Appointment

CPT

TMG - CPT

Shaping The Futures

CPT

CERTIFIED SECURITY OPERATIONS & THREAT DETECTION ANALYST (CSSA)

Duration: 12 Months
Level: BeginnertoExpert

Mode:Practical+Live Labs+Real-World Assessments+CapstoneProjects
Certification:Diploma inCertifiedPenetrationTesting (CPT) /PartnershipWithBirchwoodUniversity

SEMESTER 1 - Cybersecurity & OffensiveSecurity Foundations

MODULE 1: Introduction toCybersecurity andEthical Hacking

Description

This module introduces students to the foundations of cybersecurity and offensive security. Students will gain a strong understanding of how cyber attacks occur, how organizations defend their digital assets, and the role of ethical hackers in identifying security weaknesses before malicious attackers can exploit them.

Topics Covered

  • Cybersecurity Fundamentals
  • Security Principles and Concepts
  • CIA Triad
  • Threat Landscape
  • Threat Actors and Motivations
  • Security Controls
  • Vulnerability Management Lifecycle
  • Security Operations Overview
  • Cyber Kill Chain Framework
  • MITRE ATT&CK Framework
  • Responsible Disclosure
  • Legal and Ethical Considerations

Practical Labs

  • Setting up a Cybersecurity Lab Environment
  • Understanding Attack Surfaces
  • Simulating Basic Attacks
  • Security Assessment Methodologies

Description

Understanding networking is essential for every penetration tester. This module focuses on the architecture, protocols, and communication mechanisms that form the backbone of modern networks. Students will learn how attackers and defenders analyze network traffic and identify potential weaknesses.

Topics Covered

  • OSI Model
  • TCP/IP Model
  • Routing and Switching
  • DNS Architecture
  • DHCP
  • VPN Technologies
  • SSL/TLS
  • HTTP and HTTPS Protocols
  • Network Segmentation
  • Firewalls
  • IDS and IPS Technologies

Practical Labs

  • Wireshark Packet Analysis
  • Protocol Enumeration
  • Traffic Inspection
  • Network Mapping
  • Packet Crafting

Description

Linux is the preferred operating system for many cybersecurity professionals. This module provides students with practical Linux administration and offensive security skills required for penetration testing engagements.

Topics Covered

  • Linux Architecture
  • Linux File Systems
  • User and Group Management
  • Linux Permissions
  • Package Management
  • Bash Scripting
  • SSH Security
  • Process Management
  • Log Analysis
  • Linux Security Hardening

Practical Labs

  • Linux Enumeration
  • User Privilege Analysis
  • Service Enumeration
  • Linux Privilege Escalation

Description

This module focuses on the Windows operating system, its architecture, authentication mechanisms, and common attack vectors exploited by penetration testers and adversaries.

Topics Covered

  • Windows Architecture
  • Registry Analysis
  • Windows Services
  • Windows Event Logging
  • Authentication Mechanisms
  • Active Directory Basics
  • NTLM and Kerberos
  • User Rights and Permissions

Practical Labs

  • Windows Enumeration
  • Credential Discovery
  • Windows Security Assessments
  • Privilege Escalation Techniques

SEMESTER 2 - Web ApplicationSecurity & Exploitation

MODULE 5 : Reconnaissance and Attack Surface Mapping

Description

Reconnaissance forms the foundation of every successful penetration test.
This module teaches students how to discover assets, identify attack surfaces,
and gather intelligence about target organizations using both manual and
automated techniques.

Topics Covered

  • Passive Reconnaissance
  • Active Reconnaissance
  • Subdomain Enumeration
  • DNS Enumeration
  • Google Dorking
  • GitHub Reconnaissance
  • Shodan and Censys
  • Wayback Machine Reconnaissance
  • Attack Surface Management

Practical Labs

  • Real-World Recon Exercises
  • Asset Discovery
  • Infrastructure Mapping
  • Target Profiling

Description

Burp Suite is one of the most powerful tools used by penetration testers worldwide.
This module provides extensive hands-on training on Burp Suite Professional and
advanced testing methodologies.

Topics Covered

  • Proxy Configuration
  • Repeater
  • Intruder
  • Decoder
  • Comparer
  • Collaborator
  • Extensions
  • Session Handling Rules
  • Macros
  • Advanced Automation

Practical Labs

  • Advanced Burp Workflows
  • Attack Automation
  • Custom Payload Development

Description

Students will gain an in-depth understanding of the most critical web
application vulnerabilities identified by OWASP and learn how attackers
exploit them in real-world environments.

Topics Covered

  • Broken Access Control
  • Cryptographic Failures
  • Injection Attacks
  • Security Misconfiguration
  • Vulnerable Components
  • Authentication Failures
  • Software Integrity Failures
  • SSRF

Practical Labs

  • Exploitation Labs
  • Remediation Validation
  • Secure Coding Review

Description

This module focuses on modern web application vulnerabilities frequently
discovered in bug bounty programs and enterprise penetration tests.

Topics Covered

  • IDOR
  • SSRF
  • XXE
  • SSTI
  • Deserialization
  • HTTP Request Smuggling
  • Web Cache Poisoning
  • Cache Deception
  • Host Header Attacks
  • OAuth Exploitation
  • JWT Vulnerabilities

Practical Labs

  • Enterprise Web Application Assessments
  • Multi-Step Attack Chains
  • Vulnerability Chaining

“`

SEMESTER 3

API Security & Modern Application Security

Description

This module provides comprehensive training on API security testing,
covering REST, SOAP, GraphQL, and gRPC services. Students will learn
how to identify, exploit, and remediate common API vulnerabilities
found in modern web and mobile applications.

Advanced Topics

  • OWASP API Top 10
  • REST APIs
  • SOAP APIs
  • GraphQL Security
  • gRPC Security
  • OAuth 2.0
  • JWT Security
  • API Abuse Scenarios
  • API Business Logic Vulnerabilities
  • BOLA
  • BFLA
  • Mass Assignment
  • Rate Limit Bypass

Capstone Labs

  • FinTech API Security Assessment
  • Healthcare API Security Testing
  • SaaS Platform Security Review

SEMESTER 4

Mobile ApplicationSecurity

Android Security

Students will learn Android application architecture, reverse engineering,
static analysis, dynamic analysis, SSL pinning bypass techniques, Firebase
security testing, Frida instrumentation, Objection framework, and mobile bug
bounty methodologies.

iOS Security

Students will learn iOS architecture, IPA extraction, jailbreak environments,
Frida instrumentation, SSL pinning bypass, keychain analysis, application
reverse engineering, and enterprise mobile security assessments.

Practical Assessments

  • Android Pentest Project
  • iOS Pentest Project
  • Mobile Application Security Review

SEMESTER 5

Advanced Bug Bounty Hunting & Enterprise Exploitation

This semester is designed around real-world bug bounty methodologies used by
top security researchers worldwide.

Enterprise Attack Scenarios

  • Advanced Business Logic Exploitation
  • Race Conditions
  • Account Takeovers
  • OAuth Abuse
  • Session Management Flaws
  • Payment Manipulation
  • Subscription Abuse
  • Multi-Tenant SaaS Exploitation
  • Healthcare Platform Security
  • Financial Platform Security

Advanced Topics

  • Prototype Pollution
  • Request Smuggling
  • Web Cache Poisoning
  • AI Application Security
  • LLM Security
  • Prompt Injection
  • AI Agent Abuse

Real-World Hunting

  • Live Bug Bounty Methodology
  • HackerOne Case Studies
  • Bugcrowd Case Studies
  • Responsible Disclosure Programs

SEMESTER 6

Red Teaming,Cloud Security & Professional Consulting

Active Directory Security

  • Kerberoasting
  • AS-REP Roasting
  • BloodHound
  • Privilege Escalation
  • Lateral Movement
  • Domain Dominance

Cloud Security

  • AWS Security Assessments
  • Azure Security Testing
  • Google Cloud Security
  • IAM Exploitation
  • Storage Misconfigurations

Red Team Operations

  • Initial Access
  • Persistence
  • Defense Evasion
  • Credential Access
  • Lateral Movement
  • Command & Control Infrastructure
  • Data Exfiltration

Professional Consulting

  • Client Communication
  • Rules of Engagement
  • Executive Reporting
  • CVSS Scoring
  • Risk Assessment
  • Remediation Guidance

Final Capstone Projects

Every student must complete six industry-grade projects:

Project 1

Enterprise Web Application Penetration Test

Project 2

API Security Assessment

Project 3

Android Application Security Review

Project 4

iOS Application Security Review

Project 5

Active Directory Security Assessment

Project 6

Live Bug Bounty Research Project

Career Outcomes

Upon successful completion of the Diploma in Certified Penetration Testing (CPT), graduates will be prepared for roles such as:

  • Penetration Tester
  • Security Consultant
  • VAPT Engineer
  • Application Security Engineer
  • Mobile Security Researcher
  • Bug Bounty Hunter
  • Red Team Associate
  • Cloud Security Analyst
  • API Security Tester
  • Security Researcher

TMG University is a modern learning initiative built to bridge the gap between aspiring learners and global education opportunities.

Instagram Linkedin

Courses

Courses

USA: 117 South Lexington Street STE 100, Harrisonville, MO 64701

support@tmguni.com

+1 (456) 278-4787

© 2026 TMG Uni. All Rights Reserved. Designed & Developed by TMG University Team.

Request a Call Back