Loophole+ with Ethical Hacking and Penetration Testing



Similar documents
FORBIDDEN - Ethical Hacking Workshop Duration

Thanks for showing interest in Vortex IIT Delhi & What After College (WAC) Ethical Hacking Workshop.

Ethical Hacking and Information Security. Foundation of Information Security. Detailed Module. Duration. Lecture with Hands On Session: 90 Hours

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

Certified Cyber Security Analyst VS-1160

Ethical Hacking & Cyber Security Workshop

Certified Ethical Hacker Exam Version Comparison. Version Comparison

Detailed Description about course module wise:

CYBERTRON NETWORK SOLUTIONS

Ethical Hacking Course Layout

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

CRYPTUS DIPLOMA IN IT SECURITY

A Systems Engineering Approach to Developing Cyber Security Professionals

Course Content: Session 1. Ethics & Hacking

ETHICAL HACKING CYBER SECURITY

Student Tech Security Training. ITS Security Office

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

3 day Workshop on Cyber Security & Ethical Hacking

Windows Operating Systems. Basic Security

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Defending Against Data Beaches: Internal Controls for Cybersecurity

CEH Version8 Course Outline

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Certified Cyber Security Analyst VS-1160


Principles of Information Assurance Syllabus

Certified Cyber Security Expert V Web Application Development

Common Cyber Threats. Common cyber threats include:

Web Security School Final Exam

EC-Council Ethical Hacking and Countermeasures

Jort Kollerie SonicWALL

Certified Ethical Hacker (CEH)

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

Course Title: Course Description: Course Key Objective: Fee & Duration:

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

Lectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

CHAPTER 10: COMPUTER SECURITY AND RISKS

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

Cybercrime in Canadian Criminal Law

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Certified Ethical Hacker (CEH) Ethical Hacking & Counter Measures Course 9962; 5 Days, Instructor-Led

EC Council Certified Ethical Hacker V8

What is Web Security? Motivation

The Information Security Problem

EC-Council. Certified Ethical Hacker. Program Brochure

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Windows 7, Enterprise Desktop Support Technician Course 50331: 5 days; Instructor-led

Penetration Testing with Kali Linux

Build Your Own Security Lab

INTERNET & COMPUTER SECURITY March 20, Scoville Library. ccayne@biblio.org

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Certified Secure Computer User

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

The Key to Secure Online Financial Transactions

Chapter 4 Application, Data and Host Security

Application Security Testing. Generic Test Strategy

Windows 7, Enterprise Desktop Support Technician

FBLA Cyber Security aligned with Common Core FBLA: Cyber Security RST RST RST RST WHST WHST

Certified Secure Computer User

Computer Security. Principles and Practice. Second Edition. Amp Kumar Bhattacharjee. Lawrie Brown. Mick Bauer. William Stailings

Section 12 MUST BE COMPLETED BY: 4/22

Module 3: Resolve Software Failure This module explains how to fix problems with applications that have problems after being installed.

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

RMAR Technologies Pvt. Ltd.


Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 12

FRONT RUNNER DIPLOMA PROGRAM INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Practice test Domain-2 Security (Brought to you by RMRoberts.com)

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

INFORMATION SECURITY TRAINING CATALOG (2015)

Application Security Testing

White paper. Phishing, Vishing and Smishing: Old Threats Present New Risks

Locking down a Hitachi ID Suite server

Secure Your Mobile Workplace

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Web App Security Audit Services

Hacking Book 1: Attack Phases. Chapter 1: Introduction to Ethical Hacking

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

CompTIA Security+ (Exam SY0-410)

INFORMATION SECURITY FOR YOUR AGENCY

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Information Technology Career Cluster Advanced Cybersecurity Course Number:

Malware & Botnets. Botnets

Web Application Penetration Testing

NETWORK AND INTERNET SECURITY POLICY STATEMENT

Windows Client/Server Local Area Network (LAN) System Security Lab 2 Time allocation 3 hours

Transcription:

Loophole+ with Ethical Hacking and Penetration Testing Duration Lecture and Demonstration: 15 Hours Security Challenge: 01 Hours Introduction Security can't be guaranteed. As Clint Eastwood once said, "If you want a guarantee, buy a toaster." The only secure system is one that's unplugged, turned off, and in a locked room. As it's not practical to leave our systems turned off, we need to understand the risks to our systems and prepare ourselves to defend them. Preparation begins with understanding and that's where awareness comes in. With all the news stories about hackers, botnets, and breaches involving personal information, it's easy for the security message to sound over-used and tired. It's easy for people to say, "It won't happen here." Yet, studies and surveys repeatedly show that: the human factor (what employees do or don't do) is the biggest threat to information systems and assets. The best way to achieve a significant and lasting improvement in information security is not by throwing more technical solutions at the problem it's by raising awareness and training and educating everyone who interacts with computer networks, systems, and information. Module Structure Loophole+, Ethical Hacking and Penetration Testing workshop, aims to educate users of digital media of the threats, risks and privacy concerns that go with using them. The other goal of this training module is to expose issues and vulnerabilities to drive the digital media industry to create solutions to these problems. Detailed Module ISMS with Concept of Hacking (based on GT101: Foundation of Information Security) Elements of Information Security Information Security Supports the Mission of the Organization Information Security Should Be Cost-Effective Responsibilities and Accountability Should Be Made Explicit Owners Have Security Responsibilities Outside Organizations Roles and Responsibilities Senior Management Program and Functional Managers/Application Owners Users Common Threats: A Brief Overview Fraud and Theft Employee Sabotage Loss of Physical and Infrastructure Support Threats to Personal Privacy Indian Cyber Law (based on GT115: Getting Familiar with Indian Cyber Law) Information Technology Act 2000-2008 Introduction to IT Act 2000 Amendment 2008 Under Umbrella of IT Act 2000 o Cyber Crimes o Intellectual Property o Data Protection and Property Limitations of Indian IT Act

Web Application Penetration Testing Duration: 120 minutes (based on SE118: Essentials of Web Application Penetration Testing) Introduction to Penetration Testing Legal and Ethical Implications Types of Penetration Testing o White Box Penetration Testing o Black Box Penetration Testing o Grey Box Penetration Testing Setting Up Web Application Penetration Testing Lab Collecting and Installing PenTest Tools Flexible Browser with Security Add-ons Setting up Browser Proxies Beginning Application Penetration Testing Identification of Application Entry Points o Get and Post Parameters Testing for Security Vulnerabilities o SQL Injection o Cross Site Scripting o Session Hijacking o Local and Remote File Inclusion Attacks o Parameter Tampering Basics of Secure Programming (based on GT122: Secure Coding Practices\ for Applications) Use Cryptography for Application Security Hashes Secure Key Storage Weak Practices in Cryptography Data Validation Strategies Where to include Data Validation Prevent Parameter Tampering o Hidden Fields Encoded Strings o HTML and URL Encoding o Delimiter and Special Characters Session Management Session ID Generation Session Handling o Regeneration of Session Tokens o Session Validation o Session Bruteforcing Session Termination Hacking Emails and Social Networks Duration: 90 minutes (based on GT102: An Eye Opener to Cyber Social Media Security) Cyber Social Media Threats Social Engineering o Human Based Social Engineering o Computer Based Social Engineering Fake Emails Keystroke Loggers Phishing Identity Theft Securing Your Cyber Social Life Awareness is the Key Email Security o Detecting Fake Emails o Creating Account Filters Online Account Security o Strong Password Setup o Designing Account Recovery Mechanism

o Secure Logout o Browser Remember Password Recognizing Phishing Websites Google Hacking (based on GT121: Google Best Friend of a Hacker) Working of Google and its methodology Introduction to Crawlers, Bots Caching Process of Crawlers Various Roles of Google as a Friend of Hacker Advance Google Search Operators Directory Traversal Tool o Finding Directory Listings o Locating Specific Directories Vulnerable Website Locator o Locating via Company Tags o Locating via Web Applications o Locating via Common Names Various Attacks with the help of Google Password Harvesting Controlling CCTV Camera Data Security and Recovery (based on GT117 - Data Recovery and Backup) Data Security with Cryptography Securing Data by Using EFS and BitLocker File and Folder Permissions Alternate Data Streams Encrypting Office Documents Recovering Techniques Corrupt Partitions Corrupt File System Media Errors Overwritten Damage Data Acquisition OS Volume Information Disk Imaging World of Digital Virtualization (based on GT105: Concepts of Computer Virtualization) Introduction to Virtual Machines and Virtualization Concept of Virtualization Need and Advantages of Virtualization Installation and Configuration Hardware and Software Requirements Installation and Configuration Performance Optimization o CPU & Memory Performance o Network Performance Optimization Host to Host Networking Host to LAN Networking o Storage Performance Hacking and Securing Windows Systems Duration: 120 minutes (based on GT108: Beginning with Windows Security) Introduction to Windows Security Overview of Windows OS Windows File System Security Architecture in Windows

o Local Security Authority o Security Account Manager o Security Reference Monitor User Account Security Password Attacks in Windows o Bruteforcing, Dictionary and Rainbow Table Attacks Account Security Strengthening o Strong Password Policy o Additional Security: Syskey Encryption o User Account Control : Parental Controls o Restricting BIOS Setup Services, Port and Protocol Security Auditing and Monitoring Network Connections Restricting Ports, Protocols and Services Windows Firewall with Advance Restrictions Security Applications in Windows Auditing and Monitoring Windows Auto Startup Defending Windows via Windows Defender Policy Management with MBSA File and Folder Scanning with MSSE Malware: Attack, Detect and Defend Duration: 90 Minutes (based on GT110: Computer Malware: Detection and Defense) Introduction to Computer Malware Overview Malware: Malicious Software Proliferation and Purposes Types of Malware o Virus: Vital Information Resources Under Seize o Worm: Write Once Read Multiple o Trojan Horse, Rootkit o Spyware, Keystroke Logger Virus and Worm: Infectious Malware Significance of Virus and Worm Behavioral Activity of Virus and Worm Virus and Worm Development o By Automated Tools o Coding own Viruses and Worms Trojan Horse: Concealment Overview of Trojan Trojan Attack o Direct Connection o Reverse Connection Injection in System Files Detection and Removal Anti Malware Tools Manual Removal of Malwares Software Cracking: Product Key Generation (based on GT111: Application Reverse Engineering) Introduction to Assembly Language Role of Assembly Language in Reverse Engineering Concept of Debuggers and Dis-assemblers Understanding Data Flow Step Over view of Data flow Step Into view of Data flow Principles of Software Security Encryption Online Key Checking Fake Checking Points DLL Breakpoints

Mini Chakravyuh Security Challenge (based on Password Cracking and Product Key Generation) Requirements Computer Device (Bring Your Own Device) Windows Operation System Working CD/DVD Drive Removable Storage Media (Pen Drives 1GB) Battery Backup for 60 minutes Challengers will be asked to install Virtual PC in their machines so that they can use the challenge machine. Level 1: Windows Password Cracking Windows virtual machine will be password protected. Challengers will be required to recover the password of the administration user account using the password cracking techniques demonstrated during the workshop. Mobile Hacking Techniques and Security Concepts (based on GT116: Vulnerabilities in Mobile & VOIP Security) Attacks for Faking Caller ID via Softphones via Websites Attacks for SMS Technology Faking Sender ID: Fake SMS Faking Sender ID: Fake MMS Mobile Security Kit Anti Virus Key Guard Secure Password Setup Threats Posted by Third Party Applications Level 2: Product Key Generation Windows virtual machine will carry a software setup. Challengers will be required to generate a valid product key against their name. Target application will be with the Loophole+ Software Toolkit Demonstration Winners will be required to demonstrate the solution of both the levels to all the participants of the workshop to declare their win.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information