infosec courses
TRANSCRIPT
-
8/18/2019 Infosec Courses
1/14
Ethical Hacking Course For Beginners
About Course An Ethical Hacker is a technology expert; typically employed by an organization to assess the security system of the
organization in order to discover vulnerabilities that can be exploited. Ethical hackers may use the same methods as
the black hat hackers, but report the problems instead of taking advantage of them.
This course on Ethical Hacking for Beginners goes deep down into the depths of networking, systems, web
applications and actual exploitation and helps beginners to take their confident first step towards information security
field. This 6 weeks course is designed to give the participants the real world exposure in information security by
hands on experience in tools and techniques.
Why should you attend this course?
One of the greatest highlights of this course is that it is built by experts who do penetration testing on a regular basis.
Since it is built by practitioners in the field, it is regularly updated with the latest tools, techniques, and real-world
scenarios.
The lab setup for the course will give beginners a very good practical hands on experience of ethical hacking rather
than just plain theory explanation. The participants will get to break into vulnerable applications and systems that
have been set up to create levels of challenges and sharpen their skills.
Who should attend this course?
Anyone looking to build a career in information security is most welcome to join the course. If you’re already in this
field, but want to learn the professional concepts of hacking, then this is the course for you. Instead of burdening you
with a huge amount of courseware, this 6 weeks course provides a systematic practical approach towards learning
and helps to take your confident first step towards ethical hacking; focusing on the real-world practical tools and
techniques of hacking.
A Professional Ethical Hacker SHOULD:
Obtain prior written approval from senior management before testing the security of organization
STRICTLY work within the project scope boundaries as defined in the engagement letter
Carry out responsible disclosure; means whatever weaknesses are discovered during the penetration testing,
they are dutifully informed to senior management and technical team
Carry out security scans ONLY during scheduled time (usually during non-peak business hours). They should
NEVER be done before or after.
Point out potential security risks that may impact business operations. They must be rated properly on severity
levels
Put forward the recommendations to address those potential security risks
Respect the individual's or company's privacy and only go looking for security issues.
-
8/18/2019 Infosec Courses
2/14
—
Report all security vulnerabilities responsibly you detect to the company, not leaving anything open for you or
someone else to come in at a later time.
—
Let the software developer or hardware manufacturer know of any security vulnerabilities you locate in their
software or hardware if not already known by the company.
—
Dynamically update the knowledge and encourage transferring the same to the peers to build a secured
environment
A Professional Ethical Hacker SHOULD NOT:
Proceed with security testing until prior written approval is obtained from senior management
Exceed project scope boundaries as defined in engagement letter
Carry out direct testing on production data for any service or application
Carry out exploitation on discovered vulnerabilities until he/she gets explicit approval from the senior
management
Take advantage of discovered vulnerabilities for any personal profit or competitive gain
Disclose any sensitive corporate design or information to anyone if that is found during testing. The same should
be reported to senior management at the earliest
Report any vague/ incorrect findings to senior management or to the technical team. The findings must not stand
ambiguous in context.
Report any finding(s) without "sufficient" and necessary proof(s)
Make any vague / incorrect recommendation(s) to address potential security risks.
Course Contents
Week 1: Information Security - What & Why?
Introduction to Information security
Overview IT Act
E-Crimes & Penalties
Understanding PenTest methodologies (black/white/gray - box)
Introduction to Computer Networks
Major Topologies in Networks
http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOnehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseOne
-
8/18/2019 Infosec Courses
3/14
Network Design & Components
IP addressing
Network protocols
Week 2: Network Basics
Concept of routing and switching
OSI reference model
TCP/IP model
Diving into OSI layers in details
TCP v/s UDP services
Common TCP and UDP services
Understanding ICMP messages
Week 3: Protocol Analysis
Understanding things in the packet layer
Wireshark-The packet analyzer
Analyzing the host-to-host packet transmission
synchronizations of hosts
termination of hosts
finishing of host
Week 4: Operating System Basics
Introduction to Windows Server - 2008
Active Directory Fundamentals
Operational Units
Concept of ACL
File system implementation Diving into the Pentest folder - Backtrack
Understanding Linux shell
Week 5: Breaking into Networks
http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFivehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseFourhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseThreehttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwohttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseTwo
-
8/18/2019 Infosec Courses
4/14
Portscan - Beginner to Expert level
Mastering Nmap
Working with LUA
Cooking custom Nmap scripts
Concept of fingerprinting and footprinting
Google Hacking Enumeration of services
Banner Grabbing
Week 6: Exploiting the target
Finding vulnerability - Automated methods
Using Vulnerability Scanners (Nessus & GFI)
Interpreting the automated scanner report Getting into the system
Working with exploit code - Exploitation Framework (msf)
Attacking LAN
Firewall Evasion
Firewall introduction & types
Detection methodologies
Fire-walking
Evasion Methodologies
Packet crafting
Understanding Overflow
Buffer Overflow (Stack & Heap)
Exploiting Windows & Linux
Protection Mechanisms
Network Security & Exploitation
Learn Fundamental Aspects of Security in Modern Networked Environment
About Course
With the explosion of internet and e-world, computer networks, if adequately not secured, are getting targeted for a
large amount of threats, and exploited further which can cause huge damages to the enterprise. The primary goal of
this course is to give a good idea on various network security issues, how to identify them, and what are the proper
controls that need to be implemented to prevent these security issues.
This training covers fundamental aspects of security in a modern networked environment with the focus on system
design aspects in the specific context of network / internetwork security. We take a peek into network security best
practices such as LAN segregation, Network Controls, Logging, Hardening, DMZ configuration, Traffic Analysis and
Monitoring Tools etc. Router and Wireless Security are also discussed later.
Who should attend this course?
http://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSixhttp://www.iisecurity.in/courses/ethical-hacking-course.html#collapseSix
-
8/18/2019 Infosec Courses
5/14
Anyone looking to build a career in information security, or if you're someone who's already in this field, but want to
learn the professional concepts of hacking, then this is the course for you. It simply will not get more practical and
more hands-on than this. Instead of burdening you with a huge amount of courseware, and hundreds of tools, the
CPH course focuses on the real-world practical tools and techniques of hacking.
Duration
6 Weeks
Course Contents
Week 1
Introduction & Case Studies
Understanding PenTest methodologies (black/white/gray – box)
Kali OS – The Hacker’s Box
Understanding Linux (BT) structure
Kali Basic Usage
Network Basics
TCP/IP Fundamentals
Common TCP and UDP services
Understanding ICMP messages
Understanding things in the packet layer
Wireshark – The packet analyzer Analyzing the host-to-host packet transmission
o synchronizations of hostso termination of hostso finishing of host
Week 2
Fingerprinting & Footprinting
Google hacking
Portscanning
Mastering Nmap
Netcat Kungfu
Packet crafting using hping3
http://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseThreehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseTwohttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseOne
-
8/18/2019 Infosec Courses
6/14
Week 3
Finding Vulnerability – Manual methodso Banner Grabbingo Testing on clear text protocols (FTP, TFTP, Telnet, HTTP)o Testing on SNMPo Testing on SMTPo Testing on Fingero Testing on DB ports
Service Level Securityo Concept of ACLo Hardening SSHo Hardening SMTP Server
Week 4
Finding vulnerability – Automated methodso Nessus Vulnerability scannero GFI scannero Interpreting the automated scanner reporto Getting exploit code – Exploitation Framework (msf introduction)o Getting into the systemo Attacking LAN
Metasploiting the targeto Metasploit the universeo Metasploit Module & Architectureo Working with Auxiliarieso Working with Exploitso Working with encoderso Working with payloadso Understanding Meterpreter
Week 5
Network securityo Secure Network designo DMZo VLANso Firewallso IDS / IPSo Wireless LAN Securityo VPNs
http://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFivehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFourhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseFour
-
8/18/2019 Infosec Courses
7/14
Week 6
Wireless securityo Understanding Wireless Technologyo Protocol Analysiso Attacks on Open Authenticated WiFio Dumpsterdivingo WPA/WPA2 Securityo Wardriving Concepts
Web App & Wifi Security Training (Advance Level)
Comprehensive Coverage of Web Application & WiFi Security
The course is focused on a comprehensive coverage of web application security. It will present security guidelines
and considerations in web applications development. The participants will learn the basics of application security,
how to enforce security on a web application, Basics of Threat Modeling, Threat Profiling, OWASP Top Ten Testing
and Black Box Testing.
We will also cover security guidelines and considerations in wireless networking. The participants will learn the latest
security standards, including all 802.1x/EAP types used in WLANs , how to locate and triangulate rogue access
points and implement Wireless Intrusion Prevention Systems, assess the security of wireless networks using the
same hacking tools the bad guys do.
Objectives of the course
Upon completion of this course, participants will be able to:
Understand the need for security
Understand the various security threats and countermeasures
Design and Develop secured web applications
Understand wireless standards & security architecture
Analyze the wireless protocol, and algorithmic flaws
Conduct penetration testing of wireless network
Understand Enterprise Security on wireless network
Duration
6 Weeks
Course Contents
http://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseOnehttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSixhttp://www.iisecurity.in/courses/network-security-exploitation.html#collapseSix
-
8/18/2019 Infosec Courses
8/14
Week 1
Application Security Fundamentals
Recap on Application Development Technologies Database Fundamental
Application Security Overview
OWASP Top 10
Week 2
Attacks & Defense
o A1-Injectiono A2-Cross Site Scripting (XSS)o A3-Broken Authentication and Session Managemento A4-Insecure Direct Object Referenceso A5-Cross Site Request Forgery (CSRF)o A6-Security Misconfigurationo A7-Insecure Cryptographic Storageo A8-Failure to Restrict URL Accesso A9-Insufficient Transport Layer Protectiono A10-Unvalidated Redirects and Forwards
Proxy Based Attacks – Burp Suite
Week 3
Wireless Technology Background
Risks of using Wireless Technologies
Current Wireless Security
Wireless Standards & Terminologies
Attack Taxonomy
Introduction 802.11 Standard
Features of 802.11 Standard
Packet types of 802.11 Standards
Week 4
802.11 Protocol Analysis
http://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFourhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseThreehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwohttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseTwo
-
8/18/2019 Infosec Courses
9/14
802.11 authentication types
802.11 Discovery
Understanding Software Requirements
Wireless Hardware and Drivers
Week 5
Aircrack-ng Kungfu
Attacking Open Wireless Network
De-authenticating users
Hidden SSID – Security through Obscurity
Defeating MAC Filtering
WEP Cracking
Concept of IVs WPA/WPA2 Cracking
Advanced Wireless Attack
Week 6
Wireless securityo Evil Twin Attacko
SSL Man In The Middle Attacks
o Securing 802.11 Networkso Wired Equivalent Privacy (WEP)o Adding extra layer of external securityo Wireless IDS (WIDS) and Wireless IPS (WIPS)o Enterprise Level WiFi Security & Best Practices
Certified Information Security Consultant (CISC) (6
Months)
Best Training To Convert Amateurs Into Experts in Information Security
CISC is 6 months training in information security for amateurs and professionals to make you an expert in the
field of Information Security.
The course is ideal for those wanting to differentiate themselves from candidates with an undergraduate degree
only, as well as those already in industry wishing to advance their skills in this constantly evolving area.
Many companies are actively recruiting security specialists and this course will prepare graduates for senior
technical and management positions in many industry sectors.
http://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseSixhttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFivehttp://www.iisecurity.in/courses/web-app-wifi-security-training.html#collapseFive
-
8/18/2019 Infosec Courses
10/14
CISC training
The CISC training is designed to make you an expert in the domain of information security. While most certification programs are geared towards purely technical know-how, the CISC also arms you with
the necessary consulting skills in order to help you make your mark in this exciting field.
CISC covers a wide variety of topics, starting right from the basics, and then leading up to compliance standards,
and even forensics and cyber crime investigations.
CISC includes over 45+ sessions, including the basic fundamentals as well as advanced concepts.
These 45+ sessions will be divided into four quarters, all of which will be covered in 6 months.
Each session will be further broken down into 15-20 modules.
You will be given comprehensive and highly useful study material on all the sessions.
The best part about the CISC is the fact that you get hands-on practical training on live projects.
Benefits of CISC
The CISC is the only completely hands-on, real-world oriented security certification.
It is a course designed by security professionals, and for security professionals.
The best in the business personally mentor you.
You are trained by a group of professionals who have worked on prestigious international projects, presented at
the leading security conferences around the world, and written numerous books and articles.
The course comprehensively covers all the main aspects of information security from the basics to compliance
standards making you one of the most sought after IS professionals
The content is updated very regularly in accordance to the requirements of this dynamic industry. There are many opportunities available for students with our consulting arm, NII, as well as our extensive clients
in India and overseas
We will conduct exams after every quarter with practicals and theory
Experts will set up these exams
The USP of the CISC is the fact that you'll be put on live projects
Schedule
Course is of 4 hrs from Monday to Friday
Course Contents
Module 1: Fundamentals
Network Fundamentalso OSI Layers
http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOnehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseOne
-
8/18/2019 Infosec Courses
11/14
o TCP/IP Layerso TCP Flagso IP Addressingo Basics Network Deviceso Subnet &Superneto Understanding Protocolso Packet Analysis - Wireshark
OS Fundamentalso Windows Server Architectureo AD Overviewo Windows Registrieso File Artifactso Linux Server Architectureo Linux basic commandso Linux file systems
Module 3: Network Security
Reconnaissanceo Passive Recono Active Recono ―Nmap‖ing network o Evasion during scanningo Social Engineering
Packet Craftingo Hpingo Scapy
Manual Test Caseso ARP Poisoning -MITMo SYN Floodingo SMURF Attacko IP Spoofingo Password Cracking Techniques
o Offline Crackingo Online Cracking
Testing HTTP/HTTPS
Testing SMTP
Testing SNMP
Testing Database Servers – Oracle, MS SQL Server
Testing NTP
Testing Firewalls – firewalking
Testing VPNTesting SMTP
Testing FTP
Testing Telnet, SSH
Testing DNS
DNS Cache Poisoning
Vulnerability Discovery
Manual Discovery
o Security Advisories Search Automated Discovery
http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThreehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseThree
-
8/18/2019 Infosec Courses
12/14
o Scanners (Nessus)Interpreting scan reports
Exploitation
Metasploit the universe
Understanding the msf modules – Auxiliaries, Exploits and Payloads
Attacking Windows Services
Attacking Linux Services
Wireless Security
Understanding 802.11 Standard
Packet Types
Attacking Open Authenticated WiFi Network
Concept of War-Driving
Breaking Hidden SSID
Breaking MAC Filtering
Attacking WEP
Understanding Weak IV
Problems with RC4
Replay Attack
Chop Chop Attack
Attacking WPA2Creating wordlist for effective WPA2 cracking
Using JTR to crack WPA2
Attacking WPS
Network Security Audit
Architecture Review
Device Auditing
Configuration Review - Nipper
Firewall – Rule Based Auditing
Report Writing
Module 4: Server Security
Database Securityo Oracle Database Securityo MS SQL Database Security
Operating System Securityo Windows 2008 Server Securityo Linux Server Security
Module 5: Application Security
Application Securityo Working with Proxy – Burp suiteo OWASP Top 10 2013
o A1-Injectiono A2-Broken Authentication and Session Management
http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFivehttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFourhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseFour
-
8/18/2019 Infosec Courses
13/14
o A3-Cross-Site Scripting (XSS)o A4-Insecure Direct Object Referenceso A5-Security Misconfigurationo A6-Sensitive Data Exposureo A7-Missing Function Level Access Controlo A8-Cross-Site Request Forgery (CSRF)o A9-Using Components with Known Vulnerabilitieso A10-Unvalidated Redirects and Forwards
Identify the vulnerability
o Automated tools (Accunetix/Netsparker) Attacking the issue
Impact analysis
Countermeasures
Risk Based Security Testing (Business Logic Testing)
ESAPI Security
Threat Modeling
Source Code Analysis
Report Writing
Module 6: Digital Forensics
Introduction & Case studies
Principle of CIAo Against personalso Against corporateo Against governments
IT Act overview
Introduction to Forensics Understanding Incident Response Methodologies
Thump rules of investigation
Type of forensics investigationo Live forensicso Dead forensics
Pre-Incident Preparation
Detection of Incidents
Initial Response Phase
Preserving ―Chain of Custody‖
Response Strategy Formulation
Setting up Forensics Labo Forensics Distros
o
SANS SIFTo DEFT LinuxForensics Evidence Management
Evidence Collection and Analysis
Forensically Sound Evidence Collection
Evidence Handling
Host vs Network Based Evidence
Online vs Offline Response
Digital Forensics - Putting on the Gloves
The 6 A's Principle
http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSixhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSix
-
8/18/2019 Infosec Courses
14/14
The Investigative Guidelines
Reporting the Investigation
Understanding Branches of Digital Forensics
Understanding Network Crimes
Analyzing Logs
Network based log analysis
Web Server log analysis
Data Acquisition & Analysis
Encase forensics
Sysinternals Essentials
Memory Analysis – volatility
Registry Forensics
Email Forensics
Opensource Forensics Methodologies
Module 7: Compliance
Auditing Principle
Information Security Management System (ISO 27001:2013)
Risk Assessment
Business Continuity (ISO 22301:2012)
PCI DSS v3
Overview – ITIL & COBIT
http://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSevenhttp://www.iisecurity.in/courses/certified-information-security-consultant-cisc.html#collapseSeven