Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

Transcription

1 Summer Training Program 2014 CCSE V3.0 Certified Cyber Security Expert Version 3.0

2 TechD Facts Incorporated in November 2009 Trained more than students, conducted 400 Workshops Including all IITs, NITs & Many colleges across India. Trained Professional from many reputed companies like Yahoo!,Google,ISACA,k7 Antivirus, Elitecore, Indian Oil, Temenos, ZOHO, HCL,TCS Infosys. Trained Investigation agencies of Gujarat, Maharashtra, Rajasthan, Tamilnadu, West Bengal. Successfully completed more than training hours into IT Security.

3 TechD Facts Trained & Certified 2000 Students & Professionals for CCSE ( Certified Cyber Security Expert) Course. Helped Top Investigating Agencies to Solve Ahmedabad & Mumbai blasts Cyber trails. Associated for an out reach program with the Major Technical festivals of IIT Bombay, Kanpur, NIT Bhopal, NIT Calicut, Jadavpur University Kolkata, and BITS Pilani Goa for giving authorized certification. Major VAPT Clients includes Sulekha.com, Cyberoam. Supported by Ministry of Home Affairs, Malaysia & CMO, Gujarat. Developed our own Crypters, Trojans, RATS for demonstrations.

4 TechD Facts Sunny Vaghela (Director & CTO) is recipient of Rajiv Gandhi Young Achiever s Award. TechDefence has been awarded as Best Ethical Hacking & Information Security Company by NBC at Trident Hotel, Mumbai.

5 TechD Facts TechDefence has also been awarded as Best Ethical Hacking & Information Security Company of Western India by BIG Research & IBN 7. Nominated for World Education Awards into category of Private Sector Initiative for use of innovative Technology for skilled education

6 Module 1 : Cyber Ethics - Hackers & hacking methodologies Types of hackers Communities of Hackers Malicious Hacker Strategies Steps to conduct Ethical Hacking Hiding your identity while performing attacks Module 2: Basic Network Terminologies TCP / IP protocols IP addresses Classes of IP addresses NAT Proxies and VPN s SSH and putty

7 Module 3: Information Gathering & Footprinting Whois information Active / Passive information gathering DNS report NS Report MX-information DNS-cache Maltego Doxing (Peoples & Digitals Boxes) Foot printing methodologies Tools that aid in foot printing Savitabhabhi.com case study

8 Module 4: Scanning & Enumeration Why scanning? Types of scanning Tools to aid in scanning Nmap - The Godfather Banner grabbing DNS Enumeration with Different Scripts

9 Module 5: Trojans, Backdoors How to control victim s computer using Trojans Binding Trojans with another file Undetection process of Trojans from Antivirus Removal of Trojans from your computer Analysis of Trojans/Virus Module 6: Virus & Worms Introduction to viruses How they work? Methods use to hide themselves and replicate themselves Introduction to worms Causes of worms Method used to replicate themselves Role of antivirus product and goat file

10 Module 7: Phishing & its Prevention Making phishing pages (3 types of Phishing) How to detect phishing pages. Detecting Phishing Crimes Module 8: System Hacking & Security Password cracking Privilege escalation Tools to aid in system hacking Understanding rootkits Clearing traces Countermeasures

11 Module 9: Social engineering & Honeypots Introduction Laws of social engineering Types of social engineering Honeypots introduction Types of honeypots Setting up windows / Linux honeypot Module 10: Bot,Bots & DOS(Denial of Service) Introduction to bots Introduction to botnets and zombies Botnet lifecycle IRC bots Customize your own bot

12 Module 11: Cryptography CCSE Contents Public-key Cryptography Working of Encryption Digital Signature RSA & Example of RSA Algorithm RC4, RC5, RC6, Blowfish Algorithms and Security Tools that aid in Cryptography Module 12: Google Hacking Understanding how Google works Google basic operators Google advanced operators Automated Google tools How to use Google to find the desired website How Google can aid in searching vulnerable website

13 Module 13: SQL Injection 1 Web Application Overview Web Application Attacks OWASP Top 10 Vulnerabilities Putting Trojans on websites SQL injection attacks Executing Operating System Commands Getting Output of SQL Query Getting Data from the Database Using ODBC Error Message How to Mine all Column Names of a Table How to Retrieve any Data How to Update/Insert Data into Database SQL Injection in Oracle SQL Injection in MySql Database, 20 Hands on Demonstrations on real websites

14 Module 14: SQL Injection 2 Attacking Against SQL Servers SQL Server Resolution Service (SSRS) SQL Injection Automated Tools MSSQL Injection Blind SQL Injection Preventing SQL Injection Attacks Module 15: XSS Cross Site Scripting Introduction to XSS & Types of XSS XSS worm and XSS shell Cookie grabbing Countermeasures

15 Module 16: CSRF, Click Jacking & Privilege Escalation Vulnerabilities Introduction to csrf Building proof of concept code Protections against csrf Click Jacking & Protections Module 17: Information Disclosure Vulnerabilities Introduction Setting up the correct chmod Protecting the sensitive server files Preventing the data loss

16 Module 18: LFI / RFI Introduction to LFI / RFI Finding out LFI / RFI Vulnerabilities Demonstration & Prevention Module 19:Hacking Web Servers Understanding IIS and apache How to use PHP and ASP backdoors What are local root exploits? Implementing web server security Patch management

17 Module 20: Vulnerability Assessment & Penetration Testing Burp Interceptor Burp Target Burp Spider Burp Scanner Burp Intruder Burp Repeater Burp Decoder Burp Sequencer Burp Extender Burp App Store- Introduction Live Hacking Through Burp

18 Module 21: Vulnerability Assessment & Penetration Testing Introduction to VAPT Categories of security assessments Vulnerability Assessment Limitations of Vulnerability Assessment Penetration Testing Types of Penetration Testing Do-It-Yourself Testing Outsourcing Penetration Testing Services Terms of Engagement Project Scope & Pentest Service Level Agreements Testing points & Locations Automated & Manual Testing

19 Module 22: Assembly Language Basics Difference Assembly Language Vs High-level Language Assembly Language Compilers Understanding Instruction operands, Directive & preprocessor Interrupts, Interrupt handler, External interrupts and Internal interrupts Handlers Assembling the & Compiling the C code Linking the object files & Understanding an assembly listing file Big and Little Endian Representation, Skeleton File Working with Integers, Signed integers & Signed Magnitude Understanding Two s Compliment, If statements, Do while loops Indirect addressing, Subprogram Understanding The Stack, SS segment& ESP The Stack UsageThe CALL and RET Instructions

20 Module 23 & Module 24: Buffer Overflows 1-2 Introduction How BOF works Stack based buffer overflow Heap based buffer overflow Heap spray Understanding the shellcode Mapping the memory Fuzzing Countermeasures

21 Module 25: Exploit Writing Exploits Overview Prerequisites for Writing Exploits and Shellcodes Purpose of Exploit Writing Types of Exploits Tools that aid in writing Shellcode Issues Involved With Shellcode Writing Addressing problem Null byte problem System call implementation

22 Module 26 : Reverse Engineering Introduction to RE Briefing OllyDbg Patching Cracking Keygening Countermeasures Module 27: Firewalls, IDS, Evading IDS Introduction How to detect Intrusion Types of Intrusion Configuring IDPS Firewall and it s types Evading Firewalls and IDS

23 Module 28 & Module 29: Metasploit Framework using BackTrack Introduction to this framework Getting hands on commands Hacking windows with metasploit Hacking Linux with metasploit Web Hacking through Metasploit

24 Module 30: Wireless Hacking & Security Wireless Protocols Wireless Routers-Working Attacks on Wireless Routers Cracking Wireless routers password(wep) Securing routers from Hackers Countermeasures Module 31: Mobile, VoIP Hacking & Security SMS & SMSC Introduction SMS forging & countermeasures Sending & Tracking fake SMSes VoIP Introduction Installing VoIP Server & Forging Call using VoIP

25 Module 32: Introduction to Cyber Crime Investigation & IT ACT 2000 Types of Cyber Crimes Reporting Cyber Crimes & Incidence response Introduction to IT Act 2000 & its sections Flaws in IT ACT,2000 Investigation Methodologies & Case Studies Different Logging Systems. Investigating s ( Tracing) Ahmedabad Bomb Blasts Terror Mail case study Investigating Phishing Cases Investigating Data Theft Cases Investigating Facebook Profile Impersonation Cases Investigating SMS & Call Spoofing Cases

26 Module 33: Cyber Forensics Cyber Forensics Understanding Cyber Forensics Hands on Cyber Forensics on Hard Disks Preparing Cyber Forensics Reports Module 34-35: Project Work 1, Project Work 2 & Final Exam. Training attendees will be getting exposures to live projects like Penetration testing, Creating own vulnerable penetration testing framework, Online Malware Scanners. Semi Final & Final Exam ( Online Hacking Challenge)

27 Total Hours: 80 hours Training Duration : Days. Training Centers: Ahmedabad, Delhi, Hyderabad. For More information Call on , ,