You are on page 1of 11

Maestro in Ethical Hacking

Maestro in Ethical Hacking

Duration Lecture with Hands On Session: Introduction As technology advances, organizations increasingly depend on technology and information assets have evolved into critical components of survival. Ethical hackers are individuals who are generally hired in organizations to perform a trusted and controlled attempt to penetrate into the digital resources of the organization which includes systems, network and applications, using the same tools, thoughts and methodology adopted by malicious attackers. The goal of ethical hackers is to help organizations being proactive and take necessary measures against malicious attacks by attacking system themselves, most importantly staying within the legal limits. This activity comes from a proven practice of trying to catch a thief by thinking like a thief. 90 Hours

Detailed Module

Hacking is Security: Sense the Heat

Introduction to Ethical Hacking What is Ethical Hacking? Understanding the Hacking Psychology and Methodology Real Meaning of Hacking v/s Public Perspective Reading the Hackers mind Difference between Hacker and Cracker Categories of Hackers: Based on Knowledge Categories of Hackers: Based on Actions Hactivism and Cyber Terrorism Why Hackers Hack? Steps performed by Hackers o FootPrinting o Scanning o Gaining Access o Maintaining Access o Clearing Tracks Basics of ISMS Elements of Information Security Information Security Supports the Mission of the Organization As an Integral Element of Sound Management Information Security Should Be Cost-Effective Responsibilities and Accountability Should Be Made Explicit Owners Have Security Responsibilities Outside Organizations Requirement of a Comprehensive and Integrated Approach Periodical Assessment of Information Security Information Security is Constrained by Societal Factors Roles and Responsibilities Senior Management Information Security Management

Module Structure This training module introduces you to Ethical Hacking and Information Security. It presents today's most critical cyber security vulnerabilities and solutions for fixing such vulnerabilities.

Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

Program and Functional Managers/Application Owners Technology Providers Supporting Functions Users

Common Threats: A Brief Overview Errors and Omissions Fraud and Theft Employee Sabotage Loss of Physical and Infrastructure Support Malicious Hackers Industrial Espionage Malicious Code Foreign Government Espionage Threats to Personal Privacy Virtualization Introduction to Virtual Machines and Virtualization Concept of Virtualization Need and Advantages of Virtualization Installation and Configuration Requirements o Hardware Requirements o Software Requirements Installation and Configuration Performance Optimization o Performance in a Virtualized Environment o CPU & Memory Performance o Guidelines for Resources and Access Control o Network Performance Optimization Host Only to Host Only Networking Host Only to LAN Networking o Storage Performance o Virtual Machine Performance o Application Performance Kyrion Digital Securities (P) Ltd.

Security Implementation Security Implementation o Fixing via Patches o Optional IDS/IPS Installation o Logging and Error Checking Troubleshooting Network Troubleshooting Memory Troubleshooting Storage Troubleshooting Data Security and Backup o Backup of Data o Backup of Virtual Machine Removing and Uninstalling of Virtual Machine Basics of Operating System Getting inside of OS Types of OS Boot Process Kernel and Library File System Kernel Library Drivers Software Application Registry Database Basics of Linux Drive References File Names Kernel o Kernel Threading o Multithreaded Application Support o Installation

Maestro in Ethical Hacking

o Configuration o Compilation Compiling Programs in Linux Introduction to GCC Compiler Linux Vulnerabilities Concept of Open Source Code

Internet Connection Sharing Setting up ICS Restricting and Limiting Network Users

Reconnaissance: Hold your Weapon

Footprinting Principles of Footprinting Footprinting Threats Way Back Machine URL Locating Internal External Restricted Websites Head Hunting Through Social Networking Sites Through Online Services Through Pipl Search Information Gathering o E-Commerce o Job Portals WHOIS lookup DNS Lookup Trace Route Website Crawling Content Ripping Website Cloning Website Watcher Google Hacking Working of Google and its methodology Introduction to Crawlers, Bots Caching Process of Crawlers Significance of Google Hacking

Basics of Mac OS History of Mac OS File system Hierarchy o Local File System o Device Driver Partitions o General Installation in VMWare Basics of Networking Introduction to Computer Networks Introduction of Network and Networking Network Devices Networking Ports and Protocols o Well Known TCP and UDP Ports Various Networking Aspects Routing Technology o Networking Topology o Transmission Modes IP Addressing and Subnetting Machine Identification: MAC Addresses OSI Reference Model: Open System Interconnection/Interface Introduction to OSI Model Layers of OSI Model o Responsibility of each layer o Protocols used for each layer o Hardware devices for each layer Reasons for Failure of OSI Model TCP/IP Model vs OSI Model

Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

Various Roles of Google as a Friend of Hacker Google Advance Search Operators Hacking Tool o Anonymity with Google o Using Google as a Proxy Server Directory Traversal Tool Vulnerable Website Locator Locating via Company Tags Locating via Web Applications Locating via Common Names Google Hacking Database Tools for Google Hacking Gooscan Goolink Scanner URL Harvester Email Forgery Introduction to E-mail Email Server What is an Email Server? o Introduction o Types o Working How to Setup an Email Server? Email Forgery Introduction to Email Forgery Ways of Email Forgery PHP Fake Mail Scripts Fake mail sending websites Email Spamming and Email Bombing Social Engineering Get in Touch Definition of Social Engineering Impact of Social Engineering Kyrion Digital Securities (P) Ltd.

o Financial Loss o Identity Loss o Mental Harassment Types of Social Engineers o Hacktivists o Industrial Espionage Agents o Economic Espionage Agents o Identity Thieves o Competitive Marketers o Criminals o Scammers o Terrorists o Frustrated Employees o Finicky Spouse Need, Goals and Prime Targets of Social Engineering

Social Engineering Shootout Attack Cycle Communication Skills Phone Calls Social Engineering Attack with Tech Spices: Malware Spywares Keyloggers The In-Person Attack Dumpster Diving Taking help of Google

Scanning: Lock the Target

Network Enumeration Objective and Techniques of Enumeration NetBIOS Enumeration User Account and Group Enumeration Default Password Enumeration SNMP Enumeration Linux Enumeration

Maestro in Ethical Hacking

DNS Zone Enumeration Web Application Automated Scanning Web Application Scanning: What & Why What is Web Application Scanning Why to do Web Application Scanning Types of Web Application Scanning o Automated v/s Manual Approach Automated Web Application Scanning Need of Automated Web Application Scanning Advantages of Automated Web Application Scanning Tools for Automated Web Application Scanning Tools for Automated Web Application Scanning Free vs Commercial Tools Result & Analysis Test Procedure Static Analysis

What to be Enumerated Network Shares and Resources Users and Groups Application and Banners IP and Port Scanning Pre-Scanning Phase Ping Sweep TCP Flags Scanning Techniques TCP Scanning SYN Scanning UDP Scanning ACK Scanning Windows Scanning FIN Scanning Other Scan Types
o o o o o o X-Mas Scan Null Scan Protocol Scan Idle Scan Cat Scan ICMP Scan

Gaining Access: Fire in the Hole

Password Cracking: Windows Security Architecture in Windows Local Security Authority Security Account Manager Security Reference Monitor Windows Login Process Password Attacks in Windows Non Technical Attacks Bruteforcing, Dictionary and Rainbow Table Attacks Passive Online Attacks Active Online Attacks Password Cracking: Linux Password Attacks in Linux Single User Mode

Do Not Scan These IP Addresses (Unless you want to get into trouble) OS Fingerprinting Active Fingerprinting Passive Fingerprinting: Banner Grabbing Wifi Scanning Hot spotting War Walking War Driving War Flying Hidden SSID Discovery Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

Bruteforcing Attack Kernel Bypassing

Password Cracking: Mac OS Vulnerabilities in Mac OS Crafted URL CoreText Pointer Image IO Integer Overflow Image IO Memory Corruption UFS File System Overflow User Privilege Escalation Cracking Mac OS Malformed Installer Package Crack Worms and Viruses in Mac OS o Working o Removal Password Cracking o Single User Mode o Bootable Disc Attack Security Tools Password Cracking: Applications Various Attacks Brute Force Attack Brute Force with Mask Attack Dictionary Based Password Attack Password Cracking: E-mail/Online Accounts Keystroke Loggers Overview of Keystroke Logger Users Credentials Theft o On Spot Checking o Getting Logs on Mail o Remote Installation Shakehand: Antivirus and Keylogger

Phishing Hidden Frames URL Obfuscation HTML Image Mapping Password Cracking: Wifi Network Introduction to Wireless LAN Security Wireless LAN Technology General security threats Overview of Wireless LAN Security De-authentication Phase MAC Address Spoofing Getting Access of Wireless LAN WEP Key Cracking WPA De-authentication Attacks Hacking Hotspot: Rogue Access Point Setting up Rogue Access Point ESSID Selection Setting Channel Bridging Enabling IP Forwarding Manual Checking Ways to (mis)use Rogue Access Point
Data Leakage Network Scans Enterprise Data Access Free Internet Access DoS Attack

LAN Attacks Network Security What is Security?

Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

Why security is necessary in network? MetaSploit Framework Introduction to MSF: MetaSploit framework Working of MSF Exploitation with MSF o Using WebGUI o Using Console Web Application Attacks Injection Based Attacks SQL Injection Types of SQL Injection o Form Based o URL Based-Blind SQL Injection HTML Injection (Cross Site Scripting) XSS Types of XSS Attacks o Stored XSS or Persistent XSS o Reflected XSS or Non-Persistent XSS o DOM Based XSS Code Injection o Remote Code Execution Introduction to other Miscellaneous Web Based Attacks Application Username Enumeration Web Based Brute Forcing Anonymous Web Application Crawling Insecure Cryptographic Storage Broken Authentication and Session Management Basics of Cookies Stealing/Session Hijacking o What is Cookies Stealing/Session Hijacking o Session Hijacking: Threats o Attack the Victim HTTP Referrer Attack MITM Attack Man-in-the-Browser Attack Client Side Virus Attack

Threats to Network Confidentiality o Network Reconnaissance o Network Sniffing o Man in Middle Attack o Session Hijacking Integrity o Pharming o DNS Spoofing o ARP Poisoning Availability o MAC Flooding Operations in Network Security Network Mapping o Ping Sweep o Network Enumeration Buffer Overflow Exploitation Introduction to Computer Memory Architecture Concept of Buffer, Heap and Stack Introduction to Memory Exploitation/Buffer Overflow Categories of Error Conditions o Heap Based Overflow o Stack Based Overflow o Integer Based Overflow NOPS (No-Operation instructions) Introduction to Attack Hierarchy Logics of Payloads, Exploits Information Gathering and Identification Client Side Services Identification Setting up Arrow and Bow Exploitation Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

XSS Attack

Clearing Tracks: Bury the Ashes Maintaining Access: Deploy Agent X

Trojan Attack Overview of Trojan o What Attacker can gain o Types of Trojans o Attacking Vectors o Working of Trojans Concept of Binders/Wrappers Trojan Propagation Trojan Attack o Direct Connection o Reverse Connection Injection in System Files Malwares: Viruses and Worms Introduction to Computer Malware Overview Malware: Malicious Software Proliferation and Purposes Types of Malware o Virus: Vital Information Resources Under Seize Resident Nonresident o Worm: Write Once Read Multiple o Rootkit o Spyware, Keystroke Logger Virus and Worm: Infectious Malware Significance of Virus and Worm Behavioral Activity of Virus and Worm Virus and Worm Development o By Automated Tools o Coding own Viruses and Worms Keystroke Loggers: Malware for profit Kyrion Digital Securities (P) Ltd. Hiding the Identity IP Spoofing MAC Spoofing TTL Spoofing Traces Removal Registry Cleaning Logs Removal Cookies and History Wiping Data Eraser

Disaster Recovery: Rebuild the Breached Castle

Data Recovery and Backup Introduction to Data Recovery and Backup Types of Backup o Full Backup o Differential o Incremental o Daily Backup Planning a Backup o Data Severity Checking o Choices of Backup Solutions o Trigger Backup o Data Integrity Checking Brief Introduction of Hard Drive Operations Early Diagnostics and Warning Signs Defects and Diagnostics Hard Drive Error codes Physical Hard Drive Components Common mechanical failures Delivery format Text

Maestro in Ethical Hacking

Data Recovering Technique Hardware Repair Logical Damage o Corrupt Partitions o Corrupt File System o Media Errors o Overwritten Damage Data Acquisition OS Volume Information Disk Imaging User Account Security: Windows Account Security Strengthening Strong Password Policy Additional Security: Syskey Encryption User Account Control : Parental Controls Restricting BIOS Setup Physical Security User Account Security: Linux Minimizing the Security Risks during Installation Secure Installation Minimal Application Selection Secure Partitioning Securing GRUB User Account Security Strengthening Strong Password Policy No GUI Login Policy for Root GRUB Menu Protection Restricting BIOS Setup Physical Security Wifi Security Securing the Perimeter Kyrion Digital Securities (P) Ltd.

Changing the Default Settings Cloaking the SSID MAC Filtering Static IP Configuration MAC IP Binding Increasing Security Encryption

Stop Human Hacking Social Engineering Attack Identification Personal Security Awareness Psychological Training Strict Policies for Voicemail Use Fax Use Phone Use Email Use Password Use Computer Use Securing Cyber Social Life Awareness is the Primary Key Email Security o Email Header Analysis o Tracing the Email path o Locating the Original Sender of the Email o Tracing Tool Email Filters o Spam Filtering o Blacklisting Servers and Emails Online Account Security Protocols Technical Controls: For Administrators Phishing Identification Methodology Patching Phishing Vulnerability Facebook Account Security

Maestro in Ethical Hacking

Securing Applications Common Buffer Overflow Attack Avoid Buffer Overflow Attack Choice of Programming Language Code Pointer Integrity Checking StackGuard: Compiler-generated Checking Canary Values Use of Safe Libraries Pointer Protection Heap Implementation Hardening

Steganography ADS: Alternate Data Streams Securing Web Application Web Application Security Concept of Web Server and Database Server Introduction to Risk Assessment and Threat Modeling Authentication and Authorization Mechanism Session Management Cryptography Confidentiality, Integrity and Availability Configuration Management and Sensitive Data Parameter Manipulation and Exception Management Auditing and Logging System Recovery and Troubleshooting Detection and Removal of Malware Anti Malware Tools Manual Removal of Malwares o Through Process Viewer o Through Live CD Identifying General Error Codes System Repair Startup Repair Grub Management Cron Management Backup and Recovery OS Image Recovery o Backup Management o Restoring Backups o Restoring Restoration Points System Image Recovery Disc o Burning Disc o Box Recovery Third Party Software Recovery




Data Management: ADS, Cryptography and Steganography Cryptography Symmetric Key Cryptography o One time pad and stream ciphers o Block ciphers Message Integrity o Hashing Public Key Cryptography Digital Signatures Digital Certificate Cryptographic Algorithm o RSA o DES/ Triple DES o Kerberos User Client-based Logon Client Authentication Client Service Authorization Client Service Request Applied Cryptography o Network Encryption SSL/TLS IPsec o Disk Encryption Kyrion Digital Securities (P) Ltd.

Maestro in Ethical Hacking

Secure System Configuration Components in Network/Computer Security Firewall o Types of Firewall Intrusion Detection System (IDS) Intrusion Prevention System (IPS) Proxy Servers Demilitarized Zone o Honey Pots

Indian Cyber Law Introduction to IT Act 2000 Amendment 2008 Under Umbrella of IT Act 2000 o Cyber Crimes o Electronic and Digital Signatures o Intellectual Property o Data Protection and Property Limitations of IT Act 2000

Hacking Mashup: Reserved Armory

Indian Cyber Law Introduction to Cyber Introduction to Cyber, Cyberspace Boundary line of Cyber and Cyberspace Cyber Law: Need of Cyber World Introduction & need of Cyber Law Jurisprudence of Cyber Law Evolution of Key Terms and Concepts No Mens Land between Legal and Illegal Cyber Crime and Criminals Introduction to Cyber Crime Nature, Mindset, Psychology of Cyber Criminal Classification of the Hackers: On the behalf of Working o Hacktivists o Black Hat Hackers o Grey Hat Hackers o White Hat Hackers Classification of Hackers: On the behalf of Knowledge o Coders o Admins o Script Kiddies Why Hackers Hack?? Kyrion Digital Securities (P) Ltd.