability of the business
- Applying the knowledge acquired to a cybersecurity project.
Capstone Project
Aplica todos tus conocimientos adquiridos a lo largo del Bootcamp en tu Capstone Project.
- Definición de idea con el tutor asignado.
- Selección de objetivos del trabajo.
- Plantear metodología y herramientas.
- Presentación ante tribunal de expertos y compañeros.
Innovation Catalyst
