SlideShare una empresa de Scribd logo

Cisel1 d

C
chandu_sai
Tecnología
1 de 18
Descargar para leer sin conexión
Certified Information Security Expert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in
Chapter 1 – Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous Hackers Chapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of Virtualization Chapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
Chapter 4 – Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory Browsing Chapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & Passive Chapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
 Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application Isolation Chapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using Backtrack Chapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
 Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of Rootkit Chapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programs Chapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
 Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet Filtering Chapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack Forensics Chapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
 ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC Spoofing Chapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social Engineering Chapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o Spyware Chapter 15 – Steganography
 Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o References Chapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority) Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
 Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless Network Chapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
 Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROM Chapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’s Chapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
 How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment Tools Chapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service Emulation Chapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSec Chapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web Server Chapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
 Shutting Down SQL Server  Extended Stored Procedures  Preventive Measures Chapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSS Chapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
 Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload? Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
 Simple Buffer Overflow in C  Code Analysis  Countermeasure of Buffer Overflow Attack Chapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work? Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP Script Chapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
 Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT Services Chapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  Countermeasures Chapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
 Hijacking outgoing calls  Hijacking outgoing calls with encryption enabled  Hijacking incoming calls  Hijacking incoming calls with encryption enabled  Introduction of Cryptography, Fake BTS and Terminology  Terminal and SIM  Discuss about Mobile Execution Environment  GSM Data, Signaling and Signaling Security  SS7: Opening up to World, Waiting for disaster, Evolution and What to do  Diff. between :- o PSTN vs VOIP o VOIP vs SS7  GSM Network Elements and Architecture  Home Location Register (HLR) and Authentication Center (AuC)  Mobile Switching Center (MSC)  Customer Care and Billing System  Value-Added Services  WAP Security Model, The WAP Gap and WTLS Security  WAP: o No end-to-end Trust o Man-in-the-middle  Introduction of third Generation of Wireless  3G Security Architecture and Security Model  Diff. Between 3G vs GSM  AKA Message Flow and Connection Establishment  Overview of Ciphering and Integrity  Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts  Circuit and Packet Data Event Records  Discuss the Security of Interception  Components of GSM Network  Overview of Subscriber and its Identification  Electronic Access to the SIM  Extraction From A SIM
o Location Information File o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data  Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator  GSM Security Operation and Forensics Tools  Overview of Cell Seizure  Features Of Cell Seizure  Advantages and Disadvantages of Cell Seizure  Tool of Cell Seizure

Recomendados

Summer report crypto
Summer report cryptoSummer report crypto
Summer report cryptoGaurav Shukla
 
Hacking
HackingHacking
Hackinglalpethajji
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection SystemsNapier University
 
fundamental of network security
fundamental of network securityfundamental of network security
fundamental of network securityManish Tiwari
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCSCJournals
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Data security & cryptography
Data security & cryptography Data security & cryptography
Data security & cryptography Muhammad Danish
 
Network Security Fundamental
Network Security FundamentalNetwork Security Fundamental
Network Security FundamentalMousmi Pawar
 

Recomendados

Summer report crypto
Summer report cryptoSummer report crypto
Summer report cryptoGaurav Shukla
 
Hacking
HackingHacking
Hackinglalpethajji
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection SystemsNapier University
 
fundamental of network security
fundamental of network securityfundamental of network security
fundamental of network securityManish Tiwari
 
Cryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCryptographic Algorithms For Secure Data Communication
Cryptographic Algorithms For Secure Data CommunicationCSCJournals
 
Network security unit 1,2,3
Network security unit 1,2,3 Network security unit 1,2,3
Network security unit 1,2,3 WE-IT TUTORIALS
 
Data security & cryptography
Data security & cryptography Data security & cryptography
Data security & cryptography Muhammad Danish
 
Network Security Fundamental
Network Security FundamentalNetwork Security Fundamental
Network Security FundamentalMousmi Pawar
 
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
 
Network Security
Network SecurityNetwork Security
Network SecurityRamasubbu .P
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsIJNSA Journal
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Chapter 2
Chapter 2Chapter 2
Chapter 2shahhardik27
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7Antony Law
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecondKiakaha17
 
CNS Solution
CNS SolutionCNS Solution
CNS SolutionNitin Kanzariya
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniqueseditor1knowledgecuddle
 
Lecture 5
Lecture 5Lecture 5
Lecture 5Education
 
Modified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language messageModified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language messageIJECEIAES
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 
Net Sec
Net SecNet Sec
Net Secbackdoor
 
Communication security
Communication securityCommunication security
Communication securitySotheavy Nhoung
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network SecuritySudarsun Santhiappan
 
Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 

Más contenido relacionado

La actualidad más candente

ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsIJNSA Journal
 
Network Security
Network SecurityNetwork Security
Network Securityhj43us
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)rosu555
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7Antony Law
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemSarah Rudd
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & AttacksNetwax Lab
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecondKiakaha17
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Deris Stiawan
 
Modified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language messageModified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language messageIJECEIAES
 
Cryptography
CryptographyCryptography
CryptographyJasim Jas
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Miigaa Mine
 

La actualidad más candente (20)

ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
 
Network Security
Network SecurityNetwork Security
Network Security
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling conceptsHybrid cryptographic technique using rsa algorithm and scheduling concepts
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
 
Network Security
Network SecurityNetwork Security
Network Security
 
Chapter 2
Chapter 2Chapter 2
Chapter 2
 
Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)Social Engg. Assignment it17 final (1)
Social Engg. Assignment it17 final (1)
 
Antony's Final Draft v7
Antony's Final Draft v7Antony's Final Draft v7
Antony's Final Draft v7
 
On-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-SystemOn-Analyzing-a-Layered-Defense-System
On-Analyzing-a-Layered-Defense-System
 
Network Security & Attacks
Network Security & AttacksNetwork Security & Attacks
Network Security & Attacks
 
SteganographySecond
SteganographySecondSteganographySecond
SteganographySecond
 
CNS Solution
CNS SolutionCNS Solution
CNS Solution
 
Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System Network Attack and Intrusion Prevention System
Network Attack and Intrusion Prevention System
 
Analysis of Cryptography Techniques
Analysis of Cryptography TechniquesAnalysis of Cryptography Techniques
Analysis of Cryptography Techniques
 
Lecture 5
Lecture 5Lecture 5
Lecture 5
 
Modified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language messageModified honey encryption scheme for encoding natural language message
Modified honey encryption scheme for encoding natural language message
 
Cryptography
CryptographyCryptography
Cryptography
 
Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01Computersystemssecurity 090529105555-phpapp01
Computersystemssecurity 090529105555-phpapp01
 
Net Sec
Net SecNet Sec
Net Sec
 
Communication security
Communication securityCommunication security
Communication security
 
Practical Network Security
Practical Network SecurityPractical Network Security
Practical Network Security
 

Similar a Cisel1 d

Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hackerbestip
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy AssignmentTara Hardin
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETTravarsaPrivateLimit
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma begmohsin
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testingchampubhaiya8
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.pptshreyng
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksMehrdad Jingoism
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationTom Eston
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniLoay Elbasyouni
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxSuhailShaik16
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...AgileNetwork
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdfGDSCPUP
 

Similar a Cisel1 d (20)

Ceh certified ethical hacker
Ceh certified ethical hackerCeh certified ethical hacker
Ceh certified ethical hacker
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 
Bro Policy Assignment
Bro Policy AssignmentBro Policy Assignment
Bro Policy Assignment
 
CYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEETCYBER SECURITY CAREER GUIDE CHEAT SHEET
CYBER SECURITY CAREER GUIDE CHEAT SHEET
 
Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma Ethical System Hacking- Cyber Training Diploma
Ethical System Hacking- Cyber Training Diploma
 
Super1
Super1Super1
Super1
 
Ethical hacking by shivam
Ethical hacking by shivamEthical hacking by shivam
Ethical hacking by shivam
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security TestingEthical Hacking: Safeguarding Systems through Responsible Security Testing
Ethical Hacking: Safeguarding Systems through Responsible Security Testing
 
Final project.ppt
Final project.pptFinal project.ppt
Final project.ppt
 
Ce hv8 module 03 scanning networks
Ce hv8 module 03 scanning networksCe hv8 module 03 scanning networks
Ce hv8 module 03 scanning networks
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Day4
Day4Day4
Day4
 
Intrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouniIntrusion_Detection_By_loay_elbasyouni
Intrusion_Detection_By_loay_elbasyouni
 
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptxINTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
INTERNSHIPREVIEW-ISHAQ (1) [Recovered].pptx
 
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
Agile Chennai 2022 - Shyam Sundar | Everything there is to know about Cyber s...
 
ethical hacking
ethical hackingethical hacking
ethical hacking
 
CyberIgnite.pdf
CyberIgnite.pdfCyberIgnite.pdf
CyberIgnite.pdf
 

Último

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Último (20)

Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Cisel1 d

  • 1. Certified Information Security Expert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in
  • 2. Chapter 1 – Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous Hackers Chapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of Virtualization Chapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
  • 3. Chapter 4 – Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory Browsing Chapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & Passive Chapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
  • 4. Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application Isolation Chapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using Backtrack Chapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
  • 5. Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of Rootkit Chapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programs Chapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
  • 6.  Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet Filtering Chapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack Forensics Chapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
  • 7. ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC Spoofing Chapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social Engineering Chapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o Spyware Chapter 15 – Steganography
  • 8.  Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o References Chapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority) Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
  • 9. Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless Network Chapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
  • 10. Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROM Chapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’s Chapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
  • 11. How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment Tools Chapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service Emulation Chapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
  • 12. o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSec Chapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web Server Chapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
  • 13.  Shutting Down SQL Server  Extended Stored Procedures  Preventive Measures Chapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSS Chapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
  • 14. Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload? Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
  • 15.  Simple Buffer Overflow in C  Code Analysis  Countermeasure of Buffer Overflow Attack Chapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work? Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP Script Chapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
  • 16. Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT Services Chapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  Countermeasures Chapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
  • 17. Hijacking outgoing calls  Hijacking outgoing calls with encryption enabled  Hijacking incoming calls  Hijacking incoming calls with encryption enabled  Introduction of Cryptography, Fake BTS and Terminology  Terminal and SIM  Discuss about Mobile Execution Environment  GSM Data, Signaling and Signaling Security  SS7: Opening up to World, Waiting for disaster, Evolution and What to do  Diff. between :- o PSTN vs VOIP o VOIP vs SS7  GSM Network Elements and Architecture  Home Location Register (HLR) and Authentication Center (AuC)  Mobile Switching Center (MSC)  Customer Care and Billing System  Value-Added Services  WAP Security Model, The WAP Gap and WTLS Security  WAP: o No end-to-end Trust o Man-in-the-middle  Introduction of third Generation of Wireless  3G Security Architecture and Security Model  Diff. Between 3G vs GSM  AKA Message Flow and Connection Establishment  Overview of Ciphering and Integrity  Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts  Circuit and Packet Data Event Records  Discuss the Security of Interception  Components of GSM Network  Overview of Subscriber and its Identification  Electronic Access to the SIM  Extraction From A SIM
  • 18. o Location Information File o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data  Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator  GSM Security Operation and Forensics Tools  Overview of Cell Seizure  Features Of Cell Seizure  Advantages and Disadvantages of Cell Seizure  Tool of Cell Seizure