Certified Information Security Consultant Pro (CISC Pro) - 6 Months

Best Training To Convert Amateurs Into Experts in Information Security

  • CISC is 6 months training in information security for amateurs and professionals to make you an expert in the field of Information Security.
  • The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree only, as well as those already in industry wishing to advance their skills in this constantly evolving area.
  • Many companies are actively recruiting security specialists and this course will prepare graduates for senior technical and management positions in many industry sectors.
LATEST UPDATE: Now get the EC-Council CEH Certification as well along with the CPH and CISC!

CISC training

CISC Training Material
  • The CISC training is designed to make you an expert in the domain of information security.
  • While most certification programs are geared towards purely technical know-how, the CISC also arms you with the necessary consulting skills in order to help you make your mark in this exciting field.
  • CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards, and even forensics and cyber crime investigations.
  • CISC includes over 45+ sessions, including the basic fundamentals as well as advanced concepts.
  • These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months.
  • Each session will be further broken down into 15-20 modules.
  • You will be given comprehensive and highly useful study material on all the sessions.
  • The best part about the CISC is the fact that you get hands-on practical training on live projects.

Benefits of CISC

  • The CISC is the only completely hands-on, real-world oriented security certification.
  • It is a course designed by security professionals, and for security professionals.
  • The best in the business personally mentor you.
  • You are trained by a group of professionals who have worked on prestigious international projects, presented at the leading security conferences around the world, and written numerous books and articles.
  • The course comprehensively covers all the main aspects of information security from the basics to compliance standards making you one of the most sought after IS professionals
  • The content is updated very regularly in accordance to the requirements of this dynamic industry.
  • There is 100% job guarantee for students who qualify
  • There are many opportunities available for students with our consulting arm, NII, as well as our extensive clients in India and overseas
  • We will conduct exams after every quarter with practicals and theory
  • Experts will set up these exams
  • The USP of the CISC is the fact that you'll be put on live projects


Course is of 4 hrs from Monday to Friday

Course Contents

  • Network Fundamentals
    • OSI Layers
    • TCP/IP Layers
    • TCP Flags
    • IP Addressing
    • Basics Network Devices
    • Subnet &Supernet
    • Understanding Protocols
    • Packet Analysis - Wireshark
  • OS Fundamentals
    • Windows Server Architecture
    • AD Overview
    • Windows Registries
    • File Artifacts
    • Linux Server Architecture
    • Linux basic commands
    • Linux file systems
  • Reconnaissance
    • Passive Recon
    • Active Recon
    • “Nmap”ing network
    • Evasion during scanning
    • Social Engineering
  • Packet Crafting
    • Hping
    • Scapy
  • Manual Test Cases
    • ARP Poisoning -MITM
    • SYN Flooding
    • SMURF Attack
    • IP Spoofing
    • Password Cracking Techniques
      • Offline Cracking
      • Online Cracking
    • Testing HTTP/HTTPS
    • Testing SMTP
    • Testing SNMP
    • Testing Database Servers – Oracle, MS SQL Server
    • Testing NTP
    • Testing Firewalls – firewalking
    • Testing VPN
    • Testing SMTP
    • Testing FTP
    • Testing Telnet, SSH
    • Testing DNS
    • DNS Cache Poisoning
  • Vulnerability Discovery
    • Manual Discovery
      • Security Advisories Search
    • Automated Discovery
      • Scanners (Nessus)
    • Interpreting scan reports
  • Exploitation
    • Metasploit the universe
    • Understanding the msf modules – Auxiliaries, Exploits and Payloads
    • Attacking Windows Services
    • Attacking Linux Services
  • Wireless Security
    • Understanding 802.11 Standard
    • Packet Types
    • Attacking Open Authenticated WiFi Network
    • Concept of War-Driving
    • Breaking Hidden SSID
    • Breaking MAC Filtering
    • Attacking WEP
    • Understanding Weak IV
    • Problems with RC4
    • Replay Attack
    • Chop Chop Attack
    • Attacking WPA2
    • Creating wordlist for effective WPA2 cracking
    • Using JTR to crack WPA2
    • Attacking WPS
  • Network Security Audit
    • Architecture Review
    • Device Auditing
    • Configuration Review - Nipper
    • Firewall – Rule Based Auditing
  • Report Writing
  • Database Security
    • Oracle Database Security
    • MS SQL Database Security
  • Operating System Security
    • Windows 2008 Server Security
    • Linux Server Security
  • Application Security
    • Working with Proxy – Burp suite
    • OWASP Top 10 2013
      • A1-Injection
      • A2-Broken Authentication and Session Management
      • A3-Cross-Site Scripting (XSS)
      • A4-Insecure Direct Object References
      • A5-Security Misconfiguration
      • A6-Sensitive Data Exposure
      • A7-Missing Function Level Access Control
      • A8-Cross-Site Request Forgery (CSRF)
      • A9-Using Components with Known Vulnerabilities
      • A10-Unvalidated Redirects and Forwards
    • Identify the vulnerability
      • Automated tools (Accunetix/Netsparker)
    • Attacking the issue
    • Impact analysis
    • Countermeasures
  • Risk Based Security Testing (Business Logic Testing)
  • ESAPI Security
  • Threat Modeling
  • Source Code Analysis
  • Report Writing
  • Introduction & Case studies
  • Principle of CIA
    • Against personals
    • Against corporate
    • Against governments
  • IT Act overview
  • Introduction to Forensics
  • Understanding Incident Response Methodologies
  • Thump rules of investigation
  • Type of forensics investigation
    • Live forensics
    • Dead forensics
  • Pre-Incident Preparation
  • Detection of Incidents
  • Initial Response Phase
  • Preserving “Chain of Custody”
  • Response Strategy Formulation
  • Setting up Forensics Lab
    • Forensics Distros
      • SANS SIFT
      • DEFT Linux
  • Forensics Evidence Management
    • Evidence Collection and Analysis
    • Forensically Sound Evidence Collection
    • Evidence Handling
    • Host vs Network Based Evidence
    • Online vs Offline Response
    • Digital Forensics - Putting on the Gloves
    • The 6 A's Principle
    • The Investigative Guidelines
    • Reporting the Investigation
  • Understanding Branches of Digital Forensics
    • Understanding Network Crimes
    • Analyzing Logs
  • Network based log analysis
  • Web Server log analysis
    • Data Acquisition & Analysis
    • Encase forensics
    • Sysinternals Essentials
    • Memory Analysis – volatility
    • Registry Forensics
    • Email Forensics
    • Opensource Forensics Methodologies
  • Auditing Principle
  • Information Security Management System (ISO 27001:2013)
  • Risk Assessment
  • Business Continuity (ISO 22301:2012)
  • PCI DSS v3
  • Overview – ITIL & COBIT
Android application security
  • Session 1
    • Introduction to Android
    • Android Security Architecture
    • What is ADB.
    • Setting up Android Pentesting Environment (Genymotion)
    • Android Applications Components
    • Shell connection using SSH,VNC and virtual emulator
    • Setting up a Burp proxy.
  • Session 2
    • Apk files in nutshell.
    • Android application manipulation with Apktool
    • Dex Files Analysis.
    • Using dex2jar and other tools
    • Reading and modifying Dalvik Bytecode
    • Adding Android application functionality, from Java to Dalvik Bytecode
    • Reversing android applications.
    • Logging based Vulnerabilities
    • Analysing Android Traffic
    • Static and Dynamic Analysis of Android Malwares.
    • Bypassing SSL pinning.
  • Session 3
    • Leaking Content Providers
    • Client Side Injections.
    • Read Based Content Providers Vulnerabilities
    • Insecure Data Storage
    • Broken Cryptography
    • Hooking Introduction and setting vulnerable Application
    • Android application interaction and Intent manipulation with Drozer
    • Effective Android application analysis with Androwarn
    • Exploiting Android devices with Metasploit
    • Testing for the OWASP Top 10 of Mobile Applications:
      • Improper Platform Usage
      • Insecure Data Storage
      • Insecure Communication
      • Insecure Authentication
      • Insufficient Cryptography
      • Insecure Authorization
      • Client Code Quality
      • Code Tampering
      • Reverse Engineering
      • Extraneous Functionality
    iOS Application Security
    • Session 4: iOS Application Basics
      • MVC And Event Driven Architecture
      • ARM Processor
      • iOS Security Mechanisms
        • Security Architecture
        • Secure Boot Chain
        • Loading Trusted Applications
        • Application Isolation
        • Data Encryption
        • Network Security
      • Jailbreaking
        • What is JB
        • Why JB
        • History
        • Types of JB
    • Session 5: Creating a Pentest Platform
      • Cydia
      • Logging into your Jailbroken Device
      • Tools to install
      • SQLite Databases
      • Plist Files
      • Class-Dump-Z
    • Session 6: Runtime Analysis
      • Runtime Analysis with Cycript
      • Lifecycle of an Application
        • Delegation
        • UIApplication
        • UIApplication Tasks
        • UIApplication Delegate
        • UIApplication windows
      • Cycript + Class-dump-z
      • Decrypting Applications
        • GDB
        • Clutch
      • Runtime Analysis with GDB
    • Session 7 – Exploiting iOS Apps
      • Installing Installous
        • Upload challenge applications via Installous
      • Data Storage and security
      • Plist
      • NSUserDefaults
      • SQLite Data Files
      • Core Data Services
      • Keychain
        • Keychain_dumper
      • Cached Data
        • UIPasteboard
      • Monitoring Network Communications
        • Intercepting SSL Traffic
      • Backend Web Services Attack
      • Authentication Authorization and Session Management Attacks
      • XML Parsing Bugs
      • Improper Encryption
      • Directory Traversal Attacks
      • Insecurity due to underlying C
      • UDID Privacy Concerns
      • UIWebViews
      • Application Fuzzing
      • Anti-Piracy
      • Anti-Anti Piracy with GDB
      • Mobile Substrate


It has been both an honor and a privilege for me to be within IIS institute course, the CISC. It's an extraordinary place but of course it's only that extraordinary because all of you have made it what it is. I've enjoyed every second I've been here, I was fortunate enough to start the base knowledge of InfoSec among quality instructors who do everything wholeheartedly and they're the best at what they do, they have some real talents and are showing a strong sense of togetherness under the excellent management and administration team of you. This institute has a magnificent heritage and I have nothing but respect and admiration for the values that make exercising this field of knowledge so exceptional. I would like to thank everyone connected.
Haitham A.Eissa Student
I really enjoyed the CISC (6 months) course. The content of this course was elaborate and industry oriented. The trainers were very helpful and approachable.
Siddesh PatekarStudent
Experience in IIS was most knowledgeable. Trainers were very helpful and skilled. We really enjoyed our whole experience
Anurag BanerjeeStudent
Experience in IIS was very good. Trainers are experienced and are so helpful.
Dhirendra SinghStudent
Excellent course, good teaching & knowledgeable trainers.
Sreelakshmi NairStudent
Faculties are good & very helpful. They provide very precise guidance. Good ambience.
Ashish NageshkarStudent
The teaching way and knowledge of Mahesh is really excellent, the extra things he shares keeps us competitive. For other course related thing Sanoop & Rashmi helped us a lot. Sagar, Albin & Donapati also helped us a lot during the course to get our technical base. The course material was very helpful.
Nilesh ChaudhariStudent
Faculties are good in knowledge & service were interactive. Faculties approach was thought provoking, which is really needed in industry. Non-teaching staff was also very helpful.
Shashank GosaviStudent
The combination of well learned trainers try as much as possible to re produce their expertise knowledge in students.
Suleiman Farouk
I am so pleased with the institute deliveries , in terms of knowledge impactation their students/cliens. Keep it up IIS,will definitely recommend you to prospective learners.
Oyedeji Christian Oyetunde
It is wonderful to have undergo training in your institute. The school has help to wide my knowledge about Information Security , I most appreciate all staff of the Institute for their relationship with us students and in particularly appreciate miss Rashmi for her friendly and wonderful relationship.
Madumeye Ifesinachi Sunday
I am glad to state that I have been selected as "Security Analyst and Trainer" in TechDefence Pvt. Ltd. I wholeheartedly would like to thank all my trainers and associated members of Institute of Information Security and Network Intelligence India for providing me with the knowledge and skills required to be a part of this elegant InfoSec domain. Hope to serve you as well in future.
Nitin Sharma
The trainers were really good, composed and confident. Rashmi was really really good and met with almost all the requirements. Overall, I had a really good training period. The head trainer was really good and helps in comprehending some of the topics taught.
Anjorin Adeniyi Samson
The training was superb, as the trainers delivered with so much exquisite in a very single and concise manner. It was really a good and satisfactory experience.
Ariyibi Akinwumi Joseph,
I will like to comment the good work of Rashmi who helped me to blend in .Sanoop sir was more than helpful one. He is my mentor. His teaching and human relation is very good.Mahesh Sir is a very good and patient trainer.
Notes, Study Materials and Books provided were very helpful, The course syllabus is comprehensive, the faculty teaching methods excellent
Rohit Kumar, Student
A good place to learn. Trainers have good knowledge about the information security. Their approach to training is very good
Rohit Jadhav, Student
Nice way of teaching through live and recent examples, very fun and interactive course
Abhijeet A Doke, Student
It was great experience for me to have good knowledge about information security from the experts. It was great interaction with trainers as they are experts in information security. I have got a lot of useful knowledge for information security, Mayank Sir and Sanoop Sir and Other trainers are motivational, and knowledge was more useful. Thanking them a lot
Neelesh Kanojia, Student
Course and even course material was excellent
Kathi Irfan, Student
Very knowledgeable, get handson all the tools. Practicals are very good. Learning hacking was not that difficult. Managing staff : Rutuja and Rashmi were very helpful
Amit Tamse, Student
Got the full exposure of Infosec, gave me practical hands-on and in-depth knowledge about how core technologies works, and how to secure them
Puneet, Student

Ethical Hacking Training

This course goes deep down into depths of networking, systems, web applications, actual exploitation & helps beginners to take their confident first step towards information security field.

  • 6 Weeks Comprehensive Training
  • Built by Experienced Professionals
  • Regularly update on tools, techniques in course content