Summer Training Program 2013 CCSE V2.0 Certified Cyber...
Transcript of Summer Training Program 2013 CCSE V2.0 Certified Cyber...
Summer Training Program 2013
CCSE V2.0 Certified Cyber Security Expert Version 2.0
TechD Facts
• Incorporated in November 2009
• Established 5 Branch offices in India & 2 International Branches in 2 years
• Trained more than 25000 students, conducted 280 Workshops Including all IITs, NITs & Many colleges across India.
• Trained Professional from many reputed companies like Yahoo!,Google,ISACA,k7 Antivirus, Elitecore , Indian Oil, Temenos, ZOHO, HCL,TCS Infosys.
• Trained Investigation agencies of Gujarat, Maharashtra, Rajasthan, Tamilnadu, West Bengal.
TechD Facts
• Trained & Certified 2000 Students & Professionals for CCSE ( Certified Cyber Security
Expert) Course.
• Helped Top Investigating Agencies to Solve Ahmedabad & Mumbai blasts Cyber trails.
• Associated for an out reach program with the Major Technical festivals of IIT Bombay, Kanpur, NIT Bhopal, NIT Calicut, Jadavpur University Kolkata, and BITS Pilani Goa for giving authorized certification.
• Major VAPT Clients includes Sulekha.com, Cyberoam.
• Supported by Ministry of Home Affairs, Malaysia & CMO, Gujarat. • Developed our own Crypters, Trojans, RATS for demonstrations.
TechD Facts
• Sunny Vaghela (Director & CTO) is recipient of Rajiv Gandhi Young
Achiever’s Award. • TechDefence has been awarded as Best Ethical Hacking & Information
Security Company by NBC on 1st May’12 at Trident Hotel , Mumbai.
TechD Facts
• TechDefence has also been awarded as Best Ethical Hacking & Information Security Company of Western India by BIG Research & IBN 7.
• Nominated for World Education Awards into category of Private Sector Initiative for use of innovative Technology for skilled education
CCSE Contents
Module 1 : Cyber Ethics - Hackers & hacking methodologies • Types of hackers • Communities of Hackers • Malicious Hacker Strategies • Steps to conduct Ethical Hacking • Hiding your identity while performing attacks Module 2: Basic Network Terminologies • TCP / IP protocols • IP addresses • Classes of IP addresses • NAT • Proxies and VPN’s • SSH and putty
CCSE Contents
Module 3: Information Gathering & Footprinting • Whois information • Active / Passive information gathering • Information gathering using • Foot printing methodologies • Tools that aid in foot printing • Savitabhabhi.com case studies Module 4: Scanning & Enumeration
• Why scanning? • Types of scanning • Tools to aid in scanning • Nmap - The Godfather • Banner grabbing
CCSE Contents
Module 5: Trojans, Backdoors • How to control victim’s computer using Trojans • Binding Trojans with another file • Undetection process of Trojans from Antivirus • Removal of Trojans from your computer • Analysis of Trojans/Virus Module 6: Virus & Worms • Introduction to viruses • How they work? • Methods use to hide themselves and replicate themselves • Introduction to worms • Causes of worms • Method used to replicate themselves • Role of antivirus product and goat file
CCSE Contents
Module 7: Phishing & its Prevention
• Making phishing pages
• How to detect phishing pages
• Detecting Phishing Crimes
Module 8: System Hacking & Security
• Password cracking
• Privilege escalation
• Tools to aid in system hacking
• Understanding rootkits
• Clearing traces
• Countermeasures
CCSE Contents
Module 9: Social engineering & Honeypots
• Introduction • Laws of social engineering • Types of social engineering • Honeypots introduction • Types of honeypots • Setting up windows / Linux honeypot Module 10: Bot,Bots & DOS(Denial of Service) • Introduction to bots • Introduction to botnets and zombies • Botnet lifecycle • IRC bots • Customize your own bot
CCSE Contents
Module 11: Cryptography • Public-key Cryptography • Working of Encryption • Digital Signature • RSA & Example of RSA Algorithm • RC4, RC5, RC6, Blowfish • Algorithms and Security • Tools that aid in Cryptography Module 12: Google Hacking • Understanding how Google works • Google basic operators • Google advanced operators • Automated Google tools • How to use Google to find the desired website • How Google can aid in searching vulnerable website
CCSE Contents
Module 13: SQL Injection 1
• Web Application Overview
• Web Application Attacks
• OWASP Top 10 Vulnerabilities
• Putting Trojans on websites
• SQL injection attacks
• Executing Operating System Commands
• Getting Output of SQL Query
• Getting Data from the Database Using ODBC Error Message
• How to Mine all Column Names of a Table
• How to Retrieve any Data
• How to Update/Insert Data into Database
• SQL Injection in Oracle
• SQL Injection in MySql Database, 20 Hands on Demonstrations on real websites
CCSE Contents
Module 14: SQL Injection 2
• Attacking Against SQL Servers
• SQL Server Resolution Service (SSRS)
• SQL Injection Automated Tools
• MSSQL Injection
• Blind SQL Injection
• Preventing SQL Injection Attacks
Module 15: XSS – Cross Site Scripting
• Introduction to XSS & Types of XSS
• XSS worm and XSS shell
• Cookie grabbing
• Countermeasures
CCSE Contents
Module 16: Secure Coding Practices
• Why secure coding?
• Secure coding standards
• Secure coding methods
• Dissecting the source code
Module 17: Information Disclosure Vulnerabilities
• Introduction
• Setting up the correct chmod
• Protecting the sensitive server files
• Preventing the data loss
CCSE Contents
Module 18: Session Hijacking
• Introduction
• Types of session hijacking
• Tools that aid in session hijacking
• Countermeasures
Module 19:Hacking Web Servers
• Understanding IIS and apache
• How to use PHP and ASP backdoors
• What are local root exploits?
• Implementing web server security
• Patch management
CCSE Contents
Module 20: Vulnerability Assessment & Penetration Testing
• Introduction to VAPT
• Categories of security assessments
• Vulnerability Assessment
• Limitations of Vulnerability Assessment
• Penetration Testing
• Types of Penetration Testing
• Do-It-Yourself Testing
• Outsourcing Penetration Testing Services
• Terms of Engagement
• Project Scope & Pentest Service Level Agreements
• Testing points & Locations
• Automated & Manual Testing
CCSE Contents
Module 21: Assembly Language Basics
• Difference Assembly Language Vs High-level Language
• Assembly Language Compilers
• Understanding Instruction operands, Directive & preprocessor
• Interrupts , Interrupt handler, External interrupts and Internal interrupts Handlers
• Assembling the & Compiling the C code
• Linking the object files & Understanding an assembly listing file
• Big and Little Endian Representation, Skeleton File
• Working with Integers, Signed integers & Signed Magnitude
• Understanding Two’s Compliment, If statements, Do while loops
• Indirect addressing, Subprogram
• Understanding The Stack, SS segment& ESP
• The Stack UsageThe CALL and RET Instructions
CCSE Contents
Module 22 & Module 23: Buffer Overflows 1-2
• Introduction
• How BOF works
• Stack based buffer overflow
• Heap based buffer overflow
• Heap spray
• Understanding the shellcode
• Mapping the memory
• Fuzzing
• Countermeasures
CCSE Contents
Module 24: Exploit Writing
• Exploits Overview
• Prerequisites for Writing Exploits and Shellcodes
• Purpose of Exploit Writing
• Types of Exploits
• Tools that aid in writing Shellcode
• Issues Involved With Shellcode Writing
• Addressing problem
• Null byte problem
• System call implementation
CCSE Contents
Module 25: Reverse Engineering
• Introduction to RE
• Briefing OllyDbg
• Patching
• Cracking
• Keygening
• Countermeasures
Module 26: Firewalls, IDS, Evading IDS
• Introduction
• How to detect Intrusion
• Types of Intrusion
• Configuring IDPS
• Firewall and it’s types
• Evading Firewalls and IDS
CCSE Contents
Module 27: Wireless Hacking & Security
• Wireless Protocols
• Wireless Routers-Working
• Attacks on Wireless Routers
• Cracking Wireless routers password(WEP)
• Securing routers from Hackers
• Countermeasures
Module 28: Mobile, VoIP Hacking & Security
• SMS & SMSC Introduction
• SMS forging & countermeasures
• Sending & Tracking fake SMSes
• VoIP Introduction
• Installing VoIP Server & Forging Call using VoIP
CCSE Contents
Module 29: Introduction to Cyber Crime Investigation & IT ACT 2000
• Types of Cyber Crimes
• Reporting Cyber Crimes & Incidence response
• Introduction to IT Act 2000 & its sections
• Flaws in IT ACT,2000
• Investigation Methodologies & Case Studies
• Different Logging Systems.
• Investigating Emails ( Email Tracing)
• Ahmedabad Bomb Blasts Terror Mail case study
• Investigating Phishing Cases
• Investigating Data Theft Cases
• Investigating Orkut Profile Impersonation Cases
• Investigating SMS & Call Spoofing Cases
CCSE Contents
Module 30: Cyber Forensics
• Cyber Forensics
• Understanding Cyber Forensics
• Hands on Cyber Forensics on Hard Disks
• Preparing Cyber Forensics Reports
Module 31:Enterprise Information Security Management
• Establishment of ISMS
• Implementation ,Monitoring ,Review & Maintenance of ISMS
• Resource Management & Management Responsabilités.
• Internal Audits
• Selection of Appropriate Controls
• Corrective & Preventive Actions
CCSE Contents
Module 32 - 35: Project Work 1 , Project Work 2 & Final Exam.
• Training attendees will be getting exposures to live projects like Penetration testing, Creating own vulnerable penetration testing framework , Online Malware Scanners.
• Semi Final & Final Exam ( Online Hacking Challenge)
Total Hours: 80 hours
Training Duration : 30 – 45 Days.
Training Centers: Ahmedabad, Delhi , Hyderabad, Navsari