Hacking Defined Experts course

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Hacking Defined Experts course"

Transcription

1 Hacking Defined Experts course Cycle No 39 Academic Advisor: Mr Avi Weissman The course opens in Tel - Aviv: December 11 th, 2012, on Tuesday (evening) and Friday (morning) Cybernetic Attack Techniques course for applicants with Code or IT background Introduction The Cyber attack domain (or information warfare or cyber warfare or penetration testing) is definitely one of the most fascinating technological fields in the world of information security and cyber warfare Of the 5 worlds of InfoSec this field holds an up most importance and is most suitable for those with technical talent and creativity 2003 to 2012: A Decade of Excellence in Cyber Attack Specialists' Training The Hacking Defined Experts program was launched to give a solution for advanced cyber attack information and understanding The emphasis was on learning the techniques and comprehending the methodology rather than basing it on tools alone The advances of information security and technology rendered most tools as obsolete and some even useless when today, a more comprehensive understanding of the technology involved is more important and vital A hacker must use a multi disciplinary approach combining knowledge and creativity Automated tools all have known signatures and techniques nowadays making most of them not only obsolete, but actually damaging to the attack sequence triggering alarm, IDSs and IPSs In a world which hackers were accounted for the 'toolkit' they are using, today knowledge makes the difference The ability to understand a system, research for vulnerabilities and harvesting an arsenal of zero-day vulnerabilities, toolkits such as Back Track and Black Ubuntu became a free-easy-access system which does not make a hacker Hacking Defined Experts is built in way to bring an IT professional to a point where he/she is able o conduct a Penetration test from start to end mastering all required techniques The scenarios, class works and lab time are all built on real world scenarios which our penetration testers have encountered while testing an organization This training course is built, unlike the Certified Ethical Hacker certification, to be non-ethical It covers tools, methods, techniques from the point of reconnaissance, reverse engineering, network penetration, privilege escalation and onto a report writing methodology which is a significant part of a penetration tester's daily routine In the training, we will learn things which are more practice such as building Trojans and backdoors and spoofing mails to use real world attack scenarios on an organization Since the establishment of the Hacking Defined Experts series, hundreds of assault specialists and security experts have been trained If you cannot register to this program Be sure to check the program open to all - Ethical intended for the CEH exams preparation, and

2 Contact your guidance counselor The purpose of the program Train professionals to the world of ethical hacking, in attacking System, Network, Mobile, attacking applications and Web applications, and in the field of Reverse Engineering The professors teaching these courses are among Israel's leading hacker community Target Audience The course is intended for students with practical knowledge in Information Infrastructure (Operating Systems, Communication and basic knowledge in Security tools and basic technologies) Also graduates and post graduates in Computer Sciences, Software/Hardware engineers, software engineering \ hardware, preferably with the ability to develop code This track is not suitable for beginners Are you a beginner? Contact our advisor for guidance for personal development in this area Terms of acceptance 1 The course is designed for those holding a network management background in Windows or Linux or security information or software development Requires knowledge of Windows, Linux, TCP / IP, Web and services such as HTTP, SMTP, FTP, DNS 2 Willingness to put in a large amount of hours from home, learning Independently (about 400 hours of home study) 3 Personal interview Scope of program 20 sessions (Tuesday evening 17:30 to 21:00 and Friday morning 9:00 to 12:30) Classes are held on the See Security campus in Ramat Gan The course is opened about three times a year Cost (for the course opening on December 2012) Total 13,500 Nis Nis registration fee For further information and details contact: Elvira Eliseev, , Eligibility All students are required to be present in a minimum of 80% of the meetings, and are required to pass all tests / projects (rated at least 70 and above is considered a passing score on the tests and projects) Meeting these requirements will grant you a "Hacking Defined Expert" certification granted by the See Security collage

3 Additional information The program was built for practical knowledge The program enables the acquirement of a Cyber Warfare level-2 certification The opening of the class depends on the number of registrants Registration fees are not refundable, except in the case of failure to open the program by the College Registration fee and any external tests are not included in the tuition The college brings to the attention of applicants and students that there may be changes in the array program, curriculum and exam dates or any other subject Notices of any change will be given to all participants Course syllabus 1 Chapter A Introduction 11 Hacking History 12 Hacking Today 13 Hacking Terminology 14 Ethical Hacking 15 Characteristics of an Attacker 16 Attackers' Thinking 17 Encryption Chapter B Course Toolkit 21 Python 22 Perl 23 Backtrack 231 Basic Backtrack environment 232 Linux introduction and understanding 233 Configuring Networking manually 234 Backtrack services and features 3 Chapter C Reconnaissance 31 Introduction to Reconnaissance 311 Goals 312 General understanding 32 OSINT 321 Google hacking and dorks 322 Site mapping 323 Maltego work environment 324 General relevant information 325 Whois Interrogation 3251 IP assignments with ARIN 3252 Client 3253 Methodology 326 Other online research methods 33 Organization details 34 Enumeration 341 SMTP enumeration 342 SNTP enumeration 343 NetBIOS enumeration 344 MS Session Management 345 Listing usernames on Windows XP via Null Session 346 VRFY 347 EXPN 348 Banner grabbing 349 tracerouting 3410 whatweb 3411 fierce 3412 DNS interrogation 3413 Reverse DNS interrogation 3414 Nslookup 3415 MX/NS enumeration 3416 Zone transferring 3417 DNS Name Bruteforce 3418 Port scanning Regular scan Decoy Scanning XMAS scan Spoofed scan MAC spoofing Zombie scan SYN scan ACK scan UDP scan 3419 OS fingerprinting 3420 Service fingerprinting 3421 Load Balancer De-multiplexing 3422 Low technology reconnaissance 3423 Path determination 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972)

4 3424 IDS / IPS detection 4 Chapter D Network Penetration 41 Traffic analysis 472 Hydra + Hydra-GTK 42 TCPDump 4721 Using Hydra 43 Sniffers 4722 CISCO router/switch bruteforce 44 Wireshark 4723 SMB password bruteforcing 441 Introduction 4724 FTP password bruteforce 442 Following streams 4725 POP3 password bruteforce 443 Analyzing data 4726 HTTP over SSL bruteforce 444 Mining and picking 473 Offline Attacks 445 Packet structures 474 Password Dumping 446 VoIP building 475 Physical Access 45 Traffic Interception and Manipulation 48 NetCat 451 Forging packets 481 Port scanning with NetCat 452 MITM attacks 482 Port forwarding with NetCat 4521 ARP poisoning 483 Backdoor (Bind Shell) 4522 Ettercap manipulation 484 Backdoor (Reverse Shell) 4523 Scripting for ettercap 485 Transferring files with NetCat 486 Using NetCat as a honeypot 46 DOS / DDOS 461 Methods of attack 49 RPC Enumeration 462 Nuke attacks 410 PS Executable 463 Buffer overflow DOS 411 Dameware 464 Flooding 412 VNC 465 SYN floods 466 Smurf Floods 467 Banana attacks 413 Radmin 414 BITS Background intelligent Transfer 415 Vulnerability Scanners 468 Effects of DoS 4151 Shadow Security Scanner 469 Where can it be used in a 'good' way 4152 Accunetix 47 Password Attacks 4153 Nessus 471 Online Brute Forcing Attacks 4154 Core Impact 5 Chapter E Wireless Penetration 51 RFID 511 Understanding RFID 512 Communicaation via RFID 513 Cracking and maintaining 52 Wi-Fi 521 Introduction 522 Understanding 80211x 523 Introduction to Tools 5231 airmon-ng 5232 airodump-ng 5233 aireplay-ng 5234 airebase-ng 5235 kismet 5236 gerix 524 Cracking Encryptions 5241 WEP 5242 WPA 5243 WPA WPS 525 WPS reaver 526 Bypassing MAC filtering 527 Rouge Access Point 528 Netstumbler 53 Bluetooth 531 Enumeration 532 Basic tools 533 Bypassing security codes 534 False associations and connections 6 Chapter F Web and Web Application Penetration 61 Introduction 611 HTML 612 Javascript 613 PHP 614 ASP 615 Web Terminology 6151 User agent 6152 Web Server 616 Web Attack Vectors 617 OWASP Top Tools 621 Firebug 622 Tamper Data 623 Paros 624 WebSCrab 625 Dirbuster 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972)

5 626 Fuzzers 627 Webshag 628 W3AF 63 Web Attacks 631 SQL Injection 6311 Introduction 6312 Blind 6313 Error based 6314 Information 632 XSS 6321 CSRF 6322 DOM based 6323 Stored 6324 Dynamic 633 Directory listing 634 Broken Authentication 635 Failure to restrict URLs 636 Insecure storage 637 Mal-configuration of Permissions 638 Changing User-Agent 639 File upload 6310 LFIs 6311 RFIs 6312 PHP shell files 6313 Sessions HiJacking 6314 Sessions SideJacking 6315 HTTP poisoning 6316 Cross-Site Cooking 6317 Session Fixiation 7 Chapter G Vulnerability World 71 Introduction 711 What is a vulnerability 712 Types of vulnerabilities Days 72 Buffer Over Flows 721 Introduction 722 Finding bugs 723 Case Studies 724 Verifying the overflow in the STOR 725 Which bytes overwritten EIP 726 Diving Deeper 727 Shell Code 73 Metasploit Framework 731 MSF Console 732 MSF Web 733 MSF CLI 734 Meterpreter 735 Meterpreter Commands 736 Payloads 737 Auxillary 738 Modules 739 Write an example in Ruby 74 General 741 Client side attacks 742 Internet Explorer remote code execution 743 IE Object type Overflow 744 Windows JPEG GDI 745 IR COM Objects file download exploit 746 WMF Client Side 75 Mobile Exploitation 751 Exploiting Mobile Devices 7511 Analyzing Mobile Oss 7512 Exploiting ios 7513 Exploiting Android 7514 Capabilities 752 Exploiting from Mobile Devices 7521 ANTI 7522 Wiggle 7523 FaceNiff 7524 DroidSheep 7525 Fing 7526 WiFiKill 8 Chapter H Virology and HouseKeeping 81 Thinking Security 811 Principels 812 Log Files 813 Unix 814 Windows 82 The Zoo 821 Trojan horses 822 Native Backdoors 823 Keylogger 8231 Physical Keyloggers 8232 Software Keyloggers 824 Root Kits 8241 Memory based root kit 8242 User Mode Root Kit 8243 Kernel mode root kit 8244 BIOS root kit 8245 Root kit in action: HXDEF 825 Windows Quirks 8251 Registry bugs 8252 NTFS alternate Data stream 826 Antivirus avoidance 9 Chapter I Software Security 91 Software Security Basics 911 Bad software 912 Complexity 913 Program Flaws 92 OS Security 921 What is An Operating System? 922 The Goals of the OS 923 Kernel and Kernel Mode 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972)

6 924 The OS Layers 925 Windows Architecture 926 HAL 927 Resource Allocation 928 Processes 929 MultiTasking 9210 Thread 9211 Scheduling 9212 Autoruns 93 Hooking 931 Windows API 932 What is Hooking? 933 Windows API Hooking 934 Windows API Logger 935 Monitoring Windows API 936 Process Monitor 10 Chapter J Reverse Engineering 101 Introduction 1011 What is reverse engineering 1012 Static analysis 1013 Dynamic Analysis 1014 Reverse Engineering Tools IDA ollydebug WinDBG Cheat Engine 1015 IA-32 Instruction Set 1016 File formats 102 The Actual Deal 1021 Integer Over Flows 1022 Stack Buffer Over Flow 1023 Heap overflow 1024 Access Control Systems 1025 Anti-Debugging 4 Maale' Hshachar St Ramat-Gan 52383, Israel Tel: +(972) , Fax: +(972)

7 לכבוד המכללה לאבטחת מידע וללוחמת מידע שיא סקיוריטי טכנולוג'יז בע"מ רמת-גן פקס: נא לרשום אותי לתוכנית הלימודים ברמת גן Hacking Defined Expert פרטים אישיים: שם משפחה כתובת פרטית טל' בבית: קורס שם פרטי טל' נייד תז פקס שנת לידה כתובת E mail מקום עבודה: שם החברה לתשלום (נא סמן בחירתך): טל' תפקיד דמי רישום (חובה בכל מקרה) שכר לימוד בסך מצ"ב שיק מס' ע"ס - מקדמה (בגובה 10% משכר הלימוד) (ניתן לשלם עד תשלומים בהמחאות דחויות) (את ההמחאות יש לרשום לפקודת שיא סקיוריטי בע"מ) מצ"ב מכתב התחייבות המעסיק, אם הינך ממומן על ידו (1) יודפס ע"ג נייר לוגו (2) בציון מספר חפ של החברה, (3) לתשלום שוטף + 30 ממועד הפתיחה לכל היותר) נא לחייב כרטיס אשראי בתוקף עד: בתשלום אחד ב- תשלומים (עד 18 תשלומים בקרדיט) ב- תשלומים ללא ריבית שם בעל הכרטיס תז בעל הכרטיס תא' לידה של בעל הכרטיס כתובת בעל הכרטיס, המעודכנת בחברת האשראי טלפון בעל הכרטיס, המעודכן בחב' כרטיסי האשראי שם בנק+סניף הבנק בו מנוהל חשבון כרטיס האשראי דמי ההרשמה אינם מוחזרים, אלא במקרה של אי פתיחת התכנית על ידי המכון וSecurity See דמי ההרשמה אינם כלולים בשכר הלימוד יש לוודא כי התשלומים יסתיימו עד למועד סיום הקורס תאריך: חתימה: שיא א סקיוריטי טכנולוג'י בע"מ חפ: ספק משהב"ט: 83/168200

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting

https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting https://elearn.zdresearch.com https://training.zdresearch.com/course/pentesting Chapter 1 1. Introducing Penetration Testing 1.1 What is penetration testing 1.2 Different types of test 1.2.1 External Tests

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or

More information

CEH Version8 Course Outline

CEH Version8 Course Outline CEH Version8 Course Outline Module 01: Introduction to Ethical Hacking Information Security Overview Information Security Threats and Attack Vectors Hacking Concepts Hacking Phases Types of Attacks Information

More information

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Learn Ethical Hacking, Become a Pentester

Learn Ethical Hacking, Become a Pentester Learn Ethical Hacking, Become a Pentester Course Syllabus & Certification Program DOCUMENT CLASSIFICATION: PUBLIC Copyrighted Material No part of this publication, in whole or in part, may be reproduced,

More information

SONDRA SCHNEIDER JOHN NUNES

SONDRA SCHNEIDER JOHN NUNES TECHNOLOGY TRANSFER PRESENTS SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE MAY 21-25, 2007 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

[CEH]: Ethical Hacking and Countermeasures

[CEH]: Ethical Hacking and Countermeasures [CEH]: Ethical Hacking and Countermeasures Length Audience(s) Delivery Method : 5 days : This course will significantly benefit security officers, auditors, security professionals, site administrators,

More information

EC Council Certified Ethical Hacker V8

EC Council Certified Ethical Hacker V8 Course Code: ECCEH8 Vendor: Cyber Course Overview Duration: 5 RRP: 2,445 EC Council Certified Ethical Hacker V8 Overview This class will immerse the delegates into an interactive environment where they

More information

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours Ethical Hacking and Information Security Duration Detailed Module Foundation of Information Security Lecture with Hands On Session: 90 Hours Elements of Information Security Introduction As technology

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

McAfee Certified Assessment Specialist Network

McAfee Certified Assessment Specialist Network McAfee Certified Assessment Specialist Network Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The

More information

Network Attacks and Defenses

Network Attacks and Defenses Network Attacks and Defenses Tuesday, November 25, 2008 Sources: Skoudis, CounterHack; S&M Chapter 5 (including many images) CS342 Computer Security Department of Computer Science Wellesley College Networks

More information

Ethical Hacking as a Professional Penetration Testing Technique

Ethical Hacking as a Professional Penetration Testing Technique Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

RMAR Technologies Pvt. Ltd.

RMAR Technologies Pvt. Ltd. Course Name : StartXHack V2.0 Ethical Hacking & Cyber Security Course Duration : 2 Days (8Hrs./day) Course Fee : INR 1000/participant Course Module : 1. Introduction to Ethical Hacking a. What is Ethical

More information

FSP-201: Ethical Hacking & IT Security

FSP-201: Ethical Hacking & IT Security FSP-201: Ethical Hacking & IT Security Session 2015-16 OVERVIEW ABOUT SIFS INDIA COURSE INTRODUCTION ENTRY REQUIREMENTS HOW TO APPLY FEE STRUCTURE COURSE MODULES CAREER PROSPECTS LIBRARY TRAINING & INTERNSHIP

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led Course Description This class will immerse the student into an interactive environment where they will

More information

Web App Security Audit Services

Web App Security Audit Services locuz.com Professional Services Web App Security Audit Services The unsecured world today Today, over 80% of attacks against a company s network come at the Application Layer not the Network or System

More information

Course Content: Session 1. Ethics & Hacking

Course Content: Session 1. Ethics & Hacking Course Content: Session 1 Ethics & Hacking Hacking history : How it all begin Why is security needed? What is ethical hacking? Ethical Hacker Vs Malicious hacker Types of Hackers Building an approach for

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs

Network Security. 1 Pass the course => Pass Written exam week 11 Pass Labs Network Security Ola Lundh ola.lundh@hh.se Schedule/ time-table: landris.hh.se/ (NetwoSec) Course home-page: hh.se/english/ide/education/student/coursewebp ages/networksecurity cisco.netacad.net Packet

More information

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Course number: CFED Length: 5 days Certification Exam This course will help you prepare for the following exams: CCE --

More information

Certified Penetration Testing Engineer

Certified Penetration Testing Engineer Training Days: 5 Overview The Certified Penetration Testing Engineer course trains students on the 5 key elements of penetration testing: information gathering, scanning, enumeration, exploitation and

More information

Certified Cyber Security Expert V 2.0 + Web Application Development

Certified Cyber Security Expert V 2.0 + Web Application Development Summer Training Program Certified Cyber Security Expert V + Web Application Development A] Training Sessions Schedule: Modules Ethical Hacking & Information Security Particulars Duration (hours) Ethical

More information

Course Title: Course Description: Course Key Objective: Fee & Duration:

Course Title: Course Description: Course Key Objective: Fee & Duration: Course Title: Course Description: This is the Ethical hacking & Information Security Diploma program. This 6 months Diploma Program provides you Penetration Testing in the various field of cyber world.

More information

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed

Venue. Dates. Certified Ethical Hacker (CEH) boot camp. Inovatec College. Nairobi Kenya (exact hotel name to be confirmed Venue Nairobi Kenya (exact hotel name to be confirmed before course) Dates March 31, 2014 April 4, 2014 Inovatec College Certified Ethical Hacker (CEH) boot camp The Certified Ethical Hacker (CEH) Certification

More information

Penetration Testing Report Client: Business Solutions June 15 th 2015

Penetration Testing Report Client: Business Solutions June 15 th 2015 Penetration Testing Report Client: Business Solutions June 15 th 2015 Acumen Innovations 80 S.W 8 th St Suite 2000 Miami, FL 33130 United States of America Tel: 1-888-995-7803 Email: info@acumen-innovations.com

More information

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution

More information

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them)

WEB APPLICATION HACKING. Part 2: Tools of the Trade (and how to use them) WEB APPLICATION HACKING Part 2: Tools of the Trade (and how to use them) Jonathan Eddy September 27, 2013 Last Updated September 27, 2013 MAPPING THE APPLICATION 4 2 ENUMERATING CONTENT AND FUNCTIONALITY

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

Client logo placeholder XXX REPORT. Page 1 of 37

Client logo placeholder XXX REPORT. Page 1 of 37 Client logo placeholder XXX REPORT Page 1 of 37 Report Details Title Xxx Penetration Testing Report Version V1.0 Author Tester(s) Approved by Client Classification Confidential Recipient Name Title Company

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London

More information

INFORMATION SECURITY TRAINING

INFORMATION SECURITY TRAINING INFORMATION SECURITY TRAINING Course Duration: 45 days Pre-Requisite: Basic Knowledge of Internet Course Content Course Fee: 15,000 ( Online Examination Fee, Books, Certification, Tools & Software's Included

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

Kerem Kocaer 2010/04/14

Kerem Kocaer 2010/04/14 Kerem Kocaer 1 EHLO Kerem is: a graduate from ICSS a security consultant at Bitsec Consulting AB a security enthusiast Kerem works with: administrative security security standards and frameworks, security

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Detailed Description about course module wise:

Detailed Description about course module wise: Detailed Description about course module wise: Module 1: Basics of Networking and Major Protocols 1.1 Networks and its Types. 1.2 Network Topologies 1.3 Major Protocols and their Functions 1.4 OSI Reference

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Application Security Testing

Application Security Testing Tstsec - Version: 1 09 July 2016 Application Security Testing Application Security Testing Tstsec - Version: 1 4 days Course Description: We are living in a world of data and communication, in which the

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

More Practical Projects

More Practical Projects More Theoretical Projects T1) Privacy-Preserving Data Dissemination Goal: Contribute to design and develoment of a scheme for privacy-preserving data dissemination. (Research papers are available from

More information

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008 Automated Penetration Testing with the Metasploit Framework NEO Information Security Forum March 19, 2008 Topics What makes a good penetration testing framework? Frameworks available What is the Metasploit

More information

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill

More information

INFORMATION SECURITY TRAINING CATALOG (2015)

INFORMATION SECURITY TRAINING CATALOG (2015) INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,

More information

Demystifying Penetration Testing

Demystifying Penetration Testing Demystifying Penetration Testing Prepared by Debasis Mohanty www.hackingspirits.com E-Mail: debasis_mty@yahoo.com Goals Of This Presentation An overview of how Vulnerability Assessment (VA) & Penetration

More information

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015 Arrow ECS University 2015 Radware Hybrid Cloud WAF Service 9 Ottobre 2015 Get to Know Radware 2 Our Track Record Company Growth Over 10,000 Customers USD Millions 200.00 150.00 32% 144.1 16% 167.0 15%

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS 1 LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS Te-Shun Chou and Tijjani Mohammed Department of Technology Systems East Carolina University chout@ecu.edu Abstract

More information

How to hack a website with Metasploit

How to hack a website with Metasploit How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make

More information

Vulnerability Assessment and Penetration Testing Tools

Vulnerability Assessment and Penetration Testing Tools 2013 Vulnerability Assessment and Penetration Testing Tools Gerben Kleijn & Terence Nicholls NTS 330 2/24/2013 Executive Summary The current document contains installation, configuration, and testing reports

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

The Security Development Life Cycle

The Security Development Life Cycle Intelligent Testing 18 June 2015 Declan O Riordan The Security Development Life Cycle Test and Verification Solutions Delivering Tailored Solutions for Hardware Verification and Software Testing The Systems

More information

1. LAB SNIFFING LAB ID: 10

1. LAB SNIFFING LAB ID: 10 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB

More information

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow

IDS 4.0 Roadshow. Module 1- IDS Technology Overview. 2003, Cisco Systems, Inc. All rights reserved. IDS Roadshow IDS 4.0 Roadshow Module 1- IDS Technology Overview Agenda Network Security Network Security Policy Management Protocols The Security Wheel IDS Terminology IDS Technology HIDS and NIDS IDS Communication

More information

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Newsletter - September 2014. T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Newsletter - September 2014 T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER Tools! Lots of Tools Released! During September 2014, we published 7 Posts with 2 News Tools. Organized by Date OWASP Xenotix

More information

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important

Presented By: Holes in the Fence. Agenda. IPCCTV Attack. DDos Attack. Why Network Security is Important Presented By: Holes in the Fence Dave Engebretson, Contributing Technology writer, SDM Magazine Industry Instructor in Fiber and Networking Prevention of Security System breaches of networked Edge Devices

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Summer Training Program 2016. CCSE V3.0 Certified Cyber Security Expert Version 3.0

Summer Training Program 2016. CCSE V3.0 Certified Cyber Security Expert Version 3.0 Summer Training Program 2016 CCSE V3.0 Certified Cyber Security Expert Version 3.0 TechD Facts Incorporated in November 2009 Trained more than 50,000 students, conducted 400 Workshops Including all IITs,

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

Distributed Systems Security

Distributed Systems Security Distributed Systems Security Tutorial Dennis Pfisterer Institute of Telematics, University of Lübeck http://www.itm.uni-luebeck.de/users/pfisterer Non Sequitur by Wiley Security - 08 Firewalls Assessing

More information

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, 2011. Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat. 1 Penetration Testing NTS330 Unit 1 Penetration V1.0 February 20, 2011 Juan Ortega Juan Ortega, juaorteg@uat.edu 1 Juan Ortega, juaorteg@uat.edu 2 Document Properties Title Version V1.0 Author Pen-testers

More information

Healthcare Information Security Governance and Public Safety II

Healthcare Information Security Governance and Public Safety II Healthcare Information Security Governance and Public Safety II Technical Track Seminar Agenda 8/26/2009 1 Vulnerability Assessment, Vulnerability Management and Penetration Testing PART 1 9:00 10:30 Anatomy

More information

Foreword Credits Preface Part I. Legal and Ethics 1. Legal and Ethics Issues 1.1 Core Issues 1.2 Computer Trespass Laws: No "Hacking" Allowed 1.

Foreword Credits Preface Part I. Legal and Ethics 1. Legal and Ethics Issues 1.1 Core Issues 1.2 Computer Trespass Laws: No Hacking Allowed 1. Foreword Credits Preface Part I. Legal and Ethics 1. Legal and Ethics Issues 1.1 Core Issues 1.2 Computer Trespass Laws: No "Hacking" Allowed 1.3 Reverse Engineering 1.4 Vulnerability Reporting 1.5 What

More information

Ethical Hacking v7 40 H.

Ethical Hacking v7 40 H. ΦΑΛΗΡΟΥ 93, ΚΟΥΚΑΚΙ, 11741 Τ. 210-9230099, Φ. 210-9229280 www.ictc.gr info@ictc.gr TITLE DURATION Ethical Hacking v7 40 H. Overview This class will immerse the student into an interactive environment where

More information

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur

Demystifying Penetration Testing for the Enterprise. Presented by Pravesh Gaonjur Demystifying Penetration Testing for the Enterprise Presented by Pravesh Gaonjur Pravesh Gaonjur Founder and Executive Director of TYLERS Information Security Consultant Certified Ethical Hacker (CEHv8Beta)

More information

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad

Vulnerability Assessment and Penetration Testing. CC Faculty ALTTC, Ghaziabad Vulnerability Assessment and Penetration Testing CC Faculty ALTTC, Ghaziabad Need Vulnerabilities Vulnerabilities are transpiring in different platforms and applications regularly. Information Security

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Chapter 1 Web Application (In)security 1

Chapter 1 Web Application (In)security 1 Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is

More information

Assessing Network Security

Assessing Network Security Microsoft Assessing Network Security Kevin Lam David LeBlanc Ben Smith Acknowledgments Foreword Introduction xxi xxiii xxvii Parti 1 Introduction to Performing Security Assessments 3 Role of Security Assessments

More information

Creation of Pentesting Labs

Creation of Pentesting Labs Creation of Pentesting Labs By Kyle Barta Submitted to The Faculty of the Department of Information Technology In Partial Fulfillment of the Requirements for The Degree of Bachelor of Science In Information

More information

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 laura@lauraknapp.com www.lauraknapp.com NetSec_ 010 Agenda Components of security threats

More information

Bachelor report, IDE 1256, 05 2012. Computer Forensics and Information Security. A penetration test of an Internet service provider

Bachelor report, IDE 1256, 05 2012. Computer Forensics and Information Security. A penetration test of an Internet service provider Bachelor thesis School of Information Science, Computer and Electrical Engineering Bachelor report, IDE 1256, 05 2012 Computer Forensics and Information Security A penetration test of an Internet service

More information

Kali Linux Cookbook. Willie L. Pritchett David De Smet. Chapter No. 9 "Wireless Attacks"

Kali Linux Cookbook. Willie L. Pritchett David De Smet. Chapter No. 9 Wireless Attacks Kali Linux Cookbook Willie L. Pritchett David De Smet Chapter No. 9 "Wireless Attacks" In this package, you will find: A Biography of the authors of the book A preview chapter from the book, Chapter NO.9

More information

CERTIFIED PENETRATION TESTING CONSULTANT

CERTIFIED PENETRATION TESTING CONSULTANT Cyber Security Training & Consulting CERTIFIED PENETRATION TESTING CONSULTANT COURSE OVERVIEW 4 Days 32 CPE Credits $3,500 The Certified Penetration Testing Consultant course is our advanced course in

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

Deciphering The Prominent Security Tools Ofkali Linux

Deciphering The Prominent Security Tools Ofkali Linux www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume 4 Issue 1 January 2015, Page No. 9907-9911 Deciphering The Prominent Security Tools Ofkali Linux Talatam.Durga

More information

2016 TÜBİTAK BİLGEM Cyber Security Institute

2016 TÜBİTAK BİLGEM Cyber Security Institute 2016 Revision 5.0 2016 TÜBİTAK BİLGEM Cyber Security Institute 1 ... 3 1. Information Security Awareness for End Users... 4 2. Information Security Awareness for Managers... 5 3. Social Engineering: Attack

More information

VMware: Advanced Security

VMware: Advanced Security VMware: Advanced Security Course Introduction Course Introduction Chapter 01 - Primer and Reaffirming Our Knowledge Primer and Reaffirming Our Knowledge ESX Networking Components How Virtual Ethernet Adapters

More information

Summer Training Program 2014. CCSE V3.0 Certified Cyber Security Expert Version 3.0

Summer Training Program 2014. CCSE V3.0 Certified Cyber Security Expert Version 3.0 Summer Training Program 2014 CCSE V3.0 Certified Cyber Security Expert Version 3.0 TechD Facts Incorporated in November 2009 Trained more than 40000 students, conducted 400 Workshops Including all IITs,

More information

General Network Security

General Network Security 4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those

More information

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week

More information

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST. CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape

More information

Exploiting Transparent User Identification Systems

Exploiting Transparent User Identification Systems Exploiting Transparent User Identification Systems Wayne Murphy Benjamin Burns Version 1.0a 1 CONTENTS 1.0 Introduction... 3 1.1 Project Objectives... 3 2.0 Brief Summary of Findings... 4 3.0 Background

More information

ETHICAL HACKING. By REAL TIME FACULTY

ETHICAL HACKING. By REAL TIME FACULTY w w ẉ s u n m ar s ṣ n et ETHICAL HACKING Duration : 1 Month Timings : 4.30 p.m. to 6.00 p.m. By REAL TIME FACULTY # 407, 4 th Floor, New HUDA MYTHRI VIHAR, Beside Aditya Trade Centre, Ameerpet, Hyd. -

More information