OVERVIEW

The evolution of the internet technologies has caused a major leap in the cyber security issues. The rise of cyber crime has instilled a need for the people to be technically skilled, to prevent themselves from getting compromised due to information and financial losses. In this 3 days hands on workshop we would focus on the need to develop hacking skills for adapting safety and preventive measures. We would be covering the tools, tips and techniques used by hackers and security penetration testers to develop practical ethical hacking skills.

COVERAGE
Module 1 – Introduction to Class
Participants | Familiarization with course material | Familiarization with the protocols and timings | Expectation setting and clarifications | Pre-training test for the resources attending the training
Module 2 – Introduction to Ethical Hacking
Internet Crime Current Report: IC3 | Data Breach Investigations Report | Types of Data Stolen From the Organizations | Essential Terminologies | Elements of Information Security | Authenticity and Non-Repudiation | The Security, Functionality, and Usability Triangle | Security Challenges | Effects of Hacking | Effects of Hacking on Business | Reconnaissance Types | Operating System Attacks | Application-Level Attacks | Shrink Wrap Code Attacks | Misconfiguration Attacks | Why Ethical Hacking is Necessary? | Defense in Depth | Scope and Limitations of Ethical Hacking | What Do Ethical Hackers Do? | Skills of an Ethical Hacker | Vulnerability Research | Vulnerability Research Websites | What is Penetration Testing? | Why Penetration Testing? | Penetration Testing Methodology.
Module 3 – Foot printing and Reconnaissance
Footprinting Terminologies | What is Footprinting? | Objectives of Footprinting | Footprinting Threats | Finding a Company’s URL | Locate Internal URLs | Public and Restricted Websites | Search for Company’s Information | Footprinting Through Search Engines | Collect Location Information | People Search | Gather Information from Financial Services | Footprinting Through Job Sites | Monitoring Target Using Alerts | Competitive Intelligence Gathering | WHOIS Lookup | Extracting DNS Information | Locate the Network Range | Traceroute | Mirroring Entire Website | Extract Website Information from http://www.archive.org | Monitoring Web Updates Using Website Watcher | Tracking Email Communications | Footprint Using Google Hacking Techniques | What a Hacker Can Do With Google Hacking? | Google Advance Search Operators | Google Hacking Tool: Google Hacking Database (GHDB) | Google Hacking Tools | Additional Footprinting Tools | Footprinting Countermeasures | Footprinting Pen Testing.
Module 4 – Scanning Networks
Network Scanning | Types of Scanning | Checking for Live Systems – ICMP Scanning | Ping Sweep | Three-Way Handshake | TCP Communication Flags | Hping2 / Hping3 | Hping Commands | Scanning Techniques | ICMP Echo Scanning/List Scan | SYN/FIN Scanning Using IP Fragments | UDP Scanning | Inverse TCP Flag Scanning | ACK Flag Scanning | Scanning: IDS Evasion Techniques | IP Fragmentation Tools | Scanning Tool: Nmap | Scanning Tool: NetScan Tools Pro | Scanning Tools | Do Not Scan These IP Addresses (Unless you want to get into trouble) | Scanning Countermeasures | War Dialing | Why War Dialing? | War Dialing Tools | War Dialing Countermeasures | OS Fingerprinting | Banner Grabbing Tool: ID Serve | GET REQUESTS | Banner Grabbing Tool: Netcraft | Banner Grabbing Tools | Banner Grabbing Countermeasures: Disabling or Changing Banner | Hiding File Extensions | Hiding File Extensions from Webpages | Vulnerability Scanning | Network Vulnerability Scanners | LANsurveyor | Network Mappers | Proxy Servers | Why Attackers Use Proxy Servers? | Use of Proxies for Attack | How Does MultiProxy Work? | Free Proxy Servers | Proxy Workbench | Proxifier Tool: Create Chain of Proxy Servers | SocksChain | TOR (The Onion Routing) | TOR Proxy Chaining Software | HTTP Tunneling Techniques | Why do I Need HTTP Tunneling? | Super Network Tunnel Tool | Httptunnel for Windows | Additional HTTP Tunneling Tools | SSH Tunneling | SSL Proxy Tool | How to Run SSL Proxy? | Proxy Tools | Anonymizers | Types of Anonymizers | Case: Bloggers Write Text Backwards to Bypass Web Filters in China | Text Conversion to Avoid Filters | Censorship Circumvention Tool: Psiphon | How Psiphon Works? | How to Check if Your Website is Blocked in China or Not? | G-Zapper | Anonymizer Tools | Spoofing IP Address | IP Spoofing Detection Techniques: Direct TTL Probes | IP Spoofing Detection Techniques: IP Identification Number | IP Spoofing Detection Techniques: TCP Flow Control Method | IP Spoofing Countermeasures | Scanning Pen Testing.
Module 5 – Enumeration
What is Enumeration? | Techniques for Enumeration | Netbios Enumeration | Enumerating User Accounts | Enumerate Systems Using Default Passwords | SNMP (Simple Network Management Protocol) Enumeration | UNIX/Linux Enumeration | LDAP Enumeration | NTP Enumeration | SMTP Enumeration | DNS Zone Transfer Enumeration Using nslookup | Enumeration Countermeasures | Enumeration Pen Testing.
Module 6 – System Hacking
Information at Hand Before System Hacking Stage | System Hacking: Goals | CEH Hacking Methodology (CHM) | Password Cracking | Microsoft Authentication | How Hash Passwords are Stored in Windows SAM? | What is LAN Manager Hash? | Kerberos Authentication | Salting | PWdump7 and Fgdump | L0phtCrack | Ophcrack | Cain & Abel | RainbowCrack | Password Cracking Tools | LM Hash Backward Compatibility | How to Defend against Password Cracking? | Privilege Escalation | Active@ Password Changer | Privilege Escalation Tools | How to Defend against Privilege Escalation? | Executing Applications | Alchemy Remote Executor | RemoteExec | Execute This! | Keylogger | Types of Keystroke Loggers | Acoustic/CAM Keylogger | Spyware | How to Defend against Keyloggers? | How to Defend against Spyware? | Rootkits | Types of Rootkits | How Rootkit Works? | Rootkit: Fu | Detecting Rootkits | How to Defend against Rootkits? | Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective | NTFS Data Stream | What is Steganography? | Types of Steganography | Image Steganography | Document Steganography: wbStego | Video Steganography: Our Secret | Audio Steganography: Mp3stegz | Folder Steganography: Invisible Secrets 4 | Spam/Email Steganography: Spam Mimic | Natural Text Steganography: Sams Big G Play Maker | Steganalysis | Steganography Detection Tool: Stegdetect | Why Cover Tracks? | Ways to Clear Online Tracks | Disabling Auditing: Auditpol | Covering Tracks Tool: Window Washer | Covering Tracks Tool: Tracks Eraser Pro | System Hacking Penetration Testing.
Module 7 – Trojans and Backdoors
What is a Trojan? | Overt and Covert Channels | Purpose of Trojans | What Do Trojan Creators Look For? | Indications of a Trojan Attack | Common Ports used by Trojans | How to Infect Systems Using a Trojan? | Wrappers | Different Ways a Trojan can Get into a System | How to Deploy a Trojan? | Evading Anti-Virus Techniques | Types of Trojans | Destructive Trojans | Notification Trojans | Credit Card Trojans | Data Hiding Trojans (Encrypted Trojans) | BlackBerry Trojan: PhoneSnoop | MAC OS X Trojan: DNSChanger | MAC OS X Trojan: DNSChanger | Mac OS X Trojan: Hell Raiser | How to Detect Trojans? | Process Monitoring Tool: What’s Running | Scanning for Suspicious Registry Entries | Registry Entry Monitoring Tools | Scanning for Suspicious Device Drivers | Scanning for Suspicious Windows Services | Scanning for Suspicious Startup Programs | Scanning for Suspicious Files and Folders | Scanning for Suspicious Network Activities | Trojan Countermeasures | Backdoor Countermeasures | Trojan Horse Construction Kit | Anti-Trojan Software: TrojanHunter | Anti-Trojan Software: Emsisoft Anti-Malware | Anti-Trojan Softwares | Pen Testing for Trojans and Backdoors.
Module 8 – Viruses and Worms
Introduction to Viruses | Virus and Worm Statistics 2010 | Stages of Virus Life | Working of Viruses: Infection Phase | Working of Viruses: Attack Phase | Why Do People Create Computer Viruses? | Indications of Virus Attack | How does a Computer get Infected by Viruses? | Virus Hoaxes | Virus Analysis | Types of Viruses | Transient and Terminate and Stay Resident Viruses | Writing a Simple Virus Program | Computer Worms | How is a Worm Different from a Virus? | Example of Worm Infection: Conficker Worm | Worm Analysis | Worm Maker: Internet Worm Maker Thing | What is Sheep Dip Computer? | Anti-Virus Sensors Systems | Malware Analysis Procedure | String Extracting Tool: Bintext | Compression and Decompression Tool: UPX | Process Monitoring Tools: Process Monitor | Log Packet Content Monitoring Tools: NetResident | Debugging Tool: Ollydbg | Virus Analysis Tool: IDA Pro | Online Malware Testing | Online Malware Analysis Services | Virus Detection Methods | Virus and Worms Countermeasures | Companion Antivirus: Immunet Protect | Anti-virus Tools | Penetration Testing for Virus.
Module 9 – Sniffers
Lawful Intercept | Wiretapping | Sniffing Threats | How a Sniffer Works? | Hacker Attacking a Switch | Types of Sniffing: Passive Sniffing | Types of Sniffing: Active Sniffing | Protocols Vulnerable to Sniffing | Tie to Data Link Layer in OSI Model | Hardware Protocol Analyzers | SPAN Port | MAC Flooding | How DHCP Works? | What is Address Resolution Protocol (ARP)? | Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches | MAC Spoofing/Duplicating | DNS Poisoning Techniques | Sniffing Tool: Wireshark | Sniffing Tool: CACE Pilot | Sniffing Tool: Tcpdump/Windump | Discovery Tool: NetworkView | Discovery Tool: The Dude Sniffer | Password Sniffing Tool: Ace | Packet Sniffing Tool: Capsa Network Analyzer | OmniPeek Network Analyzer | Network Packet Analyzer: Observer | Session Capture Sniffer: NetWitness | Email Message Sniffer: Big-Mother | TCP/IP Packet Crafter: Packet Builder | Additional Sniffing Tools | How an Attacker Hacks the Network Using Sniffers? | How to Defend Against Sniffing? | Sniffing Prevention Techniques | How to Detect Sniffing? | Promiscuous Detection Tool: PromqryUI | Promiscuous Detection Tool: PromiScan.
Module 10 – Social Engineering
What is Social Engineering? | Behaviors Vulnerable to Attacks | Why is Social Engineering Effective? | Warning Signs of an Attack | Phases in a Social Engineering Attack | Impact on the Organization | Command Injection Attacks | Common Targets of Social Engineering | Types of Social Engineering | Insider Attack | Common Intrusion Tactics and Strategies for Prevention | Social Engineering Through Impersonation on Social Networking Sites | Risks of Social Networking to Corporate Networks | Identity Theft Statistics 2010 | Real Steven Gets Huge Credit Card Statement | Identity Theft – Serious Problem | Social Engineering Countermeasures: Policies | How to Detect Phishing Emails? | Identity Theft Countermeasures | Social Engineering Pen Testing.
Module 11 – Denial of Service
What is a Denial of Service Attack? | What is Distributed Denial of Service Attacks? | Symptoms of a DoS Attack | Cyber Criminals | Internet Chat Query (ICQ) | Internet Relay Chat (IRC) | DoS Attack Techniques | Botnet | WikiLeak Operation Payback | DoS Attack Tools | Detection Techniques | DoS/DDoS Countermeasure Strategies | DDoS Attack Countermeasures | Post-attack Forensics | Techniques to Defend against Botnets | DoS/DDoS Countermeasures | DoS/DDoS Protection at ISP Level | Enabling TCP Intercept on Cisco IOS Software | Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS) | DoS/DDoS Protection Tool | Denial of Service (DoS) Attack Penetration Testing
Module 12 – Session Hijacking
What is Session Hijacking? | Dangers Posed by Hijacking | Why Session Hijacking is Successful? | Key Session Hijacking Techniques | Brute Forcing | HTTP Referrer Attack | Spoofing vs. Hijacking | Session Hijacking Process | Packet Analysis of a Local Session Hijack | Types of Session Hijacking | Predictable Session Token | Man-in-the-Middle Attack | Man-in-the-Browser Attack | Client-side Attacks | Cross-site Script Attack | Session Fixation | Network Level Session Hijacking | The 3-Way Handshake | Sequence Numbers | TCP/IP Hijacking | IP Spoofing: Source Routed Packets | RST Hijacking | Blind Hijacking | Man-in-the-Middle Attack using Packet Sniffer | UDP Hijacking | Session Hijacking Tools | Countermeasures | Protecting against Session Hijacking | Methods to Prevent Session Hijacking: To be Followed by Web Developers | Methods to Prevent Session Hijacking: To be Followed by Web Users | Defending against Session Hijack Attacks | Session Hijacking Remediation | IPSec

CONNECT WITH US