Course curriculum

  • 1

    Message from the founder Ghanimah Labs

    • Message from the Ghanimah Founder in urdu

  • 2

    House keeping items that you MUST learn and apply

    • Dashboard Unlocking

    • How to enable 2 factor Authentication

  • 3

    The beginning of the Journey in the world of Vulnerability Assessment

    • VA Class 00

    • VA Class 01 the CODS connection

    • VA Class 02 What you will learn

    • VA Class 03 common risks to organizations

    • 7 key cyber security threats for businesses – and how to tackle them

    • VA Class 04 common risks to organizations continued

    • 10 Common IT Security Risks in the Workplace

    • VA Class 05 How do we see you vs you see yourself vs the industry

    • VA Class 06 Key things to know within CODS Industry

    • VA Class 07 Disconnect with the Security Industry and Community

    • VA Class 08 What makes this course Unique and what you will learn

    • VA Class 09 be purple

    • VA Class 10 The world needs more super heroes

    • VA Class 11 The start of your journey and the VA Flow

    • VA Class 12 which one is you

    • The Difference Between Red, Blue, and Purple Teams _ Daniel Miessler

    • VA Class 13 VA at an Enterprise Level

    • VA Class 14 IT vs OT

    • Operational technology (OT) - definitions and differences with IT

    • VA Class 15 why VA is necessary

    • 17 Best Vulnerability Assessment Scanning Tools

    • VA Class 16 Satan and Adam and security by design the sunnah way

    • What is Security by Design

    • Security by design research paper

    • VA Class 17 VA Case studies

    • Vulnerability Assessment Case Study for Hospital

    • cyprus-shipping-chamber-vulnerability-management-case-study

    • Read this case study even if you struggle its Ok. As down the line you will learn all these things. An empirical study on vulnerability assessment and penetration detection for highly sensitive networks

    • Cybersecurity Vulnerability Assessment (CVA)

    • Vulnerability Assessment

    • Vulnerability Management Process: Scanning, Prioritizing, and Remediating

    • VA Class 18 VA through the lens of various standards part 1

    • VA Class 18 VA through the lens of various standards part 2

    • VA Class 19 VA Framework part 1

    • VA Class 19 VA Framework part 2

    • VA Class 19 VA Framework part 3

    • VA Class 19 VA Framework part 4

    • VA Class 19 VA Framework part 5

    • VA Class 19 VA Framework part 6

    • VA Class 19 VA Framework part 7 8 and 9

    • VA Class 20 Know your scope Dont commit a 2 trillion dollars mistake

    • VA Class 21 The connection between risk assessment and threat modelling

    • Threat Modelling (Reading excercise)

    • Threat Modelling Process (reading excercise)

    • Threat Modeling: 12 Available Methods (Further reading)

    • Microsoft Threat Modeling tool.

    • VA Class 22 Know the physical and logical assets part a

    • Advantages and Disadvantages of Active vs. Passive Scanning in IT and OT Environments (Reading material)

    • OSI Model Explained: The OSI 7 Layers (Reading Material)

    • The OSI model explained and how to easily remember its 7 layers (Reading Material)

    • ARP VS RARP – Difference between ARP and RARP (Reading material)

  • 4

    Masscan Lab how to scan the whole internet

    • Massscan Lab part 1

    • Massscan Lab part 2

    • Massscan Lab part 3

    • Mass scan Lab part 4

    • Mass scan Lab part 5

    • Masscan How to operate

    • Masscan Github link for review

    • Something to ponder a good read to know history

    • Turkish president speech a food for thought as to what is on the horizon in the cyber space think social-injustice-ware.

    • Senator Bernie Sanders speaking in the US House.

    • Masscan Assignment and submit the .txt file accordingly.

  • 5

    Difference between VA and patching

    • Difference between VA and patching

    • Difference between vulnerability scanning and patch management (Please read this in your native language)

    • Patch management vs vulnerability management (Read this in your native language)

    • The 15 biggest data breaches of the 21st century so far (read this in your native language)

  • 6

    Attention Please take note.

    • Please take note.

  • 7

    Everything is Vulnerable just like us Humans

    • Everything is Vulenrable just like us humans

    • Articles to read

  • 8

    Network data and why it matters in the context of VA

    • Network Data and why it matters in the context of VA

    • Articles for reading as they relate to Network Data.

  • 9

    Open Source Tools to rest Recon play with them.

    • Open Source Recon tools to test out

    • Tools to test out on the Ghanimah labs infrastructure

  • 10

    Scanning the cloud what you need to know as a VA analyst

    • Scanning the cloud what you need to know as a VA analyst

    • Read this article in your native language using google translate

  • 11

    Global Cloud Providers

    • Global Cloud Providers

    • Read this article in your native language using google translate

  • 12

    Inspector Gadget and assessing the cloud providers automatically.

    • Inspector Gadget Connection to Cloud assessments part 1

    • Introducing Amazon Inspector

    • Amazon Inspector

    • Inspector Gadget Connection to CLoud assessments part 2

    • Inspector Gadget Connection to CLoud assessments part 3

    • Security Talks Improve your security GCP

    • Reading articles only. We will cover hands on activities later on in the clod labs.

  • 13

    The connection between army doctrine vs vulnerability assessment

    • The connection between army doctrine vs vulenrbaility assessment

    • Read this article by translating it into your native language using google translator

  • 14

    Which vulnerability scanners to use

    • Which vulnerbaility scanners can you use

    • Read this article and translate this into your own native language using google translator

  • 15

    Understanding Cyber Security Risk and Risk Methodologies

    • Understanding Cyber Security Risk is important

    • Watch this video if you can and understand the context as it will help you prepare for interviews later

    • Risk management Methodologies

    • Octave. Read these documents by translating them in your own native language using google translator

    • OCTAVE. Download and read this document in your native language

    • Information Operations Conditions (INFOCON). Read this document in your own native language

    • OWASP Risk Rating Methodology. Read this in your own native language to understand better

    • CVSS Risk Rating System. Read this in your own Native language

    • file

    • The risk-based approach to cybersecurity. Read this document by translating it into your native language.

  • 16

    Scanners that you should know and will learn on Ghanimah Labs

    • Types of VA Scanners in the Market and what you should learn and will lean on Ghanimah labs

    • Vulnerability Scanning Tools/ Translate this in your native language and read the article.

    • Best Vulnerability Scanner Tools for 2021. read this in your native language to under better.

    • Types of Scans at our disposal

    • Types of VA Scans. Read this article by translating this in your native language.

  • 17

    Open Source scanners vs Commercial Scanners

    • Open Source vs Commercial VA scanners

    • Open-Source Vs. Commercial VA tools. Read this in your native language.

    • Internal VS External Vulnerability Scans: What’s The Main Difference?. Translate this into your local language and read.

  • 18

    Difference between web and network scanning

    • Difference between web and network scanning

    • Web Application Security or Network Security. Translate this in your native language and read.

    • The 4 Big Differences Between Network Security and Web Application Security. Translate this in your native language and ready.

    • Attention, please take note.

  • 19

    Web Application types and tools to attack them

    • web application types and tools to attack them

    • Ultimate Guide to Top 10 Types of Web Applications Development. Translate this into your native language and read please.

    • Web Applications with a Content Management System. Read this in your native language please.

    • Top 10 Open Source Security Testing Tools for Web Applications. please read this in your native language.

  • 20

    SSL vs non SSL what to use

    • SSL vs non SSL what to use part 1

    • Read these articles in your local language and read them please.

    • Please read this article in your local language by translating it through google.

    • Please Read this article in your local language by translating it through google translator.

    • SSL vs non SSL what to use part 2

    • Test out your server, your browser and SSL pulse

    • SSL vs non SSL what to use part 3

    • SSL/TLS Deployment Best Practices. Translate this in your native language.

    • SSL Server Rating Guide. Please translate and read this in your native language.

    • Recommendation to buy a book.

  • 21

    VOIP and SIP their importance

    • Tell me about this VOIP

    • Translate this article in your native language and read please.

    • Translate this article in your native language and read please.

    • Translate this article in your native language by read please.

  • 22

    Map the network. Please attempt this lab on Ghanimah portal.

    • Map the network

  • 23

    Be like Sherlock Homes. Please attempt this lab on Ghanimah portal.

    • Hunting down the user profiles

  • 24

    VA using ZAP. Please attempt this lab on Ghanimah portal.

    • VA using ZAP

  • 25

    Playing around with Burp Suite. Please attempt this lab on Ghanimah portal.

    • How to install Burp suite

    • Manipulating Requests using Burpsuite Intruder

  • 26

    Intercepting Proxies via Burpsuite. Please attempt this lab on Ghanimah portal.

    • Intercepting Proxies via Burpsuite

  • 27

    DNS recon Rico Rico here we go. Please attempt this lab on Ghanimah portal.

    • DNS Recon

    • dig into the DNS

    • Introducing DNSdumpster

    • Recon using Recon-ng

  • 28

    Nmap as the tool of choice. Please attempt this lab on Ghanimah portal.

    • Nmap scripting engine

  • 29

    Scanning the Infrastructure where it hurts

    • Scanning where it really hurts part 1

    • Scanning where it really hurts part 2

    • Please translate in your local language to help you better understand the context.

    • Read some of these validated designs. Translate in your native language if you MUST to understand better.

    • Scanning where it really hurts part 3

    • Scanning where it really hurts part 4

    • Autonomous Ground Vehicles Security Guide (Read in your native language by using a google translator)

    • Cloud Computing different models

    • Read the documents on the CISA website in your native language by using google translator.

    • Key documents to read.

  • 30

    Flan Scan. Please attempt this lab on Ghanimah portal.

    • flan_scan

    • Certs Using Open SSL

  • 31

    Playing with fire aka firewalls. Please attempt this lab on Ghanimah portal.

    • Detecting Firewalls

    • Firewall and intrusion detection system evasion

  • 32

    VA using multiple scanners. Please attempt this lab on Ghanimah portal.

    • VA using ZAP

    • Vulnerability scanning using burpsuite

    • Authenticated scan using Burpsuite

  • 33

    Nafi Linux vs Other distros

    • Nafi Linux and other Linux distros

  • 34

    The mad cat aka hash cat. Please attempt this lab on Ghanimah portal.

    • Hashcat, decoding passwords offline

  • 35

    Managing Projects. Please attempt this lab on Ghanimah portal.

    • Managing and report projects using Dradis CE. Please attempt this lab on Ghanimah portal.

  • 36

    Wifi and IoT Connection

    • Wi-Fi Vulnerbaility and IoT Connection

    • Please read this in your native language by using google translator

    • Please read this in your native language by using google translator

    • Please read this in your native language by using google translator

  • 37

    More videos and labs coming in 1 week time.

    • A real network and capstone project coming in 2 weeks