Cybersecurity Bootcamp

In this module we will learn how to program in Python language. Python is a very popular and powerful programming language. It is used to do many different things, such as creating web applications, analysing data, creating artificial intelligence programs and even controlling robots. It is a very easy language to learn and has a clear and simple syntax, which means it is easy to read and write. We will learn the different fundamentals of Python such as control structures, lists, dictionaries or functions, so that at the end of the module we will have the basis to safely continue the rest of the bootcamp.

1. Introduction to Programming:
   • Programming basics
   • Programming languages
   • Variables, data types and operators
   • Control structures (conditionals, loops)
   • Functions and modules
2. Object Oriented Programming
   • OOP basics (classes, objects, inheritance)
   • Polymorphism and encapsulation
   • Class design and class diagrams
3. Data Structures and Algorithms
   • Lists, dictionaries and sets
   • Search and sort algorithms
   • Efficiency and computational complexity
4. Programming Security
   • Common vulnerabilities in web applications
   • SQL Injection, XSS and CSRF
   • Authentication and authorisation
   • Good security practices in programming
5. Internships and Case Studies
   • Development of a simple Python program
   • Implementing a class in Python
   • Analysis of vulnerable code
   • Development of a secure web application project
   • Analysis of a real case of cyber-attack

You will learn what information security, IT security and cybersecurity are and how to differentiate between them. You will also learn the basic concepts and principles of auditing.

1. Introduction to cybersecurity:
   • Basic concepts of cybersecurity.
   • Importance of information security.
   • Main threats, vulnerabilities and cyber attacks.
2. Fundamentals of Computer Security:
   • Principles of computer security.
   • Cryptography and its application in data protection.
   • Security policies and access management.
   • Attack surface and attack vectors
   • Legal and regulatory framework
3. Secure Operating Systems
   • Security in operating systems.
   • Secure system configuration.
   • Monitoring and intrusion detection.
4. Networking and Secure Communications:
   • Computer network security.
   • Secure protocols and data encryption.
   • Firewalls and intrusion detection/prevention systems.
5. Practical and laboratory work:
   • Virtual Lab: Configuring and securing systems in a virtual environment
   • Practice 1: Implementing a firewall
   • Practical 2: Vulnerability analysis in an operating system
   • Practice 3: Penetration testing of a web application
   • Practice 4: Data encryption and key management
   • Practice 5: Analysis of a real case of cyber-attack

You will learn the basic techniques for conducting attacks on different targets with technical approaches that will be adapted to the needs of each scenario. You begin by learning the techniques of target analysis, creating profiles to make decisions about the attack. In addition, you will assess the state of the target's infrastructures and systems. You will identify insecure configurations, vulnerabilities, etc.

1. Introduction to Pentesting
   • Pentesting basics
   • Pentesting methodology
   • Phases of pentesting
   • Pentesting tools
2. Acknowledgement
   • Information gathering
   • Asset identification
   • List of services and ports
   • Vulnerability analysis
3. Exploitation
   • Network layer attacks
   • Attacks on the application layer
   • Social engineering attacks
   • Attacks on web systems
4. Post-Exploitation
   • Escalation of privileges
   • Persistence in the system
   • Obtaining sensitive information
   • Footprint coverage
5. Internships and Case Studies
   • Practice 1: Network recognition
   • Practice 2: Exploiting a web vulnerability
   • Practice 3: Carrying out a phishing attack
   • Practice 4: Pentesting a mobile application
   • Practice 5: Analysis of a real case of pentesting

You will learn advanced pentesting techniques, applied once you have gained access to the target systems, to try to detect more advanced vulnerabilities.‍ In addition, you will learn different exploit techniques that will take advantage of existing vulnerabilities in the system by gaining access to confidential information, executing code on the attacked system or causing denial of service situations.

1. Advanced Web Application Pentesting
   • OWASP Top 10 Attacks
   • Exploitation of CER vulnerabilities
   • API attacks
   • Mobile application pentesting
2. Cloud Infrastructure Pentesting
   • Attacks on cloud providers (AWS, Azure, GCP)
   • Exploiting vulnerabilities in containers
   • Serverless Computing Pentesting
   • Cloud security and hardening
3. Network and Systems Pentesting
   • Advanced network attacks (ARP Spoofing, DNS Spoofing)
   • Exploitation of zero-day vulnerabilities
   • Attacks on operating systems and applications
   • Advanced malware scanning
4. Social Pentesting and Social Engineering
   • Phishing and spear phishing attacks
   • Advanced social engineering (vishing, baiting)
   • Supply chain attacks
   • Physical security and facility analysis
5. Internships and Case Studies
   • Practice 1: Advanced pentesting of a web application
   • Practice 2: Pentesting of a cloud infrastructure
   • Practice 3: Performing an advanced network attack
   • Practice 4: Operating system pentesting
   • Practice 5: Analysis of a real case of advanced pentesting