| |
| Certified Professional Ethical Hacker Training |
| |
| QUICK FACTS – CPEH (Certified Professional Ethical Hacker Training)
|
Description
|
CPEH graduates will build real world security knowledge that will enable them to recognize vulnerabilities, expose system weaknesses and help safeguard clients against security threats |
Requirements |
Basic networking knowledge |
Training Cost |
Rs. 50,000 |
Duration |
40 hrs. |
Certification Exam |
Certified Professional Ethical Hacker (CPEH) |
Certification Cost |
Included in the training fee. |
Career Options |
|
|
| |
| |
| Course Overview: |
| As a result of this course, Certified Professional Ethical Hacker (CPEH) graduates will build real world security knowledge that will enable them to recognize vulnerabilities, expose system weaknesses and help safeguard clients against security threats. Graduates will learn the essentials of Ethical Hacking, along with the added professional edge of the Fundamentals of Penetration Testing. |
| |
| BENEFITS OF THIS COURSE |
| |
- From the start, the course spends little timeonlengthy introductions and instead spends the first day on the technical background of Information security, complete with labs and demonstrations in order for the delegates to understand the rest of the course.
- The Second day will follow a complete attack on an network from information gathering all the way to covering their tracks and slipping away.
- The Third day will cover the majority of avenues of attacks, such as buffer overflows and malware enabling the Delegates to fully understand and appreciate the attack surface area of their systems.
- The Fourth Day focuses on Web Vulnerabilities, our course follows closely developments by OWASP and the web community details them enough to have an understanding of the major failures in any website.
- The Final day of the course delegates will be introduced to the latest attack surface area on an organisation's System, mobile and wireless devices. In many cases mobile devices act as a covert channel, a medium to transfer more malware, and most importantly it is often the weakest link in the chain.
|
| |
| Course Material |
| |
| |
MODULE 1: SECURITY FUNDAMENTALS |
| |
MODULE 2: ACCESS CONTROLS |
| |
MODULE 3: ACCESS CONTROL |
| |
MODULE 4: NETWORK ATTACK & DEFENCE |
| |
MODULE 5: CRYPTOGRAPHY |
| |
MODULE 6: ECONOMICS & LAW |
| |
MODULE 7: RECONNAISSANCE |
| |
MODULE 8: SCANNING & ENUMERATION |
| |
MODULE 9: GAINING ACCESS / EXPLOITATION |
| |
MODULE 10: MAINTAINING ACCESS |
| |
MODULE 11: COVERING YOUR TRACKS |
| |
MODULE 12: MALWARE |
| |
MODULE 13: BUFFER OVERFLOWS |
| |
MODULE 14: PASSWORD CRACKING ATTACKS |
| |
MODULE 15: DENIAL OF SERVICE |
| |
MODULE 16: ATTACKING WEB TECHNOLOGIES AND DATABASES |
| |
MODULE 17: ATTACKING WIRELESS DEVICES |
|
| MODULE 1: SECURITY FUNDAMENTALS |
- Current state of Information Security
- The Growth of Environments and Security
- Our Motivation lWorld Bank Hacked
- UK Hospitals Shut Down
- 80% of Organizations Suffer Breaches
- 3rd Quarter of 2008 – What Happened!
- IC3 2008 Report
- The Evolving Threat
- Security Vulnerability Life Cycle
- Exploit Time line
- What to Expect in 2009!
- The Goal: Protecting Information
- AIC Triad in Detail
- Approach Security Holistically
- Security Definitions
- Definitions Relationships
- Potential Threats, Vulnerabilities and Risks
- What is a Penetration Test?
- Types of Penetration Testing
- Vulnerability Assessment vs Pentest
- Hacking Life Cycle – A Methodology
- Methodology for Penetration Testing
- Hacker vs Penetration Tester
- Not Just Tools
- Benefits of a Penetration Test
- Penetration Testing Methodologies
- Information Security Standards
- Financial Regulations
- Role of Access Control
- Definitions
- Categories of Access Controls
- Physical Controls
- Logical Controls
- Administrative Controls
- Security Roles
- Steps to Granting Access
- Access Criteria
- Physical Access Control Mechanism
- Biometric System Types
- Synchronous Token
- Asynchronous Token Device
- Memory Devices
|
| MODULE 2: ACCESS CONTROL |
- Role of Access Control
- Definitions
- Categories of Access Controls
- Physical Controls
- Logical Controls
- Administrative Controls
- Security Roles
- Steps to Granting Access
- Access Criteria
- Physical Access Control Mechanism
- Biometric System Types
- Synchronous Token
- Asynchronous Token Device
- Memory Devices
- Smart Card
- Cryptographic Keys
- Logical Access Controls
- lOS Access Controls
- Linux Access Controls
- Accounts and Groups
- Password and Shadow File Formats
- Account and Groups Details
- Linux and UNIX Permissions
- Set UID Programs
- Trust Relationships
|
| MODULE 3: ACCESS CONTROL |
- OSI – Application Layer
- OSI – Presentation Layer
- OSI – Session Layer
- OSI – Transport Layer
- OSI – Network Layer
- OSI – Data Link
- OSI – Physical Layer
- Protocols at each OSI Layer
- TCP/IP Suite
- Port and Protocol Relationship
- Conceptual Use of Ports
- UDP vs TCP
- Address Resolution Protocol
- Internet Control Message Protocol
- Domain Name Service
- Secure Shell
- Simple Network Management Protocol
- Simple Mail Transfer Protocol
- Packet Sniffers
- Examples of Packet Sniffers
- Wireshark
- TCP Stream Re-Assembling
|
| MODULE 4: NETWORK ATTACK & DEFENCE |
- Vulnerabilities in Network Services
- Vulnerabilities in Networks
- Defence Options
- Patch Management Tools
- Networking Device – Bastion Host
- Defence Against External Scanning
- Firewall
- Intrusion Detection System
- Intrusion Prevention System
- Firewall Types
- Packet Filtering
- Proxy Firewalls Circuit-Level Proxy Firewall
- Application-Layer Proxy
- Stateful Firewall
- Dynamic Packet Filtering
- Kernel Proxies
- Firewall Placement
- Screened Host
- Multi or Dual Homed
- Screened Subnet
- “New Age” Protection
- IPS Overview
- Spyware Prevention System
- Secure Surfing
- TOR
- Paros Proxy
|
| MODULE 5: CRYPTOGRAPHY |
- The Science of Secret Communication
- Cryptography Definition
- Encryption
- Encryption Algorithm
- Symmetric Encryption
- Symmetric Algorithms
- Symmetric Downfalls
- Asymmetric Encryption
- Asymmetric Advantages
- Asymmetric Disadvantages
- Symmetric vs Asymmetric
- Asymmetric Algorithm Examples
- Diffie-Hellman Key Exchange
- Hybrid Encryption
- Hashing
- Common Hash Algorithms
- Security Issues in Hashing
- Hash Collisions
- MD5 Collision Creates Rogue CA lBirthday Attack
- Salting
- SSL/TLS
- SSL Connection Setup
- SSH
- IPSecPublic Key Infrastructure
- Attacks on Cryptosystems
- Cryptool
|
| MODULE 6: ECONOMICS & LAW |
- What is Your Weakest Link?
- What will it Cost You?
- What does a Hack Cost?
- What is the Value of an Asset?
- Non-Obvious Examples
- Categorizing Risks
- Examples of Types of Losses
- Approaches to Analysing Risk
- Who Uses What Analysis Type?
- Qualitative Analysis
- Quantitative Analysis
- Can a Pure Quantitative Analysis be Accomplished?
- Comparing Cost and Benefit
- Cost of a Countermeasure
- Cyber Crime
- CSI Computer Crime Survey
- Classic Example
- Recent Example
- Computer Crime Websites
- Not Just Fun and Games
- Examples of Computer Crimes
- Criminal Profiles
- Attack Types
- Telephone Fraud
- Identification Protection and Prosecution
- Privacy of Sensitive Data
- U.S. Laws and Examples
- EU Principles on Privacy
- Transborder Information Flow
- Employee Privacy Issue
- U.S. Law
- Civil Law
- Criminal Law
- Administrative Laws
- U.S. Federal Laws
- Intellectual Property Laws
- Software Licensing
- Digital Millennium Copyright Act
- Investigating
- Computer Crime and Its Barriers
- Countries Working Together
- Generally Accepted System Security Principles
- Violation Analysis
- Bringing in Law Enforcement
- Citizen vs Law Enforcement Investigation
|
| MODULE 7: ECONOMICS & LAW |
- Step One in the Hacking Life Cycle
- What Information does the Hacker want?
- Passive – Active Reconnaissance
- Footprinting Defined
- Methods of Obtaining Information
- Social Access
- Social Engineering Techniques
- Social Networking Sites
- People Search Engines
- WayBack Machine
- Digital Access
- Footprinting Tools Overview
- KartOO Website
- Maltego
- Google Hacking
- Johnny Long
- WHOIS
- Domain Name Registration
- WHOIS Output
- DNS Record Types
- Nslookup
- Dig
- Traceroute
- Netcraft
- Blogs, Forums and Newsgroups
- EDGAR
- Companies House
- Domains by Proxy
- Footprinting Countermeasures
|
| MODULE 8: SCANNING & ENUMERATION |
- Hacking Life Cycle – Step 2
- Introduction to Port Scanning
- Which Services use which Ports?
- Port Scanning Tips
- Port Scan Should Reveal
- Popular Port Scanning Tools
- Ping
- Stealth Online Ping
- Pinging with NMAP
- TCP 3-way Handshake
- TCP Flags
- TCP Connect Port Scan
- Half-Open Scan
- Firewalled Ports
- UDP Port Scan
- NMAP TCP Connect Scan
- NMAO Service Version Detection
- Look@LANSuperScan
- UnicornScan
- Autoscan
- Enumeration Overview
- Web Server Banners
- SMTP Server Banner
- DNS Enumeration
- SNMP Insecurity
- SNMP Enumeration Tools
- SNMP Countermeasure
- Active Directory Enumeration
- LDAPMiner
- Active Directory Countermeasures
- Null Sessions
- Null Session Syntax
- Viewing Shares with Null Sessions
- DumpSec
- Cain and Able
- Null Session Countermeasures
|
| MODULE 9: GAINING ACCESS/EXPLOITATION |
- Hacking Life Cycle – Step 2
- Introduction to Port Scanning
- Which Services use which Ports?
- Port Scanning Tips
- Port Scan Should Reveal
- Popular Port Scanning Tools
- Ping
- Stealth Online Ping
- Pinging with NMAP
- TCP 3-way Handshake
- TCP Flags
- TCP Connect Port Scan
- Half-Open Scan
- Firewalled Ports
- UDP Port Scan
- NMAP TCP Connect Scan
- NMAO Service Version Detection
- Look@LANSuperScan
- UnicornScan
- Autoscan
- Enumeration Overview
- Web Server Banners
- SMTP Server Banner
- DNS Enumeration
- SNMP Insecurity
- SNMP Enumeration Tools
- SNMP Countermeasure
- Active Directory Enumeration
- LDAPMiner
- Active Directory Countermeasures
- Null Sessions
- Null Session Syntax
- Viewing Shares with Null Sessions
- DumpSec
- Cain and Able
- Null Session Countermeasures
|
| MODULE 10: MAINTAINING ACCESS |
- Backdoors
- Rootkits
- Linux Rootkits
- Windows Rootkits
- Netcat
- Netcat Switches
- Netcat as a Listener
- Meterpreter
|
| MODULE 11: COVERING YOUR TRACKS |
- Covering Tracks Overview
- Disabling Auditing
- Clearing Event Logs
- Alternate Data Streams
- ADS Countermeasures
- Stream Explorer
- Steganography
- Steganography Tools
- Shredding Files Left Behind
- Leaving No Local Trace
- More Anonymous Software
- StealthSurfer II Privacy Stick
- TOR
- Encrypted Tunnel Notes
|
| MODULE 12: MALWARE |
- Malware Types
- Worms, Logic Bomb and Trojan Horse
- Virus
- Types of Viruses
- Spyware
- Trojan Horse
- Rootkits
- Backdoors
- Distributing Malware
- Malware Capabilities
- Auto Starting Malware
- HijackThis Tool
- Executable Wrappers
- EXE’s Historically wrapped with Trojans
- Restorator
- EXE Icon
- Infectious CD-ROM Technique
- Historical Trojans
- How Trojans Avoid Detection
- The Basic Manipulation Tool Kit
- Malware Countermeasures
- Gargoyle Investigator
- Spy Sweeper Enterprise
- Port Monitoring Software
- File Protection Software
- Windows Software Restriction Policies
- Hardware Based Malware Detectors
- User Education
|
| MODULE 13: BUFFER OVERFLOWS |
- Buffer Overflow Definition
- Basic Example
- Buffer Overflows – Overview
- Memory Organization
- How Buffers and Stacks are suppose to work!
- Stack Function
- How a Buffer Overflow Works!
- Secure Code Reviews
- Secure Code Review Process
- Know the Vulnerabilities
- Know the Business Risks
- When to Conduct the Code Review
- Who Should Be Involved
- What To Look For
- Fixing the Issues
- Automated Tools
|
| MODULE 14: PASSWORD CRACKING ATTACKS |
- Attack Vectors
- Keystroke Loggers
- Password Recovery Options
- UNIX Passwords and Encryption
- Linux/UNIX Password Cracking Tools
- NAT Dictionary Attack Tool
- THC-Hydra
- Cracking Windows Passwords
- Tsgrinder
- Hashes in a Windows System
- LM Hash
- NT Hash
- Syskey Encryption
- Creating Rainbow Tables
- Downloading Rainbow Tables
- NTPASSWD
- Password Sniffing
- Kerbsniff and Kerbcrack
- Cracking Passwords with Cain and Able
|
| MODULE 15: DENIAL OF SERVICE |
- DDoS issues
- Stachledraht DDoS Attack
- DDoS
- Zombie Definition
- DDoS Attack Types
- WiFi DoS
- Evading the Firewall and IDS
- Evasive Techniques
- Firewall – Normal Operation
- Firewall – Evasive Technique
- Evading with Encrypted Tunnel
- Man-in-the-Middle Attacks
- ARP Cache Poisoning
- ARP Cache Poisoning with Linux
- ARP Cache Poisoning with Windows
- Ettercap
- ARP Cache Poisoning Countermeasures
- DNS Spoofing
- DNS Spoofing Tools
- Breaking SSL Traffic
- Tools for Breaking SSL and SSH
- VoIP Notes
- Session Hijacking
|
| MODULE 16: ATTACKING WEB TECHNOLOGIES AND DATABASES |
- Web Server Market Share
- Common Security Threats
- OWASP Top 10
- Anatomy of a Web App Attack
- Components of a Generic Web App
- URL Mappings
- Older Web Attack Techniques
- Changing URL Login Parameters
- Cookies
- Cross-Site Scripting
- XSS Illustraged
- Reflected XSS Illustrated
- Business Impacts of XSS
- Finding and Fixing XSS
- Injection Flaws
- Invalidated Input
- Invalidated Input Illustrated
- Business Impacts of Invalidated Input
- Finding and Fixing Invalidated Input
- Attacks Against IIS
- IIS Directory Traversal
- Unicode Issues
- IIS Logs
- N-Stalker
- NTOSpider
- HTTrack Website Copier
- Wikto
- Paros Proxy
- Burp Proxy
- Brutus
- Dictionary Maker
- Query String
- Fuzzers
- Acunetix Web Scanner
- Eclipse
- OWASP WebScarab
- Samurai
- OWASP Assessment Template
- Attacking Databases Overview
- Database Server Overview
- Types of Databases
- Vulnerabilities and Common Attacks
- SQL Injection
- Business Impacts of SQL Injection
- Why SQL Injection?
- Database Enumeration
- SQL Extended Stored Procedures
- Direct Attacks
- SQL Connection Properties
- Obtaining Sensitive Information
- SQL Ping2
- OSQL.EXE
- Query Analyzer
- SQLExec
- Pete Finnegan
- Metasploit Again?
- Finding and Fixing SQL
|
| MODULE 17: ATTACKING WIRELESS DEVICES |
- WiFi Network Types
- Widely Deployed Standards
- Standards Comparison
- 802.11n - MIMO
- SSID
- MAC Filtering
- WEP
- Weak IV Packets
- XOR - Basics
- WEP Weaknesses
- WPA Improvements on WEP
- TKIP
- WPA MIC Vulnerability
- 802.11i – WPA2
- WPA/WPA2 Mode Types
- WPA-PSK Encryption
- LEAP
- LEAP Weaknesses
- Hidden Node
- Hidden Node Solutions
- Near/Far Issue
- Near/Far Solution
- NetStumbler
- KNSGEM
- Vistumbler
- Kismet
- Omnipeek Personal
- Eavesdropping
- Aircrack-ng Suite
- Airodump-ng
- Aireplay-ng
- DoS
- Deauthentication/Disassociation Attack
- Rogue Access Point
- Aircrack-ng
- Aircrack for Windows
- Attacking WEP
- Attacking WPA
- coWPAtty
- Exploiting Cisco LEAP
- asleap
- www.wirelessdefence.org
- Typical Wireless Network
- 802.1X: EAP Types
- EAP Advantages/Disadvantages
- EAP/TLS Deployment
- New Age Protection
|
 Call us now on
9310851102
9310851103
9310851104
9310851113
011-43380000
011-43380001 |
|
|
| |
| |
|
| |