Certified Ethical Hacking & Penetration Testing Expert

Introducing Certified Ethical Hacking and Penetration Testing Expert Certification module which is designed in a way that every topic will be covered with practical as well as theoretical Knowledge to the Students by the Professionals. Our aim is to make a Student, An IT Security Professional. Security threats are not only harmful, but sometimes undetectable too. If a person is enough oriented with Security countermeasures, he/she can prevent himself/herself from any attack before it happened. We are providing knowledge, the best in the industry. We have well designed labs with Network equipments for live demonstration of Hacking Operations and for the prevention, we have a team of Professionals. For the Best experience in the world of Cyber Security, Join Armour Infosec.

This module is well designed with all the principles of cyber security. We are working to spread the information security awareness campaigns to all the peoples, who are somehow connected to the internet and are using social networking sites to connect with the world. The strategies to maintain all the prevention countermeasures applied on a network are must to live forever. Our module contains Networking Fundamentals, Kali Linux Fundamentals, Introduction to Penetration Testing & Ethical Hacking, Footprinting and Reconnaissance, Scanning Networks & Detecting Live System, Proxies, VPNs and Tor, Enumeration, System Hacking, Trojans and Backdoors, Viruses and Worms, Sniffers, Social Engineering, Denial of Service, Session Hijacking, Hacking Web servers, Advanced Exploitation Techniques, Hacking Web Applications, SQL Injection, Hacking Wireless Networks, Mobile Hacking, Evading IDS, Firewalls, and Honeypots, Buffer Overflow, Cryptography.

Duration

Duration

2 hours per day x 150 days

Eligibility

Eligibility

Advanced knowledge of Windows and Linux server

Secure Development in PHP

  • Introduction to PHP
  • What is PHP
  • The history of PHP
  • Why choose PHP
  • Installation overview
  • Embedding PHP code on a page
  • Outputting dynamic text
  • The operational trail
  • Inserting code comments
  • Variables
  • Strings
  • String functions
  • Numbers part one Integers
  • Numbers part two
  • Floating points
  • Arrays
  • Associative arrays
  • Array functions
  • Booleans
  • NULL and empty
  • Type juggling and casting
  • Constants

Logical Expressions

  • If statements
  • Else and elseif statements
  • Logical operators
  • Switch statements

Loops

  • While loops
  • For loops
  • Foreach loops
  • Continue
  • Break
  • Understanding array pointers
  • Defining functions
  • Function arguments
  • Returning values from a function
  • Multiple return values
  • Scope and global variables
  • Setting default argument values
  • Common problems
  • Warnings and errors
  • Debugging and troubleshooting
  • Links and URLs
  • Using GET values
  • Encoding GET values
  • Encoding for HTML
  • Including and requiring files
  • Modifying headers
  • Page redirection
  • Output buffering
  • Building forms
  • Detecting form submissions
  • Single-page form processing
  • Validating form values
  • Problems with validation logic
  • Displaying validation errors
  • Custom validation functions
  • Single-page form with validations
  • Working with cookies
  • Setting cookie values
  • Reading cookie values
  • Unsetting cookie values
  • Working with sessions
  • MySQL introduction
  • Creating a database
  • Creating a database table
  • CRUD in MySQL
  • Populating a MySQL database
  • Relational database tables
  • Populating the relational table
  • Database APIs in PHP
  • Connecting to MySQL with PHP
  • Retrieving data from MySQL
  • Working with retrieved data
  • Creating records with PHP
  • Updating and deleting records with PHP
  • SQL injection
  • Escaping strings for MySQL
  • Introducing prepared statements
  • Blueprinting the application
  • Building the CMS database
  • Establishing your work area
  • Creating and styling the first page
  • Making page assets reusable
  • Connecting the application to the database
  • Adding pages to the navigation subjects
  • Refactoring the navigation
  • Selecting pages from the navigation
  • Highlighting the current page
  • Moving the navigation to a function
  • Finding a subject in the database
  • Refactoring the page selection
  • Creating a new subject form
  • Processing form values and adding subjects
  • Passing data in the session
  • Validating form values
  • Creating an edit subject form
  • Using single-page submission
  • Deleting a subject
  • Cleaning up
  • Assignment Pages CRUD
  • Assignment results Pages CRUD
  • The public appearance
  • Using a context for conditional code
  • Adding a default subject behavior
  • The public content area
  • Protecting page visibility
  • User authentication overview
  • Admin CRUD
  • Encrypting passwords
  • Salting passwords
  • Adding password encryption to CMS
  • New PHP password functions
  • Creating a login system
  • Checking for authorization
  • Creating a logout page
  • File system basics
  • Understanding file permissions
  • Setting file permissions
  • PHP permissions
  • Accessing files
  • Writing to files
  • Deleting files
  • Moving the file pointer
  • Reading files
  • Examining file details
  • Working with directories
  • Viewing directory content
  • Configuring PHP for email
  • Sending email with mail()
  • Using headers
  • Reviewing SMTP
  • Using PHPMailer

Ethical Hacking & Penetration Testing

  • Kali Linux history and introduction
  • Kali Linux GUI desktops
  • Kali Linux Commands
  • Tar and zips
  • Compiling programs
  • Identifying software packages
  • Installing and removing software
  • User account management
  • Changing a user account password
  • Passwd & Shadow file formats
  • File permissions
  • Directory permissions
  • Octal representation
  • Changing permissions
  • Setting default permissions
  • Internet addressing
  • Network services
  • Commonly available services
  • Fundamental network configuration files
  • Network control scripts

Hacking Concepts

  • Introduction to Hacking
  • Hacking vs. Ethical Hacking
  • Effects of Hacking on Business
  • Who is a Hacker?
  • Hacker Classes
  • Hacktivism
  • Hacking Phases
  • Defense in Depth

Vulnerability Assessment & Penetration Testing

  • Vulnerabilities
  • Vulnerability Research
  • Vulnerability Research Websites
  • What is Penetration Testing?
  • Why Penetration Testing
  • Penetration Testing Methodology
  • Security Policies
  • Types of Security Policies
  • Steps to Create and Implement Security Policies

Disaster Recovery & Risk Management

  • Defining Risk Management
  • Strategies for Managing Risk
  • How to Analyze Risk
  • Disaster Recovery Strategies
  • Plan Testing and Execution

Footprinting Concepts and Methodology

  • Footprinting Terminology
  • What is Footprinting?
  • Why Footprinting?
  • Objectives of Footprinting
  • Footprinting Threats

 

Footprinting using Search Engines

  • Finding Company’s External and Internal URLs
  • Public and Restricted Websites
  • Collect Location Information
  • People Search
  • People Search Online Services
  • People Search on Social Networking Services
  • Gather Information from Financial Services
  • Footprinting through Job Sites
  • Monitoring Target Using Alerts

 

Website Footprinting

  • Mirroring Entire Website
  • Website Mirroring Tools
  • Extract Website Information from http://www.archive.org
  • Monitoring Web Updates Using Website Watcher

Email Footprinting

  • Tracking Email Communications
  • Collecting Information from Email Header
  • Email Tracking Tools

 

Footprinting using Google

  • Footprint Using Google Hacking Techniques
  • What a Hacker can do with Google Hacking?
  • Google Advance Search Operators
  • Finding Resources Using Google Advance Operator
  • Google Hacking Tools

 

WHOIS Footprinting

  • WHOIS Lookup
  • WHOIS Lookup Result Analysis
  • WHOIS Lookup Tools
  • WHOIS Lookup Online Tools

 

DNS Footprinting

  • Extracting DNS Information
  • DNS Interrogation Tools
  • Using Nslookup
  • Dig for Unix / Linux

Network Footprinting

  • Locate the Network Range
  • Determine the Operating System
  • Traceroute
  • Traceroute Analysis
  • Traceroute Tools

 

Footprinting using Social Engineering

  • Footprinting through Social Engineering
  • Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
  • Collect Information through Social Engineering on Social Networking Sites

 

Footprinting using Social Networking Sites

  • Collecting Facebook Information
  • Collecting Twitter Information
  • Collecting Linkedin Information
  • Collecting Youtube Information
  • Tracking Users on Social Networking Sites

 

Footprinting Tools

  • Maltego
  • Domain Name Analyzer Pro
  • Web Data Extractor
  • Additional Footprinting Tools

Scanning Networks Concepts and Methodology

  • Network Scanning
  • Scanning Methodology

 

Check for Live Systems

  • ICMP Scanning
  • Ping Sweep
  • Ping Sweep Tools

 

Banner Grabbing

  • Banner Grabbing Tools
  • Banner Grabbing Countermeasures: Disabling or Changing Banner
  • Hiding File Extensions from Web Pages

Check for Open Ports

  • Three-Way Handshake
  • TCP Communication Flags
  • Create Custom Packet Using TCP Flags
  • Scanning IPv6 Network
  • Scanning Tool
  • Hping2 / Hping3
  • Hping Commands
  • Scanning Techniques
  • Nmap
  • TCP Connect / Full Open Scan
  • Stealth Scan (Half-open Scan)
  • Xmas Scan
  • FIN Scan
  • NULL Scan
  • IDLE Scan
  • ICMP Echo Scanning/List Scan
  • UDP Scanning
  • Inverse TCP Flag Scanning
  • ACK Flag Scanning

Scanning Beyond IDS

  • IDS Evasion Techniques
  • SYN/FIN Scanning Using IP Fragments

 

Scan for Vulnerability

  • Security Alerts
  • Vulnerability Scanning
  • Vulnerability Scanning Tool
  • IBM Appscan
  • GFI Languard
  • Network Vulnerability Scanners
  • Analyzing the Scan Results
  • Generating Reports
  • Remediation
  • Patch Management
  • Proxy Servers
  • Why Attackers Use Proxy Servers?
  • Use of Proxies for Attack
  • Proxy Chaining
  • Proxy Tools
  • Free Proxy Servers
  • HTTP Tunneling Techniques
  • Why do I Need HTTP Tunneling
  • HTTP Tunneling Tool
  • SSH Tunneling
  • SSH Tunneling Tools
  • Spoofing IP Address
  • IP Spoofing Detection Techniques
  • Tor: anonymous internet access
  • How tor works

Enumeration Concepts

  • What is Enumeration?
  • Techniques for Enumeration
  • Services and Ports to Enumerate

 

Null sessions

  • Null sessions
  • Syntax for a null session
  • Viewing shares

 

NetBIOS Enumeration

  • NetBIOS Enumeration Tools
  • Enumerating User Accounts
  • Enumerate Systems Using Default Passwords

SNMP Enumeration

  • SNMP (Simple Network Management Protocol) Enumeration
  • Working of SNMP
  • Management Information Base (MIB)
  • SNMP Enumeration Tools

 

UNIX/Linux Enumeration

  • UNIX/Linux Enumeration Commands
  • Linux Enumeration Tools

 

LDAP Enumeration

  • LDAP Enumeration Tools

NTP Enumeration

  • NTP Enumeration Commands

 

SMTP Enumeration

  • SMTP Enumeration Tools

 

DNS Enumeration

  • DNS Zone Transfer Enumeration Using NSLookup
  • DNS Enumeration Tools

 

SMB Enumeration

  • SMB Enumeration Tools

Windows Hacking &Security

  • Introducing Operating System
  • Introduction of Windows Hacking
  • Bootloader
  • File system
  • Windows command & Powershell
  • Special or shell folder in windows
  • Windows Registry
  • Group Policies
  • Batch Programming & Windows Scripting

 

Cracking Passwords

  • Password Cracking
  • Password Complexity
  • Password Cracking Techniques
  • Types of Password Attacks
  • Passive Online Attack
  • Active Online Attack
  • Distributed Network Attack
  • Elcomsoft Distributed Password Recovery
  • Non-Electronic Attacks
  • Default Passwords
  • Manual Password Cracking (Guessing)
  • Stealing Passwords Using USB Drive
  • Stealing Passwords Using Keyloggers
  • Microsoft Authentication
  • How Hash Passwords Are Stored in Windows SAM?
  • What Is LAN Manager Hash?
  • LM “Hash” Generation
  • LM, NTLMv1, and NTLMv2
  • NTLM Authentication Process
  • Kerberos Authentication
  • Salting
  • PWdump7 and Fgdump
  • L0phtCrack
  • Ophcrack
  • Cain & Abel
  • Winrtgen and rtgen
  • RainbowCrack
  • Password Cracking Tools
  • LM Hash Backward Compatibility
  • How to Disable LM HASH
  • How to Defend against Password Cracking
  • Implement and Enforce Strong Security Policy

Escalating Privileges

  • Privilege Escalation
  • Privilege Escalation Tools
  • How to Defend Against Privilege Escalation

 

Executing Applications

  • Executing Applications: RemoteExec
  • Executing Applications: PDQ Deploy
  • Executing Applications: DameWare NT Utilities

Spyware

  • What Does the Spyware Do?
  • Types of Spywares
  • Desktop Spyware
  • Email and Internet Spyware
  • Child Monitoring Spyware
  • Screen Capturing Spyware
  • USB Spyware
  • Audio Spyware
  • Video Spyware
  • Print Spyware
  • Telephone/Cellphone Spyware
  • GPS Spyware
  • How to Defend Against Spyware
  • Anti-Spywares

 

Keylogger

  • Types of Keystroke Loggers
  • Methodology of Attacker in Using Remote Keylogger
  • How to Defend Against Keyloggers
  • Anti-Keylogger

Hiding Files

  • Rootkits
  • Types of Rootkits
  • How Rootkit Works
  • Detecting Rootkits
  • Steps for Detecting Rootkits
  • How to Defend against Rootkits
  • Anti-Rootkit

NTFS Data Stream

  • How to Create NTFS Streams
  • NTFS Stream Manipulation
  • How to Defend against NTFS Streams
  • NTFS Stream Detectors

 

What is Steganography?

  • Application of Steganography
  • Classification of Steganography
  • Technical Steganography
  • Linguistic Steganography
  • Steganography Techniques
  • How Steganography Works
  • Types of Steganography
  • Whitespace Steganography Tool
  • Image Steganography
  • Least Significant Bit Insertion
  • Masking and Filtering
  • Algorithms and Transformation
  • Image Steganography Tools
  • Document Steganography Tools
  • Video Steganography Tools
  • Audio Steganography Tools
  • Folder Steganography Tools
  • Spam/Email Steganography
  • Natural Text Steganography
  • Issues in Information Hiding
  • Steganalysis
  • Steganalysis Methods/Attacks on Steganography
  • Detecting Text and Image Steganography
  • Detecting Audio and Video Steganography
  • Steganography Detection Tools

 

Covering Tracks

  • Why Cover Tracks?
  • Covering Tracks
  • Ways to Clear Online Tracks
  • Disabling Auditing
  • Covering Tracks Tool
  • Track Covering Tools

Trojan Concepts

  • What is a Trojan?
  • Purpose of Trojans
  • What Do Trojan Creators Look For
  • Indications of a Trojan Attack
  • Common Ports used by Trojans

 

Trojan Infection

  • How to Infect Systems Using a Trojan
  • Wrappers
  • Wrapper Covert Programs
  • Different Ways a Trojan can Get into a System
  • How to Deploy a Trojan
  • Evading Anti-Virus Techniques

 

Types of Trojans

  • Command Shell Trojans
  • GUI Trojans
  • Document Trojans
  • E-mail Trojans
  • Defacement Trojans
  • Botnet Trojans
  • Proxy Server Trojans
  • FTP Trojans
  • VNC Trojans
  • HTTP/HTTPS Trojans
  • ICMP Tunneling
  • Remote Access Trojans
  • Covert Channel Trojan
  • E-banking Trojans
  • Banking Trojan Analysis
  • Destructive Trojans
  • Notification Trojans
  • Credit Card Trojans
  • Data Hiding Trojans (Encrypted Trojans)
  • Trojan Analysis: Flame
  • Flame C&C Server Analysis
  • Trojan Analysis

Trojan Detection

  • How to Detect Trojans
  • Scanning for Suspicious Ports
  • Port Monitoring Tools
  • Process Monitoring Tools
  • Scanning for Suspicious Registry Entries
  • Registry Entry Monitoring Tools
  • Scanning for Suspicious Device Drivers
  • Device Drivers Monitoring Tools
  • Scanning for Suspicious Windows Services
  • Windows Services Monitoring Tools
  • Scanning for Suspicious Startup Programs
  • Windows Startup Registry Entries
  • Startup Programs Monitoring Tools
  • Scanning for Suspicious Files and Folders
  • Files and Folder Integrity Checker
  • Scanning for Suspicious Network Activities
  • Detecting Trojans and Worms with Capsa Network Analyzer

 

Anti-Trojan Software

  • Anti-Trojan Software’s

 

Virus and Worms Concepts

  • Introduction to Viruses
  • Virus and Worm Statistics
  • Stages of Virus Life
  • Working of Viruses: Infection Phase
  • Working of Viruses: Attack Phase
  • Why Do People Create Computer Viruses
  • Indications of Virus Attack
  • How does a Computer Get Infected by Viruses
  • Common Techniques Used to Distribute Malware on the Web
  • Virus Hoaxes and Fake Antiviruses
  • Virus Analysis

Types of Viruses

  • System or Boot Sector Viruses
  • File and Multipartite Viruses
  • Macro Viruses
  • Cluster Viruses
  • Stealth/Tunneling Viruses
  • Encryption Viruses
  • Polymorphic Code
  • Metamorphic Viruses
  • File Overwriting or Cavity Viruses
  • Sparse Infector Viruses
  • Companion/Camouflage Viruses
  • Shell Viruses
  • File Extension Viruses
  • Add-on and Intrusive Viruses
  • Writing a Simple Virus Program
  • Terabit Virus Maker
  • JPS Virus Maker and DELmE’s Batch Virus Maker

 

Worms

  • How is a Worm Different from a Virus?
  • Worm Analysis: Stuxnet
  • Worm Maker: Internet Worm Maker Thing

 

Malware Analysis

  • What is Sheep Dip Computer?
  • Anti-Virus Sensors Systems
  • Malware Analysis Procedure: Preparing Testbed
  • Malware Analysis Procedure
  • Virus Analysis Tool: IDA Pro
  • Online Malware Testing: VirusTotal
  • Online Malware Analysis Services

 

Detection Methods

  • Virus and Worms
  • Companion Antivirus
  • Anti-virus Tools

Sniffing Concepts

  • Wiretapping
  • Packet Sniffing
  • Sniffing Threats
  • How a Sniffer Works
  • Types of Sniffing Attacks
  • Passive Sniffing
  • Active Sniffing
  • Protocols Vulnerable to Sniffing
  • SPAN Port

 

MAC Attacks

  • MAC Flooding
  • MAC Address/CAM Table
  • How CAM Works
  • What Happens When CAM Table is Full?
  • Mac Flooding Switches with macof
  • MAC Flooding Tools
  • How to Defend against MAC Attacks

 

DHCP Attacks

  • How DHCP Works
  • DHCP Request/Reply Messages
  • IPv4 DHCP Packet Format
  • DHCP Starvation Attack
  • Rogue DHCP Server Attack
  • How to Defend Against DHCP Starvation and Rogue Server Attack

ARP Poisoning

  • What is Address Resolution Protocol (ARP)?
  • ARP Spoofing Techniques
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work
  • Threats of ARP Poisoning
  • ARP Poisoning Tools
  • How to Defend Against ARP Poisoning
  • ARP Spoofing Detection: XArp

 

Spoofing Attack

  • Spoofing Attack Threats
  • MAC Spoofing/Duplicating
  • MAC Spoofing Technique: Windows
  • MAC Spoofing Tool: SMAC
  • IRDP Spoofing
  • How to Defend Against MAC Spoofing

 

DNS Poisoning

  • DNS Poisoning Techniques
  • Intranet DNS Spoofing
  • Proxy Server DNS Poisoning
  • DNS Cache Poisoning
  • How to Defend Against DNS Spoofing

Sniffing Tools

  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Sniffing Tool: Tcpdump/Windump
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer: OmniPeek Network Analyzer
  • Network Packet Analyzer: Observer
  • Network Packet Analyzer: Sniff-O-Matic
  • Network Packet Analyzer: JitBit Network Sniffer
  • Chat Message Sniffer: MSN Sniffer 2
  • TCP/IP Packet Crafter: Colasoft Packet Builder
  • How an Attacker Hacks the Network Using Sniffers

 

Sniffer Detection Technique

  • How to Defend Against Sniffing
  • How to Detect Sniffing
  • Sniffer Detection Technique: Ping Method
  • Sniffer Detection Technique: ARP Method
  • Sniffer Detection Technique: DNS Method
  • Promiscuous Detection Tool: PromqryUI

Social Engineering Concepts

  • What is Social Engineering?
  • Behaviors Vulnerable to Attacks
  • Factors that Make Companies Vulnerable to Attacks
  • Why Is Social Engineering Effective?
  • Warning Signs of an Attack
  • Phases in a Social Engineering Attack
  • Impact on the Organization
  • “Rebecca” and “Jessica”
  • Common Targets of Social Engineering

Social Engineering Techniques

  • Introduction of Social Engineering
  • Types of Social Engineering
  • Human-based Social Engineering
  • Technical Support
  • Authority Support
  • Human base
  • Human base: Eavesdropping and Shoulder Surfing
  • Human base: Dumpster Diving
  • Computer based Attacks
  • Computer based Attacks: Pop-Ups
  • Computer based Attacks: Phishing
  • Computer based Attacks: Spear Phishing
  • Computer based Attacks: Using Social Media
  • Mobile based
  • Mobile based: Publishing Malicious Apps
  • Mobile based: Repackaging Legitimate Apps
  • Mobile based: Fake Security Applications
  • Mobile based: Using SMS
  • Insider Attack
  • Disgruntled Employee
  • Preventing Insider Threats
  • How to Detect Phishing Emails
  • Anti-Phishing Toolbar: Netcraft
  • Anti-Phishing Toolbar: PhishTank
  • Identity Theft

DoS/DDoS Concepts

  • What is a Denial of Service Attack?
  • What are Distributed Denial of Service Attacks?
  • How Distributed Denial of Service Attacks Work
  • Symptoms of a DoS Attack
  • Cyber Criminals
  • Organized Cyber Crime: Organizational Chart

 

DoS Attack Techniques

  • Bandwidth Attacks
  • Service Request Floods
  • SYN Attack
  • SYN Flooding
  • ICMP Flood Attack
  • Peer-to-Peer Attacks
  • Permanent Denial-of-Service Attack
  • Application Level Flood Attacks

Botnet

  • Botnet Propagation Technique
  • Botnet Ecosystem
  • Botnet Trojan: Shark
  • Poison Ivy: Botnet Command Control Center
  • Botnet Trojan: PlugBot
  • Botnet Trojans: Illusion Bot and NetBot Attacker

 

DDoS Case Study

  • DDoS Attack
  • DDoS Attack Tool: LOIC
  • Hackers Advertise Links to Download Botnet
  • DoS Attack Tools

Denial of Service Attack Detection Techniques

  • Activity Profiling
  • Wavelet Analysis
  • Sequential Change-Point Detection
  • Post-Attack Forensics
  • Techniques to Defend against Botnets
  • DoS/DDoS Protection at ISP Level
  • Enabling TCP Intercept on Cisco IOS Software
  • Advanced DDoS Protection Appliances

Session Hijacking Concepts

  • What is Session Hijacking?
  • Why Session Hijacking is Successful?
  • Key Session Hijacking Techniques
  • Brute Forcing Attack
  • Spoofing vs. Hijacking
  • Session Hijacking Process
  • Types of Session Hijacking
  • Attack Vectors
  • The Impact of Session Hijacking
  • Session Hijacking and the OWASP Top 10

 

Session Hijacking in Web Applications

  • The Stateless Nature of HTTP
  • Persisting State Over HTTP
  • Session Persistence in Cookies
  • Session Persistence in the URL
  • Session Persistence in Hidden Form Fields
  • Hijacking Sessions in Web Applications
  • Hijacking Cookies with Cross Site Scripting
  • Exposed Cookie Based Session IDs in Logs
  • Exposed URL Based Session IDs in Logs
  • Leaking URL Persisted Sessions in the Referrer
  • Session Sniffing
  • Session Fixation
  • Brute Forcing Session IDs
  • Session Donation

Session Hijacking in Network and Client Level

  • Understanding TCP
  • Reviewing the Three-way Handshake in Wireshark
  • Generation and Predictability of TCP Sequence Numbers
  • Blind Hijacking
  • Man in the Middle Session Sniffing
  • IP Spoofing
  • UDP Hijacking
  • Man in the Browser Attacks
  • Network Level Session Hijacking in the Wild

 

Mitigating the Risk of Session Hijacking

  • Use Strong Session IDs
  • Keep Session IDs Out of the URL
  • Don’t Reuse Session ID for Auth
  • Always Flag Session ID Cookies as HTTP Only
  • Use Transport Layer Security
  • Always Flag Session ID Cookies as Secure
  • Session Expiration and Using Session Cookies
  • Consider Disabling Sliding Sessions
  • Encourage Users to Log Out
  • Re-authenticate Before Key Actions

Automating Session Hijack Attacks

  • Manipulating Session IDs with OWASP ZAP
  • Testing Session Token Strength with Burp Suite
  • Dynamic Analysis Testing with NetSparker
  • Other Tools

Web server Concepts

  • Web server Market Shares
  • Open Source Web server Architecture
  • IIS Web server Architecture
  • Understanding How Web Servers Are Hacked
  • The Impact of Hacking
  • Web Servers versus Web Applications
  • The Role of Cloud

 

Discovering Risks & Misconfiguration in Web Servers

  • Crawling, Enumeration, and Directory Traversal
  • Mirroring Websites
  • Reconnaissance and Footprinting
  • HTTP Fingerprinting
  • Social Engineering
  • Internal Leakage
  • Debug Settings
  • Excessive Access Rights
  • Misconfigured SSL
  • Weaknesses in Default Configurations

Other Attacks against Web Servers

  • Website Defacement
  • HTTP Response Splitting
  • Web Cache Poisoning
  • Brute Forcing Authentication Schemes
  • Streamline Testing with Automation
  • Hacking Web Applications

 

Web server Security Tools

  • Syhunt Dynamic
  • N-Stalker Web Application Security Scanner
  • Wikto
  • Acunetix Web Vulnerability Scanner
  • HackAlert
  • QualysGuard Malware Detection

Managing and Hardening Web Servers

  • What is Patch Management?
  • Identifying Appropriate Sources for Updates and Patches
  • Installation of a Patch
  • Implementation and Verification of a Security Patch or Upgrade
  • Patch Management Tools
  • Support and End of Life
  • Locking Down Services
  • Designing for Network Segmentation
  • Sandboxing

Introduction & fundamentals of Metasploit

  • Terminologies and Requirement of Metasploit
  • Metasploit Architecture
  • Mixins and Plugins
  • Msfconsole
  • Exploits in Metasploit
  • Important commands for Exploits usage
  • Payload Basics
  • Generating Different Payloads
  • Database in Metasploit
  • Meterpreter in Metasploit
  • Meterpreter usage in Metasploit

Information Gathering & Vulnerability scanning via Metasploit

  • Port scanning with Metasploit
  • Target mssql
  • Service information via Metasploit
  • SNMP sniffing
  • Psnuffel script in Metasploit
  • Custom scanner by user
  • SMB Login Check Scanner
  • Open VNC server scanning
  • WMAP web scanner in Metasploit
  • NeXpose scanner via Metasploit
  • Nessus usage and Metasploit

 

Exploit-payload Creation

  • Design Goals for an Exploit
  • mixins in exploit writing
  • Msfvenom
  • AN Shellcode

Client side Attacks

  • Binary Payloads
  • Trojans for linux via Metasploit
  • Malicious PDF file via Metasploit
  • After exploitation stuff
  • Privilege Escalation
  • Pass the hash attack
  • Session stealing attacks
  • Registry and backdoors in Metsploit
  • Packet sniffing with Metasploit
  • Bypassing the forensic investigation
  • Monitoring and searching the victim

 

Scripts, Meterpreter and Ruby extension

  • Automation of Meterpreter via rc scripts
  • Irb shell programming in Meterpreter
  • Backdooring the remote system
  • Keylogging the remote system
  • Metsvc exploitation
  • Persistence exploitation services

Web App Concepts

  • Introduction to Web Applications
  • Web Application Components
  • How Web Applications Work?
  • Web Application Architecture
  • Web 2.0 Applications
  • Vulnerability Stack
  • Web Attack Vectors

 

Understanding Security in Web Applications

  • The State of Web Application Security
  • Understanding Web Application Security
  • Query Strings, Routing, and HTTP Verbs
  • The Discoverability of Client Security Constructs
  • Protections Offered by Browsers
  • What the Browser Can’t Defend Against

 

Reconnaissance and Footprinting

  • Spidering with NetSparker
  • Forced Browsing with Burp Suite
  • Directory Traversal
  • Banner Grabbing with Wget
  • Server Fingerprinting with Nmap
  • Discovery of Development Artefacts with Acunetix
  • Discovery of Services via Generated Documentation
  • Discovering Framework Risks
  • Identifying Vulnerable Targets with Shodan

Tampering of Untrusted Data

  • OWASP and the Top 10 Web Application Security Risks
  • Understanding Untrusted Data
  • Parameter Tampering
  • Hidden Field Tampering
  • Mass Assignment Attacks
  • Cookie Poisoning
  • Insecure Direct Object References
  • Defending Against Tampering
  • Basic techniques
  • Deep data hiding
  • Brute-force and dictionary attacks
  • Account lockout attack
  • Path and information disclosure
  • Forced browsing
  • Path traversal
  • Unicode encoding
  • Parameter delimiter

 

Incjection attacks

  • PHP injection
  • Direct static code injection

 

Attacks Involving the Client

  • Reflected Cross Site Scripting (XSS)
  • Persistent Cross Site Scripting (XSS)
  • Defending Against XSS Attacks
  • Identifying XSS Risks and Evading Filters
  • Client Only Validation
  • Insufficient Transport Layer Security
  • Cross Site Request Forgery (CSRF)
  • Cross Site Tracing attack (XST)
  • Cross Site Request Forgery attack (XSRF)

Attacks against Identity Management and Access Controls

  • Understanding Weaknesses in Identity Management
  • Identity Enumeration
  • Weaknesses in the ‘Remember Me’ Feature
  • Resources Missing Access Controls
  • Insufficient Access Controls
  • Privilege Elevation

 

Denial of Service Attacks

  • Understanding DoS
  • Exploiting Password Resets
  • Exploiting Account Lockouts
  • Distributed Denial of Service (DDoS)
  • Automating DDoS Attacks with LOIC
  • DDoS as a Service
  • Features at Risk of a DDoS Attack
  • Other DDoS Attacks and Mitigations

More advanced techniques

  • Spying on data with a browser
  • Session hijacking
  • Session fixation
  • Automated security testing
  • Improper Error Handling
  • Understanding Salted Hashes
  • Insecure Cryptographic Storage
  • Unvalidated Redirects and Forwards
  • Exposed Exceptions Logs with ELMAH
  • Vulnerabilities in Web Services

Why SQL Injection Matters

  • The Significance of SQL Injection
  • Executing a SQL Injection Attack
  • The Impact of a Successful Attack
  • SQL Injection in the Wild

 

Understanding SQL Queries

  • Understanding Structured Query Language
  • Statement Termination
  • Using the SQL Comment Syntax
  • SQL Queries versus Data
  • The Value of Internal Exceptions

 

The Mechanics of SQL Injection Attacks

  • Types of SQL Injection
  • The Single Character Injection Test
  • Modifying the Query Structure
  • Circumventing Website Logins
  • Modifying Data and Database Objects
  • Identifying the Risk in Code
  • Understanding and Detecting Input Sanitization

Discovering Schema and Extracting Data

  • Understanding the Union Operator
  • Executing Union Injection
  • Manual Database Structure Discovery with Error-based Injection
  • Querying System Objects for Schema Discovery
  • Extracting Schema Details with Union Injection
  • Enumerating Result Sets with Sub-queries
  • Extracting Schema Details with Error-based Injection

 

Blind SQL Injection

  • Basic and Blind Attack Success Criteria
  • Understanding a Blind Attack
  • Applying Boolean Based Injection
  • Constructing Yes and No Questions for Boolean Based Injection
  • Enumerating via ASCII Values
  • Where Time Based Injection Makes Sense
  • Understanding the WAITFOR DELAY Command
  • Constructing a Time Based Attack

 

Advanced SQL Injection Concepts

  • Database Server Feature Comparison
  • Establishing Account Identity and Rights
  • Enumerating Other Databases on the System
  • Creating Database Logins
  • Extracting Passwords from SQL Server Hashes
  • Replicating a Table Using OPENROWSET
  • Executing Commands on the Operating System
  • SQL Injection for Network Reconnaissance

Defending Against Attacks

  • Implement Proper Error Handling
  • Validating Untrusted Data
  • Query Parameterization
  • Stored Procedures
  • Object Relational Mappers
  • The Principle of Least Privilege
  • Isolating the Database Network Segment
  • Using an IDS or WAF
  • Keeping Software Patched and Current

 

Evasion Techniques

  • Understanding Signatures
  • Basic Evasion Techniques
  • Encoding for Evasion
  • Splitting Strings
  • White Space Diversity
  • Inline Comments
  • Variables
  • String Manipulation

 

Automating Attacks

  • Testing in the Browser with SQL Inject Me
  • Fuzz Testing with Burp Suite
  • Data Extraction with Havij
  • Schema Mapping with sqlmap
  • Dynamic Analysis Testing with NetSparker

Introduction to wireless networks

  • Wireless transmission standards
  • 11 wireless network types
  • Encryption and authentication standards
  • Wireless network cards in Linux – overview
  • Wireless network interface cards in Linux

 

Wireless security (half) measures

  • MAC address filtering
  • Changing the MAC address of the wireless network card
  • Disabling ESSID broadcast
  • Finding a hidden access point with disabled ESSID broadcast
  • Limiting wireless coverage

Wireless network attacks independent of used encryption

  • Introduction
  • DoS: RF jamming
  • DoS: CSMA/CA jamming
  • The use of deauthentication attack for jamming network traffic
  • DoS: Deauthentication attack
  • Wireless MITM

 

WEP attacks

  • WEP encryption
  • Chopchop
  • The overview and demonstration of the chop-chop attack
  • Keystream reuse
  • Generating packets without knowing the network key
  • Interactive packet replay and ARP request replay
  • The demonstration of the PTW and KoreK attacks
  • Caffe Latte Attack
  • Creating a fake access point – the Caffe Latte attack

WPA attacks

  • WPA
  • The dictionary attack on WPA
  • WPA2
  • Rainbow tables
  • The dictionary attack on WPA – using hash tables
  • Cowpatty attack
  • DoS: Taking advantage of the MIC failure holdoff time

 

Advanced attacks against WPA

  • WKA TKIP attack
  • WPA TKIP broken
  • Beck-Tews attack enhanced
  • Michael Reset attack

Mobile Platform Attack Vectors

  • Rise of Mobility
  • Areas to Consider
  • Device Security
  • Android Security Features
  • Look out
  • Application Security
  • GEO Tagging
  • Mobile Applications
  • SOPHOS
  • Trend Micro Security
  • Byod Concerns
  • IScan
  • Options
  • App Permissions
  • The Virtualization Option

Hacking Android OS

  • Android OS Architecture
  • Android Device Administration API
  • Android Vulnerabilities
  • Android Rooting
  • Rooting Android Phones using SuperOneClick
  • Rooting Android Phones Using Superboot
  • Android Rooting Tools
  • Session Hijacking Using DroidSheep
  • Android-based Sniffer: FaceNiff
  • Android Trojans
  • Securing Android Devices
  • Google Apps Device Policy
  • Remote Wipe Service: Remote Wipe
  • Android Security Tool: DroidSheep Guard
  • Android Vulnerability Scanner: X-Ray
  • Android Device Tracking Tools
  • Introduction of Working with Firewalls
  • Understanding Firewalls
  • Firewall Architectures
  • Types of Firewalls
  • Evading Firewalls
  • Configuring Proxy
  • Evading Firewalls using Tunneling
  • Evading Firewalls using External Systems
  • Evading Firewalls using miTM Attacks
  • Firewalls Evation Tools
  • Firewall Bypassing & Penetration Testing
  • Firewalls Evation Tools Continued
  • Honeypots Defined
  • Types of Honeypots
  • Detecting Honepots
  • Honeypot using Atomic Software
  • Introduction to IDS
  • Intrusion Detection Systems
  • Introduction to Evading IDS
  • Encryption & Flooding
  • Obfuscating
  • Fragmentation Attacks
  • Overlapping Fragments
  • Points of Vulnerabilities in IDS
  • How to avoid IDS Demo
  • Insertion Attacks
  • Evasion Attacks
  • Denial of Service Attacks
  • Application Layer- Attacks
  • Time to Live Attacks
  • False Positive Generation
  • Urgency Flag
  • Session Splicing
  • Pre Connection SYN
  • Post Connection SYN
  • Snort
  • More tools
  • Ways to Detect
  • ADMmutate
  • Other Evading Tools
  • Centralized Security Management
  • IDS Penetration Testing
  • Buffer Overflow
  • Stacks
  • Stack overflow
  • Heaps
  • Heap Overflow
  • Format Strings
  • Format Strings Buffer Overflow
  • Integer Overflow
  • Vulnerabilities to Buffer Overflow
  • Buffer Overflow
  • Handling Buffer Overflow
  • Identifying Buffer Overflow
  • Defense Against Buffer Overflows
  • Programming Countermeasures
  • Buffer Overflow Security Tools
  • Cryptography
  • Types of Cryptography
  • Government Access to Keys (GAK)
  • Ciphers
  • Advanced Encryption Standard (AES)
  • Data Encryption Standard (DES)
  • RC4, RC5, RC6 Algorithms
  • The DSA and Related Signature Schemes
  • RSA (Rivest Shamir Adleman)
  • Example of RSA Algorithm
  • The RSA Signature Scheme
  • Message Digest (One-way Hash) Functions
  • Message Digest Function: MD5
  • Secure Hashing Algorithm (SHA)
  • What is SSH (Secure Shell)?
  • MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
  • Cryptography Tools
  • Public Key Infrastructure (PKI)
  • Certification Authorities
  • Digital Signature
  • SSL (Secure Sockets Layer)
  • Transport Layer Security (TLS)
  • Disk Encryption Tools
  • Code Breaking Methodologies
  • Brute-Force Attack
  • Meet-in-the-Middle Attack on Digital Signature Schemes