Are you missing practical cyber skills?

“Employers put very little weight on industry certifications and solving pre-made lab exercises. They consider skills, responsibilities and work attitudes the most important. That's what CyZone teaches. The MCSI Method™ does it in a way that can be demonstrated to employers. Our students create work products that are what employers want them to develop in the field. Their exercises are peer reviewed by industry professionals. We impart work standards that set our students up for success. That's our unique value proposition. Our students can prove they can do the job.” - Benjamin Mossé, Founder of MCSI

How does CyZone work?

Workflow Overview

The following diagram explains how CyZone works at a high-level:

Figure 1 - CyZone Workflow

Features and Benefits

Career Outcomes

The following diagram shows the benefits of completing the CyZone Bootcamp:

Figure 2 - Before and after CyZone

Real-World Exercises

Our exercises simulate real-world engagements. Your will solve problems in the same manner that a professional would in the field. Building up professional skills involves doing your own research. It also includes seeking guidance from your peers, and developing your own solutions.

MCSI's motto: “Skill mastery wins!”

Professional Work Standards

You are to submit your solutions as code, videos, reports, or a combination of the three. We give you plenty of guidelines on how your work must look professionally drafted. Along with learning practical skills, you will also learn professional skills!

Certificates of Completion

You earn a Certificate of Completion for each exercise you pass in the CyZone Bootcamp program.

We urge you to include these certificates on your CV. You may also share them on social media to promote your profile.

Portfolio of Demonstrated Skills

Solving exercises requires you to produce artefacts such as:

• Screen recordings
• Source code and programs
• Reports
• Policies, procedures and checklists
• Research papers

Together, these artefacts make up your Portfolio of Demonstrated Skills. Your Portfolio will showcase your abilities to prospective employers. Potential employers may ask you, 'What have you done?' or 'Can you show me what you can do?'. You will have hundreds of work examples to showcase your capabilities!

Letter of Recommendation

You get a signed Letter of Recommendation from Benjamin Mossé when you complete CyZone Bootcamp.

Comparing Cyber Security Bootcamps

Here's how CyZone compares to other bootcamps:

Training Modules

• Module 01: Situational Awareness

  You will learn to discover vulnerable ICT systems and data exposed to the Internet. This activity is called Situational Awareness. Cyber defenders use it to discover vulnerabilities. In some cases, it may even identify active cyber attacks. The following open-source intelligence (OSINT) techniques are covered:

  • Certificate Transparency Logs
  • DNS Brute Forcing
  • DNS Reverse Lookup
  • Email Harvesting
  • Passive DNS
  • Search Engine Dorking
  • Sensitive information leakage
  • TLD Brute Forcing
  • Typo Squatting
• Module 02: System Administration

  In the field, you will be expected to know how to deploy, configure and manage your tools. This module teaches you fundamental system administration skills. The concepts and techniques covered will last you a lifetime.

  • Hardening user applications to prevent endpoint compromise
  • Isolating data using file system permissions to prevent information theft
  • Managing firewalls to block unauthorized network connections
  • Securing operating systems to adhere to best practices
  • Using Group Policy Objects (GPOs) to deploy security at scale
• Module 03: Professional Communication

  Every cyber mission requires communication skills. In the field, you will interact with team members, stakeholders and third-parties. It is paramount to learn how to communicate effectively. You must also learn the etiquette that professionals follow in industry. This module teaches you important skills that you may very end-up using on a daily basis.

  • Action Plans
  • Change Requests
  • Checklists
  • Naming Conventions
  • Professional Templates
  • Request for Information (RFI)
• Module 04: File Analysis

  This module introduces you to the very basics of malware reverse engineering. You will learn important concepts and techniques to decompose and analyse suspicious files. If your intentions are to become a penetration tester or Red Teamer, then this module will expose you to how bad actors create malware.

  • Analysis of malicious scripts
  • Decomposing executable containers
  • Extracting scripts from rich file formats
  • Extracting shellcode from malicious files
  • Portable Executable (PE) format
• Module 05: Memory Forensics

  This module introduces you to memory forensics. You will learn how to acquire volatility memory and retrieve forensics artefacts. You will use the Volatility Framework against different operating system versions. In the end, you will investigate a malware infection using memory forensics.

  • Acquiring volatile memory
  • Executing and interpreting the results of Volatility plugins
  • Malware analysis from a memory dump
• Module 06: Malware Analysis Fundamentals

  This module continues to build your malware analysis skills. The objective is for you to understand how real-world attacks are conducted. You will get a technical understanding of spear-phishing attacks. We also introduce you to behavioral malware analysis techniques.

  • Analyzing spear-phishing payloads
  • Decomposing PE files
  • Monitoring API calls
  • Writing basic Malware Analysis Reports (MARs)
• Module 07: Introduction to YARA

  Industry professionals use YARA to detect cyber-attacks and track threat actors in cyberspace. Initially, it is a very simple tool that you can learn in an afternoon. In practice, it takes years to master. The use cases for this tool are endless. This module teaches you the basics of writing YARA rules.

  • Identifying heavily obfuscated executables
  • Tracking malware families based on unique strings and data points
  • Using the PE file format to discover malicious files
  • Writing professionally documented rules
• Module 08: Threat Hunting with YARA

  This module teaches practical threat hunting techniques using YARA. Cyber defenders use these techniques to hunt for adversaries that have evaded protections. They also use them to monitor and defend networks against known threats.

  • Combining YARA with memory forensics to discover memory-only backdoors
  • Discovering files that import suspicious Windows APIs
  • Tracking threat actors based on the defense evasion techniques they employ
• Module 09: Windows Hardening
• Module 10: Cyber Protection

  This module introduces the fundamental concepts and techniques to protect large-scale networks. This module combines threat hunting, OS hardening, vulnerability scanning and automation.

  • Periodically scanning computers with proprietary detection rules
  • Identifying vulnerabilities in network services and operating systems
  • Protecting user applications using security features provided by Windows
  • Leveraging PowerShell to automate the deployment of hardening configuration settings
• Module 11: Infrastructure Penetration Testing

  This module focuses on post-exploitation techniques for penetration testing and Red Teaming. You will learn to use industry-standard tools as well as develop custom malware. Upon completion, you will have a deeper understanding of the cyber kill chain. This knowledge will serve you both as a cyber defender and as an ethical hacker.

  • Creating custom credential stealing software
  • Employing Mimikatz to steal Windows credentials and move laterally on a network
  • Leveraging binary obfuscation tools to bypass anti-virus software
  • Using Metasploit's post-exploitation modules
• Module 12: Web Application Penetration Testing - Part 1

  This module focuses on web application vulnerabilities. You will create vulnerable applications and exploit them. This practice will deepen your understanding of what insecure code is. Once you have integrated that knowledge, you will know how to find vulnerabilities in any application.

  • Arbitrary Command Execution
  • Cross-Site Request Forgery
  • File Inclusion
  • Insecure Direct Object References
  • Malicious File Upload
• Module 13: Complementary Security Tools

  This module imparts additional security tools you must know. They will be part of your arsenal for both defensive and offensive cyber operations.

  • Password crackers
  • Network tunnelling
  • Remote administration
  • Web application vulnerability scanners
• Module 14: Red Teaming - Persistence

  This module teaches a range of persistence techniques for Red Team engagements. Students interested in cyber defense will benefit from the exercises too. Offense informs defense. In this case, you will learn what it takes to remove an attacker that has compromised a machine.

  • Abusing Windows auto-run features
  • Compromised and/or malicious user accounts
  • Editing the configuration settings of the operating system to run malicious code
  • Taking advantage of code that automatically runs when a utility starts
• Module 15: Red Teaming - Discovery & Credential Access

  This modules focused on Red Team techniques to steal credentials. It also teaches reconnaissance techniques to locate key cyber terrain that should be targeted later in the operation. Students wanting a career in cyber defense will greatly benefit from completing these exercises too. Cyber adversaries compromise and reuse stolen credentials. In fact, this is one of the most common attack vector. Learning how these attacks are conducted will deepen your understanding of how computer networks should be defended.

  • Identifying usernames and passwords in files using automation
  • Performing host reconnaissance to identify target information and build a network map
  • Stealing credentials from password managers
  • Writing keyloggers to steal passwords entered in applications
• Module 16: Red Teaming - Initial Access

  This modules teaches techniques adversaries use to gain a foothold into computer networks. As a Red Teamer, you will learn key offensive security tradecraft for ethical hacking engagements. Cyber defenders will be develop an understanding and appreciation of how cyber attacks are conducted. Preventing adversaries from entering the network perimeter is a crucial mission objective in cyber defense.

  • Creating, testing and deploying spear-phishing frameworks to compromise endpoints
  • Developing phishing websites to steal user credentials
  • Writing first-stage malware to evade anti-virus software and perform initial reconnaissance activities
• Module 17: Threat Hunting with Python Pandas

  By now, you will have a good understanding of how cyber attacks work and the forensics traces their create. This module integrates everything you have learnt so far. You will learn to develop and test threat hunting hypotheses. This skill will allow you to uncover adversaries that have evaded cyber protections.

  • Detecting adversaries that abuse OS utilities for persistence
  • Detecting malicious commands that indicate live compromises
  • Detecting malware that uses `living off-the-land` techniques
  • Generating and testing threat hunting hypotheses using a systematic process
  • Professionally documenting threat hunting searches
  • Writing reports that demonstrate the ROI on threat hunting
• Module 18: Malware Reverse Engineering - Behavioral Analysis

  This module teaches behavioral analysis techniques to reverse engineer malware. These techniques will prove invaluable when discovering suspicious binaries. If you intend to work as a Red Teamer, this module will illuminate how defenders analyse malware. Later in your career, this knowledge will enable you to development evasion techniques.

  • Sandbox analysis using the Cuckoo Sandbox
  • Creating your own malware sandbox to defeat anti-analysis techniques
  • Simulating a network environment to trick malware into revealing network indicators of compromise
• Module 19: Incident Response Challenges

  This module challenges you with incident response exercises. You will learn an investigative approach. Then, we will provide you with digital forensics artefacts. Your job will consist in recovering the timeline of the incident and the key events. Finally, you will write a professional report!

  • Creating Incident Statements
  • Dimensioning incidents
  • Generating and testing hypotheses
  • Recovering key cyber events
  • Restoring incident timelines
  • Writing DFIR reports
• Module 20: Web Application Penetration Testing - Part 2

  This module dives into more sophisticated application vulnerabilities.

  • Blind SQL injection
  • Bypassing weak input filters
  • Command execution at the database layer
  • Object injection
  • xPath injection
• Module 21: Playbooks, Checklists and Templates

  Good cyber operators use systematic approaches to solve problems. In this module, you will learn how to create procedures, playbooks, checklists and other templates. The ability to create this documentation will prove helpful throughout your career.

  • Deployment procedures
  • Incident response playbooks
  • Penetration testing checklists
  • Report templates
  • User guides

MCSI Bootcamps

Unlock all the MCSI bootcamps with a single purchase:

• Active Directory Penetration Testing Bootcamp
• Browser Fuzzing Bootcamp
• Burp Suite Bootcamp
• CyZone Bootcamp
• GRC Bootcamp
• Information Security Auditing Bootcamp
• Information Security Management Bootcamp
• Metasploit Bootcamp
• Phishing and Spear-Phishing Bootcamp
• Professional Development Bootcamp
• Risk Management Concepts Bootcamp
• SIEM Tactics Bootcamp
• Web Exploitation Bootcamp
• WinAFL Fuzzing Bootcamp

Terms and Conditions

• No discounts
• No refunds
• No transfers
• No renewal fees
• No hidden fees

What is the MCSI Method™?

Common Questions

• Are there overlaps between CyZone and the free version of the Online Learning Platform?

  • No. Exercises in CyZone's core curriculum are not available in the free version.
  • Some modules in the code curriculum come with extra exercises that we urge you complete as well. Some of these optional exercises may be available in the free version. Completing them will round-up your skills.
• What are the benefits of CyZone?

  • Organizations prefer to hire skilled employees who can perform field work. CyZone prepares you exactly for that.
  • Having access to a community of students and instructors, helps you evaluate the trajectory of your career regularly.
  • Every professional is accountable for their career. The teaching style adopted by CyZone boosts students to think independently.
• Why should I consider participating in CyZone?

  • Traditional methods of training claim to provide entry-level skills, but do not help you land your first job.
  • You've received career advice that did not work. MCSI teaches up-to-date content and we provide timely career advice. Our insights come from work done in the field, for our customers.
  • The industry claims to have a talent shortage, but a majority of job applications get rejected due to a skill gap.
• Will I get a trial version of CyZone?

  • You can access 200+ free exercises in MCSI's Online Learning Platform. This version is self-paced, with very limited instructor involvement. You are expected to study independently.
• What should I do after completing CyZone?

  • We invite you to remain a student of MCSI
  • Our Institute offers multiple certification programmes across various domains in cybersecurity, to help you advance in your career.