Every security professional must understand how networks operate at a deep level. This module builds that foundation — from how packets travel across networks, through to identifying suspicious traffic patterns using Wireshark in a live capture lab.

Kali Linux is the platform of choice for penetration testers worldwide. This module gets you fully fluent in the Linux command line, scripting, and system administration — the skills you need to operate Kali's security toolset effectively and manage target systems post-compromise.

Cryptography underpins every secure communication on the internet — from HTTPS to VPNs to password storage. Understanding its principles is essential for both attackers looking to break weak implementations and defenders designing secure systems.

The first phase of any engagement is information gathering. This module teaches passive and active reconnaissance — understanding how much information is publicly available about targets and how attackers use it to plan intrusions before touching a single system.

This is the core offensive module. Working entirely within legal lab environments, you will use the Metasploit Framework and manual exploitation techniques to compromise vulnerable machines — then escalate privileges, move laterally, and understand how attackers maintain persistence inside a network.

Web applications are the attack surface most frequently targeted in modern breaches. This module covers all ten categories of the OWASP Top 10 — the industry-standard classification of the most critical web security risks — using DVWA, WebGoat, and Hack The Box labs.

The human element remains the most exploited attack vector. This module covers how attackers manipulate people through phishing, pretexting, and social engineering — and introduces malware analysis so you can understand what malicious code does once it lands on a system.

Security Operations Centres are the defensive nerve centres of modern organisations. This module places you inside the SOC workflow — monitoring alerts, triaging incidents, investigating threats through log analysis, and executing structured incident response using Splunk and Wazuh.

After an attack, someone must investigate — recovering evidence, building attack timelines, and producing findings that stand up in court or support remediation. This module also covers the governance, risk, and compliance frameworks that shape how organisations manage and report on security.

The capstone simulates a complete professional penetration testing engagement. You will receive a scoped target network, conduct reconnaissance through exploitation using the full toolkit, document your findings, and produce a professional pentest report — the primary deliverable of any security engagement — alongside CTF challenge completions for your portfolio.