Summer Training Program 2013

CCSE V2.0 Certified Cyber Security Expert Version 2.0

TechD Facts

• Incorporated in November 2009

• Established 5 Branch offices in India & 2 International Branches in 2 years

• Trained more than 25000 students, conducted 280 Workshops Including all IITs, NITs & Many colleges across India.

• Trained Professional from many reputed companies like Yahoo!,Google,ISACA,k7 Antivirus, Elitecore , Indian Oil, Temenos, ZOHO, HCL,TCS Infosys.

• Trained Investigation agencies of Gujarat, Maharashtra, Rajasthan, Tamilnadu, West Bengal.

TechD Facts

• Trained & Certified 2000 Students & Professionals for CCSE ( Certified Cyber Security

Expert) Course.

• Helped Top Investigating Agencies to Solve Ahmedabad & Mumbai blasts Cyber trails.

• Associated for an out reach program with the Major Technical festivals of IIT Bombay, Kanpur, NIT Bhopal, NIT Calicut, Jadavpur University Kolkata, and BITS Pilani Goa for giving authorized certification.

• Major VAPT Clients includes Sulekha.com, Cyberoam.

• Supported by Ministry of Home Affairs, Malaysia & CMO, Gujarat. • Developed our own Crypters, Trojans, RATS for demonstrations.

TechD Facts

• Sunny Vaghela (Director & CTO) is recipient of Rajiv Gandhi Young

Achiever’s Award. • TechDefence has been awarded as Best Ethical Hacking & Information

Security Company by NBC on 1st May’12 at Trident Hotel , Mumbai.

TechD Facts

• TechDefence has also been awarded as Best Ethical Hacking & Information Security Company of Western India by BIG Research & IBN 7.

• Nominated for World Education Awards into category of Private Sector Initiative for use of innovative Technology for skilled education

CCSE Contents

Module 1 : Cyber Ethics - Hackers & hacking methodologies • Types of hackers • Communities of Hackers • Malicious Hacker Strategies • Steps to conduct Ethical Hacking • Hiding your identity while performing attacks Module 2: Basic Network Terminologies • TCP / IP protocols • IP addresses • Classes of IP addresses • NAT • Proxies and VPN’s • SSH and putty

CCSE Contents

Module 3: Information Gathering & Footprinting • Whois information • Active / Passive information gathering • Information gathering using • Foot printing methodologies • Tools that aid in foot printing • Savitabhabhi.com case studies Module 4: Scanning & Enumeration

• Why scanning? • Types of scanning • Tools to aid in scanning • Nmap - The Godfather • Banner grabbing

CCSE Contents

Module 5: Trojans, Backdoors • How to control victim’s computer using Trojans • Binding Trojans with another file • Undetection process of Trojans from Antivirus • Removal of Trojans from your computer • Analysis of Trojans/Virus Module 6: Virus & Worms • Introduction to viruses • How they work? • Methods use to hide themselves and replicate themselves • Introduction to worms • Causes of worms • Method used to replicate themselves • Role of antivirus product and goat file

CCSE Contents

Module 7: Phishing & its Prevention

• Making phishing pages

• How to detect phishing pages

• Detecting Phishing Crimes

Module 8: System Hacking & Security

• Password cracking

• Privilege escalation

• Tools to aid in system hacking

• Understanding rootkits

• Clearing traces

• Countermeasures

CCSE Contents

Module 9: Social engineering & Honeypots

• Introduction • Laws of social engineering • Types of social engineering • Honeypots introduction • Types of honeypots • Setting up windows / Linux honeypot Module 10: Bot,Bots & DOS(Denial of Service) • Introduction to bots • Introduction to botnets and zombies • Botnet lifecycle • IRC bots • Customize your own bot

CCSE Contents

Module 11: Cryptography • Public-key Cryptography • Working of Encryption • Digital Signature • RSA & Example of RSA Algorithm • RC4, RC5, RC6, Blowfish • Algorithms and Security • Tools that aid in Cryptography Module 12: Google Hacking • Understanding how Google works • Google basic operators • Google advanced operators • Automated Google tools • How to use Google to find the desired website • How Google can aid in searching vulnerable website

CCSE Contents

Module 13: SQL Injection 1

• Web Application Overview

• Web Application Attacks

• OWASP Top 10 Vulnerabilities

• Putting Trojans on websites

• SQL injection attacks

• Executing Operating System Commands

• Getting Output of SQL Query

• Getting Data from the Database Using ODBC Error Message

• How to Mine all Column Names of a Table

• How to Retrieve any Data

• How to Update/Insert Data into Database

• SQL Injection in Oracle

• SQL Injection in MySql Database, 20 Hands on Demonstrations on real websites

CCSE Contents

Module 14: SQL Injection 2

• Attacking Against SQL Servers

• SQL Server Resolution Service (SSRS)

• SQL Injection Automated Tools

• MSSQL Injection

• Blind SQL Injection

• Preventing SQL Injection Attacks

Module 15: XSS – Cross Site Scripting

• Introduction to XSS & Types of XSS

• XSS worm and XSS shell

• Cookie grabbing

• Countermeasures

CCSE Contents

Module 16: Secure Coding Practices

• Why secure coding?

• Secure coding standards

• Secure coding methods

• Dissecting the source code

Module 17: Information Disclosure Vulnerabilities

• Introduction

• Setting up the correct chmod

• Protecting the sensitive server files

• Preventing the data loss

CCSE Contents

Module 18: Session Hijacking

• Introduction

• Types of session hijacking

• Tools that aid in session hijacking

• Countermeasures

Module 19:Hacking Web Servers

• Understanding IIS and apache

• How to use PHP and ASP backdoors

• What are local root exploits?

• Implementing web server security

• Patch management

CCSE Contents

Module 20: Vulnerability Assessment & Penetration Testing

• Introduction to VAPT

• Categories of security assessments

• Vulnerability Assessment

• Limitations of Vulnerability Assessment

• Penetration Testing

• Types of Penetration Testing

• Do-It-Yourself Testing

• Outsourcing Penetration Testing Services

• Terms of Engagement

• Project Scope & Pentest Service Level Agreements

• Testing points & Locations

• Automated & Manual Testing

CCSE Contents

Module 21: Assembly Language Basics

• Difference Assembly Language Vs High-level Language

• Assembly Language Compilers

• Understanding Instruction operands, Directive & preprocessor

• Interrupts , Interrupt handler, External interrupts and Internal interrupts Handlers

• Assembling the & Compiling the C code

• Linking the object files & Understanding an assembly listing file

• Big and Little Endian Representation, Skeleton File

• Working with Integers, Signed integers & Signed Magnitude

• Understanding Two’s Compliment, If statements, Do while loops

• Indirect addressing, Subprogram

• Understanding The Stack, SS segment& ESP

• The Stack UsageThe CALL and RET Instructions

CCSE Contents

Module 22 & Module 23: Buffer Overflows 1-2

• Introduction

• How BOF works

• Stack based buffer overflow

• Heap based buffer overflow

• Heap spray

• Understanding the shellcode

• Mapping the memory

• Fuzzing

• Countermeasures

CCSE Contents

Module 24: Exploit Writing

• Exploits Overview

• Prerequisites for Writing Exploits and Shellcodes

• Purpose of Exploit Writing

• Types of Exploits

• Tools that aid in writing Shellcode

• Issues Involved With Shellcode Writing

• Addressing problem

• Null byte problem

• System call implementation

CCSE Contents

Module 25: Reverse Engineering

• Introduction to RE

• Briefing OllyDbg

• Patching

• Cracking

• Keygening

• Countermeasures

Module 26: Firewalls, IDS, Evading IDS

• Introduction

• How to detect Intrusion

• Types of Intrusion

• Configuring IDPS

• Firewall and it’s types

• Evading Firewalls and IDS

CCSE Contents

Module 27: Wireless Hacking & Security

• Wireless Protocols

• Wireless Routers-Working

• Attacks on Wireless Routers

• Cracking Wireless routers password(WEP)

• Securing routers from Hackers

• Countermeasures

Module 28: Mobile, VoIP Hacking & Security

• SMS & SMSC Introduction

• SMS forging & countermeasures

• Sending & Tracking fake SMSes

• VoIP Introduction

• Installing VoIP Server & Forging Call using VoIP

CCSE Contents

Module 29: Introduction to Cyber Crime Investigation & IT ACT 2000

• Types of Cyber Crimes

• Reporting Cyber Crimes & Incidence response

• Introduction to IT Act 2000 & its sections

• Flaws in IT ACT,2000

• Investigation Methodologies & Case Studies

• Different Logging Systems.

• Investigating Emails ( Email Tracing)

• Ahmedabad Bomb Blasts Terror Mail case study

• Investigating Phishing Cases

• Investigating Data Theft Cases

• Investigating Orkut Profile Impersonation Cases

• Investigating SMS & Call Spoofing Cases

CCSE Contents

Module 30: Cyber Forensics

• Cyber Forensics

• Understanding Cyber Forensics

• Hands on Cyber Forensics on Hard Disks

• Preparing Cyber Forensics Reports

Module 31:Enterprise Information Security Management

• Establishment of ISMS

• Implementation ,Monitoring ,Review & Maintenance of ISMS

• Resource Management & Management Responsabilités.

• Internal Audits

• Selection of Appropriate Controls

• Corrective & Preventive Actions

CCSE Contents

Module 32 - 35: Project Work 1 , Project Work 2 & Final Exam.

• Training attendees will be getting exposures to live projects like Penetration testing, Creating own vulnerable penetration testing framework , Online Malware Scanners.

• Semi Final & Final Exam ( Online Hacking Challenge)

Total Hours: 80 hours

Training Duration : 30 – 45 Days.

Training Centers: Ahmedabad, Delhi , Hyderabad, Navsari