Introduction
Cyber security has become the prime concern for every service organization these days. Organizations, unacquainted with the cyber-attacks and the harm it can cause to the systems are falling prey to these attacks. Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe.
What is this course all about-
Introduction to the principles and techniques, which is associated with the cyber security practice known as penetration testing or ethical hacking. The course covers planning, reconnaissance, scanning, exploitation, post-exploitation, and result reporting. Student will discovers how system vulnerabilities can be exploited and learns to avoid such problems.
Why Cyber Security is so important-
International research and advisory firm Gartner Inc. predicts worldwide security spending will hit $96.3 billion in 2018, an 8% increase in just one year. These days, the need to shield information from malicious actors is a concern at the highest levels of business and government. Even small companies face threats if they don't keep their security strong. A recent survey from Nationwide Mutual Insurance Company in USA found that 58% of business owners with up to 299 employees had been victims of a cyber attack. Computer viruses and phishing were particularly common, but 12% had faced hacking as well, and 7%-more than one out of every 15 businesses-had suffered a data breach. The survey also found the companies ill-prepared to protect themselves. Less than half of them had plans in place to protect their employee or customer data.
Prerequisites-
- Basic knowledge on system administration.
- Basic network administration.
Students will get-
- Will understand the concepts of Cyber Security.
- Will have hands-on knowledge on how things work.
- How to protect data infrastructure from the predators of the Internet.
Methodology
This training will have Case Study, Hands-on LAB session, and Presentation.
Contents of Training:
0. Introduction to Cyber Security
0.1 ** Information security awareness
0.2 ** Need for security analysis
0.3 ** Penetration testing methodologies
0.4 ** Legal issues
0.5 ** Pre penetration testing step
1. Getting Started with Linux
1.1 -**‐ Command line & GUI utilities of Kali Linux
1.1.1 -**‐ Booting Up Kali Linux
1.1.2 -**‐ The Kali Menu
1.1.3 -**‐ Basic command line utilities
1.1.4 -**‐ Exercises
1.2 -**‐ Managing Linux Services
1.2.1 -**‐ SSH Service and log analysis
1.2.2 -**‐ DNS service and log analysis
1.2.3 -**‐ HTTP Service and log analysis
1.2.4 -**‐ FTP service and log analysis
1.2.5 ** Firewall service and log analysis
1.4 -**‐ Introduction to Bash Scripting
1.4.1 -**‐ Practical Bash Usage ** Example
1.4.2 -**‐ Exercises
2. - The Essential Tools ** Network analysis
2.1 -**‐ Netcat
2.1.1 -**‐ Connecting to a TCP/UDP Port
2.1.2 -**‐ Listening on a TCP/UDP Port
2.1.3 -**‐ Remote Administration with Netcat
2.1.4 -**‐ Exercises
2.2 -**‐ Wireshark
2.2.1 -**‐ Wireshark Basics
2.2.2 -**‐ Making Sense of Network Dumps
2.2.3 -**‐ Capture and Display Filters
2.2.4 -**‐ Following TCP Streams
2.2.5 -**‐ Exercises
3. - Passive Information Gathering
3.1 -**‐ Open Web Information Gathering
3.2 -**‐ Email Harvesting
3.3 -**‐ Additional Resources
3.3.1 -**‐ Netcraft
3.3.2 -**‐ Whois Enumeration
3.3.3 -**‐ Exercise
4. - Active Information Gathering
4.1 -**‐ DNS Enumeration
4.1.1 -**‐ Interacting with a DNS Server
4.1.2 -**‐ Automating Lookups
4.1.3 -**‐ Forward Lookup Brute Force
4.1.4 -**‐ Reverse Lookup Brute Force
4.1.5 -**‐ DNS Zone Transfers
4.1.6 -**‐ Relevant Tools in Kali Linux
4.1.7 -**‐ Exercises
4.2 -**‐ Port Scanning
4.2.1 -**‐ TCP CONNECT / SYN Scanning
4.2.2 -**‐ UDP Scanning
4.2.3 -**‐ Common Port Scanning Pitfalls
4.2.4 -**‐ Port Scanning with Nmap
4.2.5 -**‐ OS Fingerprinting
4.2.6 -**‐ Banner Grabbing/Service Enumeration
4.2.7 -**‐ Nmap Scripting Engine (NSE)
4.2.8 -**‐ Exercise
4.3 -**‐ SMTP Enumeration
4.3.1 -**‐ Exercise
4.4 -**‐ SNMP Enumeration
4.4.1 -**‐ MIB Tree
4.4.2 -**‐ Scanning for SNMP
4.4.3 -**‐ Windows SNMP Enumeration Example
4.4.4 -**‐ Exercises
5. - Vulnerability Scanning
5.1 -**‐ Vulnerability Scanning with Nmap
5.2 -**‐ The OpenVAS nad Nessus Vulnerability Scanner
5.2.1 -**‐ OpenVAS and Nessus Initial Setup
5.2.2 -**‐ Exercises
6. - Buffer Overflows
6.1 -**‐ Fuzzing
6.1.1 -**‐ Vulnerability History
6.1.2 -**‐ A Word About DEP and ASLR
6.1.3 -**‐ Interacting with the POP3 Protocol
6.1.4 -**‐ Exercise
7. - Linux Buffer Overflow Exploitation
7.1 -**‐ Setting Up the Environment
7.2 -**‐ Crashing Crossfire
7.2.1 -**‐ Exercise
7.3 -**‐ Controlling EIP
7.4 -**‐ Finding Space for Our Shellcode
7.5 -**‐ Improving Exploit Reliability
7.6 -**‐ Discovering Bad Characters
7.6.1 -**‐ Exercises
7.7 -**‐ Finding a Return Address
7.8 -**‐ Getting a Shell
7.8.1 -**‐ Exercise
8. - Privilege Escalation
8.1 -**‐ Privilege Escalation Exploits
8.1.1 -**‐ Local Privilege Escalation Exploit in Linux Example
8.1.2 -**‐ Local Privilege Escalation Exploit in Windows Example
8.2 -**‐ Configuration Issues
8.2.1 -**‐ Incorrect File and Service Permissions
8.2.2 -**‐ Think Like a Network Administrator
8.2.3 -**‐ Exercises
9. - Web Application Attacks
9.1 -**‐ Cross Site Scripting (XSS)
9.1.1 -**‐ Browser Redirection and IFRAME Injection
9.1.2 -**‐ Stealing Cookies and Session Information
9.1.3 -**‐ Exercises
9.2 -**‐ File Inclusion Vulnerabilities
9.2.1 -**‐ Local File Inclusion
9.2.2 -**‐ Remote File Inclusion
9.3 -**‐ MySQL SQL Injection
9.3.1 -**‐ Authentication Bypass
9.3.2 -**‐ Enumerating the Database
9.3.3 -**‐ Column Number Enumeration
9.3.4 -**‐ Understanding the Layout of the Output
9.3.5 -**‐ Extracting Data from the Database
9.3.6 -**‐ Leveraging SQL Injection for Code Execution
9.4 -**‐ Automated SQL Injection Tools
9.4.1 -**‐ Exercises
10. - Password Attacks
10.1 -**‐ Preparing for Brute Force
10.1.1 -**‐ Dictionary Files
10.1.2 -**‐ Key-**‐space Brute Force
10.1.3 -**‐ Pwdump and Fgdump
10.1.4 -**‐ Windows Credential Editor (WCE)
10.1.5 -**‐ Exercises
10.1.6 -**‐ Password Profiling
10.1.7 -**‐ Password Mutating
10.2 -**‐ Online Password Attacks
10.2.1 -**‐ Hydra, Medusa, and Ncrack
10.2.2 -**‐ Choosing the Right Protocol: Speed vs. Reward
10.2.3 -**‐ Exercises
10.3 -**‐ Password Hash Attacks
10.3.1 -**‐ Password Hashes
10.3.2 -**‐ Password Cracking
10.3.3 -**‐ John the Ripper
10.3.4 -**‐ Rainbow Tables
10.3.5 -**‐ Passing the Hash in Windows
10.3.6 -**‐ Exercises
11. - Port Redirection and Tunneling
11.1 -**‐ Port Forwarding/Redirection
11.2 -**‐ SSH Tunneling
11.2.1 -**‐ Local Port Forwarding
11.2.2 -**‐ Remote Port Forwarding
11.2.3 -**‐ Dynamic Port Forwarding
12. - The Metasploit Framework
12.1 -**‐ Metasploit User Interfaces
12.2 -**‐ Setting up Metasploit Framework on Kali
12.3 -**‐ Exploring the Metasploit Framework
12.4 -**‐ Auxiliary Modules
12.4.1 -**‐ Getting Familiar with MSF Syntax
12.4.2 -**‐ Metasploit Database Access
12.4.3 -**‐ Exercises
12.5 -**‐ Exploit Modules
12.5.1 -**‐ Exercises
12.6 -**‐ Metasploit Payloads
12.6.1 -**‐ Staged vs. Non-**‐Staged Payloads
12.6.2 -**‐ Meterpreter Payloads
12.6.3 -**‐ Experimenting with Meterpreter
12.6.4 -**‐ Executable Payloads
12.6.5 -**‐ Reverse HTTPS Meterpreter
12.6.6 -**‐ Metasploit Exploit Multi Handler
12.6.7 -**‐ Revisiting Client Side Attacks
12.6.8 -**‐ Exercises
12.7 -**‐ Building Your Own MSF Module
12.7.1 -**‐ Exercise
12.8 -**‐ Post Exploitation with Metasploit
12.8.1 -**‐ Meterpreter Post Exploitation Features
12.8.2 -**‐ Post Exploitation Modules
13. ** Penetration testing reports & post testing actions
13.1 ** Write up the finding and remedies
13.2 ** Real world case studies.
Bdjobs Android App
Facebook
Google
Youtube
