Foundation Phase
Build your cybersecurity fundamentals from the ground up with hands-on labs every single week.
Duration
3 Months · 12 Weeks
Weeks
12
Modules
84
Access
Curriculum
The Trial That Converts
4w · 28 modules
How the Internet Actually Works
Networking foundations
From Click to Server — The Journey of a Web Request
DNS, HTTP, TCP/IP explained through the story of opening a website. Visual + storytelling approach.
IP Addresses, Subnets and Ports — What They Mean in Plain English
IPv4/IPv6, public vs private IPs, port numbers. Use cases from real attacks and real services.
Protocols Deep Dive — TCP, UDP, ICMP, ARP
How data travels, why it matters for security, where attackers exploit each protocol.
Firewalls, Routers and Switches — The Network's Security Gates
What each device does, how they protect networks, how attackers bypass them.
Wireshark Lab — See Real Network Traffic with Your Own Eyes
Hands-on: capture packets, read a HTTP request, spot something suspicious. First real tool experience.
VPNs, Proxies and Encryption — How Data Gets Protected in Transit
SSL/TLS, HTTPS, VPN tunneling — why these exist and what breaks when they fail.
Week 1 Challenge — Trace an Attack Through a Network
Scenario-based challenge: students trace a simulated attack path using what they learned. Badge on completion.
Operating Systems for Security Professionals
Linux + Windows security
Why Linux Is the Language of Security
Why every hacker and defender lives in Linux. Terminal basics, file system structure, why it matters.
Linux Command Line — 20 Commands Every Security Pro Must Know
Hands-on: ls, cd, grep, cat, chmod, ps, netstat and more. Real security use cases for each.
File Permissions, Users and Privilege — How Linux Protects (and Fails)
chmod, sudo, root access, privilege escalation basics — the concepts every core track needs.
Windows Security Architecture — How the OS Defends Itself
Registry, Active Directory basics, Windows Event Logs, UAC — what attackers target most in enterprise.
Processes, Services and Memory — What's Running on Your Machine
Task Manager vs Process Explorer, identifying malicious processes, memory injection basics.
Log Analysis Basics — Reading the Story an OS Tells
Windows Event Viewer, Linux /var/log — what normal looks like, what malicious activity looks like.
Week 2 Challenge — Hunt a Suspicious Process in a Simulated System
Guided scenario: students find a hidden process and trace its activity. Core SOC + DFIR skill preview.
Security Fundamentals Every Pro Must Know
Core security concepts
CIA Triad — Confidentiality, Integrity, Availability Explained Through Real Breaches
Every security decision maps to these three pillars. Case studies from real incidents.
Authentication vs Authorization — The Most Exploited Confusion in Security
Passwords, MFA, OAuth, session tokens — how they work, how they fail, how attackers exploit gaps.
Cryptography Foundations — Encryption Without the Math Headache
Symmetric vs asymmetric encryption, hashing, digital signatures — explained through stories and real examples.
The Attack Lifecycle — How Every Hack Actually Happens (MITRE ATT&CK Preview)
Recon → weaponize → deliver → exploit → persist → exfil. The kill chain every security pro must internalize.
Malware Types — Viruses, Trojans, Ransomware, RATs, Rootkits
What each type does, real examples, how defenders detect and respond. No code — pure concepts.
Social Engineering — The Human Vulnerability That No Firewall Can Patch
Phishing, vishing, pretexting, baiting — real attack scripts, how to recognize and defend.
Week 3 Challenge — Analyze a Simulated Phishing Attack End-to-End
Students get a fake phishing email + landing page and must identify every technique used. Scored exercise.
Intro to All 4 Tracks (The Decision Week)
SOC · VAPT · DFIR · Cloud preview
What SOC Analysts Actually Do — A Real Shift Walkthrough
Alerts, triage, escalation — students experience a simulated SOC shift in 20 minutes.
What Ethical Hackers Actually Do — A Pentest in 20 Minutes
Recon → scan → exploit → report. High-level walkthrough of a real VAPT engagement.
What Digital Forensics Investigators Do — Solving a Cybercrime
Evidence collection, chain of custody, artifact analysis — told like a detective story.
What Cloud Security Engineers Do — Protecting AWS, Azure, GCP
Misconfigurations, IAM failures, real cloud breaches — what the job looks like day-to-day.
Tools of the Trade — A Visual Map of the Cybersecurity Toolkit
Every major tool across all 4 tracks shown visually. Students start seeing where they want to go.
Which Track Is Right for You — Personality, Skills, Career Goals
Interactive questionnaire + track recommendation. Sets up their core track decision confidently.
Month 1 Capstone — Foundations Assessment + ZF-1 Certificate Preview
Full month review, scored assessment, preview of Month 2 content. The moment they decide to continue.
TECHNICAL DEPTH
4w · 28 modules
Scripting and Automation for Security
Python + Bash basics
Why Security Pros Must Know Scripting (Even a Little)
Automation in SOC, VAPT scripts, forensics parsing — real use cases that make the case for learning.
Python in 20 Minutes — Variables, Loops, Functions for Security Use
Absolute basics. Students write their first Python script for a security task by end of module.
File Handling and Log Parsing with Python
Read a log file, extract IPs, count events — real SOC automation skill in beginner-friendly steps.
Bash Scripting for Linux Security Tasks
Automate user checks, file permission audits, log monitoring — all with simple bash scripts.
Regular Expressions — The Security Analyst's Secret Weapon
Pattern matching in logs, emails, payloads. Learn regex through real threat hunting examples.
API Basics — How Security Tools Talk to Each Other
REST APIs, JSON, how SIEMs and threat intel platforms exchange data. Foundation for all 4 core tracks.
Week 5 Lab — Build a Simple Log Analyzer in Python
Students build a working Python script that reads a log file and flags suspicious IPs. Real output.
Web Application Security Fundamentals
How the web gets attacked
How Web Apps Work — Frontend, Backend, Database in Plain English
HTTP requests, sessions, cookies, APIs — the anatomy of a web app from a security perspective.
OWASP Top 10 — The 10 Ways Web Apps Get Hacked Most
Injection, broken auth, XSS, IDOR — explained with story-based examples. No code required yet.
SQL Injection — The Attack That Has Stolen Millions of Records
What it is, how it works, real examples, how defenders detect it. Conceptual + visual demo.
Cross-Site Scripting — How Attackers Hijack Your Browser
Stored vs reflected XSS, how session stealing works, how WAFs defend against it.
Burp Suite Introduction — The Web Hacker's Swiss Army Knife
Setup, intercepting requests, modifying parameters — first look at the most important VAPT tool.
Authentication Attacks — Brute Force, Credential Stuffing, Password Spraying
How attackers crack logins, what defenders implement to stop them. Detection + prevention.
Week 6 Lab — Find Vulnerabilities in a Deliberately Broken Web App (DVWA)
Hands-on: Students identify SQL injection and XSS in a safe practice environment. First real ethical hacking taste.
Threat Intelligence and Security Operations
SOC + Blue Team foundations
What Is Threat Intelligence — IOCs, TTPs, and Threat Actors
Understanding IOCs (IPs, hashes, domains), how SOC teams use them, major threat actor groups.
SIEM Fundamentals — What It Is, Why SOCs Can't Live Without It
Log aggregation, correlation rules, alert generation — how SIEMs work conceptually before touching one.
Alert Triage — How to Tell Real Threats from False Positives
The decision framework every SOC analyst uses. Priority scoring, context gathering, escalation criteria.
Incident Response Phases — Prepare, Detect, Contain, Eradicate, Recover
The NIST IR framework in plain English. Walk through a ransomware scenario using each phase.
Open Source Threat Intel — VirusTotal, AbuseIPDB, Shodan, OSINT Tools
Free tools every analyst uses daily. Students look up real IOCs and understand what the data means.
Network Traffic Analysis for Defenders — Reading What Attackers Leave Behind
Pcap analysis, C2 traffic patterns, data exfiltration signatures — Wireshark from defender perspective.
Week 7 Lab — Investigate a Simulated Security Incident from First Alert to Report
End-to-end: students receive an alert, triage it, investigate, and write a basic incident report.
Cloud, Compliance and the Security Mindset
Cloud intro + governance
Cloud Basics for Security — AWS, Azure, GCP in Plain English
VPC, IAM, S3, compute — the fundamentals every security person needs before touching cloud security.
Cloud Misconfigurations — The #1 Cause of Cloud Breaches
Real breaches from misconfigured S3 buckets, open security groups, weak IAM. What went wrong, how.
Identity Is the New Perimeter — IAM, Zero Trust, Least Privilege
Why traditional firewalls aren't enough. Zero Trust model, MFA everywhere, identity attack scenarios.
Compliance Frameworks — GDPR, ISO 27001, SOC 2, IT Act India
What compliance means for security teams, why companies need it, how security work maps to each framework.
Risk Management Basics — How Organizations Decide What to Protect
Risk assessment, threat modeling, asset prioritization — the business side of cybersecurity.
Security Documentation — Writing Reports, Runbooks, and Incident Summaries
How to communicate findings clearly. Every core track needs this skill. Templates + examples.
Month 2 Assessment — Technical Knowledge Check
Scored test covering weeks 5–8. Identifies gaps before Month 3. Badge on pass.
CORE TRACK PREPARATION
4w · 28 modules
Advanced Networking and Active Directory
Enterprise environment foundation
Enterprise Networks — VLANs, DMZ, Network Segmentation
How large organizations structure their networks for security. Why segmentation stops lateral movement.
Active Directory — The Backbone of Every Windows Enterprise
Domains, OUs, Group Policy, Kerberos authentication — what AD is and why it's the #1 target.
Active Directory Attacks — Pass the Hash, Kerberoasting, Golden Ticket (Concepts)
Conceptual walkthrough of how AD gets abused. VAPT and SOC students both need this deeply.
IDS, IPS and EDR — Detection Technologies Every Security Pro Must Know
How detection tools work, what they miss, how attackers evade them. SOC + VAPT perspective.
Vulnerability Management — Scanning, Scoring, Prioritizing (CVSS Explained)
How vulnerabilities are discovered, rated, and fixed in organizations. VAPT foundation skill.
Nmap Lab — Network Discovery and Service Enumeration
First Nmap scan, understanding output, identifying open ports and services. Core recon skill.
Week 9 Challenge — Map an Enterprise Network and Identify Attack Surface
Students scan a lab environment, document findings, and present an attack surface summary.
Digital Forensics and Evidence Handling Basics
DFIR foundation
What Is Digital Forensics — The Science of Cyber Investigation
Types of forensics (disk, memory, network, mobile), chain of custody, legal admissibility basics.
File Systems and Data Storage — Where Evidence Hides
NTFS, ext4, FAT — how files are stored and deleted. Why deleted files aren't always gone.
Memory Forensics Basics — What RAM Reveals About an Attack
Volatile evidence, memory dumps, what investigators find in RAM that doesn't exist on disk.
Browser and Email Artifacts — What Users Leave Behind
History, cookies, downloads, email headers — the forensics of human digital behavior.
Autopsy Lab — First Look at a Real Forensics Tool
Setup and basic investigation in Autopsy. Students find a planted file in a disk image.
Windows Registry Forensics — The System's Secret Diary
What the registry stores, what attackers modify, how investigators read attacker activity from it.
Week 10 Challenge — Investigate a Simulated Malware Infection
Students receive a compromised disk image and must identify what happened, when, and how.
Cloud Security Deep Dive + Container Security
Cloud track preparation
Shared Responsibility Model — What Cloud Providers Protect vs What You Must
AWS, Azure, GCP responsibility breakdown. The #1 concept every cloud security role requires.
IAM Deep Dive — Roles, Policies, Service Accounts, Attack Paths
How identity misconfigurations lead to full cloud account compromise. Real attack scenarios.
Container Security — Docker, Kubernetes and What Can Go Wrong
Container escapes, image vulnerabilities, K8s misconfigs — the modern cloud attack surface.
Cloud Logging and Monitoring — CloudTrail, Azure Monitor, GCP Audit Logs
What cloud logs capture, how defenders use them, what attackers try to hide in them.
Cloud VAPT Basics — Assessing Cloud Environments for Security Gaps
Common assessment techniques, tools like ScoutSuite and Prowler, what a cloud pentest looks like.
DevSecOps Basics — Shifting Security Left in Development Pipelines
SAST, DAST, secrets scanning, CI/CD pipeline security — where cloud and development meet security.
Week 11 Lab — Audit a Misconfigured Cloud Environment
Students assess a deliberately misconfigured AWS sandbox and document all findings.
Foundations Capstone and Core Track Readiness
Final assessment + track launch
Comprehensive Revision — Networking, OS, Security Fundamentals
Structured review of all Month 1–3 concepts. Gaps identified before capstone exam.
Comprehensive Revision — Scripting, Web, Threat Intel, Cloud
Second review session covering Month 2–3 technical content. Practice questions included.
Full Capstone Lab — A Multi-Phase Simulated Attack Investigation
Students work through a complete scenario: detect, investigate, analyze, and report. All skills combined.
Foundations Final Exam — Theory + Practical (ZF Certification)
Proctored exam. Pass earns the Zharnyx Foundations (ZF) Certificate — the prerequisite for any core track.
Career Readiness — Resume, LinkedIn, GitHub Profile for Cybersecurity
How to present the ZF certification, what to list, how to write a cybersecurity resume with no work experience.
Core Track Deep Dive Preview — What Month 1 of Your Track Looks Like
A detailed walkthrough of what students will learn in each core track. The excitement builder before they start.
Welcome to Your Core Track — Orientation and Community
Track assignment, cohort introduction, mentor assignment, Discord/community access. The transition moment.