Course Modules - 40 Day Plan
Week 1 (Day 1-5): Cybersecurity Basics and Environment Setup
| Day |
Topic |
What You Learn |
Lab Type |
Practice |
| Day 1 | Introduction to Ethical Hacking | Hacker types, legal boundaries, responsible disclosure, career overview. | Theory | Class activity |
| Day 2 | Networking Fundamentals | OSI, TCP/IP, ports, protocols, packet flow basics. | Local Lab | Network mapping |
| Day 3 | Linux Basics for Hackers | Linux commands, file system, permissions, package management. | Local Lab | Kali setup |
| Day 4 | Windows Command Line and PowerShell | Command usage for administration and security checks. | Local Lab | Windows hardening |
| Day 5 | Virtual Lab Setup | VirtualBox/VMware setup, attacker and target machine setup. | Local Lab | Lab validation |
Week 2 (Day 6-10): Reconnaissance and Scanning
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 6 | Footprinting and OSINT | WHOIS, DNS lookup, search engine reconnaissance. | Hosted Lab | Target profiling |
| Day 7 | Google Dorking | Finding exposed files, admin pages, and data leaks. | Hosted Lab | Dork exercises |
| Day 8 | Nmap Basics | Host discovery, port scanning, service detection. | Local Lab | Port scan report |
| Day 9 | Advanced Nmap and Enumeration | NSE scripts, version detection, vulnerability scripts. | Local Lab | Service enumeration |
| Day 10 | Vulnerability Scanning Intro | Nikto and basic scanner workflow. | Hosted Lab | Web scan |
Week 3 (Day 11-15): Web Application Fundamentals
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 11 | HTTP/HTTPS and Requests | Methods, headers, cookies, sessions. | Theory | Traffic analysis |
| Day 12 | Burp Suite Setup and Proxy | Intercept, modify, and replay web requests. | Hosted Lab | Proxy lab |
| Day 13 | Authentication Testing Basics | Weak login, brute force understanding, lockout policy checks. | Hosted Lab | Login testing |
| Day 14 | Input Validation Issues | Basic SQLi and XSS concepts for beginners. | Hosted Lab | Payload testing |
| Day 15 | Hands-on Mini Challenge | Combine recon and web basics to identify simple flaws. | Hosted Lab | Mini CTF |
Week 4 (Day 16-20): Web Vulnerabilities Basics
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 16 | SQL Injection Basics | Error-based and basic authentication bypass testing. | Hosted Lab | SQLi lab |
| Day 17 | Cross-Site Scripting Basics | Reflected and stored XSS fundamentals. | Hosted Lab | XSS lab |
| Day 18 | File Upload Vulnerabilities | Upload validation issues and unsafe extensions. | Local Lab | Upload bypass |
| Day 19 | IDOR and Access Control Basics | Broken access checks and object manipulation. | Hosted Lab | IDOR testing |
| Day 20 | Week Assessment | Practical assessment on covered vulnerabilities. | Hosted Lab | Assessment |
Week 5 (Day 21-25): System and Network Security Basics
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 21 | Password Security and Cracking Intro | Hashing basics, weak passwords, dictionary attacks. | Local Lab | Hashcat basics |
| Day 22 | Wireshark Packet Analysis | Capture and inspect network traffic. | Local Lab | Packet lab |
| Day 23 | MITM Concept and Defenses | ARP spoofing concept and secure mitigations. | Theory | Case study |
| Day 24 | Firewall and IDS Basics | Basic filtering, logs, and alerts. | Local Lab | Rule simulation |
| Day 25 | Secure Configuration Basics | Common misconfiguration checks in OS and services. | Local Lab | Checklist audit |
Week 6 (Day 26-30): Tools and Automation Basics
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 26 | Burp Repeater and Intruder | Manual request manipulation and basic fuzzing. | Hosted Lab | Parameter fuzzing |
| Day 27 | Directory and Subdomain Discovery | ffuf and subfinder beginner usage. | Hosted Lab | Discovery lab |
| Day 28 | Nuclei Intro | Template-based vulnerability checks. | Hosted Lab | Nuclei scan |
| Day 29 | Bash/Python Automation Basics | Create simple scripts for repetitive recon tasks. | Local Lab | Script task |
| Day 30 | Toolchain Practice Day | Use multiple tools in one beginner workflow. | Hosted Lab | Workflow exercise |
Week 7 (Day 31-35): Reporting and Professional Workflow
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 31 | Writing Good Bug Reports | Title, steps to reproduce, impact, and recommendations. | Theory | Report template |
| Day 32 | Proof of Concept Documentation | Screenshots, evidence, and reproducibility. | Theory | PoC writeup |
| Day 33 | CVSS Basics | How to estimate basic severity and impact. | Theory | Severity practice |
| Day 34 | Bug Bounty Platform Basics | Scope reading, program rules, and safe testing approach. | Hosted Lab | Scope analysis |
| Day 35 | Mock Triage Session | How reports are accepted, duplicated, or rejected. | Theory | Triage simulation |
Week 8 (Day 36-40): Final Practical and Certification
| Day | Topic | What You Learn | Lab Type | Practice |
| Day 36 | Full Recon Practical | Perform complete beginner recon on provided target lab. | Hosted Lab | Recon challenge |
| Day 37 | Web Testing Practical | Test authentication, IDOR, XSS, and basic SQLi. | Hosted Lab | Web challenge |
| Day 38 | System and Network Practical | Packet review and basic vulnerability checks. | Local Lab | Network challenge |
| Day 39 | Final Report Submission | Create and submit final report with evidence and impact. | Theory | Final report |
| Day 40 | Final Assessment and Certification | Course review, viva, and certification result. | Theory | Completion exam |
Lab Availability
- Local Labs: Pre-built VM labs for offline practice on student laptop.
- Wolf Hosted Labs: Browser-based labs provided by Cyber Wolf for guided exercises.
- Tools Included: Kali Linux, Burp Suite, Nmap, Wireshark, ffuf, subfinder, Nuclei, and reporting templates.
Evaluation Criteria
| Component |
Type |
Weight |
Description |
| Weekly Labs | Practical | 35% | Completion and quality of weekly hands-on tasks. |
| Mid Practical Test | Practical | 20% | Week 4 skill validation. |
| Final Practical | Practical | 30% | End-to-end ethical hacking exercise. |
| Final Report | Documentation | 15% | Professional report with proper evidence. |