Kali Linux – Ethical Hacking & Cyber Security (with Networking & Python)
Duration: 6 Months | Daily: 2 Hours | Sunday: Off
Module 1: Course Introduction & Lab Setup
Objective: Prepare learners with a secure, reproducible lab environment and introduce course scope and assessment criteria.
Topics:
• Course overview, learning outcomes, and assessment methods (quizzes, labs, final project)
• Installing and configuring VMWare Workstation
• Importing and configuring Kali Linux, Metasploitable and Windows 7 VMs
• Network topologies in the lab (NAT, bridged, host-only) and safe isolated testing practices
• Snapshotting, VM cloning, and lab backup/restore procedures
• Basic host hardening for instructor/admin machines and rules for responsible lab use
Outcome: Students will have a standardized, isolated lab ready for experiments and understand course expectations and safe practices.
Module 2: Networking Basics
Objective: Build strong foundational knowledge of networking required for security testing and analysis.
Topics:
• What is a Computer Network?
• Types of Networks: LAN, WAN, MAN, WLAN
• IP Addressing (IPv4/IPv6), Subnetting, MAC Address, DNS, Gateway
• Introduction to Network Devices: Router, Switch, Modem, Access Point
• Understanding Ports and Protocols (HTTP, HTTPS, FTP, SSH, DNS, SMTP, etc.)
• OSI vs TCP/IP models and how packets flow through a network
Outcome: Students will be able to read network diagrams, subnet networks, and identify key network protocols and devices for security tasks.
Module 3: Practical Networking Activities
Objective: Apply networking concepts using hands-on commands and analysis tools to prepare for later penetration testing tasks.
Topics:
• IP configuration using ipconfig (Windows) and ifconfig/ip (Linux)
• Ping, traceroute/tracert and basic latency troubleshooting
• Building a local LAN using two or more VMs and testing connectivity
• Simple router/switch configuration demos in a lab environment
• Introduction to packet capture: Wireshark installation, capture basics and filtering (demo only)
• Using netstat, ss, arp and route for local diagnostics
Outcome: Students will be able to configure and troubleshoot basic networks and capture/inspect network traffic in controlled labs.
Module 4: Cyber Threats and Protection
Objective: Recognize common cyber threats and understand protection mechanisms and practical mitigation steps.
Topics:
• Types of Malware: Virus, Worm, Trojan, Ransomware, Rootkits, Keylogger
• Attack vectors: Phishing, drive-by, remote exploits, supply-chain attacks
• What is a Firewall and how it works (host vs network firewalls)
• Antivirus vs Anti-malware – strengths and limitations
• Endpoint protection basics and EDR concept overview
• Cyberbullying, online scams and social engineering awareness
Outcome: Students will identify major threat types and implement basic protective controls across systems and networks.
Module 5: Cyber Safety Practices & Defensive Measures
Objective: Teach best practices for secure behavior, system hardening, and incident readiness for both individuals and organizations.
Topics:
• Safe browsing practices and HTTPS, SSL/TLS basics
• Strong passwords, password managers and secure authentication practices
• Two-Factor Authentication (2FA) and multi-factor authentication concepts
• Secure configuration and minimizing attack surface (services, ports, accounts)
• Patch management and update strategies
• Logging, monitoring fundamentals and basic incident response steps
Outcome: Students will understand and apply security best-practices to reduce exposure and respond to common incidents.
Module 6: Introduction to Kali Linux
Objective: Familiarize students with Kali Linux, its philosophy, environment, and essential command-line skills.
Topics:
• What is Kali Linux and its role in penetration testing and forensics
• Installing Kali Linux: VM install vs Live/USB approach and recommended post-install tasks
• Kali Linux interface tour (GUI and terminal) and file system layout
• Basic Linux terminal commands (ls, cd, cp, mv, chmod, chown, sudo, grep, awk, sed)
• Package management (apt), updating the system and installing tools
• Users, groups, permissions and secure SSH setup
Outcome: Students will navigate Kali confidently and perform fundamental system administration tasks required for security work.
Module 7: Kali Linux Ethical Hacking Tools
Objective: Introduce and practice with the primary offensive security tools included in Kali for reconnaissance, scanning, exploitation and post-exploitation (safe, lab-only demos).
Topics:
• Information Gathering Tools: nmap (scanning types, NSE scripts), whois, traceroute, dig
• Vulnerability scanning basics and safe use of scanners
• Password Cracking Tools: Hydra (online/dictionary attacks), John the Ripper (offline)
• Wordlist creation and manipulation: Crunch, CEWL basics
• Exploitation basics: Metasploit framework (msfconsole workflow) against Metasploitable lab targets
• Network analysis using Wireshark (practical captures and protocol analysis demo)
• Social Engineering Toolkit (overview) and phishing awareness (ethical considerations)
Outcome: Students can perform structured reconnaissance and controlled exploitation in an isolated lab and understand tool output to plan testing.
Module 8: Python Programming Basics for Security
Objective: Teach Python fundamentals with security-focused examples to automate tasks, parse data and build small testing utilities.
Topics:
• Installing Python, virtual environments and package management (pip)
• Variables, data types, input/output and file handling
• Conditional statements, loops, list/dict comprehension
• Functions, modules and basic object-oriented concepts
• Using libraries useful for security: socket, subprocess, requests, re (regex), BeautifulSoup (for web scraping)
• Secure coding practices and avoiding accidental misuse
Outcome: Students will write Python scripts to automate reconnaissance and simple scanning tasks safely and reproducibly.
Module 9: Python for Cyber Security – Practical Scripts
Objective: Apply Python to build lightweight security tools and learn how automation aids both attackers and defenders (ethical use only).
Topics:
• Password strength checker and hash utilities (educational use)
• Building a simple port scanner using the socket module
• Email/text extractor using regular expressions and file parsing
• Web scraping basics for OSINT data gathering (ethics and rate-limiting)
• Simulated keylogger for awareness and defensive countermeasures (demo only, lab-isolated)
• Parsing and visualizing log files for incident analysis (basic CSV/JSON handling)
Outcome: Students will produce small, well-documented Python tools to assist in reconnaissance and defensive log analysis while following ethical rules.
Module 10: Ethical Hacking, Laws, Case Studies & Final Project
Objective: Define ethical boundaries, local and international legal frameworks, and assess knowledge through a comprehensive, standards-aligned final project and certification preparation.
Topics:
• What is Ethical Hacking? Rules of Engagement and responsible disclosure processes
• Cyber Laws and Regulations (overview) — including Pakistan’s PECA Act and international context (GDPR, etc.) and their implications for testers
• Digital responsibility, consent, and liability in security testing
• Real-world case studies (post-mortems and ethical analysis) and lessons learned
• Industry standards & frameworks: OWASP Top 10 (web), NIST Cybersecurity Framework, MITRE ATT&CK (mapping techniques to defenses)
• Final project: full lifecycle exercise — scoping, reconnaissance, vulnerability identification, exploitation (lab targets only), reporting and remediation plan
• Report writing: Creating professional pentest reports, executive summaries and technical appendices
• Certification preparation guidance (CEH, OSCP, CompTIA Security+ pointers) and recommended next steps for professional practice
Outcome: Students will demonstrate end-to-end ethical hacking skills in a controlled final project, produce a professional test report, and understand legal/ethical constraints and international standards for responsible practice.
Assessment & Certification
Objective: Evaluate student competency and provide a recognized evidence of achievement.
Topics:
• Continuous assessment through lab assignments and quizzes
• Graded capstone final project with practical and reporting components
• Practical exam (lab-based) and viva (oral explanation of methods and defenses)
• Certificate of completion with grade/result and recommended professional pathways
Outcome: Students receive a course completion certificate and a portfolio-ready final report demonstrating practical competence.
Additional International-Standard Practical Details
Objective: Ensure the course meets international best practices for hands-on security training and employer expectations.
Topics:
• Use of isolated, reproducible labs and documented test plans (so exercises are auditable)
• Mapping exercises to standards (OWASP, NIST, MITRE) so learners can reference frameworks in reports
• Emphasis on safe, legal, and documented testing: pre-approved scopes, consent-based exercises and artifact retention policies
• Inclusion of threat modeling sessions and blue-team / red-team role-play labs
• Structured remediation exercises where students propose fixes and validate them (fix → retest cycle)
• Logging and evidence collection best practices for legal defensibility (timestamps, tool output, screenshots, hashes)
• Guidance on professional ethics, continuing education, and contribution to responsible disclosure communities
Outcome: Students will be trained to international standards—able to produce defensible test reports, follow industry frameworks, and operate responsibly in professional environments.