Cyber Security & Ethical Hacking Course Training
Tech Marshals is one of the most trusted brand of Hands-On Trainings in Ethical Hacking & Certification Courses in Hyderabad (India),
Ethical Hacking Training & Certification
A Ethical Hacking is a skilled professional who understands and knows how to look for weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker, but in a lawful and legitimate manner to assess the security posture of a target system(s). The CCEE credential certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective.
The Certified Cyber E-Expert v11 program is a trusted and respected ethical hacking training Program that any information security professional will need.
ETHICAL HACKING COURSE CONTENT VERSION 10
1. Introduction to Ethical Hacking
- What is Hacking
- Who is a Hacker
- Skills of a Hacker
- Types of Hackers
- Reasons for Hacking
- Who are at the risk of Hacking attacks
- Effects of Computer Hacking on an organization
- Network Security Challenges
- Elements of Information Security: Confidentiality, Integrity & Availability
- The Security, Functionality & Usability Triangle
- What is Ethical Hacking
- Why Ethical Hacking is Necessary
- Scope & Limitations of Ethical Hacking
- What is Penetration Testing
- What is Vulnerability Auditing
2. Computer and Network Basics:
- Internet protocol
- Types of IP
- Protocol service
- OS for different hardware platforms
- Different Programming languages for different platforms/purposes.
- What are Networks and what is networking
- Network topologies
- How the Networking devices communicate.
- Vulnerable Hacking environments
- Hashing checksums
- Window/Linux commands
- Php code overview
- Assembly language programming overview
- Introduction of kali
- Introduction of backtrack
- Introduction of parrot
3. Foot Printing / reconnaissance / Information Gathering
- What is Foot Printing
- Objectives of Foot Printing
- Finding a company’s details
- Finding a company’s domain name
- Finding a company’s Internal URLs
- Finding a company’s Public and Restricted URLs
- Finding a company’s Server details
- Finding the details of domain registration
- Finding the range of IP Address
- Finding the DNS information
- Finding the services running on the server
- Finding the location of servers
- Traceroute analysis
- Tracking e-mail communications
- What is network scanning
- Objectives of network scanning
- Finding the live hosts in a network
- Finding open ports on a server
- Finding the services on a server
- OS fingerprinting
- Server Banner grabbing tools
- What is a Vulnerability Scanning
- Vulnerability Scanner tools
- Finding more details about a vulnerability
- What is a proxy server
- How does proxy server work
- Types of proxy servers
- How to find proxy servers
- Why do hackers use proxy servers
- What is a TOR network
- Why hackers prefer to use TOR network
- SNMP Enumeration
- SMTP Enumeration
- DNS Enumeration
6. Vulnerability Analysis
- Perform vulnerability analysis to identify security loopholes in the target organization’s network, Communication infrastructure and end systems.
7. Sniffing and Sniffers
- What is a sniffer
- How sniffer works
- Types of sniffing
- Active sniffing
- Passive Sniffing
- What is promiscuous mode
- How to put a PC into promiscuous mode
- What is ARP
- ARP poison attack
- Threats of ARP poison attack
- How MAC spoofing works
- MAC Flooding
- What is a CAM Table
- How to defend against MAC Spoofing attacks
- How to defend against Sniffers in network
8. System Hacking
- What is system Hacking
- Goals of System Hacking
- Password Cracking
- Password complexity
- Finding the default passwords of network devices and softwares
- Password cracking methods
- Online password cracking
- Man-in-the-middle attack
- Password guessing
- Offline password cracking
- Brute force cracking
- Dictionary based crackingZ
- Hybrid attack
- USB password stealers
- Elcomsoft Distributed password recovery tools
- Active password changer
- What is a Keylogger
- How to deploy a Keylogger to a remote pc
- How to defend against a Keylogger.
9. Malware Threats
- What is malware
- Types of malware
- What is a virus program
- What are the properties of a virus program
- How does a computer get infected by virus
- Types of virus
- Virus making tools
- How to defend against virus attacks
- What is a worm program
- How worms are different from virus
- What is a Trojan horse
- How does a Trojan operate
- Types of Trojans
- Identifying Trojan infections
- How to defend against Trojans
- What is a spyware
- Types of spywares
- How to defend against spyware
- What is a Rootkit
- Types of Rootkits
- How does Rootkit operate
- How to defend against Rootkits
10. Phishing and Social engineering
- What is Phishing
- How Phishing website is hosted
- How victims are tricked to access Phishing websites
- How to differentiate a Phishing webpage from the original webpage
- How to defend against Phishing attacks
- SET: Social Engineering Toolkit
11. DOS : Denial of Service
- What is a DOS attack
- What is a DDOS attack
- Symptoms of a Dos attack
- DoS attack techniques
- What is a Botnet
- Defending DoS attacks
12. Session Hijacking
- What is session hijacking.
- Dangers of session hijacking attacks
- Session hijacking techniques
- Cross-Site scripting attack
- Session hijacking tools
- How to defend against session hijacking.
13. Hacking Web Servers & Web Applications
- What is a web server
- Different webserver applications in use
- Why are webservers hacked & its consequences
- Directory traversal attacks
- Website defacement
- Website password brute forcing
- How to defend against web server hacking
14. SQL Injection
- What is SQL Injection
- Effects of SQL Injection attacks
- Types of SQL Injection attacks
- SQL Injection detection tools
15. Wireless Network Hacking
- Types of wireless networks
- Wi-Fi usage statistics
- Finding a Wi-Fi network
- Types of Wi-Fi authentications
- Using a centralized authentication server
- Using local authentication
- Types of Wi-Fi encryption methods
- How does WEP work
- Weakness of WEP encryption
- How does WPA work
- How does WPAT work
- Hardware and software required to crack Wi-Fi networks
- How to crack WEP encryption
- How to crack WPA encryption
- How to crack WPAT encryption
- How to defend against Wi-Fi cracking attacks
16. Kali Linux
- What is Kali Linux
- How Kali Linux is different from other Linux distributions
- What are the uses of Kali Linux
- Tools for Footprinting, Scanning & Sniffing
- What is Metasploit framework
- Using Metasploit framework to attack Windows machines
- Using Metasploit framework to attack Android mobile devices
17. Evading Firewalls, IDS & Honeypots
- What is a Firewall
- What are the functions of a Firewall
- What is an IDS
- How does an IDS work
- IDS tools
- What is a honeypot
- Types of honeypots
- Honeypot tools
- Honeypot detection tools
18. IoT Hacking
- Different threats to IoT platforms and learn how to defend IoT devices securely.
19. Cloud Computing
- What is Cloud
- What are the cloud services
- Various cloud computing concepts, threats, attacks, and security techniques and tools (Cloud security).
- What is Cryptography
- Types of cryptography
- Cipher algorithms
- Public key infrastructure
- What is a Hash
- Cryptography attacks
21. Penetration Testing
- What is Penetration Testing
- Types of Penetration Testing
- What is to be tested
- Testing the network devices for misconfiguration
- Testing the servers and hosting applications for misconfiguration
- Testing the servers and hosting applications for vulnerabilities
- Testing wireless networks
- Testing for Denial of Service attack
22. Counter Measure Techniques for Network level attacks
- Types of Firewall
- Packet Filtering Firewall
- Circuit-Level Gateway Firewall
- Application-Level Firewall
- Stateful Multilayer Inspection Firewall
- Limitations of a Firewall
- IDS / IPS
- What is an IDS
- What is a IPS
- Difference between IDS & IPS
- Placement of IDS in the Network
- Configuring an IDS in the Network
- Placement of IPS in the Network
- Configuring an IPS in the Network
- UTM / Next-Generation Firewall
- What is a UTM
- Features of UTM
- Difference between a Firewall & a UTM
- Placement of UTM in the Network
- Configuring a UTM in the Network
- Monitoring attacks using UTM
- Configuring IPS module in UTM to detect and stop attacks
23. Counter Measure Techniques for Local Systems
- Identifying the Vulnerabilities of a system
- Understanding the Vulnerabilities of a system
- CVE ID
- Bugtraq ID
- Patch Management
- Identifying the patch for a Vulnerability
- Downloading the Patch
- Testing the patch for stability in test environment
- Deploying the patch to Live Network
- Finding the missing updates in an Operating System
- Microsoft Baseline Security Analyser
- Belarc Advisor
24. Counter Measure Techniques for Malware Attacks
- Scanning systems for Malware infections
- Types of anti-malwares
- Internet Security Suites
CERTIFIED Certified Cyber E-Expert TRAINING PROGRAM
The Certified Cyber E-Expert Training program is the pinnacle of the most desired information security training program any information security professional will ever want to be in. To master the hacking technologies, you will need to become one, but an ethical one! The accredited course provides the advanced hacking tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”.
WHAT’S NEXT AFTER THE ETHICAL HACKING ?
Top Ethical Hacking Interview Questions
If you’ve got hacking skills, you can turn your ethical hacking into a career. Ethical Hacking is the term given to penetration testing and prevention. Your career is based on your hacking skills, but you use them to protect companies against malicious hackers.
1. What is the difference between Hacking and Ethical Hacking?
3. What is scanning and what are some examples of the types of scanning used?
- Port scanning
- Vulnerability scanning
- Network scanning
4.What is footprinting? What are the techniques used for footprinting?
- Open source footprinting: This technique will search for administrator contact information, which can be later used for guessing the correct password in social engineering.
- Network enumeration: This is when the hacker attempts to identify the domain names and network blocks of the targeted
- Scanning: Once the network is known, the second step is to pry on the active IP addresses on the network.
- Stack fingerprinting: This techinique should be the final footprinting step that takes place once the port and host are mapped.
7.What is network sniffing?
Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. Sniffers can be used for different purposes, whether it’s to steal information or manage networks.
Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analysis tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cybercriminals use these tools for dishonest purposes such as identity usurpation, email, sensitive data hijacking and more.
9. What is cross-site scripting and its different variations?
- Reflected cross-site scripting
- Stored cross-site scripting
- DOM-based cross-site scripting
11. How can you avoid or prevent ARP poisoning?
- Use packet filtering: Packet filters can filter out and block packets with conflicting source address information.
- Avoid trust relationship: Organizations should develop a protocol that relies on trust relationship as little as possible.
- Use ARP spoofing detection software: Some programs inspect and certify data before it is transmitted and blocks data that is spoofed.
- Use cryptographic network protocols: ARP spoofing attacks can be mitigated by the use of secure protocols such as SSH, TLS and HTTPS which send data encrypted before transmission and after reception.
2. What are the hacking stages?
- Reconnaissance: This is the first phase where the hacker attempts to collect as much information as possible about the target.
- Scanning: This stage involves exploiting the information gathered during reconnaissance phase and using it to examine the victim. The hacker can use automated tools during the scanning phase which can include port scanners, mappers and vulnerability scanners.
- Gaining access: This is the phase where the real hacking takes place. The hacker now attempts to exploit vulnerabilities discovered during the reconnaissance and scanning phase to gain access.
- Maintaining access: Once access is gained, hackers want to keep that access for future exploitation and attacks by securing their exclusive access with backdoors, rootkits and trojans.
- Covering tracks: Once hackers have been able to gain and maintain access, they cover their tracks and traces to avoid detection. This also allows them to continue the use of the hacked system and avoid legal actions.
5. What are some of the standard tools used by cyber security Experts?
- Burp Suite
- OWASP ZAP
6. What is Burp Suite? What tools does it contain?
8.What is SQL injection and its types?
A SQL injection occurs when the application does not sanitize the user input. Thus a malicious hacker would inject SQL query to gain unauthorized access and execute administration operations on the database. SQL injections can be classified as follows:
- Error-based SQL injection
- Blind SQL injection
- Time-based SQL injection
10. What is a denial of service (DOS) attack and what are the common forms?
Common DOS attacks include:
- Buffer overflow attacks
- ICMP flood
- SYN flood
- Teardrop attack
- Smurf attack