Master's Certification Program in Cybersecurity

This 8 month masters program offers coverage to a wide array of concepts, tactics, tools and techniques used by cyber security experts and professionals across the globe.

  • Domain : CSE
Enroll Now View demo

Program Outcomes

In our ever evolving world, everything is virtually interconnected and we have digitised almost everything. Nowadays, computing devices exist everywhere, in our organisation, homes, pockets (mobiles), hospitals, transportation systems, industrial production and energy generation systems, financial and payment systems (PhonePe, Gpay etc), voting systems, and even in tracking Covid cases (Aarogya Setu app) which gives us information about active covid cases and nearby affected areas.

These devices have one thing in common: they execute “codes”.

Codes can be exploited, which can put our lives at risk as our dependency on virtual world is very high. The more we depend and make the virtual world powerful, the threat posed by it also grows proportionally. Let us look at some cyberthreats, 

  • Robert Tappan Morris and the Morris Worm:
    • Back in 1988, a famous worm was set not to harm but to check the vastness of the virtual web. It turned into a virus due to some error and 6000 computers were reportedly affected causing an estimated $10-$100 million dollars in repair bills. This was the beginning of the famous Distributed Denial-of-Service (DDOS) kind of attacks that we encounter today.
  • We would have also heard a lot about stolen credit and debit card information which resulted in huge loss and chaos.

All this does not mean that we cannot trust or rely on the web. We need protection, a virtual shield, which will safeguard all the information on the vast web from damage, theft, forgery and other unethical activities.

With the help of cybersecurity we can afford a safe and secure digital world. Cyber security protects our software, hardware and data from cyber attacks. The Cybersecurity field is ever evolving as we may expect threats in any shape or form, it's a quite challenging domain.

The Masters Program in CyberSecurity offered by Skill Lync aims at teaching the importance of the cybersecurity field, about possible cyber threats and ways to protect our data and information from those threats. It's a holistic approach where we cover all the topics that are required to be an expert in the cyber security domain. These courses are accompanied by projects where you will get hands-on experience that will help you stand out from the crowd. After successful completion of the Cybersecurity Masters Program you can pursue further by getting a job or opting for higher education in the same domain or even become an ethical hacker based on your interest.

This is an 8 months program that comprises of 7 individual course:

  • Foundations of Cybersecurity
  • The Ethical Hacking Course (TEHC)
  • Enterprise Security
  • Network Security
  • Introduction to Automotive Cybersecurity and Vehicle Networks
  • Cryptography Basics & Implementation
  • Advanced Automotive Cyber Security

GET COURSE COUNSELLING TODAY

Get a 1-on-1 demo to understand what is included in the course and how it can benefit you from an experienced sales consultant. The demo session will help you enroll in this course with a clear vision and confidence.

Request a Demo Session

List of courses in this program

1Foundations of Cybersecurity

In this course we will cover key concepts and terminologies in Cybersecurity, we will walk you through

  • Security Fundamentals - Threats & its Types
  • Network Security (OSI model, NAC, Design, Network Protocols)
  • Strategies to identify and remediate vulnerabilities and Security Operations & Incident Management.

2Ethical Hacking

After the fundamental course, we will move to ethical hacking. In order to excel in the cybersecurity domain, we need to know how cyber attacks are done, for which, we need to think faster and better from an attacker's point of view.

In this course, we will learn

  • How to evade
    • IDS
    • Firewalls
    • Honeypots
  • How to hack
    • Web Servers & Web applications
    • Wireless networks & Mobile Platforms
    • IoT Hacking & Cryptography.

3Enterprise Security

In this course, we will be introduced to

  • Enterprise Security
  • Landscape and Architecture
  • We will learn about risk management and security maturity model

4Network Security

In this course, we will gain knowledge about the topics of

  • Network & Network Security
  • Infrastructure Security
  • Compliance & Operational Security
  • Basics of Network Management & Network Forensics.

5Introduction to Automotive Cybersecurity and Vehicle Networks

In this course, we will introduce

  • Automotive cybersecurity
  • Advanced CAN bus concepts
  • Physical attributes of CAN bus
  • Cyber attacks on a CAN bus
  • Security measures for CAN bus
  • International automotive cybersecurity legislation
  • Advanced applications for logged CAN bus data will be covered

6Cryptography Basics & Implementation

We would have heard a lot about Crypto, it was sensational news when Elon Musk bought Bitcoin, a cryptocurrency. The technique or methodology behind cryptocurrency is blockchain which is based on cryptography.

In this course, we will learn about

  • The overview of
    • Cryptography
    • Cipher
    • Symmetric Encryption - Stream & Block Ciphers and Message Integrity - definition and applications.

7Advanced Automotive Cyber Security

Automotive world is moving more and more towards automatic and electric controls in order to make human intervention very minimal. We need to make sure that the control is in the hands of the respective owners, again, here, we need to protect the vehicle from getting hacked by attackers.

In this course, we will check for

  • Cybersecurity relevance and perform TARA using the STRIDE approach
  • We will also learn about
    • Risk Rating
    • Mitigation Technique
    • Attack Tree Analysis.


Program Syllabus

1Introduction to Cybersecurity and Hardware Basics

In this week, we will learn about:

  • Introduction to Cyber Security
  • Importance of Cyber Security
  • Challenges on Enterprise Cyber Attack
  • Prerequisites for Cyber Security career
  • Power-On Self Test (POST)
  • Basic Input/Output System (BIOS)
  • Unified Extensible Firmware Interface (UEFI)
  • Network Interface Card (NIC)
  • Firmware
  • Virtualization
  • Redundant Array of Independent/Inexpensive Disks (RAID)
  • Network Attached Storage (NAS)
  • Hard Disk Drives (HDD)
  • Solid-State Drive (SSD)
  • Non-Volatile Memory express (NVMe)

2Networking Basics

In this week, we will learn about:

  • OSI layer
  • Introduction to Networking
  • Router, Switch,Firewall,Wi-Fi
  • Access Point vs Range Extender
  • IPV4 / IPV6
  • Private and Public IP
  • MAC Address
  • Protocol
  • OSI Layer
  • Attack patterns based on OSI Layer

3Networking

In this week, we will learn about:

  • IDS, IPS
  • Unicast, Broadcast, Multicast
  • APIPA
  • TCP 3 way handshake
  • ARP / RARP
  • Port Number & well known ports
  • NAT,VPN

4Windows

In this week, we will learn about:

  • What a server is and it’s functionality
  • Windows server roles and usage
  • Products used in windows server
  • Workgroup Vs Domain
  • User Account Control usage
  • Bitlocker functionality
  • Event Viewer usage
  • PowerShell in windows
  • Basic windows commands

5Linux

In this week, we will learn about:

  • Linux basic commands
  • Linux and its structure
  • The list of features in Linux
  • Linux distributions and its types
  • Linux directory and file structure
  • Linux basic commands
  • Networking based commands in linux
  • Kali linux and its features

6Security Part 1

In this week, we will learn about:

  • Types of hackers
  • What are the sources of cybersecurity threats
  • Types of Malware and its classifications
  • Difference between virus/spam and it’s working scenario
  • Raise of spyware, adware and keylogger
  • Ransomware working and types
  • Phishing ,DOS and DDOS attacks

7Security Part 2

In this week, we will deep dive into the security aspect of cyber security

  • Attack vectors based on Web application
  • URL Structure and how URL manipulation works
  • XSS and SQL injection
  • What is encryption and how that related to SSL/TLS
  • Comparing the usage of Cryptography in daily use of applications
  • HTTP Request methods and detection of status code
  • Honey pot in cybersecurity
  • Importance of OWASP and top 10 most critical risks

8Security Part 3

In this week, we will learn about

  • Insight of Darknet and how to defend yourself.
  • CIA and it’s usage
  • Difference between threat, vulnerability and risk
  • Cybersecurity frameworks and it’s efficiency in enterprise
  • How blockchain technology is used in cryptocurrency
  • Cloud computing and its types
  • How MFA works and its types
  • Dark web and how it’s used
  • Protecting yourself from cyber attacks

9SOC Teams

This week, we will learn about the SOC team structure

  • Physical and cloud security
  • Introduction to SOC team
  • Network Security
  • Application Security
  • Cloud Security
  • Endpoint Security
  • Email Security
  • Vulnerability management
  • Penetration Testing
  • IAM
  • SIEM


Projects Overview

Project

Highlights

Problem Statement:

Consider "Rivera" organization is planning to build it’s IT team. They must recruit a set of people who are well knowledgeable in roles like, Network Analyst/Administrator
and Junior Security Analyst.

Build a Cyber-Ops team by

  • Creating and configuring the server
  • Configure Windows/Linux based server and establish communication

2. The Ethical Hacking Course (TEHC)

1Introduction to Ethical Hacking, Code of Ethics and Moral values

This Topic answers the 4 Ws viz., – Who, Why, What and When - the questions about Ethical Hacking.

  • What is Ethical Hacking
  • Who is an Ethical Hacker
  • Types of Ethical Hacking/Hackers.
  • Ethical Hacking Terminologies
  • Phases of Ethical Hacking
  • Types of Testing and Attacks.
  • Cyber Laws in India and Abroad.
  • Prerequisites – Setting up a lab environment.

2Identification of Targets: Reconnaissance, Footprinting, and Social Engineering

  • Information gathering methodologies
  • DNS records & Enumeration
  • WHOIS lookup, traceroute, email tracking, web spidering.
  • Social Engineering – Types of Social engineering, Tail-gating, insider attack, dumpster diving, shoulder surfing, phishing, social engineering countermeasures.

3Gathering Network and Host Information: Scanning and Enumeration

  • Scanning for networks, ports and vulnerabilities.
  • TCP Scan types, nmap scanning, port scan countermeasures.
  • Banner Grabbing and OS fingerprinting, visualizing network and target structure, tools used, Enumeration.

4System Hacking: Password Cracking, Escalating Privileges, and Hiding Files

  • Password cracking techniques, types of passwords, password cracking tools, rainbow tables, keyloggers & spywares.
  • Defending against password cracking, hashing, salting, privilege escalation.
  • Hiding files, rootkits, steganography, covering tracks and clearing evidence.

5Malwares - Trojans, Backdoors, Viruses, and Worms. Physical Site Security

  • What is a Trojan
    • Backdoor
    • Types of trojans
    • Indications of Trojan attacks using Netcat.
  • Viruses Vs Worms
    • Types of Viruses.
  • Trojan, Viruses & Worms detection and countermeasures.
  • Physical site Security 
    • Need for Physical Security
    • Security countermeasures.

6Sniffers - Network Data Gathering.

  • What is Sniffing
    • Active Vs Passive sniffing
  • ARP Poisoning
  • Wireshark network packet sniffer
  • MAC Flooding
  • DNS Spoofing
  • Sniffing countermeasures

7Cryptography, Denial of Service and Session Hijacking

  • Cryptography –
    • Encryption & Decryption techniques
    • Public and private keys
    • PKI, SSL/TLS certificates
    • Hashing algorithms.
  • DoS and DDos Attacks, BOTNETs, Smurf and SYN Flood Attacks.
    • DoS/DDoS Countermeasures
  • Session Hijacking –
    • What is a Session
    • Sequence prediction
    • Consequences and preventive measures.

8Web Hacking: Google, Web Servers, Web Application Vulnerabilities, and Web-Based Password Cracking Techniques

  • How web server works,
    • Web Server vulnerabilities,
      • HTTP Methods
      • HTTP verb
      • HTTP Request and Response
      • Web Application vulnerabilities and countermeasures.
  • Web-Based password cracking techniques 
    • Types of authentication,
    • Password cracker – attack types and countermeasures.

9Attacking Applications: SQL Injection, Cross-Site Scripting, CSRF, IDOR and Buffer Overflows

  • What is SQLi, XSS, CSRF, IDOR and Buffer overflow vulnerabilities.
  • Steps to identify & exploit Web Application vulnerabilities.
  • OWASP Framework and other application security frameworks.
  • Preventive measures.

10Wireless - Mobile Network and IoT Hacking

  • Overview of WEP,
    • WPA authentication and cracking techniques.
    • Wireless sniffers and SSID, MAC spoofing.
  • Rogue Access Points, Wireless Hacking Techniques, IoT Exploit Techniques.
  • Securing Wireless Networks.

11Bypassing Network Security: Evading IDSs, Honeypots, and Firewalls

  • Types of Intrusion Detection Systems and evasion techniques.
  • Types of Firewalls and Honeypot evasion techniques.

12Vulnerability Assessment & Penetration Testing Methodologies

  • Why is VA/PT required
  • What is the difference between VA and PT, tools used, purpose, procedure and methodologies.


Projects Overview

The Ethical Hacking Course (TEHC) - Project 1

Highlights

  • Setup 2 virtual machines (1 Kali Linux machine and 1 Windows Server 2012 machine). Gain reverse shell access, send a text file to the target/victim machine (Windows Server 2012). (Provide documentation with steps involved along with screenshots)
  • List down the state of ports 21, 22, 23, 24 & 25 & versions of the services for the IP Address - 38.124.232.40. Determine the SSH encryption algorithms offered by the server IP Address - 38.124.232.40. (Provide documentation with steps involved along with screenshots)

The Ethical Hacking Course (TEHC) - Project 2

Highlights

  • Install BWAPP – web app on your local machine. Successfully exploit the below Vulnerabilities.
    • Cross-Site Scripting - Stored (Blog)
    • SQL Injection (GET/Search)
    • Insecure DOR (Order Tickets)
    • Cross-Site Request Forgery (Transfer Amount)
    • Cross-Site Scripting - Reflected (User-Agent)
  • Install & run Metasploitable2 server on the Virtualbox. Use Nessus Community edition to scan the Metasploitable2 target and generate the vulnerability report for the same.

3. Enterprise Security from Scratch - Syllabus

1Introduction to Enterprise Security

  • About the course & why should you pursue this course
  • Career in Security
  • Explain Enterprise Security & components

2Understanding Enterprise Security Landscape

  • Enterprise Security Landscape
  • The headlines sell but do they help?
  • Understanding Common Terminologies
  • Current Threats
  • Most Common Cyber Attacks and Countermeasures

3Security Elements

  • OSI
  • TCP/IP
  • CIA

4Network Fundamentals

  • Topologies
  • Zones
  • Networks Devices
  • VPN etc

5Beyond the Basic Network

  • Wireless Network
  • Virtualization concepts
  • Deployment Models etc.

6Enterprise Security Architecture

  • Understanding Cybersecurity Framework
  • Develop Enterprise Security framework

7Risk Management

  • Risk
  • Threat
  • Security Controls
  • Layered Defense etc.

8Security Maturity Model

  • Introduction
  • Background
  • Process
  • Capability
  • Standards etc

9Identity and Access Management

  • AAA
  • SSO
  • File Permissions
  • UAM

10Understanding Hacking

  • Who is a Hacker
  • Types of Hacker
  • Hacking Methodology
  • Cyber War
  • Infamous Attacks etc

11Secure Network Design

  • Network Models
  • Transport Layer Security (TLS)
  • Secure Code Development & QC
  • Secure Applications and Protocols

12Securing Assets

  • Securing Peripherals, OS
  • Hardening - Physical, Host
  • System Resiliency etc.


Projects Overview

Enterprise Security from Scratch - Project 1

Highlights

  • Setup a fully functional enterprise security lab with the help of open source tools.
    • Set up virtual environment with GNS3 and Oracle Virtualbox
    • Deploy Network topology
    • Spin up Kali Linux
    • Complete Tasks and reports

Enterprise Security from Scratch - Project 2

Highlights

  • Build CRRS and perform risk assessment on scenarios with completing report.
    • Understand CRRS and create it as per industry standards
    • Understand scenarios and simulation and perform risk assessment
    • Report assessment and complete project

COURSE SYLLABUS

1 Tour to Networking & Network Security

In this module, you will understand the basics of how the internet works and components involved in them. You shall also understand the significance of Networking and its prone areas. You’ll also learn the fundamental practices to be compliant when implementing the security controls.

  • Networking, Network Security – Importance & Needs
  • What is Internet & how it works?
  • Introduction of OSI, TCP/IP layer Architecture
  • All layers of OSI & TCP IP Explained. 
  • Networking & Network Security components
  • What is Defense in Depth?
  • What is CIA Triad?

2 Deep Dive in OSI – Layer 1, Layer 2 & Layer 3:

In this module, you will be able to understand key topics such as IP, MAC etc. 

  • What is IP Address?
  • IP Address range/classes. 
  • Public Vs Private IP range
  • Subnetting Vs CIDR Notation
  • IPV4 Vs IPV6 
  • What is MAC address and its use?
  • What is Ethernet and its types?

3Contd Deep Dive in OSI – Layer 1, Layer 2 & Layer 3:

In this module, you will be able to understand the basic concepts of Routing and Routing protocols to understand how a network traffic routes. A tour of basic concepts such as Switching shall also be explained. This module holistically covers the network packet structure in accordance with OSI layer and shall also give an idea of how a packet would be. 

  • What is a Router and how it works
  • Routing Protocols and basics understanding of its working. 
  • What is Switch and what is Hub?
  • Difference between L2 and L3 Switch
  • What is Virtual LAN and why it is used?
  • Advantages of Virtual LAN. 
  • InterVLAN Communication and WLAN concepts.
  • L2 Header Vs L3 Header in a packet structure.

4Deep Dive in OSI – Layer 4, Layer 5, Layer6 & Layer7:

In this module, you will be able to understand the transport layer and its protocols in detail.

  • What is TCP?
  • What is UDP?
  • Difference between TCP Vs UDP
  • Layer 4 header explained in detail. 

Session Layer, Presentation Layer & Application Layer: In this module, you will be able to understand the remaining three layers in OSI model to enrich the understanding of packet structure. 

  • Session Layer and its need. 
  • Presentation Layer and its need. 
  • Application Layer and its need. 
  • Application Layer & other important protocols explained. 
  • HTTP Vs HTTPS
  • FTP Vs SFTP
  • DNS
  • DHCP
  • SMB
  • SSH
  • TELNET
  • ICMP
  • Database Ports etc. 
  • An overview of working of internet in accordance to OSI layer explained in detail.

5Infrastructure Security

In this module, you will be able to understand the basic concepts of Security components/devices, protocols and also how to implement them wisely in a network.

  • What is Firewall and how it works?
  • ACL, NAT and interfaces explained.
  • What is VPN, its working and usage?
  • Intrusion prevention Vs Intrusion Detection.
  • What are Proxy and its usage?
  • What are Load Balancer and its usage?
  • What are Access Points and why they are used?
  • What is SIEM and its benefits?
  • What is Email Gateway?

6 Basics understanding of Cryptography

This module shall tour you around basics of Cryptography and its involvement in Network Security. You will also learn multiple Cryptography techniques.

  • What is Cryptography
  • Symmetric Key Cryptography Vs Asymmetric Key Cryptography Block & Stream Cipher
  • Hashing
  • PKI, Private Key Management
  • Digital Certificate / Signature

7Security Threats, Risk and Vulnerabilities

In this module, you will be taken a tour of the common security threats exploiting users/organizations across the globe which is most important to be understood as a security engineer. We shall also discuss on the impact involved and mitigation plan in regards to the threats.

  • What is Threat Vs Vulnerability Vs Risk
  • General Threats Explained
  • Social Engineering
  • Malware/Virus/Worm
  • Physical Threats & Vulnerabilities
  • Software & Network based Threats
  • Network Threats and Vulnerabilities and,
  • Basic mitigation techniques

8 Risk Mitigation & Management

In this module, you will be taken through a tour of Risks for each vertical and its corresponding analysis, response strategy.
You will also understand how to detect vulnerabilities in an organization and its mitigation technique to avoid threats exploiting them.

  • Risk Analysis
  • Risk Response Strategy
  • What is Vulnerability Assessment and its importance.
  • Mitigation techniques for the vulnerabilities to avoid threat exploitation.

9Identity and Access Management

In this module, you will be understanding basics of Identity and access management. You will also understand the methods implemented in Domain Controller to strengthen the exploitation in Domain Controller.

  • What is Domain Controller & its importance?
  • What is AAA?
  • Types of Authentication involved in Domain Controller
  • How to implement access control
  • GPO to implement access controls

10 Compliance & Operational Security

In this module, you will be able to understand compliance, security awareness and operation security issues that you may come across when on job. We will also discuss in detail of how to avoid or mitigate them implementing the security devices and controls that we went through for last few weeks.

  • Concepts to be covered are as follows:
  • Physical Security
  • Legal Compliance,
  • Security Awareness & Training
  • Integrate Systems and Data with Third Parties

11 Basics of Network Management & Network Forensics

In this module, you will be able to understand key concepts of Network management. You will also understand the devices and protocols used to manage the network.

  • Network Monitoring – SNMP,
  • Network Performance Optimization and Configuration

This module shall also tour you around basics of Network Forensics.

  • What is Network Forensics
  • Traffic protocols & Network layer analysed
  • Types of system to scan, Pros & Cons and Forensics Tools

12Mobile & Cloud Security

This module shall tour you around the fundamentals of Mobile and Cloud security.

  • Identifying Risk & Securing Mobile Devices
  • Synchronization
  • Email on mobile
  • Mobile Security Awareness
  • Cloud Security Overview
  • Cloud Deployment models: SAAS, PAAS, IAAS
  • Cloud Implementation types
  • Cloud Storage
  • Security as a Services


Projects Overview

Peer-to-Peer communication

Highlights

  • This project is designed to understand/ facilitate students with virtual handling of network and network security appliances using open source tool “Cisco Packet Tracer”.
  • Packet tracer is a virtual simulation tool allowing users to create and play with different network topologies of mere reality. 
  • This Peer-to-Peer communication lab practically helps students to understand communication flow from one peer (asset) to another peer (asset) when directly connected.

Local Area Network with Hub

Highlights

  • This Local area network with Hub lab practically helps students to understand what Hub is and how it works when used in LAN.
  • It is absolutely necessary for students to have practical understanding which is delivered through this project.

Local Area Network with Switch

Highlights

  • This Local area network with Switch lab practically helps student to understand what is Switch and how it works when used in LAN.
  • Practical understanding of LAN is achieved through this project.

Communication between hosts in two different local networks

Highlights

  • Communication between hosts in two different local networks practically helps students to understand how communication occurs between hosts in different local area networks.
  • Students are expected to go through the video and understand the logic and also replicate the same using cisco packet tracer (open source tool) and submit the project.

Inter-Vlan communication

Highlights

  • This Inter-Vlan communication practically helps student to understand how communication occurs between hosts in different local area networks.
  • Students are expected to go through the video and understand the logic and also replicate the same using cisco packet tracer (open source tool) and submit the project.

COURSE SYLLABUS

1Introduction to Automotive Cybersecurity, History of Automotive Cybersecurity, Case Studies of Prominent Automotive Cybersecurity Incidents

This module will:

  • Introduce students to automotive cybersecurity as a concept and teach them about it’s rise to prominence in the automotive industry.
  • Give a technical review of relevant case studies which will give students an idea of what the process of hacking a car is like.

2Intro to Different In-Vehicle Network Technologies, OBDII and EOBD

This lecture will cover the technical features of CAN, LIN, FlexRay, K-Line, Automotive Ethernet, and CAN FD.

Students will learn about different IVN types and where each is used, with emphasis on what applications each is suited for based on price, bandwidth, and other factors.

Students will also learn about the different ports mandated to be on vehicles which grant access to some of these networks.

3Advanced CAN Bus Concepts, Physical Attributes of CAN Bus

Since the CAN bus will be the main area of focus for the hands-on portions of this course, a deeper look will be taken at the CAN protocol.

Students will learn about the different parts of a CAN frame, how they are relevant from a security perspective, and more. They will learn about CAN arbitration and about error states in CAN.

Physical attributes of CAN buses such as wiring patterns, termination, and what they will look like on wiring diagrams/technical documents will also be covered.

4Building Your Digital Workstation

This week’s content will assist the student in setting up their virtualization environment for the remainder of the course’s hands-on work.

We will walk the students through setting up a Linux Virtual Machine, installing the necessary programs for the CAN bus content later on, and an introduction to some of the software that will be used from here on out.

5Building Your Virtual CAN Bus

This course will take students through the process of setting up their own virtual CAN bus using the open source tools they set up in the previous week.

Students will learn how to use the tools at their disposal to read data from a CAN bus, set up a CAN controller, troubleshoot CAN bus hardware, and more.

Parts of this week’s content will feature hardware that the students may not have access to, but it should still serve as useful knowledge.

6Advanced applications for open source CAN tools

This week, students will learn some about some of the more advanced applications of CAN bus. This includes filtering data from a network, logging data, replaying data, and writing basic programs to achieve certain functionality with their devices.

7Setting up Virtual Infotainment System Simulation

This week, the students will be walked through the setting up of the Infotainment Cluster Simulator and shown some of its features. Students will be taught the importance of being able to reverse-engineer CAN bus messages in the absence of a DBC file. The format of a DBC file will be explored as well, showing students how CAN buses are structured in the industry. This will lay the foundation for CAN bus message reverse-engineering.

8CAN Bus Hardware, CAN Bus Software

This course will introduce students to some of the CAN bus products available on the market. We will look at some of the most used hardware tools for interfacing with a CAN bus, and some of the most common software tools that go with them.

Expensive, industry-grade hardware and software will be reviewed but cheaper hardware and open-source software will also be included. Differing strengths and weaknesses of each product will be discussed, and some live demonstrations will be made for some of the programs.

9Cyber Attacks on a CAN Bus, Security Measures for CAN Bus

This week, some possible attacks against a vehicle’s CAN network will be explored. We will go over the details of the attacks, what makes them effective, and discuss possible countermeasures for them.

In tandem with this topic, we will discuss some possible security measures that can be applied to CAN bus including encryption, Authentication, and transport-layer protocols.

10Vehicle Networking Architecture, Where to Find in-Vehicle Networks

This lecture will contextualize how different subsystems can be connected to one another throughout a vehicle. Students will learn how modern vehicle networks are organized, connected to one another, and how information is shared.

Part of this lecture will also discuss how to find different vehicle networks in vehicles, as not all networks are available from the easily accessed diagnostic ports.

11Planning a Vehicular Penetration Test

This week, students will learn the process of carrying out a vehicle penetration test. This process includes the discussion phase with the customer, identifying targets of engagement, planning an attack on the target, and the technical aspects of a penetration test including scanning, enumeration, exploitation, and post-exploitation.

12International Automotive Cybersecurity Legislation, Advanced Applications for Logged CAN Bus Data

To finish off the course, a look will be taken at some of the international legislation surrounding automotive cybersecurity. Multinational standards such as the UN WP29 will be examined, but also country-specific legislation will be looked at.

The final lesion will show how some more expensive, industry-grade hardware and software can be used to recreate a vehicle’s driving session, allowing for advanced incident reconstruction and digital forensics.


Projects Overview

Project 1

Highlights

Using what you’ve learned in your hands-on labs, write a program that logs CAN data from one or more CAN buses.

  1. CAN messages (from any bus) should be sorted into logs of even ARB ID messages and odd ARB ID messages
  2. Even logs should be stored in a Linux Directory called “Even Logs” and odd logs should be stored in a Linux Directory called “Odd Logs”
  3. Individual log files should only store up to 1000 messages
  4. The program should run indefinitely until manually stopped

Project 2

Highlights

Write a program that performs a binary search for any given signal (The instrument cluster can be used as a source for CAN traffic)

  1. It should record a log, assisted by user prompt, and replay all other subsequent logs according to a prompt that the user checks (Did the signal occur again? Y/N.
  2. After every iteration, the number of messages remaining in the kept log should be displayed.
    • The desired outcome is not one particular signal, rather an interactive program that the user can use to automate the binary search process
    • This project will demand extensive use of Bash to manage files in the working directory, split files in half, use the CAN tools, etc.

Project 3

Highlights

In this project, the task is to program an attack terminal

  • The user should be able to select from the following CAN based attacks
  1. Full Bus DoS
    • The program should allow the user to set a duration for the attack
  2. Partial DoS
    • The program should ask the user “what priority should I DoS at?”
    • The program should allow the user to set a duration for the attack
  3. Message Replay
    • The program should allow the user to set the size of buffer to capture before replaying the data
    • The program should allow the user to set a “fuse” (time to wait) after capturing the buffer and before the playback begins
  • The program should create a Linux Directory that includes a descriptive name for the attack and the date/time the attack was run (i.e Full Bus DoS attack - 10/11/2021 at 9:00:00 AM JST)
  • The program should allow the user to set a “fuse” of time to pass before executing the attack
    • A fuse of 0S would mean the attack is executed immediately
  • No attack option should last forever
  • A log of the CAN bus should be kept from the start of the program until the program finishes

COURSE SYLLABUS

1Cryptography usage and mathematics

  • How cryptography is used in the current digital ecosystem
  • The basic mathematics needed for the same

2Symmetric Vs Asymmetric Encryption, Symmetric Encryption Types, Symmetric Encryption Modes of Operation

  • Symmetric and Asymmetric Encryption
  • Types - DES, 3DES, AES, RSA, Diffie-hellman
  • Modes of Operations
  • Mathematics
  • How these are used in code

3Integrity Protection and Hashing, Authenticated Encryption, Special Encryption Scenarios

  • SHA, MD5
  • Authenticated Encryption
  • GCM

4Cryptographic Tools and Methods, Cryptographic Attacks

  • Cryptographic tools - offensive
  • Cryptographic attacks
  • How to defend against cryptographic attacks

5Certificate Management / PKI, Secrets Management and Data Handling

  • Introductions about certificates and how to manage them in the infrastructure
  • Data Handling types
  • How to manage secrets

6Key Management, Handling data at rest and data in motion

  • Intro to Key management
  • how to perform key management in cloud
  • Handling data at rest
  • Handling data in motion


COURSE SYLLABUS

1Evolution of the automotive ecosystem

  • Aoftware-controlled features
  • advanced driver-assistance systems
  • Connectivity, Vehicle to infrastructure, Vehicle to     Cloud, Vehicle to Vehicle
  • Autonomous vehicles
  • Related Certification

2Architecture of modern and future in-vehicle networks

  • CAN, CAN FD, Flexray, MOST, LIN, Ethernet
  • WiFi, bluetooth, NFC, radio frequencies
  • Electronic control units and automotive control module
  • Telematic boxes

3Foundations of cybersecurity targeted to automotive applications

  • Confidentiality, integrity and availability
  • Vulnerabilities and attacks
  • NIST Cybersecurity Risk Management Framework Applied to Modern Vehicles

4Threat and Risk Analysis Methodology

  • Asset Identification
  • Impact Analysis
  • Attack Feasibility Analysis
  • Attack Path Analysis
  • Threat Scenario Analysis
  • Risk Reporting

5The Development Lifecycle in ISO/SAE 21434

  • The Concept Phase
  • The Design Phase (Left side of the V)
  • The Integration and Verification Phase (Right side of the V)
  • Cybersecurity Validation

6Organizational Cybersecurity Management System

  • Product Cybersecurity Plan
  • The Cybersecurity Case
  • Cybersecurity Assessment
  • Supporting Processes

7Cryptography _1

  • Introduction to Cryptography and Data Security
  • Stream Ciphers
  • The Data Encryption Standard (DES) and Alternatives
  • The Advanced Encryption Standard (AES)
  • More about Block Ciphers

8Cryptography 2

  • Introduction to Public-Key Cryptography
  • The RSA Cryptosystem
  • DH key exchange algorithm
  • Elliptic Curve Cryptosystems
  • Digital Signatures
  • Hash Functions
  • Message Authentication Codes (MACs)
  • Key Establishment

9Detailed Analysis of known cyber attacks against vehicles (Jeep Cherokee Attack)

  • Identify target 
  • Exploit the OMAP chip of the head unit 
  • Control the Uconnect System 
  • Flash the v850 with modified firmware 
  • Perform cyber physical actions

10Prevention of cyber attacks

  • Secure boot, secure firmware update, secure OTA
  • Hardware security modules
  • Secure gateways 

11Detection of cyber attacks

  • Intrusion detection for in-vehicle networks
  • Secure logging

12Reaction to cyberattacks

  • Strategies for disabling compromised ECUs
  • Limp/safe mode


Projects Overview

Project 1

Highlights

 Key Highlights 

  • Identify Asset Identification
  • Identify  damage scenario and do Impact Analysis 
  • Do Attack Path Analysis
  • Perform Attack Feasibility Analysis
  • Measure Risk Reporting based on impact and feasibility
  • Define Cyber security requirements

Deliverables

  • TARA sheet with all mentioned details
  • Cyber security Requirement Produced

Project 2

Highlights

Key Highlights 

  • Complete analysis of the JEEP infotainment system
  • Countermeasure identification
  • Requirement generation
  • Residual risk analysis

Deliverables

  • Final report with Vulnerabilities, Countermeasures and Residual risk.

Flexible Course Fees

Choose the Master’s plan that’s right for you

Basic

9 Months Access

25000

Per month for 10 months

  • Access Duration : 9 Months
  • Mode of Delivery : Online
  • Project Portfolio : Available
  • Certification : Available
  • Individual Video Support : 8/Month
  • Group Video Support : 8/Month
  • Email Support : Available
  • Forum Support : Available
  • Telephone Support : Available
Premium

Lifetime Access

35000

Per month for 10 months

  • Job Assistance : Maximum of 10 opportunities
  • Master's Assistance : Lifetime
  • Access Duration : Lifetime
  • Mode of Delivery : Online
  • Project Portfolio : Available
  • Certification : Available
  • Individual Video Support : 24x7
  • Group Video Support : 24x7
  • Email Support : Available
  • Forum Support : Available
  • Telephone Support : Available
  • Dedicated Support Engineer : Available

Testimonials

Companies hire from us

See all

CERTIFICATION

  • Top 5% of the class will get a merit certificate
  • Course completion certificates will be provided to all students
  • Build a professional portfolio
  • Automatically link your technical projects
  • E-verified profile that can be shared on LinkedIn

SKILL LYNC WORKS TO GET YOU A JOB

See all

FAQ

1Can you give a brief description about this program?

The Masters in Cyber Security Program is mainly focused on providing the fundamental idea and knowledge to every individual with the zeal to learn & understand the concepts of Real-time Ethical Hacking. The course offers coverage to a wide array of concepts, tactics, tools and techniques used by cyber security experts and professionals across the globe. The course would be the first step for an individual to plug themselves into the cyber security space.

The program comes with a complete package of all the “must know” topics/courses included to provide the students a 360degree view of the Information Security domain.

2On what basis is this program designed?

The program content is designed to cover the Cyber Security nitty-gritties which an Ethical Hacker/Security Analyst is expected to be aware of. Topics such as what is Ethical Hacking, role of an Ethical Hacker, different types of cyber-attacks an organization/individual would face, tools used to perform real-time attacks, preventive mechanisms and measures are covered in this course. The course would be a foundational level building block for the candidates aspiring to kick-start their career into Cyber-Security.

The course is designed keeping in mind that the students need to understand the core concepts within the information security domain which includes but not limited to - networking concepts & security, cryptography, enterprise security, etc.

3Who can enroll in this program?

The interesting part is that there is no age limitation for this course! Curiosity and a “byte” of computer knowledge is all it takes. The target audience are assumed to have a basic knowledge of computers, networks, internet and digital world. Anyone who is willing to choose Cyber-Security as their career/profession can enroll to this program and those from other streams such as medicine, mechanical engineering, automobile, commerce, Chartered Accountants, etc., can also take up this course to understand the cyber world and its threats.

4What skills and knowledge will the students gain from this program?

The course content covers all the Cyber Security fundamentals which focuses on providing the theoretical knowledge & practical skills an Ethical Hacker/Security Analyst must have. Topics such as what is Ethical Hacking, role of an Ethical Hacker, different types of cyber-attacks an organization/individual would face, tools used to perform real-time attacks, preventive mechanisms and counter-measures are covered in this course. At the end of successful completion of this course, an ideal student would have a clear understanding about cyber threats & attacks, knowledge of various steps involved in hacking, be able to effectively leverage various Ethical Hacking tools and the industry knowledge to identify, understand and mitigate real-time security incidents.

5What full time job opportunities, in India and US, can I expect after the completion of this program? Please add a description of what is expected in each job, companies that offer these roles, and how this program prepares you for the same

The candidates after successful completion of this course can apply for all types of Cyber Security roles such as - SIRT Engineer, SIEM Engineer, SOC Engineer, SOC Analyst, Cyber Security Analyst, Security Engineer, Vulnerability Assessment Engineer, Application Security Engineer, Web Application Firewall (WAF) Engineer, Junior Security Engineer, Junior Penetration Tester, etc. If the candidate applies for Network Security or SIEM based roles, then the questions would be from Firewall, IDS/IPS, AV, error/alert/audit logs, EDR, sniffing, etc. If the candidate applies for a role in Vulnerability Assessment, then the questions would be related to VA & it’s lifecycle, types of operating systems, port numbers, etc. If the candidate applies for Application Security related profiles, then the questions would be from web applications, working of DNS, OWASP top 10, web application related vulnerabilities. All the Information Technology organizations & product based companies across the globe are in need of thousands of Cyber Security professionals to secure their organizations from external & internal threats. All these essential concepts are covered and discussed in this program.

6What Does a typical interview process look like, for students completing this program?

The interview process includes,

  • Initial telephonic discussion/Screening to assess the candidate’s communication/English fluency and then to understand whether the candidate has a basic knowledge that matches the job requirements.
  • Technical Round of interview to assess the level of technical expertise and understanding of the candidate. This would be a face-to-face interview or a virtual interview.
  • Leadership round of interview to fathom the decision-making skills, ability to handle pressure & work with a team, presence of mind and calibre of the candidate. This might be filled with technical questions, qualitative aspects or a mix of both.
  • Finally, the HR discussion to discuss your package and then the job offer!

7What higher education opportunities can a student opt for, after the successful completion of this program?

This course will be a foundational course for the candidate aspiring a career in Information Security / Cyber Security. After this program, there are ample amounts of full-time and part-time Master’s programs offered by various reputed universities in India and abroad. There are PG programs available for Cyber Security in both MSc and MTech. Also, there are various Security Certifications offered by other Cyber Security communities.

8After program completion, what are five Tier-1(GPA > 9) Universities in the US and Europe that the students can apply to? Please list any notable research groups along with a website link

  • Stanford University
  • John Hopkins University
  • North Carolina State University at Raleigh
  • University of Southern California

9What would your top 5 advice be for job-seekers that enroll in this program?

  • Pay attention to each & every concept taught in this course
  • Practice the tools & techniques that are used and covered in the course
  • Ask many questions, do more research on basics and learn more about each concept/topic that is discussed
  • Decide & choose your area of interest within the information Security domain and enhance your expertise in that area
  • Keep yourselves updated on the latest Cyber Security News, latest vulnerabilities & exploits.

10 If the student is working in a different domain for 2-3 years, would you advise them to take this program? If yes, would you advise them to take this course? If yes, please provide a plan that they should follow for a career switch.

A student who has worked in a different domain for 2-3 years can definitely switch to the Cyber Security domain. The student needs to clearly define their career path and aspirations. If they have a network background, then they may choose the Network Security domain which would be more relevant and easy for a career switch. Similarly, a student from the software development background can choose the application security domain which would be more familiar and easy to get a hang of the required skills and understanding. The student needs to start applying for jobs immediately after completion of this course while still working on a different domain.


The Skill-Lync Advantage

See all