Certified Cyber Security Expert V Web Application Development

Transcription

1 Summer Training Program Certified Cyber Security Expert V + Web Application Development A] Training Sessions Schedule: Modules Ethical Hacking & Information Security Particulars Duration (hours) Ethical Hacking Cyber Ethics Hackers & hacking methodologies Types of hackers 1 Communities of Hackers Malicious Hacker Strategies Steps to conduct Ethical Hacking Hiding your identity while performing attacks Basic Network Terminologies TCP / IP protocols IP addresses 2 Classes of IP addresses NAT Proxies and VPN s SSH and putty Information Gathering & Footprinting Whois information Active / Passive information gathering 3 Information gathering using Foot printing methodologies Tools that aid in foot printing Savitabhabhi.com case studies Scanning & Enumeration Why scanning? Types of scanning 4 Tools to aid in scanning Nmap - The Godfather Banner grabbing Trojans, Backdoors How to control victim s computer using Trojans Binding Trojans with another file 5 Undetection process of Trojans from Antivirus Removal of Trojans from your computer Analysis of Trojans/Virus

2 Virus & Worms Introduction to viruses How they work? Methods use to hide themselves and replicate themselves 6 Introduction to worms Causes of worms Method used to replicate themselves Role of antivirus product and goat file Phishing & its Prevention Making phishing pages 7 How to detect phishing pages Detecting Phishing Crimes System Hacking & Security Password cracking Privilege escalation 8 Tools to aid in system hacking Understanding rootkits Clearing traces Countermeasures Social engineering & Honeypots Introduction Laws of social engineering 9 Types of social engineering Honeypots introduction Types of honeypots Setting up windows / Linux honeypot Bot,Bots & DOS(Denial of Service) Introduction to bots Introduction to botnets and zombies 10 Botnet lifecycle IRC bots Customize your own bot Cryptography Public-key Cryptography Working of Encryption Digital Signature 11 RSA Example of RSA Algorithm RC4, RC5, RC6, Blowfish Algorithms and Security Tools that aid in Cryptography Google Hacking Understanding how Google works Google basic operators Google advanced operators 12 Automated Google tools How to use Google to find the desired website How Google can aid in searching vulnerable website

3 SQL Injection 1 Web Application Overview Web Application Attacks OWASP Top 10 Vulnerabilities Putting Trojans on websites SQL injection attacks Executing Operating System Commands 13 Getting Output of SQL Query Getting Data from the Database Using ODBC Error Message How to Mine all Column Names of a Table How to Retrieve any Data How to Update/Insert Data into Database SQL Injection in Oracle SQL Injection in MySql Database 20 Hands on Demonstrations on real websites SQL Injection 2 Attacking Against SQL Servers SQL Server Resolution Service (SSRS) 14 SQL Injection Automated Tools MSSQL Injection Blind SQL Injection Preventing SQL Injection Attacks Proxy servers and VPN s Introduction 15 Different Between Proxies & VPN Making own proxy server Configuring own proxy server Configuring VPN Cross Site Scripting Introduction to XSS 16 Types of XSS XSS worm and XSS shell Cookie grabbing Countermeasures Local File Inclusion/Remote File Inclusion Introduction to LFI 17 Parameters to LFI Introduction to RFI Countermeasures Secure Coding Practices Why secure coding? 18 Secure coding standards Secure coding methods Dissecting the source code Information Disclosure Vulnerabilities Introduction 19 Setting up the correct chmod Protecting the sensitive server files Preventing the data loss

4 Session Hijacking Introduction 20 Types of session hijacking Tools that aid in session hijacking Countermeasures Hacking Web Servers Understanding IIS and apache How to use PHP and ASP backdoors 21 What are local root exploits? Implementing web server security Patch management Vulnerability Assessment & Penetration Testing Introduction to VAPT Categories of security assessments Vulnerability Assessment Limitations of Vulnerability Assessment Penetration Testing Types of Penetration Testing Risk Management Do-It-Yourself Testing 22 Outsourcing Penetration Testing Services Terms of Engagement Project Scope Pentest Service Level Agreements Testing points Testing Locations Automated Testing Manual Testing Demonstrations Assembly Language Basics Machine Language Assembly Language Assembler Assembly Language Vs High-level Language Assembly Language Compilers Instruction operands MOV instruction ADD instruction SUB instruction 23 INC and DEC instructions Directive preprocessor Interrupts Interrupt handler External interrupts and Internal interrupts Handlers Assembling the code Compiling the C code Linking the object files

5 Understanding an assembly listing file Big and Little Endian Representation Skeleton File Working with Integers Signed integers Signed Magnitude Two s Compliment If statements Do while loops Indirect addressing Subprogram The Stack The SS segment ESP The Stack Usage The CALL and RET Instructions Buffer Overflows 1-2 Introduction How BOF works Stack based buffer overflow Heap based buffer overflow Heap spray Understanding the shellcode Mapping the memory Fuzzing Countermeasures Exploit Writing Exploits Overview Prerequisites for Writing Exploits and Shellcodes Purpose of Exploit Writing Types of Exploits 26 Tools that aid in writing Shellcode Issues Involved With Shellcode Writing Addressing problem Null byte problem System call implementation Metasploit Framework Introduction to this framework Getting hands on commands Hacking windows with metasploit Hacking Linux with metasploit Difference between exploits and payloads Reverse Engineering Introduction to RE Briefing OllyDbg 29 Patching Cracking Keygening Countermeasures

6 Firewalls, IDS, Evading IDS Introduction How to detect Intrusion 30 Types of Intrusion Configuring IDPS Firewall and it s types Evading Firewalls and IDS Wireless Hacking & Security Wireless Protocols Wireless Routers-Working 31 Attacks on Wireless Routers Cracking Wireless routers password(wep) Securing routers from Hackers Countermeasures Mobile, VoIP Hacking & Security SMS & SMSC Introduction SMS forging & countermeasures 32 Sending & Tracking fake SMSes VoIP Introduction Installing VoIP Server Forging Call using VoIP Bluetooth Hacking Introduction to Bluetooth Understanding Bluetooth protocols Types of Bluetooth attacks Bluejacking Tools for Bluejacking 33 BlueSpam Blue snarfing BlueBug Attack Short Pairing Code Attacks Man-In-Middle Attacks Tools that aid in Bluetooth Hacking Countermeasures Introduction to Cyber Crime Investigation & IT ACT 2000 Types of Cyber Crimes 34 Reporting Cyber Crimes & Incidence response Introduction to IT Act 2000 & its sections Flaws in IT ACT,2000 Investigation Methodologies & Case Studies Different Logging Systems Investigating s ( Tracing) 35 Ahmedabad Bomb Blasts Terror Mail case study Investigating Phishing Cases Investigating Data Theft Cases Investigating Orkut Profile Impersonation Cases Investigating SMS & Call Spoofing Cases 36 Cyber Forensics Understanding Cyber Forensics

7 Hands on Cyber Forensics on Hard Disks Preparing Cyber Forensics Reports Enterprise Information Security Management Establishment of ISMS Implementation,Monitoring,Review & Maintenance of ISMS 37 Resource Management & Management Responsibilities Internal Audits Selection of Appropriate Controls Corrective & Preventive Actions 38 Project Work 1 39 Project Work 2 40 Examination Total Hours 80 Web Application Development (PHP) Modules Particulars Hours PHP 1 Exploring PHP Environment & Setting PHP Environment in WAMP Server 2 Understanding & Implementing HTML 3 Working PHP Variables 4 Understanding Operators & Flow Control 5 Handling Strings & Arrays 6 Handling HTML Controls & Forms in Webpage 7 Uploading files to server using PHP 8 Installing & Configuring Database using Database 9 Working with MYSQL Database 10 Understanding Database & Implementing Mysql Schema 11 File Handling 12 Working with Sessions & Cookies 13 Securing Web Application 14 Making Sample Web Application 1 15 Making Sample Web Application 1 Total Hours 30 Note: These are just the major aspects that we will be discussing, each point will be elaborated in detail with demonstrations of the tools and techniques. B] Projects/Web Applications to offer: Online Antivirus Scanner Online Vulnerability Scanner Institute Management System C] Program Duration: 6 Weeks(Approx 45 Days)

8 D] Program Benefits & Highlights: Learn & Interact with renowned Industry Experts Receive an unparalleled education on the art of computer security with personal one-onone attention from TechDefence. Hands on Demonstrations of Latest Hacking Techniques & Tools. Hands on Demonstrations of various cases solved by TechDefence. PowerPoint Presentation, Live Demos, Interactive Question & Answer sessions and comprehensive reading material. E] Key Benefits of TechDefence: We have rich experience working on cases & training for Crime Branch, Ahmedabad, Nashik, Hyderabad, Surat & Rajkot. Conducted more than 280 workshops & seminars for Students & Professionals across globe. We helped Top Investigating Agencies to solve Cyber Terrorism Cases like Ahmedabad & Mumbai Blasts Cases. We do not use third party tools. we have developed our Crypters, Trojans, Scripts etc. Our Director & Trainer is supported by Ministry of Home Affairs, Malaysia & Border Security Force, India. F] Program Trainer: TechDefence (To know more about Sunny Vaghela please visit ) G] Summer Training Centres: Ahmedabad, New Delhi, Jaipur, Hyderabad, Rajkot. H] Course Material & CDs: Comprehensive course material will be provided to participants. Ethical Hacking Toolkit(10 CDS) (Containing Tools, Videos, EBooks, Presentations and reading material) I] Certification: Certificate of Certified Cyber Security Expert Version will be given to participants from TechDefence. Certificate of summer training completion will be provided to all participants from TechDefence.

9 In case of certain other details or formalities on our end, do revert back to us. Tel: Mobile: TechDefence, Ahmedabad. Tel: Mobile: TechDefence, New Delhi Tel: Mobile: TechDefence, Hyderabad. Tel: Mobile: TechDefence, Jaipur.