Your cart is empty!
View Cart Checkout
Cart subtotal: 0.00

ETHICAL HACKING TRAINING – REAL-TIME

Ethical Hacker

CORE ETHICAL HACKING COURSE SYLLABUS – 20 HOURS

SESSION 1 [1.5 hours]

  • Disclaimer
  • Hacking overview
  • Types of hacking
  • Types of hackers
  • Cyber Laws
  • Interesting terminologies
  • Various cyber security domains; its career opportunities
  • Live DEMO on Google Hacking

SESSION 2 [1.5 hours]

  • How internet works?
  • How file transfer happens? – OSI Layer overview
  • How; Why do you hack?
  • Types of IP Address (Private IP/Public IP/Static IP/Dynamic IP)
  • Hands-on windows utilities – Pinging/Trace route
  • Live DEMO on basic Windows commands

SESSION 3 [1.5 hours]

  • Important Protocols
  • Firewall; Anti virus
  • Man in the Middle Attacks
  • Live DEMO on Sniffing the packet using Wire shark

SESSION 4 [1.5 hours]

  • Advance IP scanner
  • Host discovery Tools
  • Port Scanning
  • Live DEMO on Nmap; its features

SESSION 5 [1.5 hours]

  • Linux Basic commands
  • Installing Kali Linux
  • Kali Linux Tools overview
  • Live DEMO on Kali Linux Tools

SESSION 6 [1.5 hours]

  • Foot printing
  • Information gathering
  • Vulnerability scanning
  • Active Fingerprinting
  • Passive Fingerprinting
  • Live DEMO on Metasploit attacks

SESSION 7 [1.5 hours]

  • System hacking methodologies
  • Registries and Rootkits
  • Stenography; analysis
  • Live DEMO and Working on Cain; Abel

SESSION 8 [1.5 hours]

  • Trojans; analysis.
  • Difference between Virus/Malware/Worms
  • ARP/DNS poisoning
  • Live DEMO on Key loggers

SESSION 9 [1.5 hours]

  • Details on Exploit DB/CVE/NVD
  • Windows/Linux  Enumeration
  • DNS/NTP  Enumeration
  • SNMP/SMB Enumeration
  • Live DEMO on Enumeration

SESSION 10 [1.5 hours]

  • Phishing Attacks; consequences
  • Social Engineering Attacks
  • Live DEMO on Password cracking (Dictionary/Brute force)

SESSION 11 [1.5 hours]

  • Hacking into Wireless devices
  • Vulnerability scanners
  • Live DEMO on Nessus

SESSION 12 [1.5 hours]

  • Pentesting and its types.
  • How Web Works?
  • Proxy; its importance
  • OWASP TOP 10 vulnerabilities overview
  • Hands on SQL Injection
  • Live DEMO on SQLmap

SESSION 13 [2 hours]

  • Live Demo on Web based attacks using Burp Suite
  • Cross site scripting
  • Live Demo on Beef to hack into social networks.
  • What more to learn?
  • Conclusion

ADVANCED ETHICAL HACKER – Web App Hacking & Penetration Testing (WAHPT) (40 Hrs)

Introduction to Cyber Security

  • Disclaimer
  • Basic Skills required.
  • Hacking & its Types
  • New Terminologies.
  • Career Overview
  • Live demo of Google hacking

How Things works

  • How internet works?
  • How web application works?
  • Domain & Sub-domain
  • URL, URI & URN
  • Types of IP Address: Private IP/Public IP
  • Types of IP Address: Static IP/Dynamic IP
  • Live demo on windows utilities

Layers & Protocols Use cases

  • Purpose of protocols in OSI Layer.
  • Purpose of protocols in Application layer.
  • Vulnerability & OSI stacks
  • Live Demo on Wire-shark

Penetration Testing & OWASP TOP-10 Overview.

  • Type of Penetration Testing
  • Penetration Testing Methodology
  • OWASP TOP-10 Overview.

Building your own Pen-tester Lab

  • Installing & Working of Virtual Machine
  • Installing & Working of Xampp
  • Installing DVWA/Mutillidae on Windows
  • Live Demo on Nikto & its switches.

Deep dive into HTTP/HTTPS

  • HTTP Basics (Request/Response)
  • Understanding Web application architecture.
  • HTTP Methods Testing
  • HTTP Basic Authentication
  • Attacking HTTP Basic Authentication
  • Live demo on Netcat Lab

Burp suite Overview & working

  • Burp suite – Overview
  • Attacking web using Burp suite
  • Difference between Automated & Manual Testing
  • Live demo on Burp & its features

Initial Research on Target Application

  • Overview on Kali Linux Tools.
  • Improper Error Handling.
  • Using Components with known vulnerabilities.
  • Live demo on Nmap & its switches
  • Live Demo on Known vulnerabilities.

Sensitive Data Exposure.

  • Credentials transport over an unencrypted channel
  • Insecure Storage on application/Database.
  • Password sent in GET Request.
  • Information disclosure (credit card information, passwords or personal information)
  • Demo on Tampering, manipulating & Attacking a web application.

Unvalidated redirects & Forwards.

Injection

  • HTML Injection
  • Command injection
  • XML Injection
  • XPath Injection

Local & Remote file inclusion vulnerability basics

  • Remote code execution
  • Local file inclusion
  • OS command Injection
  • Live demo on Metasploits

Beyond Alert XSS

  • Basics of JavaScript
  • Stored cross site scripting
  • Reflected cross site scripting
  • DOM cross site scripting

SQL Basic Queries Overview & Understanding

  • How SQL Query works
  • SQL Injection Overview
  • Manually Exploiting SQL Injection
  • Types of SQL Injection
  • Live demo on hacking SQL database & its details.

Live hacking a website using SQLmap.

  • Detecting Web Technology details
  • Detecting Database information
  • Detection of Table & column details
  • Detecting stored credentials
  • Dumping Entire database
  • Taking control over SQL shell.

Malicious File upload (Shell Uploads)

  • Bypassing PHP File restriction
  • Bypassing Black list restrictions
  • Bypassing using MIME (Multi-purpose Internet Mail Extensions) Type
  • Bypass using double extension I
  • Bypass using double extension II
  • Bypass File content verification
  • Live demo on malicious file uploads.

Compromising User Accounts by manipulating parameter values & Escalating the privileges.

  • Credentials transport over an encrypted channel
  • Username/Password Enumeration
  • Default or guessable (dictionary) user account
  • Automation Attacks  (Brute Force Testing)
  • Captcha Testing (weakness)
  • Insecure Direct Object Reference (Parameter Tampering)
  • Missing Functional Level Access

Session Management Testing

  • Session Management Schema (Weak Session Token)
  • Cookies attributes(Cookies are set not ‘HTTP Only’, ‘Secure’, and no time validity)
  • Session Fixation/Hijacking
  • Time out(logout) mechanism

Cross Site Request Forgery (CSRF)

Miscellaneous

  • poisoning web services
  • poisoning web sockets
  • Report Session.
  • Capture the Flag (CTF)