Professional Documents
Culture Documents
Detai
ls
may
be
seen
at
Anne
xur
e-I
Week 14 Vulnerability Success stories (For further detail Task 56
Analysis please see Page No: 3& 4) Task 57
Describe vulnerability assessment Task 58
Describe about vulnerability
management life cycle Details may
(vulnerability assessment be seen at
Understand different Annexur e-I
approaches of vulnerability
assessment solutions
Describe different characteristics
of good vulnerability assessment
solutions
Explain different types of
vulnerability assessment tools
Choose an appropriate
vulnerability assessment tool
Understand vulnerability scoring
systems
Use various vulnerability assessment
tools
File Blocking
SSL Decryption
Advanced Malware Protection (AMP)
AMP for Network
AMP for Content
AMP for Endpoint
Security Intelligence
Task
Task Description Week
No.
Cyber Security
Open Source As a professional Ethical Hacker or Pen Tester, your first Week-2
Information Gathering &3
step will be to check for the reachability of a computer in the
using Windows
Command Line target network. Operating systems offer several utilities
Utilities
that you can readily use for primary information – gathering.
1 Windows command-line utilities such as ping nslookup.
And tracert gather important information like IP address,
maximum Packet Fame size, etc., about a target network of
system that form a base for security assessment and pen
test.
Finding Company’s As a professional ethical hacker, you should be able to
Sub – domains using
extract information on the target using an automated tool
Sublist3r
2 such as Sublist3r. It uses multiple search engines to gather
the subdomains of a target domain. This lab will
demonstrate extracting information using Sublisør.
Gathering Personal During information gathering you need to gather personal
Information using
information about employees working on critical positions in
Online People Search
Services the target organization such as Network Administrator, Help
16 Reconnaissance additional domains. This activity will enable you to find all
using Recon – ng the hosts present on the target. This lab will demonstrate
how to discover additional hosts from the target
Using Open – source During information gathering, you are required to discover
Reconnaissance Tool
personal information on the target. This personal
Recon – ng to Gather
Personnel Information information can be used later to perform other attacks such
as social engineering attacks. So as a professional ethical
17
hacker or pen tester, you should be able to discover the
personal information of a target company. This lab will
demonstrate how to discover personal information about
the target organization
Collecting Information Lab Scenario For a security assessment, you can gather
23 Scanning the Network During network – scanning phase, you are required to Week-
5,6,7
Performing Man – in – You learned in the previous lab how to obtain user name Week –8
the Middle Attack and passwords using Wireshark. By merely capturing
30
using Cain & Abel enough packets, attackers can extract the username and
password if victims authenticate themselves in public
Detecting phishing As you are an expert Ethical Hacker and Penetration Week-9
using Netcraft
Tester, you must be aware of phishing attacks occurring on
the network, and implement anti-phishing measures. In an
35
organization, proper training must be provided to the
people, to help them deal with phishing attacks. In this lab,
you will be learning to detect phishing using Netcraft.
Detecting Phishing PhishTank is a collaborative clearinghouse for data and
36 using PhishTank
information regarding Internet phishing.
Plot no. 38, Kirthar Road, H-9 Islamabad
051-9044250
Sniffing Facebook
The Social Engineering Toolkit (SET) is an open – source
Credentials using
37
Social Engineering Python – driven tool designed for penetration testing
Toolkit (SET)
Phishing User Social Engineering attacks are used to compromise
Credentials using companies every day. They are an increasing threat to
SpeedPhish organizations all over the globe. Even though there are
Framework (SPF)
many hacking tools available throughout hacking
38 communities, SpeedPhish Framework (SPF) is freely
available and applicable to Spear – phishing attacks,
website attacks, and many others. Attackers can draft
email messages, attach malicious files, and send them to
numerous people using SPF
39 Modular Policy Configuring MPF with security filtering. Implementation of
Framework ASA clustering with spanned ether-channel and interface
mode.
Detecting Intrusions The goal of the Intrusion Detection Analyst is to find Week-12
using Snort
possible attacks against a network. The past few years
have witnessed a significant increase in DdoS attacks on
the Internet, making network security a great concern.
Analysts must do this by examining IDS logs and packet
48
captures and corroborating them with firewall logs, known
vulnerabilities, and general trending data from the Internet.
IDS attacks are becoming more cultured, automatically
reasoning the attack scenarios in real time and categorizing
them has become a critical challenge
Plot no. 38, Kirthar Road, H-9 Islamabad
051-9044250
Detecting Malicious A honeypot makes a protected domain in which to capture
Network Traffic using
and interact with spontaneous movement on a system.
HoneyBOT HoneyBOT
HoneyBOT is a simple – to – use arrangement perfect for
system security research or as a feature of an early –
49 warning IDS. As a penetration tester, you will come across
systems behind firewalls that block you from accessing the
information you want. Thus, you will need to know how to
avoid the firewall rules in place and discover information
about the host. This step in a penetration testing is called
Footprinting a Web
Pen testers must be familiar with banner grabbing
Server using ID Serve
techniques to monitor servers and ensure compliance and
appropriate security updates. This technique also helps in
locating rogue servers or determining the role of servers
54 within a network. In this lab you will learn the banner
grabbing technique to determine a remote target system
using ID Serve. In order to be an expert ethical hacker and
pen tester, its important to understand how to footprint a
webserver.
Uniscan Web Server Webserver fingerprinting is an essential task for any
Fingerprinting in Kali
penetration tester. Before proceeding to hacking /
Linux
exploiting a webserver, it is critical for the penetration tester
to know the type and version of the webserver as most of
the attacks / exploits are specific to the type and version of
55
the server being used by the target. These methods help
any penetration tester to gain information and analyze their
target so that they can perform a thorough test and can
deploy appropriate methods for mitigation of such attacks
on the server.
Build your CV Download professional CV template from any good site Week-14
(https://www.coolfreecv.com or relevant) & 15
Add Personal Information
56
Add Educational details
Add Experience/Portfolio
Add contact details/profile links
Exploiting Parameter
Though web applications enforce certain security policies,
Tampering and XSS
57 they are vulnerable to attacks such as SQL injection, cross-
Vulnerabilities in Web
site scripting, and session hijacking.
Applications
61 Cisco Web Security Bootstrapping Cisco WSA and deploy proxy services
Appliance
Calculating One - way Message digests or one - way hash functions distill the Week-20
Hashes using
information contained within a file (small or large) into a
HashCalc EY
HashCalc single fixed - length number, typically between 128 and 256
bits in length. If any given bit of the function's input is
changed, every output bit has a 50% chance of changing.
Given an input file and its corresponding message digest, it
72 should be nearly impossible to find another file with the
same message digest value, as it is computationally
unfeasible to have two files with the same message digest
value. Hash algorithms are widely used in a wide variety of
cryptographic applications, and are useful for digital
signature applications, file integrity checking and storing
passwords.
74 Cisco Identity Services Implementing next generation NAC solution with Identity
Engine management, profiling, posturing, BYOD access control and
guest services
Session- 1 (Communication):
Please find below an overview of the activities taking place Session plan that will
support your delivery and an overview of this session’s activity.
Session- 1 OVERVIEW
Aims and Objectives:
To introduce the communication skills and how it will work
Session Close: MENTOR: Close the session with the opportunity for
5 minutes anyone to ask any remaining questions.
Instructor:
Facilitate the wrap-up of the session. A quick reminder
of what is coming up next and when the next session
will be.
1. Self & Family background Seemant Sehgal, Founder and CEO of BreachLock
Inc. is a promising Cyber Security Entrepreneur in the
EU and USA tech scene. His venture BreachLock has
been listed amongst Top 10 Vulnerability Management
Solution providers for 2019 and is listed in Top 10
Vulnerability Assessment Solutions by Gartner Peers
insights. He is an ardent supporter of RED Teaming
philosophy. Seemant is a regular speaker at
international conferences and also an author for the
ISACA Journal since 2015. In January 2015, Seemant’s
paper on “Effective Cyber Threat Management –
Evolution And Beyond” was published in the ISACA
Journal
3. Post-training activities
His areas of expertise include cyber resilience, payment
security ( PSD2, PCI DSS), ISO 27001, Cyber defense
and SOC. He is a proud contributor/supporter for Threat
Intelligence Based Ethical Red teaming (TIBER)
initiative.He has been recently engaged with
organizations such as ING Group, Capital One Bank,
IBM, COMODO Security Solutions (UK) and Cisco
Systems offering them his expertise in various domains
of Information Security. He has also achieved various
certifications including SANS GSNA, CISM, CISA, CEH,
ISO 27001 Lead Implementer.
1. To call a passed out successful trainee of the institute. He will narrate his success story to
the trainees in his own words and meet trainees as well.
2. To see and listen to a recorded video/clip (5 to 7 minutes) showing a successful trainee
Audio-video recording that has to cover the above-mentioned points.*
3. The teacher displays the picture of a successful trainee (name, trade, institute,
organization, job, earning, etc) and narrates his/her story in the teacher’s own motivational
words.
* The online success stories of renowned professional can also be obtained from Annex-II
Work ethic is a standard of conduct and values for job performance. The modern definition of what
constitutes good work ethics often varies. Different businesses have different expectations. Work
ethic is a belief that hard work and diligence have a moral benefit and an inherent ability, virtue, or
value to strengthen character and individual abilities. It is a set of values-centered on the
importance of work and manifested by determination or desire to work hard.
The following ten work ethics are defined as essential for student success:
1. Attendance:
Be at work every day possible, plan your absences don’t abuse leave time. Be punctual
every day.
2. Character:
Honesty is the single most important factor having a direct bearing on the final success of
an individual, corporation, or product. Complete assigned tasks correctly and promptly.
Look to improve your skills.
3. Team Work:
The ability to get along with others including those you don’t necessarily like. The ability to
carry your weight and help others who are struggling. Recognize when to speak up with an
idea and when to compromise by blend ideas together.
4. Appearance:
Dress for success set your best foot forward, personal hygiene, good manner, remember
that the first impression of who you are can last a lifetime
5. Attitude:
Listen to suggestions and be positive, accept responsibility. If you make a mistake, admit it.
Values workplace safety rules and precautions for personal and co-worker safety. Avoids
unnecessary risks. Willing to learn new processes, systems, and procedures in light of
changing responsibilities.
6. Productivity:
Do the work correctly, quality and timelines are prized. Get along with fellows, cooperation
is the key to productivity. Help out whenever asked, do extra without being asked. Take
pride in your work, do things the best you know-how. Eagerly focuses energy on
Plot no. 38, Kirthar Road, H-9 Islamabad
accomplishing
051-9044250 tasks, also referred to as demonstrating ownership. Takes pride in work.
7. Organizational Skills:
Make an effort to improve, learn ways to better yourself. Time management; utilize time and
resources to get the most out of both. Take an appropriate approach to social interactions
at work. Maintains focus on work responsibilities.
8. Communication:
Written communication, being able to correctly write reports and memos.
Verbal communications, being able to communicate one on one or to a group.
9. Cooperation:
Follow institute rules and regulations, learn and follow expectations. Get along with fellows,
cooperation is the key to productivity. Able to welcome and adapt to changing work
situations and the application of new or different skills.
10. Respect:
Work hard, work to the best of your ability. Carry out orders, do what’s asked the first time.
Show respect, accept, and acknowledge an individual’s talents and knowledge. Respects
diversity in the workplace, including showing due respect for different perspectives,
opinions, and suggestions.