Learning Outcome of the Course
• Knowledge of Information technology catering principles and
Course Execution Plan
Companies Offering Jobs in the
respective trade
Job Opportunities
Cyber Security
Knowledge Proficiency Details
Capabilities with particular -emphasis on the technical support of
local area networks.
• Knowledge of securing networks, systems, servers and
operating Systems with troubleshooting.
• Knowledge of the web attacks in modern day servers
Skills Proficiency Details
• Hands on experience in pen testing all network technologies
regarding with local area network.
• Perform various tests to detect and provide defense against
vulnerabilities.
• Practical scenarios to compromise web servers and web
applications.
• Ability to detect attack vectors, identify attack type and
provide continuity of operations.
• Ability to recover data from damaged disks to ensure data
consistency.
• Capable of malware analysis to detect basic working of
malwares.
• Pen testing mobile devices and applications.
Total Duration of Course: 3 Months
Class Hours: 4 Hours per day
Theory: 20% Practical: 80%
• Trillium
• Afinity
• NetSole
• I2c
• Multinet
• Nescom
• Transworld
• Netcom
• Systems
• Web Work Solution
• Purelogics
Security Operations Centre (SOC) Engineer
• Network Administrator
• IT Support Officer
• Manager / Assistant Manager IT
• Network support engineer
• Security Analysts
• Penetration tester
No of Students 25

Learning Place Classroom/Lab

Instructional Resources EC-Council

https://www.eccouncil.org/certified-ethical-hacker-training-and-

certification/
Linux Foundation
https://training.linuxfoundation.org/resources/
Cisco Adaptive Security Appliances
https://www.cisco.com/c/en/us/solutions/industries/education/educa
tor-resource-center/networking-academy.html
Cisco Next Generation Firewall
https://learningnetwork.cisco.com/s/next-generation-firewall-training-
videos
Cisco Web Security
https://learningnetwork.cisco.com/s/web-security-training-videos

Cisco Email Security

https://learningnetwork.cisco.com/s/email-security-training-videos
Huawei Next Generation Security
https://e.huawei.com/ae/products/enterprise-networking/security
Cisco Identity Services Engine
https://www.cisco.com/site/us/en/products/security/identity-
services-engine/index.html

Cyber Security
 Scheduled Module Title Days Hours Learning Units Remarks
Week

Week 1 Introduction / Day 1 Hour#1 Motivational Lecture

Cyber Security
Fundamentals Hour#2 Course Introduction
Hour#3 Success stories
Hour#4 Job market
Day 2 Hour#1 Course Application in Industry
Hour#2 Institute/work ethics
Hour#3 Introduction to Cybersecurity
Hour#4 Objectives / Roles
Day 3 Hour # • Why is Cyber security Important?
1 &2 • What is a Hacker?
• Describe the elements of information
security
Hour # Lab Buildup (Installation of VMware
3&4 Workstation, EVE-NG, Kali-Linux)
Day 4 Hour # Explain information security threats and
1&2 attack vectors
Hour # Describe the hacking concepts, types, and
3&4 phases

Day 5 Hour # Understand the information security

1&2 controls (information defense-in-depth,
policies, procedures, awareness and risk
management)
Hour # Understand the penetration testing process
3&4
Week 2 Information Day 1 Hour#1 Motivational Lecture (For further detail • Task -
Gathering, Foot please see Page No: 3& 4) 1
printing,
Hour#2 Basic Concept of Foot printing
Reconnaissance
Hour # 3- Task 1, Task 2, Task 3 and Task 4 to be • Task -
and
4 practiced by students 2

Cyber Security
 Enumeration Day 2 Hour#1 OS, Application, Server, Hardware,
Version, information gathering • Task -
3

• Task -
4

• Task -
5

• Task - 6

Cyber Security
 Hour#2 Task 5, Task 6 and Task 7 to be practiced Task -
by students 7
Task –
8

Task – 9

Hour#3 Perform scanning to check for live system Task –

and open ports 10
Hour#4 Task 8 to be practiced by students
Day 3 Hour#1 Subdomains, Email, DNS information Task –
gathering 11

Hour#2 Task 9 & 10 to be practiced by students Task –

12
Hour#3 Foot printing using Search Engines
Task –
13
Hour#4 Task 11 to be practiced by students

Task –
Day 4 Hour#1 Network Foot printing
14
Hour # 2- Task 12 to be practiced by students Task -
3 15
Hour#4 Concepts of Enumeration
Introduction to Enumeration tools

Day 5 Hour#1 NetBIOS and SNMP Enumeration

Hour#2 Task 13 & 14 to be practiced by students Details

may
Hour#3 NTP, DNS and FTP Enumeration be seen at
Annexure-I

Hour#4 Task 15 to be practiced by students

Week 3 Vulnerability Day 1 Hour#1 Success stories (For further detail please • Task -
Assessment, see Page No: 3& 4) 16
Operating System Hour#2 Concept of Vulnerability
(Linux) • Task -
Fundamentals Hour#3 Introduction to Vulnerability Assessment 17
Tools
Use Nikto for Vulnerability Scanning • Task -
 Hour#4 Task 16 to be practiced by students 18
Day 2 Hour#1 Vulnerability research using vulnerability
scoring systems and databases • Task –
19
Cyber Security

• Task –
Hour#2 Lynis for System Vulnerability Scanning 20

Hour # 3-4 Task 17 to be practiced by Students • Task –

21
Day 3 Hour#1 Vulnerability Assessment Reports

Hour#2 Create a Formatted Report with Nikto

Hour # 3 -4 Task 18 to be practiced by Students

Details may
Day 4 Hour # 1-2 Introduction is Linux Distributions be seen at
Installing Kali Linux and CentOS Annexure-I
Hour # 3-4 Task 19 to be practiced by Students

Day 5 Hour#1 Basic Shell Commands of Linux

Hour#2 Task 20 to be practiced by Students

Hour#3 Managing Users, Groups and Partitions

Hour#4 Task 21 to be practiced by Students

Week 4 Operating Day 1 Hour#1 Success stories (For further detail please • Task –
System see Page No: 3& 4) 22
(Linux) Hour#2 Managing Files and their permissions.
Fundament • Task –
als, Social Hour # 3-4 Task 22 to be practiced by Students 23
Engineering
Exploits Day 2 Hour#1 File Ownership
• Task –
Hour#2 Task 23 to be practiced by Students 24

Hour#3 Working with the Bash Shell & Shell • Task –

Scripts 25
Hour#4 Task 24 to be practiced by Students
Day 3 Hour#1 Installation of CentOS • Task –
Hour#2 Task 25 to be practiced by Students 26
Hour#3 Installation of Apache Server on Linux
• Task –
Hour#4 Task 26 to be practiced by Students
 Day 4 Hour # 1-2 FTP/SMB/DHCP/DNS/Apache/Mail 27
Servers on Linux
Hour # 3-4 Task 27 to be practiced by Students • Task -
Day 5 Hour # 1-2 Describe the social engineering concepts 28
Perform social engineering using various
techniques • Task –
Describe insider threats 29
Perform impersonation on social
networking sites Details may

Cyber Security
Describe Phishing and Pharming be seen at
Annexure-I
Hour # 3-4 Task 28 and Task 29 to be practiced by
Students 1st
Monthly
test
Week 5 System Hacking & Day 1 Hour#1 Motivational Lecture (For further detail • Task –
Manipulation. please see Page No: 3& 4) 30
Sniffing
Techniques & Hour#2 System Hacking Concepts
• Task –
Attacks Hour#3 Performing Online Password Attacks 31
Hour#4 Task 30 to be practiced by Students
Day 2 Hour#1 Gain Access of remote system using • Task –
Armitage 32
Hour#2 Task 31 to be practiced by Students
• Task –
Hour#3 Hide data using steganography 33
Hour#4 Task 32 to be practiced by Students
• Task –
Day 3 Hour#1 Sniffing Concepts
34
Hour#2 Use of Sniffing tool (Wireshark Network
Analyzer) • Task –
Hour # 3-4 Task 33 to be practiced by Students 35
Day 4 Hour#1 Sniffing using MAC Flooding
• Task –
Hour#2 Task 34 to be practiced by Students
36
Hour#3 Sniffing Technique: DHCP Starvation using
Yersinia • Task –
Hour#4 Task 35 to be practiced by Students 37

Day 5 Hour#1 Sniffing Technique: DNS Poisoning

 Hour#2 Task 36 to be practiced by Students
Hour#3 Sniffing Countermeasures and Detection
Methods
Details may
Hour#4 Task 37 to be practiced by Students be seen at
Annexure-I

Week 6 Denial of Service, Day 1 Hour#1 Motivational Lecture (For further detail • Task –
Session Hijacking, please see Page No: 3& 4) 38
Hacking Web Hour#2 DOS/ DDoS concepts
Applications • Task –
Hour#3 Perform SYN Flooding Attack using hping3
39
& Metasploit
Hour#4 Task 38 and Task 39 to be practiced by
• Task –
Students
Cyber Security
Day 2 Hour#1 Using different attacking tools, perform 40
ICMP Flood Attack / Ping of Death Attack
/ DDoS Attack • Task –
Hour # 2-3 Task 40, Task 41 and Task 42 to be 41
practiced by Students
• Task –
Hour#4 DOS/DDoS Countermeasures 42
Day 3 Hour#1 Session Hijacking
Types of Session Hijacking • Task –
Spoofing 43
Hour#2 Network Level Hijacking – Capturing
• Task –
Cookie Sessions
44
Hour # 3-4 Task 43 to be practiced by Students
Day 4 Hour#1 Web Application Architecture • Task –
Web Application Threats 45
OWASP Top 10 Application Security
Risks – 2022
Hour#2 Web Application Security using WAF (F5
ASM)
Hour # 3-4 Task 44 to be practiced by Students
Day 5 Hour#1 • Web Application Hacking Methodology Details may
• Web API
Webhooks and Web Shell be seen at
Web API Hacking Methodology Annexure-I

Hour#2 Web Application Security using AWS WAF

 Hour # 3-4 Task 45 to be practiced by Students
Build Your CV Download professional CV template
from any good site
(https://www.coolfreecv.com or
relevant)

Add Personal Information

Add Educational details

Add Experience/Portfolio

Add contact details/profile links

Week 7 Employable Midterm Project / Exam

Project/Assignm Guidelines to the Trainees for selection
ent of student’s employable project like final
6 weeks (i.e 8- year project (FYP)
13) Assign Independent project to each
in addition to Trainee
regular A project based on trainee’s aptitude
classes. and acquired skills.
Designed by keeping in view the
emerging trends in global and local
markets
The project idea may be based on
Entrepreneur.
Leading to the successful employment.

Cyber Security
The duration of the project will be 6
weeks
Ideas may be generated via different sites
such as:
• https://1000projects.org/
https://nevonprojects.com/
https://www.freestudentprojects.co
m/
• https://technofizi.net/bestcomputer-
science-and-engineeringcse-project-
topics-ideas-forstudents/

Final viva/assessment will be conducted

on project.

Week 8 SQL Injections, Day 1 Hour#1 Motivational Lecture (For further detail • Task –
Hacking Wireless please see Page No: 3& 4) 46
 Networks, Hour#2 SQL Injection
Hacking Web Types of SQL injection • Task –
Servers Hour#3 Task 46 to be practiced by Students 47
Hour#4 SQL Injection Methodology SQL
Injection Tools • Task –
Day 2 Hour#1 Launch a SQL Injection Attack Enumerate 48
number of columns in database
• Task –
Hour#2 Task 47 to be practiced by Students 49
Hour#3 Blind SQL Injection Attack
Bypass Website Logins Using SQL Injection • Task –
50
Hour#4 Task 48 to be practiced by Students
• Task –
Day 3 Hour#1 SQL Injection Detection Tools
51
Use WebCruiser to Detect SQL Injection
Hour#2 Task 49 to be practiced by Students • Task –
Hour # 3-4 • Wireless Terminology 51a
Wireless Networks
• Wireless Encryption
Wireless Threats
Wireless Hacking Methodology
Day 4 Hour # 1-2 Wi-Fi Encryption Cracking
WEP/WPA/WPA2 Cracking Tools
Hour # 3-4 Task 50 to be practiced by Students
Details may
Day 5 Hour # 1-2 Website Defacement be seen at
Web Cache Poisoning Attack Annexure-I
Web Server Attack Methodology
Web Server Attack Tools

Cyber Security
 Web Server Security Tools

Hour # 3-4 Task 51 and Task 51a to be practiced by

Students

Week 9 Cloud Computing Day 1 Hour#1 Motivational Lecture (For further detail • Task –
& Security please see Page No: 3& 4) 52
Hour#2 Cloud Computing Concepts
Hour#3 Cloud Computing Service / Deployment • Task –
Models 53
Hour#4 Creating free-tier account on AWS by
Students • Task –
Day 2 Hour#1 AWS Account Security, Identity and 54
Access Management
Hour#2 Task 52 to be practiced by Students • Task –
Hour#3 AWS Management Console / SDK / CLI
55
access
Hour#4 Task 53 to be practiced by Students • Task –
56
Day 3 Hour#1 Compute Services (EC2, AMI,
Containers, • Task –
Dockers, Kubernetes) 57
Serverless Computing
Hour # 2-3 Task 54 to be practiced by Students
Hour#4 Container and Kubernetes
Vulnerabilities Cloud Attacks
Day 4 Hour#1 Components of Virtual Private Cloud in
AWS Details may
Hour#2 Task 55 to be practiced by Students

be seen at
Hour#3 Cloud Network Security (Security Annexure-I
Groups, Network ACLs, AWS Network
Firewall)
Hour#4 Task 56 to be practiced by Students

Day 5 Hour # 1-2 DDoS protection scheme in AWS Cloud

Hour#3 Task 57 to be practiced by Students

Hour#4 Database Hardening in AWS
Week 10 Cisco Adaptive Day 1 Hour#1 Motivational Lecture (For further detail • Task –
please see Page No: 3& 4) 58
 Security Hour # 2-3 ASA Firewall Technologies
Appliance Basic Firewall initialization using CLI and • Task –
(ASA) ASDM 59
Hour#4 Task 58 to be practiced by Students
Day 2 Hour#1 Firewall Access Control • Task –
Hour#2 Task 59 to be practiced by Students 60
Hour#3 NAT on ASA (IPv4 / IPv6)
Hour#4 Task 60 to be practiced by Students • Task –
Day 3 Hour#1 Routing and VLAN configuration 61
Hour#2 Task 61 to be practiced by Students
• Task –
Hour#3 Firewall Deployment Modes 62
Transparent Firewall
Hour#4 Task 62 to be practiced by Students • Task –
Day 4 Hour#1 Virtualization (Context) on ASA 63
Hour#2 Task 63 to be practiced by Students
Hour#3 ASA Firewall - High Availability Features • Task –
Hour#4 Task 64 to be practiced by Students 64

Day 5 Hour#1 ASA Clustering • Task –

Hour#2 Task 65 to be practiced by Students 65
Hour#3 Modular Policy Framework
• Task -
Hour#4 Task 66 to be practiced by Students
66

Details may
be seen at
Annexure-I

Week 11 Next Generation Day 1 Hour#1 Motivational Lecture (For further detail • Task –
Firewall (USG please see Page No: 3& 4) 67
6000v), Hour#2 Evolution / Need for NGFW
Data Center Deployment Models • Task –
Advanced 68
Hour#3 Initial Setup / Boot strapping of Huawei
Architecture and
USG6000v Firewall
implementation • Task –
of Web Security. Hour#4 Task 67 to be practiced by Students
69
Day 2 Hour#1 • Traffic flow
• Security Policy Components
Security Zones • Task –
Creating Individual Objects and Groups 70

Cyber Security
 Hour#2 Task 68 to be practiced by Students
Hour#3 Filtering based on Application Visibility • Task –
and Control 71
Hour#4 Task 69 to be practiced by Students
• Task –
Day 3 Hour#1 Filtering based on Web URLs 72
File Blocking
Hour#2 Task 70 to be practiced by Students • Task –
Hour#3 Intrusion Detection and Prevention 73
(IPS) / SNORT Rules
Hour#4 Task 71 to be practiced by Students • Task –
Day 4 Hour#1 SSL Decryption 74
Cyber Security

Monitoring and Reporting

Hour#2 Task 72 to be practiced by Students

Hour#3 Need for Web Application Firewall

Creating WAF protection profile
Hour#4 Task 73 to be practiced by Students Details may

be seen at
Day 5 Hour#1 Features and Functionality of Cisco WSA Annexure-I

Hour#2 Install and Verify the Cisco WSA in various

deployment scenarios
Hour # 3-4 Task 74 to be practiced by Students
Week 12 Web Security, Day 1 Hour#1 Motivational Lecture (For further detail • Task –
Email Security, please see Page No: 3& 4) 75
Network Hour # 2-3 Configuring Cisco Web Security Appliance
Admission Control (WSA) policies • Task –
(Cisco Identity Enforcing Acceptable usage control 76
Services Engine) Defending against malware
Hour#4 Task 75 to be practiced by Students • Task –
77
Day 2 Hour # 1-2 Features and Functionality of Cisco ESA
Deployment Options
Installation of Cisco Email Security • Task –
Appliance 78
Hour # 3-4 Task 76 to be practiced by Students
• Task -
 Day 3 Hour # 1-2 Email Security Pipeline 79
Controlling Sender and Recipient Domains
Controlling Spam with Cisco Sender Base
and Anti-spam
Administering the Cisco Email Security
Details may
Appliance
be seen at
Annexure-I
Hour # 3-4 Task 77 to be practiced by Students
Day 4 Hour # 1-2 Cisco ISE Architecture
ISE Deployment Models

Implementation / Bootstrapping

Hour # 3-4 Task 78 to be practiced by Students

Day 5 Hour # 1-2 Identity Management

Cisco ISE Policies (Authentication,
Authorization, Profiling, Posturing, Guest
Access)
Hour # 3-4 Task 79 to be practiced by Students
Week 13 Entrepreneurship, Day 1 Hour#1 Motivational Lecture (For further detail
Job Hunting Tips, please see Page No: 3& 4)
Final Assessment
Hour#2 Job Market Searching

Self-employment

Cyber Security
 Hour#3 Exploring Freelancing Sites
Hour#4 Fundamentals of Business Development
Day 2 Hour#1 Entrepreneurship
Hour#2 Startup Funding
Hour#3 Business Incubation and Acceleration
Business Value Statement

Hour#4 Business Model Canvas

Day 3 Hour#1 Sales and Marketing Strategies

Hour#2 Stakeholders Power Grid
Hour#3 RACI Model, SWOT Analysis, PEST Analysis
Hour#4 SMART Objectives
Day 4 Hour#1 How to search and apply for jobs in at
least two labor marketplace countries
(KSA, UAE, etc.)
Hour # 2-4 Browse the following website and create
an account on each website
Bayt.com – The Middle East Leading Job
Site
Monster Gulf – The International Job
Portal
Gulf Talent – Jobs in Dubai and the Middle
East
Find the handy ‘search’ option at the top
of your homepage to search for the jobs
that best suit your skills.
Select the job type from the first ‘Job
Type’ drop-down menu, next, select the
location from the second drop- down
menu.
Enter any keywords you want to use to
find suitable job vacancies.
On the results page you can search for
part-time jobs only, full-time jobs only,
employers only, or agencies only. Tick the
boxes as appropriate to your search.

Cyber Security
 Search for jobs by:
• Company
• Category
• Location
• All jobs
• Agency
• Industry
Day 5 Hour # 1-4 Final Assessment / Closing Address

Cyber Security
Project Employable ● Motivational Lecture( For further detail
Project/Assignment please see Page No: 3& 4)
(6 weeks i.e. 7-13) in ● Guidelines to the Trainees for selection
addition of regular of students employable project like final
classes. year project (FYP)
OR ● Assign Independent project to each
On job training ( 2 Trainee
weeks) ● A project based on trainee’s aptitude
and acquired skills.
● Designed by keeping in view the
emerging trends in the local market as
well as across the globe.
● The project idea may be based on
Entrepreneur.
● Leading to the successful employment.
● The duration of the project will be 6
weeks
● Ideas may be generated via different
sites such as: https://1000projects.org/
https://nevonprojects.com/
https://www.freestudentprojects.com/
https://technofizi.net/best-computer-
science-and-engineering-cse-project-
topics-ideas-for-students/
• Final viva/assessment will be conducted
on project assignments.
• At the end of session the project will be
presented in skills competition
• The skill competition will be conducted
on zonal, regional and National level.
• The project will be presented in front of
Industrialists for commercialization
• The best business idea will be placed in
NAVTTC business incubation center for
commercialization.

OR
On job training for 2 weeks:
• Aims to provide 2 weeks industrial
training to the Trainees as part of overall
training program
• Ideal for the manufacturing trades
• As an alternate to the projects that
involve expensive equipment
• Focuses on increasing Trainee’s
motivation, productivity, efficiency and
quick learning approach.
Tasks For Cyber Security Annexure-I
Cyber Security
Task
Task Description Remarks
No.

Cyber Security
Open Source As a professional Ethical Hacker or Pen Tester, your first step
Information Gathering will be to check for the reachability of a computer in the target
using Windows network. Operating systems offer several utilities that you
Command Line can readily use for primary information – gathering.
Utilities
Windows command-line utilities such as ping nslookup. And
1
tracert gather important information like IP address,
maximum Packet Fame size, etc., about a target network of
system that form a base for security assessment and pen
test.

Finding Company’s As a professional ethical hacker, you should be able to

Sub – domains using extract information on the target using an automated tool
Sublist3r
2 such as Sublist3r. It uses multiple search engines to gather
the subdomains of a target domain. This lab will demonstrate
extracting information using Sublist3r.

Gathering Personal During information gathering you need to gather personal

Information using information about employees working on critical positions in
Online People Search the target organization such as Network Administrator, Help
Services
Desk Employees, and Receptionist etc. The information
3
collected can be useful in performing social engineering.
This lab will demonstrate how you can search for personal
information using online people search services.

Gathering Information As a professional ethical hacker, you should be able to

from LinkedIn using extract information on the target using an automated tool
In Spy
4 such as InSpy. It uses Google to extract valuable
information about the employees of an organization through
their twitter profiles.

Cyber Security
 Collecting Information Collect information on the target website and extract the
About a Target
source code of the web pages built in HMII, Java Script,
Website using
Firebug CSS script etc. This activity may reveal potential
vulnerabilities in the web application that can be exploited
5
later in the security assessment phases. This lab will
demonstrate how to reveal source code and collect
information about a target website.

Extracting a Extract information from the organization website. You are

Company’s Data required to perform web data extraction in order to gain
6 using Web Data useful information from the website. This lab will show you
Extractor how to perform web data extraction on the target website

Mirroring Website Difficult to perform foot printing on a live website. Need to

using HTTrack Web mirror the target website. This mirroring of the website
7 Site Copier helps you to footprint the web site thoroughly on your local
system

8 Scanning Live Nmap allows you to scan your network and discover not
Systems and Open
only everything connected to it, but also a wide variety of
ports using Nmap
information about what's connected, what services each
host is operating. It allows a large number of scanning
techniques, such as UDP, TCP connect (), TCP SYN
(halfopen), and FTP.

Collecting Information An attacker may send malicious emails to a victim in order to

About a Target by carry out an attack on a target organization. As a
Tracing Emails professional ethical hacker, you should be able to trace out

8 information about such malicious email. It involves analyzing

the email headers of suspicious email to extract information
such as the date that an email was received or opened,
geographical information, etc.

Gathering IP and Whois foot printing the target domain name or IP

Domain Name addresses. It involves gathering information on the target
9 Information using IP and domain obtain during previous information gathering
Whois Foot printing

Cyber Security
 steps.

DNS Foot printing You have collected a lot of information using the Whois
database. The next task that you need to perform is to

perform DNS footprinting, which helps you gather information

10 related to DNS Servers and DNS records.
By performing DNS footprinting, an attacker can gather quite
a lot of information about the hosts and systems within the
organization.

11 Footprinting using Search engines can provide a wealth of information about the
Search Engines target organizations. You can simply type the name of the
organization in the search field. The search results can
provide information, such as physical location of
organization’s offices, contact information, email addresses
and employee names. An attacker can use all this information
to initiate an attack. For example, an attacker can initiate a
social engineering attack using contact information,
telephone, or mobile numbers.

12 Network Footprinting If you manage a small network, it is much easier to keep track
using Network
of connected devices. However, as a network grows to
Topology Mapper and
Advanced IP Scanner instead include hundreds or thousands of connected devices,
it becomes nearly impossible to track them manually. You may
have to track and map them, but a manual discovery can be
a daunting task. You can use various tools to automatically
draw a network, eliminating this issue. In this exercise, you
will learn about Network Topology Mapper and Advanced IP
Scanner

Cyber Security
13 NetBIOS Enumeration In Windows, you have a utility named Nbtstat that helps you
using Nbtstat and obtain NetBIOS information, such as NetBIOS name tables
Nmap and NetBIOS name cache. It is a pretty easy-to-use utility

with a few parameters. Nmap, other than the command,

contains a Nmap Scripting Engine (NSE) used to execute
ready-made scripts available within it. NSE also contains a
script that helps you perform NetBIOS enumeration and can
help you determine the NetBIOS names and MAC
addresses.

14 SNMP Enumeration Several devices are configured to use the Simple Network
using IP network
Management Protocol (SNMP), which helps an administrator
Browser and
SNMPCheck manage them and get their current status. An attacker can
perform SNMP enumeration by using the default community
string and extracting a lot of information from the device. The
information can include ARP and routing tables. In this
exercise, you will learn to perform SNMP enumeration using
IP network browser and SNMP-Check utility

Cyber Security
15 NTP, DNS and FTP Network Time Protocol (NTP) is used for time
Enumeration synchronization. It can provide information to connect users
to an NTP server, system names, and operating systems.
Systems internal to a network can use either an internal or
external NTP server. Even though the NTP service is not a
concern for many network administrators, if exploited, it can
provide a wealth of information to the attacker. DNS plays a
vital role on the Internet. There are several tools that the
attacker can use to perform a zone transfer. Some of the key
tools are nslookup, dig, and DNSRecon. The host command
can also provide a lot of information, such as SOA records of
the authoritative nameservers or print the IP addresses of a
specific domain.

16 Use Nikto for Nikto is a vulnerability scanner that is part of Kali Linux.
Vulnerability Scanning Ethical hackers, penetration testers widely use it, and hackers
to find the vulnerabilities in web applications.

17 Use Lynis for System Lynis is a built-in multi-purpose tool in Kali Linux. It is
Vulnerability Scanning designed to perform tasks like security auditing, compliance
testing, penetration testing, vulnerability detection and system
hardening.

18 Vulnerability After the vulnerability assessments have been executed, their

Assessment reports outcome should be in the form of reports. The outcome of the
using Nikto scan will contain one or more vulnerabilities that should be
listed within a report, which should contain the remediation
step for the vulnerabilities that have been located. Using
Nikto, create a formatted vulnerability assessment report.

Cyber Security
19 Installation of Ubuntu Kali Linux is a famous distribution for Hackers, Pentesters,
Linux and Kali Linux Forensics Investigators and Security Researchers that comes
pre-configured with already installed hacking tools that you
can use.

20 Basic Shell commands A shell is a special user program that provides an interface to
of Linux the user to use operating system services. Shell accepts
human-readable commands from the user and converts them
into something which the kernel can understand. It is a
command language interpreter that executes commands read
from input devices such as keyboards or from files. In this lab
exercise, we will learn/practice basic terminal commands of
Linux.

21 Managing users and In Linux, every user is assigned an individual account which
group accounts, contains all the files, information, and data of the user. You
partitions can create multiple users in a Linux operating system using
Linux user commands. Users and groups are used to control
access to files and resources.

22 Managing Files and Linux is a multi-user system. Every file and directory in your
their Permissions account can be protected from or made accessible to other

Cyber Security
 users by changing its access permissions. Every user has
responsibility for controlling access to their files.

23 File Ownership All Linux files belong to an owner and a group. When
permissions and users are represented by letters, that is
called symbolic mode. For users, u stands for user owner, g
for group owner, and o for others. For permissions, r stands
for read, w for write, and x for execute.

24 Working with Bash / A shell script is an executable file containing multiple shell
Shell Scripts commands that are executed sequentially. Linux Shell
scripting is writing a series of command for the shell to
execute. Shell variables store the value of a string or a
number for the shell to read. Shell scripting in Linux can help
you create complex programs containing conditional
statements, loops, and functions.

25 Installation of CentOS CentOS is one of the most popular Linux distributions. It is an

open-source operating system that provides an enterprise-
class computing platform. CentOS is a manageable,
predictable, stable, and reproducible platform derived from
RHEL sources. In contrast, RHEL is a commercial Linux
distribution. CentOS is developed for the amd64 platform. In
this Lab, CentOS would be installed on VMWare workstation.

26 Apache Server on Linux As a Web server, Apache is responsible for accepting directory
(HTTP) requests from Internet users and sending them their
desired information in the form of files and Web pages.
Apache is the most commonly used Web server on Linux
systems. Web servers are used to serve Web pages
requested by client computers. Clients typically request and
view Web pages using Web browser applications such as
Firefox, Opera, Chromium, or Internet Explorer.
27 FTP/SMB/DHCP/DNS/M Domain Name System (DNS) is used to resolve (translate)

Cyber Security
ail Servers on Linux hostnames to internet protocol (IP) addresses and vice versa.
A DNS server, also known as a nameserver, maps IP
addresses to hostnames or domain names. We can use linux
distribution for building other common services like
FTP/SMB/DHCP/Apache and Mail services.

28 Social Engineering Social engineering is the art of manipulating and utilizing

Techniques using human behavior to conduct a security breach. using phishing
phishing and pharming. Phishing uses technical deception to convince
a user to provide personal information, such as passwords,
social security numbers, credit card numbers, bank account
details, and so on.

29 Social Engineering In pharming, user is redirected to a malicious copy of a

Techniques using genuine website. When a user types the correct URL in the
pharming Web browser, the user is instead redirected to a look-alike
website.

30 Performing Online An online password attack is performed on network services,

Password Attacks such as SSH, HTTP, FTP, SMB, etc. Most of the time, servers
or network devices are not equipped to block an online
password attack. Therefore, these attacks can succeed
without much effort. For example, an attacker might guess a
user’s password from a website login. Password attacks can
be of two types. The first type is the dictionary attack, which
uses a list of common words. It continues to run through the
list until a suitable match is found. On the other hand, a brute-
force attack uses words based on a given character set. With
an online password attack, either one of the methods can be
used. However, a dictionary attack is mostly the choice
because of the slow speed of the attack.
31 Gain Access to a Armitage is a GUI-driven front-end which sits on top of
Remote System using Metasploit and gives us the ability to “hack like the movies”.
Armitage
Cyber Security
Armitage is available for free and built into Backtrack. If you
are running Kali, you may need to install it before using. Using
this tool, you can create sessions, share hosts, capture data,
download files, communicate through a shared event log and
run bots to automate pen testing tasks.

32 Hide Data using Steganography is the technique of hiding secret data within
Steganography an ordinary, non-secret, file or message in order to avoid
detection; the secret data is then extracted at its destination.
The use of steganography can be combined with encryption
as an extra step for hiding or protecting data. Hide’N’Send is
one of the best image Steganography tools. It includes
encryption and hiding of data under an image file (JPEG
format). It encrypts the data using the F5 steganography
algorithm. Hiding of data is done using the LSB (Least
Significant Bit) algorithm for Image Steganography. Instead
of hiding in a file structure, these algorithms hide the data
inside the image.

33 Use of Wireshark Wireshark is the most sought-after packet capturing and

Sniffing Tool sniffing tool. It helps you capture the live network traffic from
various networks. You can use it to monitor the network or
even get sensitive information like passwords transmitted in
cleartext. You can also filter the traffic to find the information
you are looking for. In this task, you will learn to use
Wireshark.
34 Sniffing using MAC Switches rely on the MAC addresses to forward traffic to the
Flooding Attack appropriate port. An attacker can conduct a MAC attack to
make a switch work as a hub. When the CAM table is filled
with the spoofed MAC address, it cannot save any new MAC
address and behaves like a hub. In this exercise, you will learn
to perform MAC attacks using Macof.

35 Sniffing Technique: A DHCP server is configured to lease IP addresses to clients

DHCP Starvation Attack
Cyber Security
on a network. An attacker can target DHCP with the DHCP
starvation attack. Using this attack, an attacker sends many
DHCP requests to a DHCP server, which eventually forces
the server to lease all IP addresses. In this scenario, you will
learn to launch the DHCP attacks using Yersinia.

36 Sniffing Technique: DNS poisoning intends to forge the DNS records so that the
DNS Poisoning victim can be redirected to the malicious sites. The attacker
adds the fake or forged records into the DNS resolver cache,
which the DNS uses to respond to the DNS queries received
from the clients. In this task, you will learn to perform DNS
poisoning using DNSChef

37 Sniffing detection and Various methods can be used against sniffing, which usually
countermeasures using takes place using weak protocols, such as HTTP and FTP. As
XArp utility a basic precaution, you would avoid using weak protocols. It
is always advisable to use protocols that encrypt traffic.
Encryption also prevents the attacker from reading data in
transmission. In this exercise, you will learn to prevent sniffing
attacks using XArp utility

38 SYN Flooding a Target A SYN flood is a form of denial – of – service attack in which
Host using Metasploit an attacker sends a succession of SYN requests to a target
machine in an attempt to exhaust its resources and make it
unresponsive to legitimate in incoming traffic
39 SYN Flooding a Target A SYN flood is a form of denial – of – service attack in which
Host using hping3 an attacker sends a succession of SYN requests to the
target’s system to consume enough server resources to make
the system unresponsive to legitimate traffic. Hs A SYN flood
attack works by not responding to the server with the
expected ACK code. The malicious client can either not send
the expected ACK, or spoof the source IP address in the SYN,
causing the server to send the SYN – ACK to a falsified IP
address – which will not send an ACK because it

Cyber Security
“knows” that it never sent a SYN. The server will wait for the
acknowledgment for some time, as simple network
congestion could also be the cause of the missing ACK, but
in an attack increasingly large numbers of half – open
connections will bind resources on the server until no new
connections is made , resulting in a denial of service to
legitimate traffic, Some systems may also malfunction badly
or even crash

40 Perform ICMP Flood ICMP flooding is a type of denial-of-service (DoS) attack in

Attack using hping3 which the attacker sends a large number of ICMP packets to
the victim. In this task, you will learn to conduct ICMP flooding
using hping3.

41 Perform Ping of Death Using the ping command, you can perform a Ping of Death
Attack attack. You can send data packets of a size of 65500
indefinitely to a target system. While it may not bring down a
system, it will impact the target system’s performance. In this
task, you will perform the Ping of Death attack.
42 Performing Distributed A distributed denial of service (DDoS) attack involves a
Denial of Service Attack
using HOIC group of compromised systems usually infected with Trojans
used to perform a DoS attack on a target system or network.

43 Network Level Session In network level hijacking, you are looking to identify the
Hijacking – Capture session id or cookie that identifies a user’s session with a
Cookie Sessions server. This information can be used later in application level
hijacking to take over a session. In this exercise, you will
capture cookies using Burp Suite.

44 Web Application
Security using WAF (F5
F5 BIG-IP® Application Security Manager™ (ASM) is a
ASM)
flexible web application firewall that secures web applications
in traditional, virtual, and private cloud environments. In this
exercise, you will explore different

Cyber Security
strategies to use F5 ASM.
45 Web Application AWS WAF is a web application firewall that helps protect apps
Security using AWS and APIs against bots and exploits that consume resources,
WAF skew metrics, or cause downtime. An AWS WAF rule defines
how to inspect HTTP(S) web requests and the action to take
on a request when it matches the inspection criteria. In this
exercise, you will learn how to define rules in AWS WAF for
effective defense against Web application exploits.
46 SQL Injection Attacks SQL Injection is one of the most common and perilous attacks
on MSSQL Database that website’s software experience. This attack is performed
on SQL databases that have weak codes and this vulnerability
can be used by an attacker to execute database queries to
collect sensitive information, modify the database entrics or
attach a malicious code resulting in total compromise of the
most sensitive data. As an Expert Penetration Tester and
Security Administrator, you need to test web applications
running on the MS SQL Server database for vulnerabilities
and flaws.

47 SQL Injection Attack to There are many specific SQL injection attacks. In this task,
enumerate number of you enumerate the database to see how many columns are
columns in database in the database. This gives us information for other types of
SQL injection attacks.

48 Blind SQL Injection The SQL Injection — Blind — Boolean-Based attack is similar
Attack, Bypass Website to an SQL Injection attack. The only difference is that in a
Logins Blind — Boolean attack, you get answers in the form of true
or false. In this task, you will learn to launch a SQL Injection
— Blind — Boolean attack. Using SQL Injection, you can
bypass web application logins. Each web application that
uses an authentication mechanism requires a database in the
backend to authenticate users. Before you

Cyber Security
plan to bypass web application authentication, you need to
find Websites that can be prone to such attacks.
49 Use WebCruiser to WebCruiser is an application vulnerability scanning tool. It can
Detect SQL Injection help you audit a web application for vulnerabilities that may
exist. It can scan for the common web application
vulnerabilities, such as SQL injection, cross-site scripting,
buffer overflow, and flash/flex application and Web 2.0
exposure scans. In this task, you will learn to use WebCruiser.

50 WiFi Packet Sniffing Wireless networks can be open to active or passive attacks.
using Microsoft
These attacks include Dos, MITM, spoofing, jamming, war
Network Monitor and
Wireshark driving, network hijacking, packet sniffing, and many more.
Passive attacks that take place on wireless networks are
common and are difficult to detect since the attacker usually
just collects information. Active attacks happen when a hacker
has gathered information about the network after a successful
passive attack. Sniffing is the act of monitoring the network
traffic using legitimate network analysis tools.
Hackers can use monitoring tools, including AiroPeck,
Ethereal, TCPDump, or Wireshark, to monitor the wireless
networks. These tools allow hackers to find an unprotected
network that they can hack. Your wireless network can be
protected against this type of attack by using strong
encryption and authentication methods In this lab, we use
Microsoft Network Monitor, a tool that an sniff network using
a wireless adapter. Because you are the ethical hacker and a
penetration tester of an organization, you need to check the
wireless security and evaluate weaknesses present in your
organization

51 Uniscan Web Server Webserver fingerprinting is an essential task for any

Fingerprinting in Kali
Linux
Cyber Security
 penetration tester. Before proceeding to hacking / exploiting a
webserver, it is critical for the penetration tester to know the
type and version of the webserver as most of the attacks /
exploits are specific to the type and version of the server being
used by the target. These methods help any penetration tester
to gain information and analyze their target so that they can
perform a thorough test and can deploy appropriate methods
for mitigation of such attacks on the server.

51a Exploiting Parameter Though web applications enforce certain security policies,
Tampering and XSS they are vulnerable to attacks such as SQL injection, crosssite
Vulnerabilities in Web scripting, and session hijacking.
Applications
52 Identity and Access Identity and Access Management (IAM) is a security and
Management on AWS business discipline that includes multiple technologies and
business processes to help the right people or machines to
access the right assets at the right time for the right reasons,
while keeping unauthorized access and fraud at bay. In this
exercise, IAM users for accessing AWS resources would be
created by students.

53 Installation of AWS To access the services, you can use the AWS Management
CLIv2 and accessing Console (a simple intuitive user interface), the Command Line
resources via CLI Interface (CLI), or Software Development Kits (SDKs).In this
exercise, students will access AWS resources via AWS
management console and CLI

54 Configure EC2 Linux Compute services are also known as Infrastructure-as-

based server in AWS. aService (IaaS). Compute platforms, such as AWS Compute,
Use AMI to replicate. supply a virtual server instance and storage and APIs that let
Also launch AWS users migrate workloads to a virtual machine.
Lambda function

55 Virtual Private Cloud Amazon Virtual Private Cloud is a commercial cloud

buildup in AWS computing service that provides a virtual private cloud, by
 “provisioning a logically isolated section of Amazon Web
Services Cloud”. Enterprise customers are able to access the
Amazon Elastic Compute Cloud over an IPsec based virtual
private network.

56 Cloud Network Security AWS Security Groups help you secure your cloud
using Security Groups, environment by controlling how traffic will be allowed into your
NACLs, AWS Network EC2 machines. With Security Groups, you can ensure that all
Firewall the traffic that flows at the instance level is only through your
established ports and protocols.

57 DDoS Protection design DDoS mitigation is included automatically with AWS services.
in AWS DDoS resilience can be improved further by using an AWS
architecture with specific services.

58 Cisco ASA Firewall Basic Firewall initialization using CLI/ASDM and Firewall
Initialization access control.

59 Firewall Access Control Configure appropriate security rules to regulate the traffic as
per company’s need.

60 NAT on Cisco ASA Configuring Object NAT and manual NAT with source &
destination-based schemes.

61 Routing on ASA and Configuring Routing protocols and implementation of Secure

Secure DMZ Design DMZ design near perimeter firewall.

62 Deployment modes Implementation of Routed and transparent mode firewalls.

(Transparent)

63 Virtualization on Cisco Configure contexts (virtual firewalls) in Cisco ASA to address

ASA (Context) the needs of multi-tenancy

64 High Availability Configure Active/Passive and Active/Active designs for HA.

Options on Cisco ASA Implementation of Redundant and aggregated interfaces.

65 ASA Clustering Cisco ASA supports clustering feature to combine up to 16

appliances, each cluster unit actively forwards transit traffic
(unlikely failover), acting as a single unit. Adjacent switches
statelessly load balance traffic between available cluster

members.
66 Modular Policy Configuring MPF with security filtering. Implementation of
Framework ASA clustering with spanned ether-channel and interface
mode.

67 Deployment of Huawei Initial setup for Huawei USG 6000v and its bootstrapping
USG 6000v
68 Security Polices on Configuring various components of security policy with zones,
NGFW objects and groups.

69 Application Visibility Application control, a system designed to uniquely identify

and Control on NGFW traffic from various applications on a network, enables an
organization to define and apply extremely granular security
and network routing policies based upon the source of a
particular traffic flow.

70 Web Filtering and File Web filtering software monitors and manages the locations
Blocking where users are browsing on the Internet, enabling an
organization to either allow or block web traffic in order to
protect against potential threats and enforce corporate policy.
A File Blocking rule defines how IM Security blocks a file
based on file type, file or extension name, or file size.

71 Intrusion Prevention IPS policy allows you to view predefined signatures and
System Policy customize the intrusion prevention configuration at the
category as well as individual signature level. Categories are
signatures grouped together based on the application and
protocol vulnerabilities.

72 SSL Decryption SSL Decryption, also referred to as SSL Visibility, is the

process of decrypting traffic at scale and routing it to various
inspection tools which identify threats inbound to applications,
as well as outbound from users to the internet.

73 Web Application A WAF or web application firewall helps protect web

Firewall applications by filtering and monitoring HTTP traffic between
a web application and the Internet.

74 Cisco Web Security Bootstrapping Cisco WSA and deploy proxy services
Appliance
75 WSA Policies and Configuring WSA policies to enforce data security features
Enforcing Acceptable and defending against Malware.
use
76 Installation of Cisco Cisco Email Security Appliance is an email security gateway
Email Security product. It is designed to detect and block a wide variety of
Appliance email-borne threats, such as malware, spam and phishing
attempts.

77 Email Security Administering Cisco Email Security appliance and email

Appliance pipeline security pipeline
deployment
78 Cisco Identity Services Bootstrapping of Cisco ISE
Engine Installation

79 Cisco ISE policies Implementing next generation NAC solution with Identity
(AAA, Profiling, management, profiling, posturing, BYOD access control and
Posturing, Guest guest services
Access)