About Course
An Ethical Hacker is a technology expert; typically employed by an organization to assess the security system of the
organization in order to discover vulnerabilities that can be exploited. Ethical hackers may use the same methods as
the black hat hackers, but report the problems instead of taking advantage of them.
This course on Ethical Hacking for Beginners goes deep down into the depths of networking, systems, web
applications and actual exploitation and helps beginners to take their confident first step towards information security
field. This 6 weeks course is designed to give the participants the real world exposure in information security by
hands on experience in tools and techniques.
Obtain prior written approval from senior management before testing the security of organization
STRICTLY work within the project scope boundaries as defined in the engagement letter
Carry out responsible disclosure; means whatever weaknesses are discovered during the penetration testing,
they are dutifully informed to senior management and technical team
Carry out security scans ONLY during scheduled time (usually during non-peak business hours). They should
NEVER be done before or after.
Point out potential security risks that may impact business operations. They must be rated properly on severity
levels
Report all security vulnerabilities responsibly you detect to the company, not leaving anything open for you or
someone else to come in at a later time.
Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their
software or hardware if not already known by the company.
Dynamically update the knowledge and encourage transferring the same to the peers to build a secured
environment
Proceed with security testing until prior written approval is obtained from senior management
Exceed project scope boundaries as defined in engagement letter
Carry out direct testing on production data for any service or application
Carry out exploitation on discovered vulnerabilities until he/she gets explicit approval from the senior
management
Take advantage of discovered vulnerabilities for any personal profit or competitive gain
Disclose any sensitive corporate design or information to anyone if that is found during testing. The same should
be reported to senior management at the earliest
Report any vague/ incorrect findings to senior management or to the technical team. The findings must not stand
ambiguous in context.
Course Contents
About Course
With the explosion of internet and e-world, computer networks, if adequately not secured, are getting targeted for a
large amount of threats, and exploited further which can cause huge damages to the enterprise. The primary goal of
this course is to give a good idea on various network security issues, how to identify them, and what are the proper
controls that need to be implemented to prevent these security issues.
This training covers fundamental aspects of security in a modern networked environment with the focus on system
design aspects in the specific context of network / internetwork security. We take a peek into network security best
practices such as LAN segregation, Network Controls, Logging, Hardening, DMZ configuration, Traffic Analysis and
Monitoring Tools etc. Router and Wireless Security are also discussed later.
Anyone looking to build a career in information security, or if you're someone who's already in this field, but want to
learn the professional concepts of hacking, then this is the course for you. It simply will not get more practical and
more hands-on than this. Instead of burdening you with a huge amount of courseware, and hundreds of tools, the
CPH course focuses on the real-world practical tools and techniques of hacking.
Duration
6 Weeks
Course Contents
Week 1
Week 2
Week 3
Week 4
Week 5
Network security
o Secure Network design
o DMZ
o VLANs
o Firewalls
o IDS / IPS
o Wireless LAN Security
o VPNs
Week 6
Wireless security
o Understanding Wireless Technology
o Protocol Analysis
o Attacks on Open Authenticated WiFi
o Dumpsterdiving
o WPA/WPA2 Security
o Wardriving Concepts
Duration
6 Weeks
Course Contents
Week 1
Week 2
Week 3
Week 4
Week 5
Aircrack-ng Kungfu
Attacking Open Wireless Network
De-authenticating users
Hidden SSID Security through Obscurity
Defeating MAC Filtering
WEP Cracking
Concept of IVs
WPA/WPA2 Cracking
Advanced Wireless Attack
Week 6
Wireless security
o Evil Twin Attack
o SSL Man In The Middle Attacks
o Securing 802.11 Networks
o Wired Equivalent Privacy (WEP)
o Adding extra layer of external security
o Wireless IDS (WIDS) and Wireless IPS (WIPS)
o Enterprise Level WiFi Security & Best Practices
CISC is 6 months training in information security for amateurs and professionals to make you an expert in the
field of Information Security.
The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree
only, as well as those already in industry wishing to advance their skills in this constantly evolving area.
Many companies are actively recruiting security specialists and this course will prepare graduates for senior
technical and management positions in many industry sectors.
CISC training
The CISC training is designed to make you an expert in the domain of information security.
While most certification programs are geared towards purely technical know-how, the CISC also arms you with
the necessary consulting skills in order to help you make your mark in this exciting field.
CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards,
and even forensics and cyber crime investigations.
CISC includes over 45+ sessions, including the basic fundamentals as well as advanced concepts.
These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months.
Each session will be further broken down into 15-20 modules.
You will be given comprehensive and highly useful study material on all the sessions.
The best part about the CISC is the fact that you get hands-on practical training on live projects.
Benefits of CISC
The CISC is the only completely hands-on, real-world oriented security certification.
It is a course designed by security professionals, and for security professionals.
The best in the business personally mentor you.
You are trained by a group of professionals who have worked on prestigious international projects, presented at
the leading security conferences around the world, and written numerous books and articles.
The course comprehensively covers all the main aspects of information security from the basics to compliance
standards making you one of the most sought after IS professionals
The content is updated very regularly in accordance to the requirements of this dynamic industry.
There are many opportunities available for students with our consulting arm, NII, as well as our extensive clients
in India and overseas
We will conduct exams after every quarter with practicals and theory
Experts will set up these exams
The USP of the CISC is the fact that you'll be put on live projects
Schedule
Course is of 4 hrs from Monday to Friday
Course Contents
Module 1: Fundamentals
Network Fundamentals
o OSI Layers
o
o
o
o
o
o
o
TCP/IP Layers
TCP Flags
IP Addressing
Basics Network Devices
Subnet &Supernet
Understanding Protocols
Packet Analysis - Wireshark
OS Fundamentals
o Windows Server Architecture
o AD Overview
o Windows Registries
o File Artifacts
o Linux Server Architecture
o Linux basic commands
o Linux file systems
Reconnaissance
o Passive Recon
o Active Recon
o Nmaping network
o Evasion during scanning
o Social Engineering
Packet Crafting
o Hping
o Scapy
Manual Test Cases
o ARP Poisoning -MITM
o SYN Flooding
o SMURF Attack
o IP Spoofing
o Password Cracking Techniques
o Offline Cracking
o Online Cracking
Testing HTTP/HTTPS
Testing SMTP
Testing SNMP
Testing Database Servers Oracle, MS SQL Server
Testing NTP
Testing Firewalls firewalking
Testing VPN
Testing SMTP
Testing FTP
Testing Telnet, SSH
Testing DNS
DNS Cache Poisoning
Vulnerability Discovery
Manual Discovery
o Security Advisories Search
Automated Discovery
Scanners (Nessus)
Interpreting scan reports
Exploitation
Metasploit the universe
Understanding the msf modules Auxiliaries, Exploits and Payloads
Attacking Windows Services
Attacking Linux Services
Wireless Security
Understanding 802.11 Standard
Packet Types
Attacking Open Authenticated WiFi Network
Concept of War-Driving
Breaking Hidden SSID
Breaking MAC Filtering
Attacking WEP
Understanding Weak IV
Problems with RC4
Replay Attack
Chop Chop Attack
Attacking WPA2
Creating wordlist for effective WPA2 cracking
Using JTR to crack WPA2
Attacking WPS
Network Security Audit
Architecture Review
Device Auditing
Configuration Review - Nipper
Firewall Rule Based Auditing
Report Writing
Database Security
o Oracle Database Security
o MS SQL Database Security
Operating System Security
o Windows 2008 Server Security
o Linux Server Security
Application Security
o Working with Proxy Burp suite
o OWASP Top 10 2013
o A1-Injection
o A2-Broken Authentication and Session Management
o
o
o
o
o
o
o
o
Module 7: Compliance
Auditing Principle
Information Security Management System (ISO 27001:2013)
Risk Assessment
Business Continuity (ISO 22301:2012)
PCI DSS v3
Overview ITIL & COBIT