ethical - ducat india
TRANSCRIPT
l� Information Security OverviewInformation Security Threats and Attack VectorsTop Information Security Attack VectorsMotives, Goals, and Objectives of Information Security AttacksInformation Security ThreatsInformation WarfareHacking ConceptsHacking vs. Ethical HackingEffects of Hacking on BusinessWho Is a Hacker?Hacker ClassesHacktivismHacking PhasesTypes of AttacksTypes of Attacks on a SystemOperating System AttacksMisconfiguration AttacksApplication-Level AttacksSkills of an Ethical HackerDefense in DepthIncident Management ProcessInformation Security PoliciesClassification of Security PoliciesStructure and Contents of Security Policies
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
l�Foot printing ConceptsFoot printing TerminologyWhat is Foot printing?Why Foot printing?Objectives of Foot printingFoot printing ThreatsFoot printing through Search EnginesFinding Company’s External and Internal URLsMirroring Entire WebsiteWebsite Mirroring ToolsExtract Website Information fromhttp://www.archive.orgMonitoring Web Updates Using Website WatcherFinding Resources Using Google Advance OperatorGoogle Hacking Tool: GoogleHacking Database (GHDB)Google Hacking ToolsWHOIS FootprintingWHOIS LookupDNS FootprintingExtracting DNS InformationDNS Interrogation ToolsNetwork FootprintingLocate the Network RangeDetermine the Operating SystemFootprinting through Social Engineering
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Ethical
Introduction to Ethical Hacking
Hacking
Footprinting and Reconnaissance
l�Check for Live SystemsChecking for Live Systems - ICMP ScanningPing SweepCheck for Open PortsScanning Tool: NmapHping2 / Hping3Scanning TechniquesScanning Tool: NetScan Tools ProScanning ToolsDo Not Scan These IP Addresses(Unless you want to get into trouble)Port Scanning CountermeasuresBanner Grabbing Countermeasures Disabling or Changing BannerHiding File Extensions from Web PagesScan for VulnerabilityProxy ServersWhy Attackers Use Proxy Servers?Use of Proxies for Attack
l�l�l�l�l�l�l�l�l�
l�l�
l�l�l�l�l�
Scanning Networks
l�What is Enumeration?Techniques for EnumerationServices and Ports to EnumerateNetBIOS EnumerationNetBIOS EnumerationNetBIOS Enumeration Tool:SuperScanNetBIOS Enumeration Tool: HyenaNetBIOS Enumeration Tool:WinfingerprintNetBIOS Enumeration Tool:NetBIOS EnumeratorEnumerating User Accounts
l�l�l�l�l�l�l�l�l�
Enumeration
l� Information at Hand Before System Hacking StageSystem Hacking: GoalsCEH Hacking Methodology (CHM)CEH System Hacking StepsCrackingPasswordsPassword CrackingPassword ComplexityPassword Cracking TechniquesTypes of Password AttacksDistributed Network AttackDefault PasswordsManual Password Cracking (Guessing)Stealing Passwords Using KeyloggersSpywareHow to Defend Against KeyloggersAnti-SpywaresWhat Is Steganography?Least Significant Bit Insertion
l�l�l�l�l�l�l�l�l�
System Hacking
l�l�l�l�l�l�l�l�
l�Trojan ConceptsWhat is a Trojan?Trojan InfectionTypes of TrojansCommand Shell TrojansCommand Shell Trojan: NetcatGUI Trojan: MoSuckerGUI Trojan: Jumper and BiodoxDocument TrojansE-mail TrojansE-mail Trojans: RemoteByMailTrojan DetectionHow to Detect TrojansScanning for Suspicious PortsTrojan Horse Construction KitAnti-Trojan Software
l�l�l�l�l�l�l�l�l�
Trojans and Backdoors
l�l�l�l�l�l�
l�Virus and Worms ConceptsIntroduction to VirusesVirus and Worm StatisticsTypes of VirusesSystem or Boot Sector VirusesFile and Multipartite VirusesMacro VirusesCluster Viruses
l�l�l�l�l�l�l�
Viruses and Worms
l�
l�Stealth/Tunneling VirusesEncryption VirusesPolymorphic CodeComputer WormsMalware AnalysisOnline Malware Testing: VirusTotalOnline Malware Analysis ServicesAnti-virus Tools
l�l�l�l�l�l�l�
Sniffers
l�
l�Sniffing ConceptsWiretappingLawful InterceptionPacket SniffingSniffing ThreatsSPAN PortMAC AttacksMAC FloodingMAC Address/CAM TableHow CAM WorksDHCP AttacksHow DHCP WorksDHCP Request/Reply MessagesIPv4 DHCP Packet FormatARP PoisoningWhat Is Address Resolution Protocol(ARP)?ARP Spoofing TechniquesARP Spoofing AttackSpoofing AttackSpoofing Attack ThreatsDNS PoisoningDNS Poisoning Techniques
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Social Engineeringl�Social Engineering Concepts
What is Social Engineering?Behaviors Vulnerable to AttacksSocial Engineering TechniquesTypes of Social EngineeringHuman-based Social EngineeringTechnical Support ExampleAuthority Support ExampleSocial Networking SitesSocial Engineering ThroughImpersonation on SocialNetworking SitesHow to Detect Phishing EmailsAnti-Phishing Toolbar: NetcraftAnti-Phishing Toolbar: PhishTankIdentity Theft Countermeasures
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Denial of Servicel�DoS/DDoS Concepts
What is a Denial of Service Attack?What Are Distributed Denial ofService Attacks?Symptoms of a DoS AttackDoS Attack TechniquesBandwidth AttacksService Request FloodsSYN AttackSYN FloodingICMP Flood AttackPeer-to-Peer AttacksPermanent Denial-of-Service AttackApplication Level Flood AttacksBotnetBotnet Propagation TechniqueDDoS AttackDDoS Attack Tool:LOICDoS Attack Tools
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
l�Session Hijacking ConceptsWhat is Session Hijacking?Dangers Posed by HijackingWhy Session Hijacking is Successful?Key Session Hijacking TechniquesBrute Forcing AttackNetwork-level Session Hijacking
l�l�l�l�l�l�
Session Hijacking
l�The 3-Way HandshakeSequence NumbersSession Hijacking ToolsSession Hijacking Tool: ZaproxySession Hijacking Tool: Burp SuiteSession Hijacking Tool: JHijackSession Hijacking Tools
l�l�l�l�l�l�
Hacking Webservers
l�
l�Webserver ConceptsWebserver Market SharesOpen Source WebserverArchitectureAttack MethodologyWebserver Attack MethodologyWebserver Attack Methodology:Information GatheringWebserver Attack Methodology:Webserver FootprintingCounter-measuresCountermeasures: Patches and UpdatesCountermeasures: ProtocolsCountermeasures: AccountsCountermeasures: Files and DirectoriesHow to Defend Against Web Server AttacksHow to Defend against HTTPResponse Splitting and Web CachePoisoningWeb Server Penetration Testing
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Hacking Web Applicationsl�Web App Concepts
Web Application Security StatisticsIntroduction to Web ApplicationsSQL Injection AttacksCommand Injection AttacksWeb App Hacking MethodologyFootprint Web InfrastructureFootprint Web Infrastructure:ServerDiscoveryHacking Web ServersWeb Server Hacking Tool:WebInspectWeb Services Probing AttacksWeb Service Attacks: SOAP InjectionWeb Service Attacks: XML InjectionWeb Services Parsing AttacksWeb Service Attack Tool: soapUI
l�l�l�l�l�l�l�l�l�l�l�l�l�l�
SQL Injectionl�SQLInjection Concepts
SQL InjectionScenarioSQL Injection ThreatsWhat is SQL Injection?SQL Injection AttacksSQL Injection DetectionTypes of SQL InjectionSimple SQL Injection AttackUnion SQL Injection ExampleSQL Injection Error BasedBlind SQL InjectionWhat is Blind SQL Injection?SQL Injection MethodologyAdvanced SQL InjectionInformation GatheringExtracting Information through ErrorMessagesInteracting with the FileSystemSQL Injection ToolsSQL Injection Tools: BSQLHackerSQL Injection Tools: Marathon ToolSQL Injection Tools: SQL PowerInjectorSQL Injection Tools: HavijSQL Injection Tools
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
l�Wireless ConceptsWireless NetworksWi-Fi Networks at Home and Public PlacesTypes of Wireless NetworksWireless EncryptionWireless ThreatsWireless Threats: Access Control AttacksWireless Threats: Integrity AttacksFootprint the Wireless NetworkAttackers Scanning for Wi-Fi NetworksBluetooth HackingBluetooth Threats
l�l�l�l�l�l�l�
Hacking Wireless Networks
l�l�l�l�
Evading IDS, Firewalls, and Honeypots
l�
l� IDS, Firewall and Honeypot ConceptsHow IDS Works?Ways to Detect an IntrusionDenial-of-Service Attack (DoS)ASCII ShellcodeOther Types of EvasionEvading FirewallsIP Address SpoofingSource RoutingWebsite Surfing SitesDetecting HoneypotsDetecting Honeypots
l�l�l�l�l�l�l�l�l�l�l�
Buffer Overflowl�Buffer Overflow Concepts
Buffer OverflowShellcodeNo Operations (NOPs)Buffer Overflow MethodologyOverflow using Format StringSmashing the StackOnce the Stack is Smashed...Buffer Overflow Security ToolsBoF Security Tool: BufferShieldBoF Security Tools
l�l�l�l�l�l�l�l�l�l�
Cryptographyl�Cryptography Concepts
CryptographyTypes of CryptographyGovernment Access to Keys (GAK)Encryption AlgorithmsCiphersAdvanced Encryption Standard (AES)Public Key Infrastructure(PKI)Public Key Infrastructure (PKI)Certification AuthoritiesEmail EncryptionDigital SignatureSSL (Secure Sockets Layer)Transport Layer Security (TLS)Disk Encryption ToolsCryptanalysis Tool: CrypToolCryptanalysis ToolsOnline MD5 Decryption Tool
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Penetration Testingl�Pen Testing Concepts
Security AssessmentsSecurity AuditVulnerability AssessmentLimitations of Vulnerability AssessmentIntroduction to Penetration TestingPenetration TestingWhy Penetration Testing?Testing LocationsTypes of Pen TestingTypes of Penetration TestingExternal Penetration TestingInternal Security AssessmentBlack-box Penetration TestingGrey-box Penetration TestingWhite-box Penetration Testing
l�l�l�l�l�l�l�l�l�l�l�l�l�l�l�
Partners :
PITAMPURA (DELHI)NOIDAA-43 & A-52, Sector-16,
GHAZIABAD1, Anand Industrial Estate, Near ITS College, Mohan Nagar, Ghaziabad (U.P.)
GURGAON1808/2, 2nd floor old DLF,Near Honda Showroom,Sec.-14, Gurgaon (Haryana)
SOUTH EXTENSION
www.facebook.com/ducateducation
Java
Plot No. 366, 2nd Floor, Kohat Enclave, Pitampura,( Near- Kohat Metro Station)Above Allahabad Bank, New Delhi- 110034.
Noida - 201301, (U.P.) INDIA 70-70-90-50-90 +91 99-9999-3213 70-70-90-50-90 70-70-90-50-90
70-70-90-50-90
70-70-90-50-90
D-27,South Extension-1New Delhi-110049
+91 98-1161-2707
(DELHI)