ADVANCED DIPLOMA IN ETHICAL HACKING
Introduction to Certified Penetration Testing Engineer
- Approach
- Difference between VA &PT
- Red Team Vs Blue Team
- Types of VAPT
Introduction of Linux
- History of Linux
- Introduction to Linux and its distributionÂ
- File system of Linux
- Kernel of Linux
- Lab setup
- Basic commands of Linux
- OSINT tools(practical)
- Basics of networking
Introduction to Network Security
- Basic introduction to how a network works
- Network Penetration Testing using NMAP
- Mastering Metasploit Framework
- Crafting with Scapy and Hping3 Wifi
- Scrapping plant code
Practical Tools:
- Netcat
- Connecting to a TCP/UDP Port
- Listening on a TCP/UDP Port
- Transferring Files with Netcat
- Remote Administration with Netcat
- Socat
- Netcat Vs Socat
- Socat File Transfer
- Socat Reverse Shells
- Socat Encrypted Bind Shell
- PowerShell and File Transfer
- PowerShell ReverseShell
- PowerShell Bind Shells
- PowerCat
Introduction to Web Application Security
- Interception request through Burp Suite RFI & LFI ( Remote File Inclusion and Local file Inclusion )
- vulnerability study DOS – Denial of Service and DDOSD – Distributed Denial of service attack and its countermeasure SQL injection
- XSS- Cross site scripting attack and its countermeasure.
File Transfer
- Consideration and Preparation
- Danger of transferring Attack Tools
- Installing Pure –FTPd
- The Non Interactive Shell
- Transferring Files with Window Hosts
- Non Interactive FTP download
- Window downloading using scripting language
- Windows Downloads with exe2hex and PowerShell
- Windows uploads using Window Scripting Language
- Uploading Files with TFTP
Sniffing
- Active Sniffing
- Passive Sniffing
- Packet Sniffing
- Packet Creation using Scapy
Phishing
- Clone Phishing
- Mail Phishing
- Phishing Analysis
- Social Engineering
Auditing and Compliances
- Basic principles of assessment and auditing
- IT LAWS AND ACTS
- Studying ISO 27001:2005
- Risk Assessment
- Live vulnerability assessment
- Hardening of Linux Services
Web Scanners
- Acunetix
- Vega
- ZAP
- Nikto
- Sparta
Burpsuite
- Dashboard
- Target
- Proxy
- Intruder
- Repeater
- Decoder
- Extender
- Comparer
- Project options
Web Enumeration
- Directory Fuzzing
- Subdomain Enumeration
- Eyewitness
- Google Dorking
- Shodan
CMS Testing
- What is CMS
- Wpscan
- Joomla
- Cmsmap
Metasploit
- Introduction
- Information gathering
- Payloads
- Auxiliary
- Meterpreter
- Encoders
- Evasion
PowerShell Empire
- Installation, setup and usage
- PowerShell Empire Syntax
- Listener and Stager
- The Empire Agent
- PowerShell Modules
- Situational Awareness
- Credential and Privilege Escalation
- Lateral Movement
- Switching Between Empire and Metasploit
Network VAPT
- Information gathering
- Nmap scan
- Nessus
- Backdoors
- Packet analysis
- Protocol analysis
- Network traffic analysis (Wireshark)
- Traffic filtering and monitoring
- Dos and DDOs Attack
Port Redirection and Tunneling
- RINETD
- SSH Tunneling
- SSH Local Port Forwarding
- SSH Remote Port Forwarding
- SSH Dynamic Port Forwarding
- PLINK.exe
- NETSH
- HTTPTunnel-ing Through deep packet Inspection
- Wrapping Up
Active Directory Attack
- Active Directory Theory
- Active Directory Enumeration
- Traditional Approach
- A Modern Approach
- Resolving Nested Groups
- Currently Logged on user
- Enumeration Through Service principal names
- Active Directory Authentication
- NTML Authentication
- Kerberos Authentication
- Cached Credential Storage and retrieval
- Service account attack
- Low and Slow Password Guessing
- Active Directory Persistence
- Golden Tricks
- Domain Controller Synchronization
OWASP Top 10
- What is the OWASP Top 10?
- OWASP Top 10 Vulnerabilities
- Broken access controls
- Cryptographic failures
- Injection
- Insecure design
- Security misconfiguration
- Vulnerable and outdated components
- Identification & authentication failures
- Software and data integrity failures
- Insufficient logging & monitoring
- Server-side request forgery (SSRF)
Bug Bounty Hunting
- What is Bug bounty
- Bug bounty platform
- Common vulnerabilities
- Making valid POC’s
Web VAPT Reporting
- Ways to Report
- Formatting & Guidelines of Report
- Case Study
Malware Analysis
- Static malware analysis
- Dynamic malware analysis
- Reverse engineering malware
- Behaviour-based malware analysis
- Sandbox analysis for malware
- Malware persistence mechanism
- Malware detection and evasion techniques
Incident Response and Recovery
- Incident response lifecycle and its phases
- Developing effective incident response plans
- Hands-on incident handling and containment exercises
- Post-incident analysis, recovery, and lessons learned