Professional Training on Cyber Security training centre in Bangladesh

New
EMI EASY PAY

Professional Training on Cyber Security

Introduction

Cybersecurity has become the prime concern for every service organization these days. Organizations, unacquainted with the cyber-attacks and the harm it can cause to the systems are falling prey to these attacks. Cyber security consists of all the technologies and practices that keep computer systems and electronic data safe.

What is this course all about-

Introduction to the principles and techniques, which is associated with the cybersecurity practice known as penetration testing or ethical hacking. The course covers planning, reconnaissance, scanning, exploitation, post-exploitation, and result reporting. Student will discovers how system vulnerabilities can be exploited and learns to avoid such problems.

Why Cyber Security is so important-

International research and advisory firm Gartner Inc. predicts worldwide security spending will hit $96.3 billion in 2018, an 8% increase in just one year. These days, the need to shield information from malicious actors is a concern at the highest levels of business and government. Even small companies face threats if they don't keep their security strong. A recent survey from Nationwide Mutual Insurance Company in USA found that 58% of business owners with up to 299 employees had been victims of a cyber-attack. Computer viruses and phishing were particularly common, but 12% had faced hacking as well, and 7%-more than one out of every 15 businesses-had suffered a data breach. The survey also found the companies ill-prepared to protect themselves. Less than half of them had plans in place to protect their employee or customer data.

Prerequisites-

- Basic knowledge on system administration.
- Basic network administration.
- Basic understanding of Internet world.

Students will get-

- Will understand the concepts of Cyber Security.
- Will have hands-on knowledge on how things work.
- How to protect data infrastructure from the predators of the Internet.

Methodology

This training will have Case Study, Hands-on LAB session, and Presentation.

Contents of Training:

0. Introduction to Cyber Security

0.1 – Information security awareness
0.2 – Need for security analysis
0.3 – Penetration testing methodologies
0.4 – Legal issues
0.3 – Pre penetration testing steps

1. Getting Started with Kali Linux

1.1 - Command line & GUI utilities Kali
1.1.1 - Booting Up Kali Linux
1.1.2 - The Kali Menu
1.1.3 - Find, Locate grep, which, and basic command line utilities
1.1.4 - Exercises

1.2 - Managing Kali Linux Services
1.2.1 - Default root Password
1.2.2 - SSH Service
1.2.3 - HTTP Service
1.2.4 - Exercises

1.3 - The Bash Environment – Basic to Advance

1.4 - Introduction to Bash Scripting
1.4.1 - Practical Bash Usage – Example 1
1.4.2 - Practical Bash Usage – Example 2
1.4.3 - Exercises

2. - The Essential Tools – Network analysis

2.1 - Netcat
2.1.1 - Connecting to a TCP/UDP Port
2.1.2 - Listening on a TCP/UDP Port
2.1.3 - Remote Administration with Netcat
2.1.4 - Exercises

2.2 - Wire shark
2.2.1 - Wire shark Basics
2.2.2 - Making Sense of Network Dumps
2.2.3 - Capture and Display Filters
2.2.4 - Following TCP Streams
2.2.5 - Exercises

2.3 – TCP Dump
2.3.1 - Filtering Traffic
2.3.2 - Advanced Header Filtering
2.3.3 - Exercises

3. - Passive Information Gathering

3.1 - Open Web Information Gathering
3.1.1 - Google
3.1.2 - Google Hacking
3.1.3 - Exercises

3.2 - Email Harvesting
3.2.1 - Exercise

3.3 - Additional Resources
3.3.1 - Netcraft
3.3.2 - Whois Enumeration
3.3.3 - Exercise

4. - Active Information Gathering

4.1 - DNS Enumeration
4.1.1 - Interacting with a DNS Server
4.1.2 - Automating Lookups
4.1.3 - Forward Lookup Brute Force
4.1.4 - Reverse Lookup Brute Force
4.1.5 - DNS Zone Transfers
4.1.6 - Relevant Tools in Kali Linux
4.1.7 - Exercises

4.2 - Port Scanning
4.2.1 - TCP CONNECT / SYN Scanning
4.2.2 - UDP Scanning
4.2.3 - Common Port Scanning Pitfalls
4.2.4 - Port Scanning with Nmap
4.2.5 - OS Fingerprinting
4.2.6 - Banner Grabbing/Service Enumeration
4.2.7 - Nmap Scripting Engine (NSE)
4.2.8 - Exercises

4.3 - SMB Enumeration
4.3.1 - Scanning for the NetBIOS Service
4.3.2 - Null Session Enumeration
4.3.3 - Nmap SMB NSE Scripts
4.3.4 - Exercises

4.4 - SMTP Enumeration
4.4.1 - Exercise

4.5 - SNMP Enumeration
4.5.1 - MIB Tree
4.5.2 - Scanning for SNMP
4.5.3 - Windows SNMP Enumeration Example
4.5.4 - Exercises

5. - Vulnerability Scanning

5.1 - Vulnerability Scanning with Nmap
5.2 - The Open VAS Vulnerability Scanner
5.2.1 – Open VAS Initial Setup
5.2.2 - Exercises

6. - Buffer Overflows

6.1 - Fuzzing
6.1.1 - Vulnerability History
6.1.2 - A Word About DEP and ASLR
6.1.3 - Interacting with the POP3 Protocol
6.1.4 - Exercises

7. - Linux Buffer Overflow Exploitation

7.1 - Setting Up the Environment
7.2 - Crashing Crossfire
7.2.1 - Exercise

7.3 - Controlling EIP
7.4 - Finding Space for Our Shell-code
7.5 - Improving Exploit Reliability
7.6 - Discovering Bad Characters
7.6.1 - Exercises

7.7 - Finding a Return Address
7.8 - Getting a Shell
7.8.1 - Exercise

8. - Working with Exploits

8.1 - Searching for Exploits
8.1.1 - Finding Exploits in Kali Linux
8.1.2 - Finding Exploits on the Web

8.2 - Customizing and Fixing Exploits
8.2.1 - Setting Up a Development Environment
8.2.2 - Dealing with Various Exploit Code Languages
8.2.3 - Exercises

9. - Privilege Escalation

9.1 - Privilege Escalation Exploits
9.1.1 - Local Privilege Escalation Exploit in Linux Example
9.1.2 - Local Privilege Escalation Exploit in Windows Example

9.2 - Configuration Issues
9.2.1 - Incorrect File and Service Permissions
9.2.2 - Think like a Network Administrator
9.2.3 - Exercises

10. - Client Side Attacks

10.1 - Know the Target
10.1.1 - Passive Client Information Gathering
10.1.2 - Active Client Information Gathering
10.1.3 - Social Engineering and Client Side Attacks
10.1.4 - Exercises

11. - Web Application Attacks

11.1 - Cross Site Scripting (XSS)
11.1.1 - Browser Redirection and IFRAME Injection
11.1.2 - Stealing Cookies and Session Information
11.1.3 - Exercises

11.2 - File Inclusion Vulnerabilities
11.2.1 - Local File Inclusion
11.2.2 - Remote File Inclusion

11.3 - MySQL SQL Injection
11.3.1 - Authentication Bypass
11.3.2 - Enumerating the Database
11.3.3 - Column Number Enumeration
11.3.4 - Understanding the Layout of the Output
11.3.5 - Extracting Data from the Database
11.3.6 - Leveraging SQL Injection for Code Execution

11.4 - Automated SQL Injection Tools
11.4.1 - Exercises

12. - Password Attacks

12.1 - Preparing for Brute Force
12.1.1 - Dictionary Files
12.1.2 - Key-space Brute Force
12.1.3 - Pwdump and Fgdump
12.1.4 - Windows Credential Editor (WCE)
12.1.5 - Exercises
12.1.6 - Password Profiling
12.1.7 - Password Mutating

12.2 - Online Password Attacks
12.2.1 - Hydra, Medusa, and Ncrack
12.2.2 - Choosing the Right Protocol: Speed vs. Reward
12.2.3 - Exercises

12.3 - Password Hash Attacks
12.3.1 - Password Hashes
12.3.2 - Password Cracking
12.3.3 - John the Ripper
12.3.4 - Rainbow Tables
12.3.5 - Passing the Hash in Windows
12.3.6 - Exercises

13. - Port Redirection and Tunneling

13.1 - Port Forwarding/Redirection
13.2 - SSH Tunneling
13.2.1 - Local Port Forwarding
13.2.2 - Remote Port Forwarding
13.2.3 - Dynamic Port Forwarding

14. - The Metasploit Framework

14.1 - Metasploit User Interfaces
14.2 - Setting up Metasploit Framework on Kali
14.3 - Exploring the Metasploit Framework

14.4 - Auxiliary Modules
14.4.1 - Getting Familiar with MSF Syntax
14.4.2 - Metasploit Database Access
14.4.3 - Exercises

14.5 - Exploit Modules
14.5.1 - Exercises

14.6 - Metasploit Payloads
14.6.1 - Staged vs. Non-¬‐Staged Payloads
14.6.2 - Meterpreter Payloads
14.6.3 - Experimenting with Meterpreter
14.6.4 - Executable Payloads
14.6.5 - Reverse HTTPS Meterpreter
14.6.6 - Metasploit Exploit Multi Handler
14.6.7 - Revisiting Client Side Attacks
14.6.8 - Exercises

14.7 - Building Your Own MSF Module
14.7.1 - Exercise

14.8 - Post Exploitation with Metasploit
14.8.1 - Meterpreter Post Exploitation Features
14.8.2 - Post Exploitation Modules

15. – Penetration testing reports & post testing actions

15.1 – Write up the finding and remedies
15.2 – Real world case studies.

Related Courses

Price 6,000 Tk + VAT
Muhammad Rabiul
  • 18 Jul - 7 Aug 2019

The course has designed to become familiar with an ...

IT
Mostofa Monower
  • 19 Jul - 3 Aug 2019

This training program builds upon advanced level knowledge ...

IT
Md. Rabiul Islam
  • 25 Jul - 25 Aug 2019

This Data Science course will cover the whole data life ...

IT
Course at Chattogram
Price 5,000 Tk + VAT
Fakharul Abedin (MCSA
  • 26 - 27 Jul 2019 (2 Days Long)

Hands on Training with Practical using of different tools ...

IT
- System Admin
- Network Admin
- Developer
- DevOps Engineer
- Anyone who has interest in getting into the world of Cyber Security