Cisel1 d


Published on

Published in: Technology
1 Comment
  • free free download this latest version 100% working.
    download link-
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cisel1 d

  1. 1. Certified Information Security Expert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience
  2. 2. Chapter 1 – Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous HackersChapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of VirtualizationChapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
  3. 3. Chapter 4 – Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory BrowsingChapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & PassiveChapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
  4. 4.  Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application IsolationChapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using BacktrackChapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
  5. 5.  Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of RootkitChapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programsChapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
  6. 6.  Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet FilteringChapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack ForensicsChapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
  7. 7.  ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC SpoofingChapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social EngineeringChapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o SpywareChapter 15 – Steganography
  8. 8.  Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o ReferencesChapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority)Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
  9. 9.  Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless NetworkChapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
  10. 10.  Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROMChapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’sChapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
  11. 11.  How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment ToolsChapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service EmulationChapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
  12. 12. o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSecChapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web ServerChapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
  13. 13.  Shutting Down SQL Server  Extended Stored Procedures  Preventive MeasuresChapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSSChapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
  14. 14.  Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload?Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
  15. 15.  Simple Buffer Overflow in C  Code Analysis  Countermeasure of Buffer Overflow AttackChapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work?Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP ScriptChapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
  16. 16.  Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT ServicesChapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  CountermeasuresChapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
  17. 17.  Hijacking outgoing calls Hijacking outgoing calls with encryption enabled Hijacking incoming calls Hijacking incoming calls with encryption enabled Introduction of Cryptography, Fake BTS and Terminology Terminal and SIM Discuss about Mobile Execution Environment GSM Data, Signaling and Signaling Security SS7: Opening up to World, Waiting for disaster, Evolution and What to do Diff. between :- o PSTN vs VOIP o VOIP vs SS7 GSM Network Elements and Architecture Home Location Register (HLR) and Authentication Center (AuC) Mobile Switching Center (MSC) Customer Care and Billing System Value-Added Services WAP Security Model, The WAP Gap and WTLS Security WAP: o No end-to-end Trust o Man-in-the-middle Introduction of third Generation of Wireless 3G Security Architecture and Security Model Diff. Between 3G vs GSM AKA Message Flow and Connection Establishment Overview of Ciphering and Integrity Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts Circuit and Packet Data Event Records Discuss the Security of Interception Components of GSM Network Overview of Subscriber and its Identification Electronic Access to the SIM Extraction From A SIM
  18. 18. o Location Information File o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator GSM Security Operation and Forensics Tools Overview of Cell Seizure Features Of Cell Seizure Advantages and Disadvantages of Cell Seizure Tool of Cell Seizure