Cyber Security & Ethical Hacking

Introduction to Ethical Hacking

 Internet is Integral Part of Business and Personal Life – What Happens Online in 60
Seconds
 Essential Terminology
 Elements of Information Security
 The Security, Functionality, and Usability Triangle

Information Security Threats and Attack Vectors

 Motives, Goals, and Objectives of Information Security Attacks
 Top Information Security Attack Vectors
 Information Security Threat Categories
 Types of Attacks on a System
 Information Warfare

Hacking Concepts

 What is Hacking?
 Who is a Hacker?
 Hacker Classes
 Hacking Phases

o Reconnaissance
o Scanning
o Gaining Access
o Maintaining Access
o Clearing Tracks

Ethical Hacking Concepts

 What is Ethical Hacking?
 Why Ethical Hacking is Necessary
 Scope and Limitations of Ethical Hacking
 Skills of an Ethical Hacker

Footprinting and Reconnaissance
Footprinting Concepts

 What is Footprinting?
 Objectives of Footprinting

Footprinting through Search Engines

 Footprinting through Search Engines
 Footprint Using Advanced Google Hacking Techniques
 Information Gathering Using Google Advanced Search and Image Search
 Google Hacking Database
 VPN Footprinting through Google Hacking Database

Footprinting through Web Services

 Finding Company’s Top-level Domains (TLDs) and Sub-domains
 Finding the Geographical Location of the Target
 People Search on Social Networking Sites and People Search Services
 Gathering Information from LinkedIn
 Gather Information from Financial Services
 Footprinting through Job Sites
 Monitoring Target Using Alerts
 Information Gathering Using Groups, Forums, and Blogs
 Determining the Operating System
 VPN Footprinting through SHODAN

Footprinting through Social Networking Sites

 Collecting Information through Social Engineering on Social Networking Sites
Website Footprinting
 Website Footprinting
 Website Footprinting using Web Spiders
 Mirroring Entire Website
 Extracting Website Information from https://archive.org
 Extracting Metadata of Public Documents
 Monitoring Web Pages for Updates and Changes

Whois Footprinting

 Whois Lookup
 Whois Lookup Result Analysis
 Whois Lookup Tools
 Finding IP Geolocation Information

Network Footprinting

 Locate the Network Range
 Find Open/Close Port
 OS version
 Analysis

Footprinting through Social Engineering

 Footprinting through Social Engineering
 Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving

Footprinting Tools

 Maltego
 Recon-ng
 Recon-Dog
 OSRFramework
 Additional Footprinting Tools

Module 03: Scanning Networks
Network Scanning Concepts

 Overview of Network Scanning
 TCP Communication Flags
 TCP/IP Communication
 Creating Custom Packet Using TCP Flags
 Scanning in IPv6 Networks

Scanning Tools

 Nmap / Angry IP Scanner
 Scanning Tools
 Scanning Tools for Mobile

Scanning Techniques

 Scanning Techniques

o TCP Connect / Full Open Scan
o Stealth Scan (Half-open Scan)
o Inverse TCP Flag Scanning

Scanning Beyond IDS and Firewall

 IDS

o Proxy Servers

 Proxy Chaining
 Proxy Tools
 Proxy Tools for Mobile
 Network Discovery Tools for Mobile

Vulnerability Scoring Systems

 Common Vulnerability Scoring System (CVSS)
 Common Vulnerabilities and Exposures (CVE)
 National Vulnerability Database (NVD)
 Resources for Vulnerability Research

Vulnerability Assessment Tools

 Vulnerability Assessment Tools

o Nessus Professional
o Qualys FreeScan
o Nikto
o OpenVAS
o SAINT
o AVDS – Automated Vulnerability Detection System
o Vulnerability Assessment Tools

Cracking Passwords

 Password Cracking
 Types of Password Attacks

o Non-Electronic Attacks
o Active Online Attack

 Dictionary, Brute Forcing and Rule-based Attack
 Password Guessing
 Default Passwords
 Trojan/Spyware/Keylogger

Man-in-the-Middle Attack
Executing Applications

 Executing Applications

o Tools for Executing Applications

 Keylogger

o Types of Keystroke Loggers
o Hardware Keyloggers
o Keyloggers for Windows
o Keyloggers for Mac

 Spyware

o Spyware
o USB Spyware
o Audio Spyware
o Video Spyware
o Telephone/Cellphone Spyware
o GPS Spyware

 How to Defend Against Keyloggers

o Anti-Keylogger

 How to Defend Against Spyware

o Anti-Spyware

 What is Steganography?

o Classification of Steganography
o Types of Steganography based on Cover Medium

 Whitespace Steganography
 Image Steganography
 Image Steganography Tools
 Document Steganography
 Video Steganography
 Audio Steganography
 Folder Steganography
 Spam/Email Steganography

o Steganalysis Methods/Attacks on Steganography
o Steganography Detection Tools

Malware Threats

 Introduction to Malware
 Different Ways a Malware can Get into a System
 Common Techniques Attackers Use to Distribute Malware on the Web
 Components of Malware

Trojan Concepts

 What is a Trojan?
 How Hackers Use Trojans
 Common Ports used by Trojans
 How to Infect Systems Using a Trojan
 Trojan Horse Construction Kit
 How Attackers Deploy a Trojan
 Exploit Kits
 Evading Anti-Virus Techniques
 Types of Trojans

o Remote Access Trojans
o Backdoor Trojans
o Botnet Trojans
o Rootkit Trojans
o E-banking Trojans

Virus and Worm Concepts

 Introduction to Viruses
 Working of Viruses
 How does a Computer Get Infected by Viruses
 Fake Antiviruses
 Ransomware
 Types of Viruses

o Encryption and Sparse Infector Viruses
o Overwriting File or Cavity Viruses
o Companion/Camouflage and Shell Viruses
o File Extension Viruses
o FAT and Logic Bomb Viruses
o Web Scripting and E-mail Viruses
o Other Viruses

 Creating Virus
 Computer Worms
 Worm Makers
 Virus Analysis: WannaCry

Anti-Malware Software

 Anti-Trojan Software
 Antivirus Software

Social Engineering

 What is Social Engineering?
 Phases of a Social Engineering Attack

Social Engineering Techniques

 Types of Social Engineering
 Human-based Social Engineering

o Impersonation
o Impersonation (Vishing)
o Eavesdropping
o Shoulder Surfing
o Dumpster Diving
o Reverse Social Engineering
o Piggybacking
o Tailgating

 Computer-based Social Engineering

o Phishing

 Mobile-based Social Engineering

o Publishing Malicious Apps
o Repackaging Legitimate Apps
o Fake Security Applications
o SMiShing (SMS Phishing)

Denial-of-Service

 What is a Denial-of-Service Attack?
 What is Distributed Denial-of-Service Attack?

DoS/DDoS Protection Tools

 Advanced DDoS Protection Appliances
 DoS/DDoS Protection Tools

Evading IDS, Firewalls, and Honeypots
DS, Firewall and Honeypot Concepts

 Intrusion Detection System (IDS)

o How IDS Detects an Intrusion
o General Indications of Intrusions
o Types of Intrusion Detection Systems
o Types of IDS Alerts

 Firewall

o Firewall Architecture
o DeMilitarized Zone (DMZ)
o Types of Firewalls
o Firewall Limitations

 Honeypot

o Types of Honeypots

IDS, Firewall and Honeypot Solutions

 Intrusion Detection Tool

o Snort

 Snort Rules
 Snort Rules: Rule Actions and IP Protocols
 Snort Rules: The Direction Operator and IP Addresses
 Snort Rules: Port Numbers

o Intrusion Detection Tools: TippingPoint and AlienVault® OSSIM™
o Intrusion Detection Tools

 Honeypot Tools

o KFSensor and SPECTER
o Honeypot Tools
o Honeypot Tools for Mobile

Detecting Honeypots

 Detecting Honeypots
 Detecting and Defeating Honeypots
 Honeypot Detection Tool: Send-Safe Honeypot Hunter

Hacking Web Servers
Web Server Concepts

 Web Server Operations
 Open Source Web Server Architecture
 Web Server Security Issue
 Why Web Servers Are Compromised?
 Impact of Web Server Attacks

Web Server Attacks

 DoS/DDoS Attacks
 DNS Server Hijacking
 DNS Amplification Attack
 Directory Traversal Attacks
 Man-in-the-Middle/Sniffing Attack
 Phishing Attacks
 Website Defacement
 Web Server Misconfiguration
 HTTP Response Splitting Attack
 Web Cache Poisoning Attack
 SSH Brute Force Attack
 Web Server Password Cracking
 Web Application Attacks

Web Server Attack Methodology

 Information Gathering

o Information Gathering from Robots.txt File

 Web Server Footprinting/Banner Grabbing

o Web Server Footprinting Tools
o Enumerating Web Server Information Using Nmap

 Website Mirroring

o Finding Default Credentials of Web Server
o Finding Default Content of Web Server

 Vulnerability Scanning

o Finding Exploitable Vulnerabilities

 Session Hijacking
 Web Server Passwords Hacking

Web Server Attack Tools

 Metasploit

o Metasploit Exploit Module
o Metasploit Payload and Auxiliary Module
o Metasploit NOPS Module

 Web Server Attack Tools

Web Server Security Tools

 Web Application Security Scanners
 Web Server Security Scanners
 Web Server Security Tools

Hacking Web Applications
Web App Concepts

 Introduction to Web Applications
 Web Application Architecture
 Web 2.0 Applications

Web App Threats

 OWASP Top 10 Application Security Risks

o Injection Flaws

 SQL Injection Attacks
 Command Injection Attacks
 File Injection Attack

o Broken Authentication
o Sensitive Data Exposure
o Broken Access Control
o Security Misconfiguration

 Web Application Hacking Tools

o Cross-Site Scripting (XSS) Attacks

 Cross-Site Scripting Attack Scenario: Attack via Email
 XSS Attack in Blog Posting
 XSS Attack in Comment Field
 Websites Vulnerable to XSS Attack

o Insecure Deserialization
o Using Components with Known Vulnerabilities
o Insufficient Logging and Monitoring

 Other Web Application Threats

o Directory Traversal
o Unvalidated Redirects and Forwards
o Watering Hole Attack
o Cross-Site Request Forgery (CSRF) Attack
o Cookie/Session Poisoning
o Web Services Architecture
o Web Services Attack
o Web Services Footprinting Attack

SQL Injection
SQL Injection Concepts

 What is SQL Injection?
 SQL Injection and Server-side Technologies
 Understanding HTTP POST Request
 Understanding Normal SQL Query
 Understanding an SQL Injection Query
 Understanding an SQL Injection Query – Code Analysis
 Example of a Web Application Vulnerable to SQL Injection: BadProductList.aspx
 Example of a Web Application Vulnerable to SQL Injection: Attack Analysis
 Examples of SQL Injection

Types of SQL Injection

 Types of SQL injection

o In-Band SQL Injection

 Error Based SQL Injection
 Union SQL Injection

o Blind/Inferential SQL Injection

 No Error Messages Returned
 Blind SQL Injection: WAITFOR DELAY (YES or NO Response)
 Blind SQL Injection: Boolean Exploitation and Heavy Query

o Out-of-Band SQL injection

SQL Injection Methodology

 SQL Injection Methodology

o Information Gathering and SQL Injection Vulnerability Detection

 Information Gathering
 Identifying Data Entry Paths
 Extracting Information through Error Messages
 Testing for SQL Injection
 Additional Methods to Detect SQL Injection
 SQL Injection Black Box Pen Testing
 Source Code Review to Detect SQL Injection Vulnerabilities

SQL Injection Tools

 SQL Injection Tools

o SQL Power Injector and sqlmap
o The Mole and jSQL Injection

 SQL Injection Tools
 SQL Injection Tools for Mobile

Hacking Wireless Networks
Wireless Concepts

 Wireless Terminologies
 Wireless Networks
 Wireless Standards
 Service Set Identifier (SSID)
 Wi-Fi Authentication Modes
 Types of Wireless Antennas

Wireless Encryption

 Types of Wireless Encryption

o WEP (Wired Equivalent Privacy) Encryption
o WPA (Wi-Fi Protected Access) Encryption
o WPA2 (Wi-Fi Protected Access 2) Encryption

 WEP vs. WPA vs. WPA2
 WEP Issues

Wireless Threats

 Wireless Threats

o Client Mis-association
o Misconfigured Access Point Attack
o Unauthorized Association
o Honeypot Access Point Attack
o Denial-of-Service Attack
o Jamming Signal Attack

 Wi-Fi Jamming Devices

Email Encryption

 Digital Signature
 Secure Sockets Layer (SSL)
 Transport Layer Security (TLS)
 Cryptography Toolkit

o OpenSSL
o Keyczar

 Pretty Good Privacy (PGP)

Disk Encryption

 Disk Encryption
 Disk Encryption Tools

o VeraCrypt
o Symantec Drive Encryption
o Disk Encryption Tools

Hacking with Android OS

 Android OS

o Android Device Administration API

 Android Rooting

o Rooting Android Using KingoRoot
o Android Rooting Tools

 Blocking Wi-Fi Access using NetCut
 Hacking with zANTI
 Hacking Networks Using Network Spoofer
 Launching DoS Attack using Low Orbit Ion Cannon (LOIC)
 Performing Session Hijacking Using DroidSheep
 Hacking with Orbot Proxy
 Android Trojans
 Securing Android Devices
 Android Security Tool: Find My Device
 Android Security Tools
 Android Vulnerability Scanner

Mobile Spyware

 Mobile Spyware
 Mobile Spyware: mSpy
 Mobile Spywares

Mobile Pen Testing

 Android Phone Pen Testing
 Mobile Pen Testing Toolkit: Genymotion

IoT Hacking
IoT Concepts

 What is IoT
 How IoT Works
 IoT Application Areas and Devices
 IoT Technologies and Protocols
 Challenges of IoT
 Threat vs Opportunity

IoT Hacking Methodology

 What is IoT Device Hacking?
 IoT Hacking Methodology

o Information Gathering Using Shodan
o Information Gathering using MultiPing
o Vulnerability Scanning using Nmap
o Gaining Remote Access using Telnet

Cryptography
Cryptography Concepts

 Cryptography

o Types of Cryptography

 Government Access to Keys (GAK)

Encryption Algorithms

 Ciphers
 Data Encryption Standard (DES)
 Advanced Encryption Standard (AES)
 Rivest Shamir Adleman (RSA)
 Message Digest (One-Way Hash) Functions

o Message Digest Function: MD5
o Secure Hashing Algorithm (SHA)
o RIPEMD – 160
o HMAC

Cryptography Tools

 MD5 Hash Calculators
 Hash Calculators for Mobile
 Cryptography Tools

o Advanced Encryption Package 2017
o BCTextEncoder
o Cryptography Tools

 Cryptography Tools for Mobile