Certified Network Security Expert

A Certified Network Security Expert / Penetration Tester is a network security consultant that tries to break a network and find possible exploits in different computer systems and softwares. In short you can say them ethical hacker. They generally are expected to run a number of tests and fill out assessment reports about what they have discovered during penetration. In this course students will learn Penetration Testing, Linux Fundamentals, Information Gathering, Detecting Live System, Enumeration, Vulnerability Assessments, Malware Goes Undercover, Windows Hacking, Hacking UNIX/Linux, Advanced Exploitation Techniques, Networks, Sniffing, IDS.

Duration

Duration

2 hours per day x 75 days

Eligibility

Eligibility

Advanced knowledge of Windows and Linux server

Course Details

  • Kali Linux history and introduction
  • Kali Linux GUI desktops
  • Kali Linux Commands
  • Tar and zips
  • Compiling programs
  • Identifying software packages
  • Installing and removing software
  • User account management
  • Changing a user account password
  • Passwd & Shadow file formats
  • File permissions
  • Directory permissions
  • Octal representation
  • Changing permissions
  • Setting default permissions
  • Internet addressing
  • Network services
  • Commonly available services
  • Fundamental network configuration files
  • Network control scripts

Hacking Concepts

  • Introduction to Hacking
  • Hacking vs. Ethical Hacking
  • Effects of Hacking on Business
  • Who is a Hacker?
  • Hacker Classes
  • Hacktivism
  • Hacking Phases
  • Defense in Depth

Vulnerability Assessment & Penetration Testing

  • Vulnerabilities
  • Vulnerability Research
  • Vulnerability Research Websites
  • What is Penetration Testing?
  • Why Penetration Testing
  • Penetration Testing Methodology
  • Security Policies
  • Types of Security Policies
  • Steps to Create and Implement Security Policies

Disaster Recovery & Risk Management

  • Defining Risk Management
  • Strategies for Managing Risk
  • How to Analyze Risk
  • Disaster Recovery Strategies
  • Plan Testing and Execution

Footprinting Concepts and Methodology

  • Footprinting Terminology
  • What is Footprinting?
  • Why Footprinting?
  • Objectives of Footprinting
  • Footprinting Threats

 

Footprinting using Search Engines

  • Finding Company’s External and Internal URLs
  • Public and Restricted Websites
  • Collect Location Information
  • People Search
  • People Search Online Services
  • People Search on Social Networking Services
  • Gather Information from Financial Services
  • Footprinting through Job Sites
  • Monitoring Target Using Alerts

 

Website Footprinting

  • Mirroring Entire Website
  • Website Mirroring Tools
  • Extract Website Information from http://www.archive.org
  • Monitoring Web Updates Using Website Watcher

Email Footprinting

  • Tracking Email Communications
  • Collecting Information from Email Header
  • Email Tracking Tools

 

Footprinting using Google

  • Footprint Using Google Hacking Techniques
  • What a Hacker can do with Google Hacking?
  • Google Advance Search Operators
  • Finding Resources Using Google Advance Operator
  • Google Hacking Tools

 

WHOIS Footprinting

  • WHOIS Lookup
  • WHOIS Lookup Result Analysis
  • WHOIS Lookup Tools
  • WHOIS Lookup Online Tools

 

DNS Footprinting

  • Extracting DNS Information
  • DNS Interrogation Tools
  • Using Nslookup
  • Dig for Unix / Linux

Network Footprinting

  • Locate the Network Range
  • Determine the Operating System
  • Traceroute
  • Traceroute Analysis
  • Traceroute Tools

 

Footprinting using Social Engineering

  • Footprinting through Social Engineering
  • Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving
  • Collect Information through Social Engineering on Social Networking Sites

 

Footprinting using Social Networking Sites

  • Collecting Facebook Information
  • Collecting Twitter Information
  • Collecting Linkedin Information
  • Collecting Youtube Information
  • Tracking Users on Social Networking Sites

 

Footprinting Tools

  • Maltego
  • Domain Name Analyzer Pro
  • Web Data Extractor
  • Additional Footprinting Tools

Scanning Networks Concepts and Methodology

  • Network Scanning
  • Scanning Methodology

 

Check for Live Systems

  • ICMP Scanning
  • Ping Sweep
  • Ping Sweep Tools

 

Banner Grabbing

  • Banner Grabbing Tools
  • Banner Grabbing Countermeasures: Disabling or Changing Banner
  • Hiding File Extensions from Web Pages

Check for Open Ports

  • Three-Way Handshake
  • TCP Communication Flags
  • Create Custom Packet Using TCP Flags
  • Scanning IPv6 Network
  • Scanning Tool
  • Hping2 / Hping3
  • Hping Commands
  • Scanning Techniques
  • Nmap
  • TCP Connect / Full Open Scan
  • Stealth Scan (Half-open Scan)
  • Xmas Scan
  • FIN Scan
  • NULL Scan
  • IDLE Scan
  • ICMP Echo Scanning/List Scan
  • UDP Scanning
  • Inverse TCP Flag Scanning
  • ACK Flag Scanning

Scanning Beyond IDS

  • IDS Evasion Techniques
  • SYN/FIN Scanning Using IP Fragments

 

Scan for Vulnerability

  • Security Alerts
  • Vulnerability Scanning
  • Vulnerability Scanning Tool
  • IBM Appscan
  • GFI Languard
  • Network Vulnerability Scanners
  • Analyzing the Scan Results
  • Generating Reports
  • Remediation
  • Patch Management
  • Proxy Servers
  • Why Attackers Use Proxy Servers?
  • Use of Proxies for Attack
  • Proxy Chaining
  • Proxy Tools
  • Free Proxy Servers
  • HTTP Tunneling Techniques
  • Why do I Need HTTP Tunneling
  • HTTP Tunneling Tool
  • SSH Tunneling
  • SSH Tunneling Tools
  • Spoofing IP Address
  • IP Spoofing Detection Techniques
  • Tor: anonymous internet access
  • How tor works

Enumeration Concepts

  • What is Enumeration?
  • Techniques for Enumeration
  • Services and Ports to Enumerate

 

Null sessions

  • Null sessions
  • Syntax for a null session
  • Viewing shares

 

NetBIOS Enumeration

  • NetBIOS Enumeration Tools
  • Enumerating User Accounts
  • Enumerate Systems Using Default Passwords

SNMP Enumeration

  • SNMP (Simple Network Management Protocol) Enumeration
  • Working of SNMP
  • Management Information Base (MIB)
  • SNMP Enumeration Tools

 

UNIX/Linux Enumeration

  • UNIX/Linux Enumeration Commands
  • Linux Enumeration Tools

 

LDAP Enumeration

  • LDAP Enumeration Tools

NTP Enumeration

  • NTP Enumeration Commands

 

SMTP Enumeration

  • SMTP Enumeration Tools

 

DNS Enumeration

  • DNS Zone Transfer Enumeration Using NSLookup
  • DNS Enumeration Tools

 

SMB Enumeration

  • SMB Enumeration Tools

Windows Hacking &Security

  • Introducing Operating System
  • Introduction of Windows Hacking
  • Bootloader
  • File system
  • Windows command & Powershell
  • Special or shell folder in windows
  • Windows Registry
  • Group Policies
  • Batch Programming & Windows Scripting

 

Cracking Passwords

  • Password Cracking
  • Password Complexity
  • Password Cracking Techniques
  • Types of Password Attacks
  • Passive Online Attack
  • Active Online Attack
  • Distributed Network Attack
  • Elcomsoft Distributed Password Recovery
  • Non-Electronic Attacks
  • Default Passwords
  • Manual Password Cracking (Guessing)
  • Stealing Passwords Using USB Drive
  • Stealing Passwords Using Keyloggers
  • Microsoft Authentication
  • How Hash Passwords Are Stored in Windows SAM?
  • What Is LAN Manager Hash?
  • LM “Hash” Generation
  • LM, NTLMv1, and NTLMv2
  • NTLM Authentication Process
  • Kerberos Authentication
  • Salting
  • PWdump7 and Fgdump
  • L0phtCrack
  • Ophcrack
  • Cain & Abel
  • Winrtgen and rtgen
  • RainbowCrack
  • Password Cracking Tools
  • LM Hash Backward Compatibility
  • How to Disable LM HASH
  • How to Defend against Password Cracking
  • Implement and Enforce Strong Security Policy

Escalating Privileges

  • Privilege Escalation
  • Privilege Escalation Tools
  • How to Defend Against Privilege Escalation

 

Executing Applications

  • Executing Applications: RemoteExec
  • Executing Applications: PDQ Deploy
  • Executing Applications: DameWare NT Utilities

 

Spyware

  • What Does the Spyware Do?
  • Types of Spywares
  • Desktop Spyware
  • Email and Internet Spyware
  • Child Monitoring Spyware
  • Screen Capturing Spyware
  • USB Spyware
  • Audio Spyware
  • Video Spyware
  • Print Spyware
  • Telephone/Cellphone Spyware
  • GPS Spyware
  • How to Defend Against Spyware
  • Anti-Spywares

 

Keylogger

  • Types of Keystroke Loggers
  • Methodology of Attacker in Using Remote Keylogger
  • How to Defend Against Keyloggers
  • Anti-Keylogger

 

Hiding Files

  • Rootkits
  • Types of Rootkits
  • How Rootkit Works
  • Detecting Rootkits
  • Steps for Detecting Rootkits
  • How to Defend against Rootkits
  • Anti-Rootkit

NTFS Data Stream

  • How to Create NTFS Streams
  • NTFS Stream Manipulation
  • How to Defend against NTFS Streams
  • NTFS Stream Detectors

 

What is Steganography?

  • Application of Steganography
  • Classification of Steganography
  • Technical Steganography
  • Linguistic Steganography
  • Steganography Techniques
  • How Steganography Works
  • Types of Steganography
  • Whitespace Steganography Tool
  • Image Steganography
  • Least Significant Bit Insertion
  • Masking and Filtering
  • Algorithms and Transformation
  • Image Steganography Tools
  • Document Steganography Tools
  • Video Steganography Tools
  • Audio Steganography Tools
  • Folder Steganography Tools
  • Spam/Email Steganography
  • Natural Text Steganography
  • Issues in Information Hiding
  • Steganalysis
  • Steganalysis Methods/Attacks on Steganography
  • Detecting Text and Image Steganography
  • Detecting Audio and Video Steganography
  • Steganography Detection Tools

 

Covering Tracks

  • Why Cover Tracks?
  • Covering Tracks
  • Ways to Clear Online Tracks
  • Disabling Auditing
  • Covering Tracks Tool
  • Track Covering Tools

Trojan Concepts

  • What is a Trojan?
  • Purpose of Trojans
  • What Do Trojan Creators Look For
  • Indications of a Trojan Attack
  • Common Ports used by Trojans

 

Trojan Infection

  • How to Infect Systems Using a Trojan
  • Wrappers
  • Wrapper Covert Programs
  • Different Ways a Trojan can Get into a System
  • How to Deploy a Trojan
  • Evading Anti-Virus Techniques

 

Types of Trojans

  • Command Shell Trojans
  • GUI Trojans
  • Document Trojans
  • E-mail Trojans
  • Defacement Trojans
  • Botnet Trojans
  • Proxy Server Trojans
  • FTP Trojans
  • VNC Trojans
  • HTTP/HTTPS Trojans
  • ICMP Tunneling
  • Remote Access Trojans
  • Covert Channel Trojan
  • E-banking Trojans
  • Banking Trojan Analysis
  • Destructive Trojans
  • Notification Trojans
  • Credit Card Trojans
  • Data Hiding Trojans (Encrypted Trojans)
  • Trojan Analysis: Flame
  • Flame C&C Server Analysis
  • Trojan Analysis

Trojan Detection

  • How to Detect Trojans
  • Scanning for Suspicious Ports
  • Port Monitoring Tools
  • Process Monitoring Tools
  • Scanning for Suspicious Registry Entries
  • Registry Entry Monitoring Tools
  • Scanning for Suspicious Device Drivers
  • Device Drivers Monitoring Tools
  • Scanning for Suspicious Windows Services
  • Windows Services Monitoring Tools
  • Scanning for Suspicious Startup Programs
  • Windows Startup Registry Entries
  • Startup Programs Monitoring Tools
  • Scanning for Suspicious Files and Folders
  • Files and Folder Integrity Checker
  • Scanning for Suspicious Network Activities
  • Detecting Trojans and Worms with Capsa Network Analyzer

 

Anti-Trojan Software

  • Anti-Trojan Software’s

 

Virus and Worms Concepts

  • Introduction to Viruses
  • Virus and Worm Statistics
  • Stages of Virus Life
  • Working of Viruses: Infection Phase
  • Working of Viruses: Attack Phase
  • Why Do People Create Computer Viruses
  • Indications of Virus Attack
  • How does a Computer Get Infected by Viruses
  • Common Techniques Used to Distribute Malware on the Web
  • Virus Hoaxes and Fake Antivirus’s
  • Virus Analysis

Types of Viruses

  • System or Boot Sector Viruses
  • File and Multipartite Viruses
  • Macro Viruses
  • Cluster Viruses
  • Stealth/Tunneling Viruses
  • Encryption Viruses
  • Polymorphic Code
  • Metamorphic Viruses
  • File Overwriting or Cavity Viruses
  • Sparse Infector Viruses
  • Companion/Camouflage Viruses
  • Shell Viruses
  • File Extension Viruses
  • Add-on and Intrusive Viruses
  • Writing a Simple Virus Program
  • Terabit Virus Maker
  • JPS Virus Maker and DELmE’s Batch Virus Maker

 

Worms

  • How is a Worm Different from a Virus?
  • Worm Analysis: Stuxnet
  • Worm Maker: Internet Worm Maker Thing

 

Malware Analysis

  • What is Sheep Dip Computer?
  • Anti-Virus Sensors Systems
  • Malware Analysis Procedure: Preparing Testbed
  • Malware Analysis Procedure
  • Virus Analysis Tool: IDA Pro
  • Online Malware Testing: VirusTotal
  • Online Malware Analysis Services

 

Detection Methods

  • Virus and Worms
  • Companion Antivirus
  • Anti-virus Tools

Sniffing Concepts

  • Wiretapping
  • Packet Sniffing
  • Sniffing Threats
  • How a Sniffer Works
  • Types of Sniffing Attacks
  • Passive Sniffing
  • Active Sniffing
  • Protocols Vulnerable to Sniffing
  • SPAN Port

 

MAC Attacks

  • MAC Flooding
  • MAC Address/CAM Table
  • How CAM Works
  • What Happens When CAM Table is Full?
  • Mac Flooding Switches with macof
  • MAC Flooding Tools
  • How to Defend against MAC Attacks

 

DHCP Attacks

  • How DHCP Works
  • DHCP Request/Reply Messages
  • IPv4 DHCP Packet Format
  • DHCP Starvation Attack
  • Rogue DHCP Server Attack
  • How to Defend Against DHCP Starvation and Rogue Server Attack

ARP Poisoning

  • What is Address Resolution Protocol (ARP)?
  • ARP Spoofing Techniques
  • ARP Spoofing Attack
  • How Does ARP Spoofing Work
  • Threats of ARP Poisoning
  • ARP Poisoning Tools
  • How to Defend Against ARP Poisoning
  • ARP Spoofing Detection: XArp

 

Spoofing Attack

  • Spoofing Attack Threats
  • MAC Spoofing/Duplicating
  • MAC Spoofing Technique: Windows
  • MAC Spoofing Tool: SMAC
  • IRDP Spoofing
  • How to Defend Against MAC Spoofing

 

DNS Poisoning

  • DNS Poisoning Techniques
  • Intranet DNS Spoofing
  • Proxy Server DNS Poisoning
  • DNS Cache Poisoning
  • How to Defend Against DNS Spoofing

Sniffing Tools

  • Sniffing Tool: Wireshark
  • Follow TCP Stream in Wireshark
  • Display Filters in Wireshark
  • Additional Wireshark Filters
  • Sniffing Tool: Tcpdump/Windump
  • Packet Sniffing Tool: Capsa Network Analyzer
  • Network Packet Analyzer: OmniPeek Network Analyzer
  • Network Packet Analyzer: Observer
  • Network Packet Analyzer: Sniff-O-Matic
  • Network Packet Analyzer: JitBit Network Sniffer
  • Chat Message Sniffer: MSN Sniffer 2
  • TCP/IP Packet Crafter: Colasoft Packet Builder
  • How an Attacker Hacks the Network Using Sniffers

 

Sniffer Detection Technique

  • How to Defend Against Sniffing
  • How to Detect Sniffing
  • Sniffer Detection Technique: Ping Method
  • Sniffer Detection Technique: ARP Method
  • Sniffer Detection Technique: DNS Method
  • Promiscuous Detection Tool: PromqryUI

Social Engineering Concepts

  • What is Social Engineering?
  • Behaviors Vulnerable to Attacks
  • Factors that Make Companies Vulnerable to Attacks
  • Why Is Social Engineering Effective?
  • Warning Signs of an Attack
  • Phases in a Social Engineering Attack
  • Impact on the Organization
  • “Rebecca” and “Jessica”
  • Common Targets of Social Engineering

Social Engineering Techniques

  • Introduction of Social Engineering
  • Types of Social Engineering
  • Human-based Social Engineering
  • Technical Support
  • Authority Support
  • Human base
  • Human base: Eavesdropping and Shoulder Surfing
  • Human base: Dumpster Diving
  • Computer based Attacks
  • Computer based Attacks: Pop-Ups
  • Computer based Attacks: Phishing
  • Computer based Attacks: Spear Phishing
  • Computer based Attacks: Using Social Media
  • Mobile based
  • Mobile based: Publishing Malicious Apps
  • Mobile based: Repackaging Legitimate Apps
  • Mobile based: Fake Security Applications
  • Mobile based: Using SMS
  • Insider Attack
  • Disgruntled Employee
  • Preventing Insider Threats
  • How to Detect Phishing Emails
  • Anti-Phishing Toolbar: Netcraft
  • Anti-Phishing Toolbar: PhishTank
  • Identity Theft

DoS/DDoS Concepts

  • What is a Denial of Service Attack?
  • What are Distributed Denial of Service Attacks?
  • How Distributed Denial of Service Attacks Work
  • Symptoms of a DoS Attack
  • Cyber Criminals
  • Organized Cyber Crime: Organizational Chart

 

DoS Attack Techniques

  • Bandwidth Attacks
  • Service Request Floods
  • SYN Attack
  • SYN Flooding
  • ICMP Flood Attack
  • Peer-to-Peer Attacks
  • Permanent Denial-of-Service Attack
  • Application Level Flood Attacks

Botnet

  • Botnet Propagation Technique
  • Botnet Ecosystem
  • Botnet Trojan: Shark
  • Poison Ivy: Botnet Command Control Center
  • Botnet Trojan: PlugBot
  • Botnet Trojans: Illusion Bot and NetBot Attacker

 

DDoS Case Study

  • DDoS Attack
  • DDoS Attack Tool: LOIC
  • Hackers Advertise Links to Download Botnet
  • DoS Attack Tools

Denial of Service Attack Detection Techniques

  • Activity Profiling
  • Wavelet Analysis
  • Sequential Change-Point Detection
  • Post-Attack Forensics
  • Techniques to Defend against Botnets
  • DoS/DDoS Protection at ISP Level
  • Enabling TCP Intercept on Cisco IOS Software
  • Advanced DDoS Protection Appliances

Introduction & fundamentals of Metasploit

  • Terminologies and Requirement of Metasploit
  • Metasploit Architecture
  • Mixins and Plugins
  • Msfconsole
  • Exploits in Metasploit
  • Important commands for Exploits usage
  • Payload Basics
  • Generating Different Payloads
  • Database in Metasploit
  • Meterpreter in Metasploit
  • Meterpreter usage in Metasploit

Information Gathering & Vulnerability scanning via Metasploit

  • Port scanning with Metasploit
  • Target mssql
  • Service information via Metasploit
  • SNMP sniffing
  • Psnuffel script in Metasploit
  • Custom scanner by user
  • SMB Login Check Scanner
  • Open VNC server scanning
  • WMAP web scanner in Metasploit
  • NeXpose scanner via Metasploit
  • Nessus usage and Metasploit

 

Exploit-payload Creation

  • Design Goals for an Exploit
  • mixins in exploit writing
  • Msfvenom
  • AN Shellcode

Client side Attacks

  • Binary Payloads
  • Trojans for linux via Metasploit
  • Malicious PDF file via Metasploit
  • After exploitation stuff
  • Privilege Escalation
  • Pass the hash attack
  • Session stealing attacks
  • Registry and backdoors in Metsploit
  • Packet sniffing with Metasploit
  • Bypassing the forensic investigation
  • Monitoring and searching the victim

 

Scripts, Meterpreter and Ruby extension

  • Automation of Meterpreter via rc scripts
  • Irb shell programming in Meterpreter
  • Backdooring the remote system
  • Keylogging the remote system
  • Metsvc exploitation
  • Persistence exploitation services
  • Introduction of Working with Firewalls
  • Understanding Firewalls
  • Firewall Architectures
  • Types of Firewalls
  • Evading Firewalls
  • Configuring Proxy
  • Evading Firewalls using Tunneling
  • Evading Firewalls using External Systems
  • Evading Firewalls using miTM Attacks
  • Firewalls Evation Tools
  • Firewall Bypassing & Penetration Testing
  • Firewalls Evation Tools Continued
  • Honeypots Defined
  • Types of Honeypots
  • Detecting Honepots
  • Honeypot using Atomic Software
  • Introduction to IDS
  • Intrusion Detection Systems
  • Introduction to Evading IDS
  • Encryption & Flooding
  • Obfuscating
  • Fragmentation Attacks
  • Overlapping Fragments
  • Points of Vulnerabilities in IDS
  • How to avoid IDS Demo
  • Insertion Attacks
  • Evasion Attacks
  • Denial of Service Attacks
  • Application Layer- Attacks
  • Time to Live Attacks
  • False Positive Generation
  • Urgency Flag
  • Session Splicing
  • Pre Connection SYN
  • Post Connection SYN
  • Snort
  • More tools
  • Ways to Detect
  • ADMmutate
  • Other Evading Tools
  • Centralized Security Management
  • IDS Penetration Testing