Ethical Hacking Course For Beginners

About Course
An Ethical Hacker is a technology expert; typically employed by an organization to assess the security system of the
organization in order to discover vulnerabilities that can be exploited. Ethical hackers may use the same methods as
the black hat hackers, but report the problems instead of taking advantage of them.
This course on Ethical Hacking for Beginners goes deep down into the depths of networking, systems, web
applications and actual exploitation and helps beginners to take their confident first step towards information security
field. This 6 weeks course is designed to give the participants the real world exposure in information security by
hands on experience in tools and techniques.

Why should you attend this course?

One of the greatest highlights of this course is that it is built by experts who do penetration testing on a regular basis.
Since it is built by practitioners in the field, it is regularly updated with the latest tools, techniques, and real-world
scenarios.
The lab setup for the course will give beginners a very good practical hands on experience of ethical hacking rather
than just plain theory explanation. The participants will get to break into vulnerable applications and systems that
have been set up to create levels of challenges and sharpen their skills.

Who should attend this course?

Anyone looking to build a career in information security is most welcome to join the course. If youre already in this
field, but want to learn the professional concepts of hacking, then this is the course for you. Instead of burdening you
with a huge amount of courseware, this 6 weeks course provides a systematic practical approach towards learning
and helps to take your confident first step towards ethical hacking; focusing on the real-world practical tools and
techniques of hacking.

A Professional Ethical Hacker SHOULD:

Obtain prior written approval from senior management before testing the security of organization
STRICTLY work within the project scope boundaries as defined in the engagement letter
Carry out responsible disclosure; means whatever weaknesses are discovered during the penetration testing,
they are dutifully informed to senior management and technical team

Carry out security scans ONLY during scheduled time (usually during non-peak business hours). They should
NEVER be done before or after.

Point out potential security risks that may impact business operations. They must be rated properly on severity
levels

Put forward the recommendations to address those potential security risks

Respect the individual's or company's privacy and only go looking for security issues.

Report all security vulnerabilities responsibly you detect to the company, not leaving anything open for you or
someone else to come in at a later time.

Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their
software or hardware if not already known by the company.

Dynamically update the knowledge and encourage transferring the same to the peers to build a secured
environment

A Professional Ethical Hacker SHOULD NOT:

Proceed with security testing until prior written approval is obtained from senior management
Exceed project scope boundaries as defined in engagement letter
Carry out direct testing on production data for any service or application
Carry out exploitation on discovered vulnerabilities until he/she gets explicit approval from the senior
management

Take advantage of discovered vulnerabilities for any personal profit or competitive gain
Disclose any sensitive corporate design or information to anyone if that is found during testing. The same should
be reported to senior management at the earliest

Report any vague/ incorrect findings to senior management or to the technical team. The findings must not stand
ambiguous in context.

Report any finding(s) without "sufficient" and necessary proof(s)

Make any vague / incorrect recommendation(s) to address potential security risks.

Course Contents

Week 1: Information Security - What & Why?

Introduction to Information security

Overview IT Act
E-Crimes & Penalties
Understanding PenTest methodologies (black/white/gray - box)
Introduction to Computer Networks
Major Topologies in Networks

Network Design & Components

IP addressing
Network protocols

Week 2: Network Basics

Concept of routing and switching

OSI reference model
TCP/IP model
Diving into OSI layers in details
TCP v/s UDP services
Common TCP and UDP services
Understanding ICMP messages

Week 3: Protocol Analysis

Understanding things in the packet layer

Wireshark-The packet analyzer
Analyzing the host-to-host packet transmission
synchronizations of hosts
termination of hosts
finishing of host

Week 4: Operating System Basics

Introduction to Windows Server - 2008

Active Directory Fundamentals
Operational Units
Concept of ACL
File system implementation
Diving into the Pentest folder - Backtrack
Understanding Linux shell

Week 5: Breaking into Networks

Portscan - Beginner to Expert level

Mastering Nmap
Working with LUA
Cooking custom Nmap scripts
Concept of fingerprinting and footprinting
Google Hacking
Enumeration of services
Banner Grabbing

Week 6: Exploiting the target

Finding vulnerability - Automated methods

Using Vulnerability Scanners (Nessus & GFI)
Interpreting the automated scanner report
Getting into the system
Working with exploit code - Exploitation Framework (msf)
Attacking LAN
Firewall Evasion
Firewall introduction & types
Detection methodologies
Fire-walking
Evasion Methodologies
Packet crafting
Understanding Overflow
Buffer Overflow (Stack & Heap)
Exploiting Windows & Linux
Protection Mechanisms

Network Security & Exploitation

Learn Fundamental Aspects of Security in Modern Networked Environment

About Course
With the explosion of internet and e-world, computer networks, if adequately not secured, are getting targeted for a
large amount of threats, and exploited further which can cause huge damages to the enterprise. The primary goal of
this course is to give a good idea on various network security issues, how to identify them, and what are the proper
controls that need to be implemented to prevent these security issues.
This training covers fundamental aspects of security in a modern networked environment with the focus on system
design aspects in the specific context of network / internetwork security. We take a peek into network security best
practices such as LAN segregation, Network Controls, Logging, Hardening, DMZ configuration, Traffic Analysis and
Monitoring Tools etc. Router and Wireless Security are also discussed later.

Who should attend this course?

Anyone looking to build a career in information security, or if you're someone who's already in this field, but want to
learn the professional concepts of hacking, then this is the course for you. It simply will not get more practical and
more hands-on than this. Instead of burdening you with a huge amount of courseware, and hundreds of tools, the
CPH course focuses on the real-world practical tools and techniques of hacking.

Duration
6 Weeks

Course Contents

Week 1

Introduction & Case Studies

Understanding PenTest methodologies (black/white/gray box)
Kali OS The Hackers Box
Understanding Linux (BT) structure
Kali Basic Usage
Network Basics
TCP/IP Fundamentals
Common TCP and UDP services
Understanding ICMP messages
Understanding things in the packet layer
Wireshark The packet analyzer
Analyzing the host-to-host packet transmission
o synchronizations of hosts
o termination of hosts
o finishing of host

Week 2

Fingerprinting & Footprinting

Google hacking
Portscanning
Mastering Nmap
Netcat Kungfu
Packet crafting using hping3

Week 3

Finding Vulnerability Manual methods

o Banner Grabbing
o Testing on clear text protocols (FTP, TFTP, Telnet, HTTP)
o Testing on SNMP
o Testing on SMTP
o Testing on Finger
o Testing on DB ports
Service Level Security
o Concept of ACL
o Hardening SSH
o Hardening SMTP Server

Week 4

Finding vulnerability Automated methods

o Nessus Vulnerability scanner
o GFI scanner
o Interpreting the automated scanner report
o Getting exploit code Exploitation Framework (msf introduction)
o Getting into the system
o Attacking LAN
Metasploiting the target
o Metasploit the universe
o Metasploit Module & Architecture
o Working with Auxiliaries
o Working with Exploits
o Working with encoders
o Working with payloads
o Understanding Meterpreter

Week 5

Network security
o Secure Network design
o DMZ
o VLANs
o Firewalls
o IDS / IPS
o Wireless LAN Security
o VPNs

Week 6

Wireless security
o Understanding Wireless Technology
o Protocol Analysis
o Attacks on Open Authenticated WiFi
o Dumpsterdiving
o WPA/WPA2 Security
o Wardriving Concepts

Web App & Wifi Security Training (Advance Level)

Comprehensive Coverage of Web Application & WiFi Security
The course is focused on a comprehensive coverage of web application security. It will present security guidelines
and considerations in web applications development. The participants will learn the basics of application security,
how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing
and Black Box Testing.
We will also cover security guidelines and considerations in wireless networking. The participants will learn the latest
security standards, including all 802.1x/EAP types used in WLANs , how to locate and triangulate rogue access
points and implement Wireless Intrusion Prevention Systems, assess the security of wireless networks using the
same hacking tools the bad guys do.

Objectives of the course

Upon completion of this course, participants will be able to:

Understand the need for security

Understand the various security threats and countermeasures
Design and Develop secured web applications
Understand wireless standards & security architecture
Analyze the wireless protocol, and algorithmic flaws
Conduct penetration testing of wireless network
Understand Enterprise Security on wireless network

Duration
6 Weeks

Course Contents

Week 1

Application Security Fundamentals

Recap on Application Development Technologies
Database Fundamental
Application Security Overview
OWASP Top 10

Week 2

Attacks & Defense

o A1-Injection
o A2-Cross Site Scripting (XSS)
o A3-Broken Authentication and Session Management
o A4-Insecure Direct Object References
o A5-Cross Site Request Forgery (CSRF)
o A6-Security Misconfiguration
o A7-Insecure Cryptographic Storage
o A8-Failure to Restrict URL Access
o A9-Insufficient Transport Layer Protection
o A10-Unvalidated Redirects and Forwards
Proxy Based Attacks Burp Suite

Week 3

Wireless Technology Background

Risks of using Wireless Technologies
Current Wireless Security
Wireless Standards & Terminologies
Attack Taxonomy
Introduction 802.11 Standard
Features of 802.11 Standard
Packet types of 802.11 Standards

Week 4

802.11 Protocol Analysis

802.11 authentication types

802.11 Discovery
Understanding Software Requirements
Wireless Hardware and Drivers

Week 5

Aircrack-ng Kungfu
Attacking Open Wireless Network
De-authenticating users
Hidden SSID Security through Obscurity
Defeating MAC Filtering
WEP Cracking
Concept of IVs
WPA/WPA2 Cracking
Advanced Wireless Attack

Week 6

Wireless security
o Evil Twin Attack
o SSL Man In The Middle Attacks
o Securing 802.11 Networks
o Wired Equivalent Privacy (WEP)
o Adding extra layer of external security
o Wireless IDS (WIDS) and Wireless IPS (WIPS)
o Enterprise Level WiFi Security & Best Practices

Certified Information Security Consultant (CISC) (6

Months)
Best Training To Convert Amateurs Into Experts in Information Security

CISC is 6 months training in information security for amateurs and professionals to make you an expert in the
field of Information Security.

The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree
only, as well as those already in industry wishing to advance their skills in this constantly evolving area.

Many companies are actively recruiting security specialists and this course will prepare graduates for senior
technical and management positions in many industry sectors.

CISC training

The CISC training is designed to make you an expert in the domain of information security.
While most certification programs are geared towards purely technical know-how, the CISC also arms you with
the necessary consulting skills in order to help you make your mark in this exciting field.

CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards,
and even forensics and cyber crime investigations.

CISC includes over 45+ sessions, including the basic fundamentals as well as advanced concepts.
These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months.
Each session will be further broken down into 15-20 modules.
You will be given comprehensive and highly useful study material on all the sessions.
The best part about the CISC is the fact that you get hands-on practical training on live projects.

Benefits of CISC

The CISC is the only completely hands-on, real-world oriented security certification.
It is a course designed by security professionals, and for security professionals.
The best in the business personally mentor you.
You are trained by a group of professionals who have worked on prestigious international projects, presented at
the leading security conferences around the world, and written numerous books and articles.

The course comprehensively covers all the main aspects of information security from the basics to compliance
standards making you one of the most sought after IS professionals

The content is updated very regularly in accordance to the requirements of this dynamic industry.
There are many opportunities available for students with our consulting arm, NII, as well as our extensive clients
in India and overseas

We will conduct exams after every quarter with practicals and theory
Experts will set up these exams
The USP of the CISC is the fact that you'll be put on live projects

Schedule
Course is of 4 hrs from Monday to Friday

Course Contents

Module 1: Fundamentals

Network Fundamentals
o OSI Layers

o
o
o
o
o
o
o

TCP/IP Layers
TCP Flags
IP Addressing
Basics Network Devices
Subnet &Supernet
Understanding Protocols
Packet Analysis - Wireshark
OS Fundamentals
o Windows Server Architecture
o AD Overview
o Windows Registries
o File Artifacts
o Linux Server Architecture
o Linux basic commands
o Linux file systems

Module 3: Network Security

Reconnaissance
o Passive Recon
o Active Recon
o Nmaping network
o Evasion during scanning
o Social Engineering
Packet Crafting
o Hping
o Scapy
Manual Test Cases
o ARP Poisoning -MITM
o SYN Flooding
o SMURF Attack
o IP Spoofing
o Password Cracking Techniques
o Offline Cracking
o Online Cracking
Testing HTTP/HTTPS
Testing SMTP
Testing SNMP
Testing Database Servers Oracle, MS SQL Server
Testing NTP
Testing Firewalls firewalking
Testing VPN
Testing SMTP
Testing FTP
Testing Telnet, SSH
Testing DNS
DNS Cache Poisoning
Vulnerability Discovery
Manual Discovery
o Security Advisories Search
Automated Discovery

Scanners (Nessus)
Interpreting scan reports
Exploitation
Metasploit the universe
Understanding the msf modules Auxiliaries, Exploits and Payloads
Attacking Windows Services
Attacking Linux Services
Wireless Security
Understanding 802.11 Standard
Packet Types
Attacking Open Authenticated WiFi Network
Concept of War-Driving
Breaking Hidden SSID
Breaking MAC Filtering
Attacking WEP
Understanding Weak IV
Problems with RC4
Replay Attack
Chop Chop Attack
Attacking WPA2
Creating wordlist for effective WPA2 cracking
Using JTR to crack WPA2
Attacking WPS
Network Security Audit
Architecture Review
Device Auditing
Configuration Review - Nipper
Firewall Rule Based Auditing
Report Writing

Module 4: Server Security

Database Security
o Oracle Database Security
o MS SQL Database Security
Operating System Security
o Windows 2008 Server Security
o Linux Server Security

Module 5: Application Security

Application Security
o Working with Proxy Burp suite
o OWASP Top 10 2013
o A1-Injection
o A2-Broken Authentication and Session Management

o
o
o
o
o
o
o
o

A3-Cross-Site Scripting (XSS)

A4-Insecure Direct Object References
A5-Security Misconfiguration
A6-Sensitive Data Exposure
A7-Missing Function Level Access Control
A8-Cross-Site Request Forgery (CSRF)
A9-Using Components with Known Vulnerabilities
A10-Unvalidated Redirects and Forwards
Identify the vulnerability
o Automated tools (Accunetix/Netsparker)
Attacking the issue
Impact analysis
Countermeasures
Risk Based Security Testing (Business Logic Testing)
ESAPI Security
Threat Modeling
Source Code Analysis
Report Writing

Module 6: Digital Forensics

Introduction & Case studies

Principle of CIA
o Against personals
o Against corporate
o Against governments
IT Act overview
Introduction to Forensics
Understanding Incident Response Methodologies
Thump rules of investigation
Type of forensics investigation
o Live forensics
o Dead forensics
Pre-Incident Preparation
Detection of Incidents
Initial Response Phase
Preserving Chain of Custody
Response Strategy Formulation
Setting up Forensics Lab
o Forensics Distros
o SANS SIFT
o DEFT Linux
Forensics Evidence Management
Evidence Collection and Analysis
Forensically Sound Evidence Collection
Evidence Handling
Host vs Network Based Evidence
Online vs Offline Response
Digital Forensics - Putting on the Gloves
The 6 A's Principle

The Investigative Guidelines

Reporting the Investigation
Understanding Branches of Digital Forensics
Understanding Network Crimes
Analyzing Logs
Network based log analysis
Web Server log analysis
Data Acquisition & Analysis
Encase forensics
Sysinternals Essentials
Memory Analysis volatility
Registry Forensics
Email Forensics
Opensource Forensics Methodologies

Module 7: Compliance

Auditing Principle
Information Security Management System (ISO 27001:2013)
Risk Assessment
Business Continuity (ISO 22301:2012)
PCI DSS v3
Overview ITIL & COBIT