Cyber Security Training
Curriculum
-
Cyber Security Building Blocks
-
Introduction to Cyber Security
-
Threats and Vulnerabilities
-
Cyber Security Breaches
-
What is Ethical Hacking, Penetration Testing and Methodologies
-
Roles and Responsibilities
-
ICT Infrastructure-Networks and Systems
-
Fundamentals of Networking
-
Overview of the TCP/IP Protocol suite
-
Internet Protocols
-
Packet Structure
-
Wireshark-Deep dive into network packets and frames
-
Routing,Switching and Zoning
-
Overview of Network Security Architecture
-
Cloud Computing and Virtualization
-
Internet Information Services(IIS)
-
IT System Infrastructure
-
Different Protocols-Various Attacks & Defenses for each of them
-
CIS Benchmarking
-
Linux for Penetration Testers
-
History of Unix and Linux,Introduction to Linux
-
Linux Distribution
-
Introduction to Kali Linux
-
Shell & File Structure
-
File System & Permission
-
A-Z Linux Commands
-
Linux Utilities
-
Introduction to Network Security
-
CIA Triad
-
Firewalls and Types of Firewalls,DMZ
-
Port Security,IDS/IPS
-
Honeypot
-
Access Control,Authentication and Authorization
-
Identity Privilege and Access Management,Principles of Least privilege
-
Zero Trust Architecture
-
Implementing of Defense in Depth
-
Network Access Control
-
Data Leak Prevention
-
EndPoint Security ,Patch Management
-
Offensive Security and Cyber kill chain
-
People,Process,Technology
-
Hacking Phase
-
Tor – The Anonymity Network
-
VPN
-
OSINT
-
Cyber Kill Chain Framework
-
Module 01: Ethical Hacking: An Introduction (10 Hours)
-
Overview of Information Security
-
Internet is an Integral Part of Business and Personal Life – What Happens Online in 60 Seconds
-
Essential Terminology
-
Elements of Information Security
-
The Security, Functionality, and Usability Triangle
-
Attack Vectors and Threats to Information Security
-
Motives, Goals, and Objectives of Information Security Attacks
-
Top Information Security Attack Vectors
-
Information Security Threat Categories
-
Types of Attacks on a System
-
Information Warfare
-
Basic Concepts of Hacking
-
What is Hacking?
-
Who is a Hacker?
-
Hacker Classes
-
Hacking Phases
-
Basic Concepts of Ethical Hacking
-
What is Ethical Hacking?
-
Why is Ethical Hacking Necessary?
-
Scope and Limitations of Ethical Hacking
-
Skills of an Ethical Hacker
-
Information Security Controls
-
Information Assurance (IA)
-
Information Security Management Program
-
Enterprise Information Security Architecture (EISA)
-
Network Security Zoning
-
Basics of Reconnaissance and Footprinting(15 Hours)
-
Concepts of Footprinting
-
What is Footprinting?
-
Objectives of Footprinting
-
Footprinting Using Search Engines
-
Footprinting through Search Engines
-
Footprint Using Advanced Google Hacking Techniques
-
Information Gathering Using Google Advanced Search and Image Search
-
Google Hacking Database
-
VoIP and VPN Footprinting through Google Hacking Database
-
Footprinting Using Web Services
-
Finding Company’s Top-Level Domains (TLDs) and Sub-Domains
-
Finding the Geographical Location of the Target
-
People Search on Social Networking Sites and People Search Services
-
Gathering Information from LinkedIn
-
Gathering Information from Financial Services
-
Footprinting through Job Sites
-
Monitoring Target Using Alerts
-
Information Gathering Using Groups, Forums, and Blogs
-
Determining the Operating System
-
VoIP and VPN Footprinting through SHODAN
-
Footprinting Using Social Networking Sites
-
Collecting Information through Social Engineering on Social Networking Sites
-
Footprinting of Websites
-
Website Footprinting
-
Website Footprinting using Web Spiders
-
Mirroring Entire Website
-
Extracting Website Information from https://archive.org
-
Extracting Metadata of Public Documents
-
Monitoring Web Pages for Updates and Changes
-
Footprinting of Emails
-
Tracking Email Communications
-
Collecting Information from Email Header
-
Email Tracking Tools
-
Competitive Intelligence
-
Competitive Intelligence Gathering
-
Competitive Intelligence – When When did this company begin? How did it develop?
-
Competitive Intelligence – What are the company’s plans?
-
Competitive Intelligence – What do expert opinions say about the company?
-
Monitoring Website Traffic of Target Company
-
Tracking Online Reputation of the Target
-
Footprinting using Whois
-
Whois Lookup
-
Whois Lookup Result Analysis
-
Whois Lookup Tools
-
Finding IP Geolocation Information
-
DNS Footprinting
-
Extracting DNS Information
-
DNS Interrogation Tools
-
Network Footprinting
-
Locate the Network Range
-
Traceroute
-
Traceroute Analysis
-
Traceroute Tools
-
Footprinting by Social Engineering
-
Footprinting through Social Engineering
-
Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
-
Tools used for Footprinting
-
Maltego
-
Recon-ng
-
FOCA
-
Recon-Dog
-
OSRFramework
-
Additional Footprinting Tools
-
Countermeasures
-
Footprinting Countermeasures
-
Network Scanning(15Hours)
-
Concepts Network Scanning
-
Overview of Network Scanning
-
TCP Communication Flags
-
TCP/IP Communication
-
Creating Custom Packet Using TCP Flags
-
Scanning in IPv6 Networks
-
Tools used for Scanning
-
Nmap
-
Hping2 / Hping3
-
Scanning Tools
-
Scanning Tools for Mobile
-
Techniques used for Scanning
-
Scanning Techniques
-
Scanning Beyond IDS and Firewall
-
IDS/Firewall Evasion Techniques
-
Banner Grabbing
-
Banner Grabbing
-
How to Identify Target System OS
-
Banner Grabbing Countermeasures
-
Network Diagrams
-
Drawing Network Diagrams
-
Network Discovery and Mapping Tools
-
Network Discovery Tools for Mobile
-
Scanning Pen Testing
-
Basics of Enumeration(10 Hours)
-
Concepts of Enumeration
-
What is Enumeration?
-
Techniques for Enumeration
-
Services and Ports to Enumerate
-
NetBIOS Enumeration
-
NetBIOS Enumeration
-
NetBIOS Enumeration Tools
-
Enumerating User Accounts
-
Enumerating Shared Resources Using Net View
-
SNMP Enumeration
-
Simple Network Management Protocol (SNMP) Enumeration
-
Working of SNMP
-
Management Information Base (MIB)
-
SNMP Enumeration Tools
-
LDAP Enumeration
-
LDAP Enumeration
-
LDAP Enumeration Tools
-
NTP Enumeration
-
NTP Enumeration Commands
-
NTP Enumeration Tools
-
SMTP and DNS Enumeration
-
SMTP Enumeration
-
SMTP Enumeration Tools
-
DNS Enumeration Using Zone Transfer
-
Vulnerability Analysis(10Hours)
-
Vulnerability Research
-
Vulnerability Classification
-
What is Vulnerability Assessment?
-
Types of Vulnerability Assessment
-
Vulnerability-Management Life Cycle
-
Solutions for Vulnerability Assessment
-
Comparing Approaches to Vulnerability Assessment
-
Working of Vulnerability Scanning Solutions
-
Types of Vulnerability Assessment Tools
-
Characteristics of a Good Vulnerability Assessment Solution
-
Choosing a Vulnerability Assessment Tool
-
Criteria for Choosing a Vulnerability Assessment Tool
-
Best Practices for Selecting Vulnerability Assessment Tools
-
Vulnerability Scoring Systems
-
Common Vulnerability Scoring System (CVSS)
-
Common Vulnerabilities and Exposures (CVE)
-
National Vulnerability Database (NVD)
-
Resources for Vulnerability Research
-
Vulnerability Assessment Tools
-
Vulnerability Assessment Tools
-
Vulnerability Assessment Tools for Mobile
-
basics of System Hacking(15Hours)
-
Concepts of System Hacking
-
CEH Hacking Methodology (CHM)
-
System Hacking Goals
-
Cracking Passwords
-
Password Cracking
-
Types of Password Attacks
-
5 Password Recovery Tools
-
Microsoft Authentication
-
How Hash Passwords Are Stored in Windows SAM?
-
NTLM Authentication Process
-
Kerberos Authentication
-
Password Salting
-
Tools to Extract the Password Hashes
-
Password Cracking Tools
-
How to Defend against Password Cracking
-
How to Defend against LLMNR/NBT-NS Poisoning
-
Escalating Privileges
-
Privilege Escalation
-
Privilege Escalation Using DLL Hijacking
-
Privilege Escalation by Exploiting Vulnerabilities
-
Privilege Escalation Using Dylib Hijacking
-
Privilege Escalation using Spectre and Meltdown Vulnerabilities
-
Other Privilege Escalation Techniques
-
How to Defend Against Privilege Escalation
-
Executing Applications
-
Executing Applications
-
Keylogger
-
Spyware
-
How to Defend Against Keyloggers
-
How to Defend Against Spyware
-
Hiding Files
-
Rootkits
-
NTFS Data Stream
-
What is Steganography?
-
Covering Tracks
-
Covering Tracks
-
Disabling Auditing: Auditpol
-
Clearing Logs
-
Manually Clearing Event Logs
-
Ways to Clear Online Tracks
-
Covering BASH Shell Tracks
-
Covering Tracks on Network
-
Covering Tracks on OS
-
Covering Tracks Tools
-
Penetration Testing
-
Password Cracking
-
Privilege Escalation
-
Executing Applications
-
Hiding Files
-
Covering Tracks
-
Threats from Malware(15 Hours)
-
Introduction to Malware
-
Different Ways Malware can Get into a System
-
Common Techniques Attackers Use to Distribute Malware on the Web
-
Components of Malware
-
Concepts of Trojans
-
What is a Trojan?
-
How Hackers Use Trojans
-
Common Ports Used by Trojans
-
How to Infect Systems Using a Trojan
-
Trojan Horse Construction Kit
-
Wrappers
-
How Attackers Deploy a Trojan
-
Exploit Kits
-
Evading Anti-Virus Techniques
-
Types of Trojans
-
Concepts of Viruses and Worms
-
Introduction to Viruses
-
Stages of Virus Life
-
Working of Viruses
-
Indications of Virus Attack
-
How does a Computer Get Infected by Viruses
-
Virus Hoaxes
-
Fake Antiviruses
-
Ransomware
-
Types of Viruses
-
Creating Virus
-
Computer Worms
-
Worm Makers
-
Malware Analysis
-
What is Sheep Dip Computer?
-
Anti-Virus Sensor Systems
-
Introduction to Malware Analysis
-
Malware Analysis Procedure: Preparing Testbed
-
Static Malware Analysis
-
Dynamic Malware Analysis
-
Virus Detection Methods
-
Virus Analysis: WannaCry
-
Countermeasures
-
Trojan Countermeasures
-
Backdoor Countermeasures
-
Virus and Worms Countermeasures
-
Basics of Sniffing(15Hours)
-
Concepts of Sniffing
-
Network Sniffing
-
Types of Sniffing
-
How an Attacker Hacks the Network Using Sniffers
-
Protocols Vulnerable to Sniffing
-
Sniffing in the Data Link Layer of the OSI Model
-
Hardware Protocol Analyzers
-
SPAN Port
-
Wiretapping
-
Lawful Interception
-
Sniffing Technique: MAC Attacks
-
MAC Address/CAM Table
-
How CAM Works
-
What Happens When CAM Table Is Full?
-
MAC Flooding
-
Switch Port Stealing
-
How to Defend against MAC Attacks
-
Sniffing Technique: DHCP Attacks
-
How DHCP Works
-
DHCP Request/Reply Messages
-
DHCP Starvation Attack
-
Rogue DHCP Server Attack
-
How to Defend Against DHCP Starvation and Rogue Server Attack
-
Sniffing Technique: ARP Poisoning
-
What Is Address Resolution Protocol (ARP)?
-
ARP Spoofing Attack
-
Threats of ARP Poisoning
-
ARP Poisoning Tools
-
How to Defend Against ARP Poisoning
-
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
-
ARP Spoofing Detection Tools
-
Sniffing Technique: Spoofing Attacks
-
MAC Spoofing/Duplicating
-
MAC Spoofing Technique: Windows
-
MAC Spoofing Tools
-
IRDP Spoofing
-
How to Defend Against MAC Spoofing
-
Sniffing Technique: DNS Poisoning
-
DNS Poisoning Techniques
-
How to Defend Against DNS Spoofing
-
Tools for Sniffing
-
Sniffing Tool: Wireshark
-
Display Filters in Wireshark
-
Additional Wireshark Filters
-
Sniffing Tools
-
Packet Sniffing Tools for Mobile
-
Countermeasures
-
How to Defend Against Sniffing
-
Social Engineering(15 Hours)
-
Concepts of Social Engineering
-
What is Social Engineering?
-
Phases of a Social Engineering Attack
-
Techniques of Social Engineering
-
Types of Social Engineering
-
Human-based Social Engineering
-
Computer-based Social Engineering
-
Mobile-based Social Engineering
-
Insider Threats
-
Insider Threat / Insider Attack
-
Type of Insider Threats
-
Impersonation on Social Networking Sites
-
Social Engineering Through Impersonation on Social Networking Sites
-
Impersonation on Facebook
-
Social Networking Threats to Corporate Networks
-
Identity Theft
-
Identity Theft
-
Countermeasures
-
Social Engineering Countermeasures
-
Insider Threats Countermeasures
-
Identity Theft Countermeasures
-
How to Detect Phishing Emails?
-
Anti-Phishing Toolbar
-
Common Social Engineering Targets and Defense Strategies
-
Social Engineering Pen-Testing
-
Social Engineering Pen-Testing
-
Social Engineering Pen-Testing Tools
-
Denial-of-Service Attack(10Hours)
-
DoS/DDoS Concepts
-
What is a Denial-of-Service Attack?
-
What is Distributed Denial-of-Service Attack?
-
Techniques used for DoS/DDoS Attacks
-
Basic Categories of DoS/DDoS Attack Vectors
-
UDP Flood Attack
-
ICMP Flood Attack
-
Ping of Death and Smurf Attack
-
SYN Flood Attack
-
Fragmentation Attack
-
HTTP GET/POST and Slowloris Attacks
-
Multi-Vector Attack
-
Peer-to-Peer Attacks
-
Permanent Denial-of-Service Attack
-
Distributed Reflection Denial-of-Service (DRDoS)
-
Botnets
-
Organized Cyber Crime: Organizational Chart
-
Botnet
-
A Typical Botnet Setup
-
Botnet Ecosystem
-
Scanning Methods for Finding Vulnerable Machines
-
How Malicious Code Propagates?
-
Botnet Trojans
-
DDoS Case Study
-
Hackers Advertise Links to Download Botnet
-
Use of Mobile Devices as Botnets for Launching DDoS Attacks
-
DDoS Case Study: Dyn DDoS Attack
-
Tools used for DoS/DDoS Attack
-
DoS/DDoS Attack Tools
-
DoS and DDoS Attack Tool for Mobile
-
Countermeasures
-
Detection Techniques
-
DoS/DDoS Countermeasure Strategies
-
DDoS Attack Countermeasures
-
Techniques to Defend against Botnets
-
DoS/DDoS Countermeasures
-
DoS/DDoS Protection at ISP Level
-
Enabling TCP Intercept on Cisco IOS Software
-
Tools used for DoS/DDoS Protection
-
Advanced DDoS Protection Appliances
-
DoS/DDoS Protection Tools
-
Session Hijacking(15 Hours)
-
Concepts of Session Hijacking
-
What is Session Hijacking?
-
Why Session Hijacking is Successful?
-
Session Hijacking Process
-
Packet Analysis of a Local Session Hijack
-
Types of Session Hijacking
-
Session Hijacking in OSI Model
-
Spoofing vs. Hijacking
-
Application Level Session Hijacking
-
Application Level Session Hijacking
-
Compromising Session IDs using Sniffing and Predicting Session Token
-
Compromising Session IDs Using Man-in-the-Middle Attack
-
Compromising Session IDs Using Man-in-the-Browser Attack
-
Compromising Session IDs Using Client-side Attacks
-
Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
-
Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
-
Compromising Session IDs Using Session Replay Attack
-
Compromising Session IDs Using Session Fixation
-
Session Hijacking Using Proxy Servers
-
Network Level Session Hijacking
-
TCP/IP Hijacking
-
IP Spoofing: Source Routed Packets
-
RST Hijacking
-
Blind Hijacking
-
UDP Hijacking
-
MiTM Attack Using Forged ICMP and ARP Spoofing
-
Session Hijacking Tools
-
Session Hijacking Tools
-
Session Hijacking Tools for Mobile
-
Countermeasures
-
Session Hijacking Detection Methods
-
Protecting against Session Hijacking
-
Methods to Prevent Session Hijacking: To be Followed by Web Developers
-
How to Evade IDS, Firewalls, and Honeypots(10 Hours)
-
Concepts of IDSs, Firewalls, and Honeypots
-
Intrusion Detection System (IDS)
-
Firewall
-
Honeypot
-
IDS, Firewall, and Honeypot Solutions
-
Intrusion Detection Tool
-
Firewalls
-
Honeypot Tools
-
IDS Evasion
-
IDS Evasion Techniques
-
Tools for IDS/Firewall Evasion
-
IDS/Firewall Evasion Tools
-
Packet Fragment Generator Tools
-
Detecting Honeypots
-
Detecting and Defeating Honeypots
-
Honeypot Detection Tool: Send-Safe Honeypot Hunter
-
IDS/Firewall Evasion Countermeasures
-
How to Defend Against IDS Evasion
-
How to Defend Against Firewall Evasion
-
Penetration Testing
-
Firewall/IDS Penetration Testing
-
Basics of Hacking Web Servers(10 Hours)
-
Web Server Concepts
-
Web Server Operations
-
Open Source Web Server Architecture
-
IIS Web Server Architecture
-
Web Server Security Issue
-
Why Web Servers Get Compromised?
-
Impact of Web Server Attacks
-
Attacks of Web Servers
-
DoS/DDoS Attacks
-
DNS Server Hijacking
-
DNS Amplification Attack
-
Directory Traversal Attacks
-
Man-in-the-Middle/Sniffing Attack
-
Phishing Attacks
-
Website Defacement
-
Web Server Misconfiguration
-
HTTP Response Splitting Attack
-
Web Cache Poisoning Attack
-
SSH Brute Force Attack
-
Web Server Password Cracking
-
Methodology of Web Server Attacks
-
Information Gathering
-
Web Server Footprinting/Banner Grabbing
-
Website Mirroring
-
Tools of Web Server Attacks
-
Metasploit
-
Web Server Attack Tools
-
Countermeasures
-
Place Web Servers in Separate Secure Server Security Segment on Network
-
Countermeasures
-
Web Application Hacking(10 Hours)
-
Web App Concepts
-
Introduction to Web Applications
-
Web Application Architecture
-
Web 2.0 Applications
-
Vulnerability Stack
-
Threats to Web App
-
OWASP Top 10 Application Security Risks – 2017
-
Other Web Application Threats
-
Hacking Methodology
-
Web App Hacking Methodology
-
Footprint Web Infrastructure
-
Attack Web Servers
-
Analyze Web Applications
-
Bypass Client-Side Controls
-
Attack Authentication Mechanism
-
Attack Authorization Schemes
-
Attack Access Controls
-
Web App Hacking Tools
-
Web Application Hacking Tools
-
Countermeasures
-
Web Application Fuzz Testing
-
Source Code Review
-
Encoding Schemes
-
Basics of SQL Injection(15 Hours)
-
SQL Injection Concepts
-
What is SQL Injection?
-
SQL Injection and Server-side Technologies
-
Understanding HTTP POST Request
-
Understanding Normal SQL Query
-
Understanding an SQL Injection Query
-
Types of SQL Injection
-
Types of SQL Injection
-
SQL Injection Methodology
-
SQL Injection Methodology
-
SQL Injection Tools
-
SQL Injection Tools for Mobile
-
Countermeasures
-
How to Defend Against SQL Injection Attacks
-
SQL Injection Detection Tools
-
Wireless Network Hacking(10 Hours)
-
Wireless Concepts
-
Wireless Terminologies
-
Wireless Networks
-
Wireless Standards
-
Service Set Identifier (SSID)
-
Wi-Fi Authentication Modes
-
Wireless Encryption
-
Types of Wireless Encryption
-
WEP vs. WPA vs. WPA2
-
Wireless Threats
-
Wireless Hacking Methodology
-
Wireless Hacking Methodology
-
Tools for Wireless Hacking
-
WEP/WPA Cracking Tools
-
WEP/WPA Cracking Tool for Mobile
-
Wi-Fi Sniffer
-
Countermeasures
-
Wireless Security Layers
-
How to Defend Against WPA/WPA2 Cracking
-
How to Defend Against KRACK Attacks
-
How to Detect and Block Rogue AP
-
How to Defend Against Wireless Attacks
-
How to Defend Against Bluetooth Hacking
-
Tools Wireless Security
-
Wireless Intrusion Prevention Systems
-
Wireless IPS Deployment
-
Hacking Mobile Platforms(15 Hours)
-
Mobile Platform Attack Vectors
-
Vulnerable Areas in Mobile Business Environment
-
OWASP Top 10 Mobile Risks – 2016
-
Anatomy of a Mobile Attack
-
How a Hacker Can Profit from Mobile when Successfully Compromised
-
Mobile Attack Vectors and Mobile Platform Vulnerabilities
-
Hacking Android OS
-
Android OS
-
Android Rooting
-
Blocking Wi-Fi Access using NetCut
-
Hacking with zANTI
-
Hacking Networks Using Network Spoofer
-
Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
-
Performing Session Hijacking Using DroidSheep
-
Mobile Spyware
-
Mobile Spyware
-
Mobile Spyware: mSpy
-
Mobile Spywares
-
Mobile Device Management
-
Mobile Device Management (MDM)
-
Mobile Device Management Solutions
-
Bring Your Own Device (BYOD)
-
Mobile Security Guidelines and Tools
-
General Guidelines for Mobile Platform Security
-
Mobile Device Security Guidelines for Administrator
-
Mobile Pen Testing
-
Android Phone Pen Testing
-
Basics of IoT Hacking (10 Hours)
-
IoT Concepts
-
What is IoT
-
How IoT Works
-
IoT Architecture
-
IoT Application Areas and Devices
-
Attacks on IoT
-
IoT Security Problems
-
OWASP Top 10 IoT Vulnerabilities and Obstacles
-
IoT Attack Surface Areas
-
IoT Threats
-
Methodology used for IoT Hacking
-
What is IoT Device Hacking?
-
IoT Hacking Methodology
-
Tools used for IoT Hacking
-
Information Gathering Tools
-
Sniffing Tools
-
Vulnerability Scanning Tools
-
Countermeasures
-
How to Defend Against IoT Hacking
-
General Guidelines for IoT Device Manufacturing Companies
-
Basics of Cloud Computing(10 Hours)
-
Introduction to Cloud Computing
-
Separations of Responsibilities in Cloud
-
Cloud Deployment Models
-
Cloud Computing Threats
-
Cloud Computing Attacks
-
Service Hijacking using Social Engineering Attacks
-
Service Hijacking using Network Sniffing
-
Session Hijacking using XSS Attack
-
Session Hijacking using Session Riding
-
Domain Name System (DNS) Attacks
-
Best Practices for Securing Cloud
-
NIST Recommendations for Cloud Security
-
Organization/Provider Cloud Security Compliance Checklist
-
Cloud Security Tools
-
Basics of Cryptography (5 Hours)
-
Cryptography Concepts
-
Cryptography
-
Government Access to Keys (GAK)
-
Encryption Algorithms
-
Ciphers
-
Data Encryption Standard (DES)
-
Advanced Encryption Standard (AES)
-
Cryptography Tools
-
MD5 Hash Calculators
-
Hash Calculators for Mobile
-
Cryptography Tools
-
Email Encryption
-
Digital Signature
-
Secure Sockets Layer (SSL)
-
Transport Layer Security (TLS)
-
Countermeasures
-
How to Defend Against Cryptographic Attacks
-
Cyber Security Building Blocks
- Introduction to Cyber Security
- Threats and Vulnerabilities
- Cyber Security Breaches
- What is Ethical Hacking, Penetration Testing and Methodologies
- Roles and Responsibilities
- ICT Infrastructure-Networks and Systems
- Fundamentals of Networking
- Overview of the TCP/IP Protocol suite
- Internet Protocols
- Packet Structure
- Wireshark-Deep dive into network packets and frames
- Routing,Switching and Zoning
- Overview of Network Security Architecture
- Cloud Computing and Virtualization
- Internet Information Services(IIS)
- IT System Infrastructure
- Different Protocols-Various Attacks & Defenses for each of them
- CIS Benchmarking
- Linux for Penetration Testers
- History of Unix and Linux,Introduction to Linux
- Linux Distribution
- Introduction to Kali Linux
- Shell & File Structure
- File System & Permission
- A-Z Linux Commands
- Linux Utilities
- Introduction to Network Security
- CIA Triad
- Firewalls and Types of Firewalls,DMZ
- Port Security,IDS/IPS
- Honeypot
- Access Control,Authentication and Authorization
- Identity Privilege and Access Management,Principles of Least privilege
- Zero Trust Architecture
- Implementing of Defense in Depth
- Network Access Control
- Data Leak Prevention
- EndPoint Security ,Patch Management
- Offensive Security and Cyber kill chain
- People,Process,Technology
- Hacking Phase
- Tor – The Anonymity Network
- VPN
- OSINT
- Cyber Kill Chain Framework
-
Module 01: Ethical Hacking: An Introduction (10 Hours)
- Overview of Information Security
- Internet is an Integral Part of Business and Personal Life – What Happens Online in 60 Seconds
- Essential Terminology
- Elements of Information Security
- The Security, Functionality, and Usability Triangle
- Attack Vectors and Threats to Information Security
- Motives, Goals, and Objectives of Information Security Attacks
- Top Information Security Attack Vectors
- Information Security Threat Categories
- Types of Attacks on a System
- Information Warfare
- Basic Concepts of Hacking
- What is Hacking?
- Who is a Hacker?
- Hacker Classes
- Hacking Phases
- Basic Concepts of Ethical Hacking
- What is Ethical Hacking?
- Why is Ethical Hacking Necessary?
- Scope and Limitations of Ethical Hacking
- Skills of an Ethical Hacker
- Information Security Controls
- Information Assurance (IA)
- Information Security Management Program
- Enterprise Information Security Architecture (EISA)
- Network Security Zoning
-
Basics of Reconnaissance and Footprinting(15 Hours)
- Concepts of Footprinting
- What is Footprinting?
- Objectives of Footprinting
- Footprinting Using Search Engines
- Footprinting through Search Engines
- Footprint Using Advanced Google Hacking Techniques
- Information Gathering Using Google Advanced Search and Image Search
- Google Hacking Database
- VoIP and VPN Footprinting through Google Hacking Database
- Footprinting Using Web Services
- Finding Company’s Top-Level Domains (TLDs) and Sub-Domains
- Finding the Geographical Location of the Target
- People Search on Social Networking Sites and People Search Services
- Gathering Information from LinkedIn
- Gathering Information from Financial Services
- Footprinting through Job Sites
- Monitoring Target Using Alerts
- Information Gathering Using Groups, Forums, and Blogs
- Determining the Operating System
- VoIP and VPN Footprinting through SHODAN
- Footprinting Using Social Networking Sites
- Collecting Information through Social Engineering on Social Networking Sites
- Footprinting of Websites
- Website Footprinting
- Website Footprinting using Web Spiders
- Mirroring Entire Website
- Extracting Website Information from https://archive.org
- Extracting Metadata of Public Documents
- Monitoring Web Pages for Updates and Changes
- Footprinting of Emails
- Tracking Email Communications
- Collecting Information from Email Header
- Email Tracking Tools
- Competitive Intelligence
- Competitive Intelligence Gathering
- Competitive Intelligence – When When did this company begin? How did it develop?
- Competitive Intelligence – What are the company’s plans?
- Competitive Intelligence – What do expert opinions say about the company?
- Monitoring Website Traffic of Target Company
- Tracking Online Reputation of the Target
- Footprinting using Whois
- Whois Lookup
- Whois Lookup Result Analysis
- Whois Lookup Tools
- Finding IP Geolocation Information
- DNS Footprinting
- Extracting DNS Information
- DNS Interrogation Tools
- Network Footprinting
- Locate the Network Range
- Traceroute
- Traceroute Analysis
- Traceroute Tools
- Footprinting by Social Engineering
- Footprinting through Social Engineering
- Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
- Tools used for Footprinting
- Maltego
- Recon-ng
- FOCA
- Recon-Dog
- OSRFramework
- Additional Footprinting Tools
- Countermeasures
- Footprinting Countermeasures
-
Network Scanning(15Hours)
- Concepts Network Scanning
- Overview of Network Scanning
- TCP Communication Flags
- TCP/IP Communication
- Creating Custom Packet Using TCP Flags
- Scanning in IPv6 Networks
- Tools used for Scanning
- Nmap
- Hping2 / Hping3
- Scanning Tools
- Scanning Tools for Mobile
- Techniques used for Scanning
- Scanning Techniques
- Scanning Beyond IDS and Firewall
- IDS/Firewall Evasion Techniques
- Banner Grabbing
- Banner Grabbing
- How to Identify Target System OS
- Banner Grabbing Countermeasures
- Network Diagrams
- Drawing Network Diagrams
- Network Discovery and Mapping Tools
- Network Discovery Tools for Mobile
- Scanning Pen Testing
-
Basics of Enumeration(10 Hours)
- Concepts of Enumeration
- What is Enumeration?
- Techniques for Enumeration
- Services and Ports to Enumerate
- NetBIOS Enumeration
- NetBIOS Enumeration
- NetBIOS Enumeration Tools
- Enumerating User Accounts
- Enumerating Shared Resources Using Net View
- SNMP Enumeration
- Simple Network Management Protocol (SNMP) Enumeration
- Working of SNMP
- Management Information Base (MIB)
- SNMP Enumeration Tools
- LDAP Enumeration
- LDAP Enumeration
- LDAP Enumeration Tools
- NTP Enumeration
- NTP Enumeration Commands
- NTP Enumeration Tools
- SMTP and DNS Enumeration
- SMTP Enumeration
- SMTP Enumeration Tools
- DNS Enumeration Using Zone Transfer
-
Vulnerability Analysis(10Hours)
- Vulnerability Research
- Vulnerability Classification
- What is Vulnerability Assessment?
- Types of Vulnerability Assessment
- Vulnerability-Management Life Cycle
- Solutions for Vulnerability Assessment
- Comparing Approaches to Vulnerability Assessment
- Working of Vulnerability Scanning Solutions
- Types of Vulnerability Assessment Tools
- Characteristics of a Good Vulnerability Assessment Solution
- Choosing a Vulnerability Assessment Tool
- Criteria for Choosing a Vulnerability Assessment Tool
- Best Practices for Selecting Vulnerability Assessment Tools
- Vulnerability Scoring Systems
- Common Vulnerability Scoring System (CVSS)
- Common Vulnerabilities and Exposures (CVE)
- National Vulnerability Database (NVD)
- Resources for Vulnerability Research
- Vulnerability Assessment Tools
- Vulnerability Assessment Tools
- Vulnerability Assessment Tools for Mobile
-
basics of System Hacking(15Hours)
- Concepts of System Hacking
- CEH Hacking Methodology (CHM)
- System Hacking Goals
- Cracking Passwords
- Password Cracking
- Types of Password Attacks
- 5 Password Recovery Tools
- Microsoft Authentication
- How Hash Passwords Are Stored in Windows SAM?
- NTLM Authentication Process
- Kerberos Authentication
- Password Salting
- Tools to Extract the Password Hashes
- Password Cracking Tools
- How to Defend against Password Cracking
- How to Defend against LLMNR/NBT-NS Poisoning
- Escalating Privileges
- Privilege Escalation
- Privilege Escalation Using DLL Hijacking
- Privilege Escalation by Exploiting Vulnerabilities
- Privilege Escalation Using Dylib Hijacking
- Privilege Escalation using Spectre and Meltdown Vulnerabilities
- Other Privilege Escalation Techniques
- How to Defend Against Privilege Escalation
- Executing Applications
- Executing Applications
- Keylogger
- Spyware
- How to Defend Against Keyloggers
- How to Defend Against Spyware
- Hiding Files
- Rootkits
- NTFS Data Stream
- What is Steganography?
- Covering Tracks
- Covering Tracks
- Disabling Auditing: Auditpol
- Clearing Logs
- Manually Clearing Event Logs
- Ways to Clear Online Tracks
- Covering BASH Shell Tracks
- Covering Tracks on Network
- Covering Tracks on OS
- Covering Tracks Tools
- Penetration Testing
- Password Cracking
- Privilege Escalation
- Executing Applications
- Hiding Files
- Covering Tracks
-
Threats from Malware(15 Hours)
- Introduction to Malware
- Different Ways Malware can Get into a System
- Common Techniques Attackers Use to Distribute Malware on the Web
- Components of Malware
- Concepts of Trojans
- What is a Trojan?
- How Hackers Use Trojans
- Common Ports Used by Trojans
- How to Infect Systems Using a Trojan
- Trojan Horse Construction Kit
- Wrappers
- How Attackers Deploy a Trojan
- Exploit Kits
- Evading Anti-Virus Techniques
- Types of Trojans
- Concepts of Viruses and Worms
- Introduction to Viruses
- Stages of Virus Life
- Working of Viruses
- Indications of Virus Attack
- How does a Computer Get Infected by Viruses
- Virus Hoaxes
- Fake Antiviruses
- Ransomware
- Types of Viruses
- Creating Virus
- Computer Worms
- Worm Makers
- Malware Analysis
- What is Sheep Dip Computer?
- Anti-Virus Sensor Systems
- Introduction to Malware Analysis
- Malware Analysis Procedure: Preparing Testbed
- Static Malware Analysis
- Dynamic Malware Analysis
- Virus Detection Methods
- Virus Analysis: WannaCry
- Countermeasures
- Trojan Countermeasures
- Backdoor Countermeasures
- Virus and Worms Countermeasures
-
Basics of Sniffing(15Hours)
- Concepts of Sniffing
- Network Sniffing
- Types of Sniffing
- How an Attacker Hacks the Network Using Sniffers
- Protocols Vulnerable to Sniffing
- Sniffing in the Data Link Layer of the OSI Model
- Hardware Protocol Analyzers
- SPAN Port
- Wiretapping
- Lawful Interception
- Sniffing Technique: MAC Attacks
- MAC Address/CAM Table
- How CAM Works
- What Happens When CAM Table Is Full?
- MAC Flooding
- Switch Port Stealing
- How to Defend against MAC Attacks
- Sniffing Technique: DHCP Attacks
- How DHCP Works
- DHCP Request/Reply Messages
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- How to Defend Against DHCP Starvation and Rogue Server Attack
- Sniffing Technique: ARP Poisoning
- What Is Address Resolution Protocol (ARP)?
- ARP Spoofing Attack
- Threats of ARP Poisoning
- ARP Poisoning Tools
- How to Defend Against ARP Poisoning
- Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
- ARP Spoofing Detection Tools
- Sniffing Technique: Spoofing Attacks
- MAC Spoofing/Duplicating
- MAC Spoofing Technique: Windows
- MAC Spoofing Tools
- IRDP Spoofing
- How to Defend Against MAC Spoofing
- Sniffing Technique: DNS Poisoning
- DNS Poisoning Techniques
- How to Defend Against DNS Spoofing
- Tools for Sniffing
- Sniffing Tool: Wireshark
- Display Filters in Wireshark
- Additional Wireshark Filters
- Sniffing Tools
- Packet Sniffing Tools for Mobile
- Countermeasures
- How to Defend Against Sniffing
-
Social Engineering(15 Hours)
- Concepts of Social Engineering
- What is Social Engineering?
- Phases of a Social Engineering Attack
- Techniques of Social Engineering
- Types of Social Engineering
- Human-based Social Engineering
- Computer-based Social Engineering
- Mobile-based Social Engineering
- Insider Threats
- Insider Threat / Insider Attack
- Type of Insider Threats
- Impersonation on Social Networking Sites
- Social Engineering Through Impersonation on Social Networking Sites
- Impersonation on Facebook
- Social Networking Threats to Corporate Networks
- Identity Theft
- Identity Theft
- Countermeasures
- Social Engineering Countermeasures
- Insider Threats Countermeasures
- Identity Theft Countermeasures
- How to Detect Phishing Emails?
- Anti-Phishing Toolbar
- Common Social Engineering Targets and Defense Strategies
- Social Engineering Pen-Testing
- Social Engineering Pen-Testing
- Social Engineering Pen-Testing Tools
-
Denial-of-Service Attack(10Hours)
- DoS/DDoS Concepts
- What is a Denial-of-Service Attack?
- What is Distributed Denial-of-Service Attack?
- Techniques used for DoS/DDoS Attacks
- Basic Categories of DoS/DDoS Attack Vectors
- UDP Flood Attack
- ICMP Flood Attack
- Ping of Death and Smurf Attack
- SYN Flood Attack
- Fragmentation Attack
- HTTP GET/POST and Slowloris Attacks
- Multi-Vector Attack
- Peer-to-Peer Attacks
- Permanent Denial-of-Service Attack
- Distributed Reflection Denial-of-Service (DRDoS)
- Botnets
- Organized Cyber Crime: Organizational Chart
- Botnet
- A Typical Botnet Setup
- Botnet Ecosystem
- Scanning Methods for Finding Vulnerable Machines
- How Malicious Code Propagates?
- Botnet Trojans
- DDoS Case Study
- Hackers Advertise Links to Download Botnet
- Use of Mobile Devices as Botnets for Launching DDoS Attacks
- DDoS Case Study: Dyn DDoS Attack
- Tools used for DoS/DDoS Attack
- DoS/DDoS Attack Tools
- DoS and DDoS Attack Tool for Mobile
- Countermeasures
- Detection Techniques
- DoS/DDoS Countermeasure Strategies
- DDoS Attack Countermeasures
- Techniques to Defend against Botnets
- DoS/DDoS Countermeasures
- DoS/DDoS Protection at ISP Level
- Enabling TCP Intercept on Cisco IOS Software
- Tools used for DoS/DDoS Protection
- Advanced DDoS Protection Appliances
- DoS/DDoS Protection Tools
-
Session Hijacking(15 Hours)
- Concepts of Session Hijacking
- What is Session Hijacking?
- Why Session Hijacking is Successful?
- Session Hijacking Process
- Packet Analysis of a Local Session Hijack
- Types of Session Hijacking
- Session Hijacking in OSI Model
- Spoofing vs. Hijacking
- Application Level Session Hijacking
- Application Level Session Hijacking
- Compromising Session IDs using Sniffing and Predicting Session Token
- Compromising Session IDs Using Man-in-the-Middle Attack
- Compromising Session IDs Using Man-in-the-Browser Attack
- Compromising Session IDs Using Client-side Attacks
- Compromising Session IDs Using Client-side Attacks: Cross-site Script Attack
- Compromising Session IDs Using Client-side Attacks: Cross-site Request Forgery Attack
- Compromising Session IDs Using Session Replay Attack
- Compromising Session IDs Using Session Fixation
- Session Hijacking Using Proxy Servers
- Network Level Session Hijacking
- TCP/IP Hijacking
- IP Spoofing: Source Routed Packets
- RST Hijacking
- Blind Hijacking
- UDP Hijacking
- MiTM Attack Using Forged ICMP and ARP Spoofing
- Session Hijacking Tools
- Session Hijacking Tools
- Session Hijacking Tools for Mobile
- Countermeasures
- Session Hijacking Detection Methods
- Protecting against Session Hijacking
- Methods to Prevent Session Hijacking: To be Followed by Web Developers
-
How to Evade IDS, Firewalls, and Honeypots(10 Hours)
- Concepts of IDSs, Firewalls, and Honeypots
- Intrusion Detection System (IDS)
- Firewall
- Honeypot
- IDS, Firewall, and Honeypot Solutions
- Intrusion Detection Tool
- Firewalls
- Honeypot Tools
- IDS Evasion
- IDS Evasion Techniques
- Tools for IDS/Firewall Evasion
- IDS/Firewall Evasion Tools
- Packet Fragment Generator Tools
- Detecting Honeypots
- Detecting and Defeating Honeypots
- Honeypot Detection Tool: Send-Safe Honeypot Hunter
- IDS/Firewall Evasion Countermeasures
- How to Defend Against IDS Evasion
- How to Defend Against Firewall Evasion
- Penetration Testing
- Firewall/IDS Penetration Testing
-
Basics of Hacking Web Servers(10 Hours)
- Web Server Concepts
- Web Server Operations
- Open Source Web Server Architecture
- IIS Web Server Architecture
- Web Server Security Issue
- Why Web Servers Get Compromised?
- Impact of Web Server Attacks
- Attacks of Web Servers
- DoS/DDoS Attacks
- DNS Server Hijacking
- DNS Amplification Attack
- Directory Traversal Attacks
- Man-in-the-Middle/Sniffing Attack
- Phishing Attacks
- Website Defacement
- Web Server Misconfiguration
- HTTP Response Splitting Attack
- Web Cache Poisoning Attack
- SSH Brute Force Attack
- Web Server Password Cracking
- Methodology of Web Server Attacks
- Information Gathering
- Web Server Footprinting/Banner Grabbing
- Website Mirroring
- Tools of Web Server Attacks
- Metasploit
- Web Server Attack Tools
- Countermeasures
- Place Web Servers in Separate Secure Server Security Segment on Network
- Countermeasures
-
Web Application Hacking(10 Hours)
- Web App Concepts
- Introduction to Web Applications
- Web Application Architecture
- Web 2.0 Applications
- Vulnerability Stack
- Threats to Web App
- OWASP Top 10 Application Security Risks – 2017
- Other Web Application Threats
- Hacking Methodology
- Web App Hacking Methodology
- Footprint Web Infrastructure
- Attack Web Servers
- Analyze Web Applications
- Bypass Client-Side Controls
- Attack Authentication Mechanism
- Attack Authorization Schemes
- Attack Access Controls
- Web App Hacking Tools
- Web Application Hacking Tools
- Countermeasures
- Web Application Fuzz Testing
- Source Code Review
- Encoding Schemes
-
Basics of SQL Injection(15 Hours)
- SQL Injection Concepts
- What is SQL Injection?
- SQL Injection and Server-side Technologies
- Understanding HTTP POST Request
- Understanding Normal SQL Query
- Understanding an SQL Injection Query
- Types of SQL Injection
- Types of SQL Injection
- SQL Injection Methodology
- SQL Injection Methodology
- SQL Injection Tools
- SQL Injection Tools for Mobile
- Countermeasures
- How to Defend Against SQL Injection Attacks
- SQL Injection Detection Tools
-
Wireless Network Hacking(10 Hours)
- Wireless Concepts
- Wireless Terminologies
- Wireless Networks
- Wireless Standards
- Service Set Identifier (SSID)
- Wi-Fi Authentication Modes
- Wireless Encryption
- Types of Wireless Encryption
- WEP vs. WPA vs. WPA2
- Wireless Threats
- Wireless Hacking Methodology
- Wireless Hacking Methodology
- Tools for Wireless Hacking
- WEP/WPA Cracking Tools
- WEP/WPA Cracking Tool for Mobile
- Wi-Fi Sniffer
- Countermeasures
- Wireless Security Layers
- How to Defend Against WPA/WPA2 Cracking
- How to Defend Against KRACK Attacks
- How to Detect and Block Rogue AP
- How to Defend Against Wireless Attacks
- How to Defend Against Bluetooth Hacking
- Tools Wireless Security
- Wireless Intrusion Prevention Systems
- Wireless IPS Deployment
-
Hacking Mobile Platforms(15 Hours)
- Mobile Platform Attack Vectors
- Vulnerable Areas in Mobile Business Environment
- OWASP Top 10 Mobile Risks – 2016
- Anatomy of a Mobile Attack
- How a Hacker Can Profit from Mobile when Successfully Compromised
- Mobile Attack Vectors and Mobile Platform Vulnerabilities
- Hacking Android OS
- Android OS
- Android Rooting
- Blocking Wi-Fi Access using NetCut
- Hacking with zANTI
- Hacking Networks Using Network Spoofer
- Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
- Performing Session Hijacking Using DroidSheep
- Mobile Spyware
- Mobile Spyware
- Mobile Spyware: mSpy
- Mobile Spywares
- Mobile Device Management
- Mobile Device Management (MDM)
- Mobile Device Management Solutions
- Bring Your Own Device (BYOD)
- Mobile Security Guidelines and Tools
- General Guidelines for Mobile Platform Security
- Mobile Device Security Guidelines for Administrator
- Mobile Pen Testing
- Android Phone Pen Testing
-
Basics of IoT Hacking (10 Hours)
- IoT Concepts
- What is IoT
- How IoT Works
- IoT Architecture
- IoT Application Areas and Devices
- Attacks on IoT
- IoT Security Problems
- OWASP Top 10 IoT Vulnerabilities and Obstacles
- IoT Attack Surface Areas
- IoT Threats
- Methodology used for IoT Hacking
- What is IoT Device Hacking?
- IoT Hacking Methodology
- Tools used for IoT Hacking
- Information Gathering Tools
- Sniffing Tools
- Vulnerability Scanning Tools
- Countermeasures
- How to Defend Against IoT Hacking
- General Guidelines for IoT Device Manufacturing Companies
-
Basics of Cloud Computing(10 Hours)
- Introduction to Cloud Computing
- Separations of Responsibilities in Cloud
- Cloud Deployment Models
- Cloud Computing Threats
- Cloud Computing Attacks
- Service Hijacking using Social Engineering Attacks
- Service Hijacking using Network Sniffing
- Session Hijacking using XSS Attack
- Session Hijacking using Session Riding
- Domain Name System (DNS) Attacks
- Best Practices for Securing Cloud
- NIST Recommendations for Cloud Security
- Organization/Provider Cloud Security Compliance Checklist
- Cloud Security Tools
-
Basics of Cryptography (5 Hours)
- Cryptography Concepts
- Cryptography
- Government Access to Keys (GAK)
- Encryption Algorithms
- Ciphers
- Data Encryption Standard (DES)
- Advanced Encryption Standard (AES)
- Cryptography Tools
- MD5 Hash Calculators
- Hash Calculators for Mobile
- Cryptography Tools
- Email Encryption
- Digital Signature
- Secure Sockets Layer (SSL)
- Transport Layer Security (TLS)
- Countermeasures
- How to Defend Against Cryptographic Attacks
Overview
Objectives:
To identify the concepts and components of an Oracle Database 11g database
Objectives:
- To identify the concepts and components of an Oracle Database 11g database, recognize how to retrieve information from it using SQL, and identify the steps for sorting, limiting
- To recognize the steps for writing queries that convert data from one type to another, specify conditions, perform calculations on groups of rows or even tables, and return value
- To identify the steps for manipulating queries to return the data you need, using sub queries and set operators, and also for manipulating the actual data using INSERT, UPDATE
- To recognize the steps for creating, defining, and dropping tables, manipulating how their data can be viewed, and using schema objects to generate integers, improve queries
Data Science Module
Basic understanding of network essentials and core concepts, including server andvnetwork components
Certification
Benefits of NSDC certification
- The course content has been vetted and approved by the NSDC, meaning it aligns with industry standards and has a good chance of leading to employment.
- The training center has met certain quality standards, such as having a certain number of trainers and equipment.
- You may be eligible for a loan from the NSDC to pay for the course.
- You may be able to get a certificate recognized by the government and industry.
- You may be able to get placement assistance after completing the course
Objectives:
To identify the concepts and components of an Oracle Database 11g databaseObjectives:
- To identify the concepts and components of an Oracle Database 11g database, recognize how to retrieve information from it using SQL, and identify the steps for sorting, limiting
- To recognize the steps for writing queries that convert data from one type to another, specify conditions, perform calculations on groups of rows or even tables, and return value
- To identify the steps for manipulating queries to return the data you need, using sub queries and set operators, and also for manipulating the actual data using INSERT, UPDATE
- To recognize the steps for creating, defining, and dropping tables, manipulating how their data can be viewed, and using schema objects to generate integers, improve queries
Data Science Module
Basic understanding of network essentials and core concepts, including server andvnetwork components
Certification
Benefits of NSDC certification
- The course content has been vetted and approved by the NSDC, meaning it aligns with industry standards and has a good chance of leading to employment.
- The training center has met certain quality standards, such as having a certain number of trainers and equipment.
- You may be eligible for a loan from the NSDC to pay for the course.
- You may be able to get a certificate recognized by the government and industry.
- You may be able to get placement assistance after completing the course
Instructor
Pass PercentageRELATED COURSES
