Engineer. Attack. Defend. The Ultimate Full-Stack Ethical Hacking & Network Security Pipeline in Ahmedabad.

You start by building the “device-to-OS” mental model that every security analyst needs—because attackers always begin with a weak endpoint. Core hardware & OS foundations - CPU, RAM, storage (HDD/SSD/NVMe), motherboard architecture, BIOS vs UEFI boot flow - System health diagnostics: performance bottlenecks, driver failures, overheating patterns, storage SMART checks - Practical troubleshooting workflows used in IT support and SOC endpoint triage Windows operations (security-first) - User accounts, groups, local security policy basics, UAC and safe admin practices - Services, startup items, scheduled tasks, and how persistence commonly happens - Event Viewer fundamentals for investigations (log sources, useful event types, correlation mindset) - Windows Firewall basics and baseline hardening practices (updates, safe installs, secure config) Registry & endpoint hygiene - Registry structure, common keys, and how misconfiguration becomes attack surface - Controlled changes + rollback discipline (restore points, safe editing patterns) Outcome - You can build, configure, harden, and troubleshoot endpoints confidently—ready for CEH labs and real SOC triage.

This module makes you fluent in the language that all attacks and defenses speak: networks. Protocol fluency (what you’ll actually see in Wireshark) - OSI + TCP/IP model mapping to real traffic - ARP, ICMP, TCP vs UDP behavior, ports/services and why scans work - Common protocol flows: DNS lookups, HTTP/HTTPS sessions, TLS handshake concepts (high-level) IP addressing & segmentation (enterprise-grade) - IPv4 subnetting drills + applying subnets to security zones and segmentation - IPv6 basics: addressing style, operational realities, and where mistakes happen - Routing fundamentals and how routing errors become security gaps Switching fundamentals (Layer 2 matters in attacks) - MAC tables, broadcast domains, VLANs, trunking, basic spanning-tree concepts - How weak L2 designs lead to sniffing, lateral movement, and “shadow” network paths Core services & baseline monitoring - DNS architecture: records, resolution flow, caching, and common abuse patterns - DHCP, NAT, VPN concepts and why they matter in incident investigation - Baseline network monitoring mindset: what “normal” looks like before you hunt anomalies Outcome - You can design, read, and troubleshoot a network like a security engineer—not just memorize theory.

Security work happens on Linux—offense and defense—so you’ll become operationally comfortable without a mouse. Linux operations you’ll use daily - Filesystem structure, permissions model, ownership, and safe privilege boundaries - Users/groups, sudo policy, and common misconfigurations that lead to escalation - Package management and secure installation patterns - Service control with systemd, process lifecycle, and crash diagnosis Investigation & visibility - Log locations and log-reading workflows (auth, system, application logs) - Networking tools for validation and triage (interfaces, routes, ports, DNS checks) - Process and file inspection mindset for incident response Secure remote administration - SSH fundamentals, key-based authentication, and safe remote workflows Automation (Bash, safely) - Bash fundamentals for repeatable SOC tasks (log parsing, evidence collection, health checks) - Defensive scripting habits: input safety, minimal privilege, audit-friendly output Outcome - You can operate, troubleshoot, and automate Linux systems confidently—ready for Kali tooling and SOC investigation.

Before you attack, you must understand what “secure” means in an enterprise—and how defenders think. Security fundamentals that drive real decisions - CIA Triad, risk, threat vs vulnerability, and security control selection - Security control categories: preventive/detective/corrective + practical examples Cryptography (what matters for security work) - Hashing vs encryption, symmetric vs asymmetric concepts - PKI basics, certificates, and why TLS matters (high-level but practical) - Common crypto implementation mistakes and how they break “secure” systems Identity & Access Management (IAM) - Authentication vs authorization, least privilege, RBAC, MFA, account lifecycle - Password policies, secrets hygiene, and common enterprise failure patterns Malware & attack patterns (defender viewpoint) - Malware concepts, persistence patterns, and detection thinking - Indicators of compromise vs normal admin activity (initial triage mindset) Governance & incident basics - Policies, baseline hardening, incident lifecycle and documentation discipline Outcome - You can reason about security like an engineer and apply the concepts in SOC + cloud modules.

You learn to think like an attacker—but with ethics, documentation, and enterprise methodology. Professional attack lifecycle (CEH-aligned) - Reconnaissance and OSINT-style collection (scope-first, evidence-first) - Scanning and enumeration as a discipline (turning signals into hypotheses) - Exploitation in controlled labs with safety + rollback awareness - Privilege escalation concepts and post-exploitation hygiene (no “spray and pray”) Kali tooling (hands-on) - Nmap: scan types, service/version detection, timing, NSE scripts, reporting results clearly - Wireshark: capture filters vs display filters, protocol analysis, spotting credential leakage patterns - Metasploit: module selection, payload concepts, session handling—and why enumeration matters more than tools Web and service attack essentials - Common authentication failures, insecure configurations, injection patterns (concept-to-lab mapping) - Pivoting concepts: why attackers move laterally and what defenders should log Reporting (what employers actually need) - Evidence capture, impact narrative, remediation guidance, and professional communication Outcome - You can execute CEH-style offensive workflows and explain what you did, why it worked, and how to fix it.

You implement perimeter defense as it exists in real organizations—starting with Sophos NGFW. Firewall architecture & policy design - Interfaces, zones, and security posture by design (not by accident) - Rule ordering, least privilege, and documenting “why this rule exists” - Routing fundamentals to ensure traffic follows intended security paths Web filtering & application control (enterprise reality) - Blocking risky categories while maintaining business usability - Reducing shadow IT and risky outbound patterns without breaking operations VPN foundations (hands-on) - Site-to-Site VPN concepts, encryption + key exchange at a practical level - Validation, troubleshooting, and common failure patterns NAT, logging, and operational telemetry - NAT concepts (source/destination) and why NAT affects investigations - Logging strategy: what to log, how to avoid noise, and how data feeds Splunk SOC workflows Outcome - You can deploy, harden, and operate Sophos NGFW policy like a perimeter engineer.

This module makes you multi-vendor ready by building Fortinet (FortiGate) expertise. FortiGate fundamentals (physical/virtual) - Interfaces, zones, and routing concepts applied in Fortinet environments - Policy design patterns that keep networks secure and maintainable - Verification with test traffic and troubleshooting asymmetric flows / misroutes Intrusion Prevention Systems (IPS) in production - Signature concepts, detection vs prevention mindset, tuning for real environments - False-positive management and safe blocking strategies - Logging that is high-signal (actionable) rather than noisy Enterprise operations discipline - Change control habits, rollback planning, and stability-first security engineering Outcome - You can engineer perimeter guardrails confidently across vendors—not just follow click-path tutorials.

This module converts your foundation into real SOC capability using Splunk SIEM. Log onboarding & data quality - Onboard data from Windows, Linux, and firewalls (validation-first) - Field consistency, timestamps, basic normalization thinking, and why “bad data” breaks detections Threat detection workflows - Build searches for credential abuse, suspicious logons, unusual process behavior, and anomalous network patterns - Dashboards and alerting logic: thresholds, context, and reducing alert fatigue - Tuning approach: increase signal, reduce noise, keep detections durable over time SOC triage discipline - Confirm → scope → enrich → prioritize (with evidence) - Incident notes and shift handoff standards so investigations don’t reset each time Outcome - You can go from raw logs to high-confidence security decisions and SOC-ready reporting.

You learn to secure AWS like a production environment—connected back into SOC operations. Zero-Trust IAM architecture - Roles vs users, least privilege policy design, permission boundaries, safe credential handling - Common IAM failure patterns that lead to privilege misuse Application protection - Deploy AWS WAF, understand rule logic, and map web attacks to observable signals Cloud threat detection & response - Enable and operationalize Amazon GuardDuty for high-signal findings - Investigation mindset: what evidence to check, how to scope impact, how to respond safely Secure cloud operations - Logging and monitoring fundamentals, account hygiene, and preventing cloud sprawl from becoming breach surface - Mapping cloud signals into a unified SOC workflow so monitoring stays consistent Outcome - You can defend cloud workloads with the same rigor as on-prem security—and explain your architecture choices clearly.