Your SlideShare is downloading. ×
Certified Information Security Expert (CISE level 1 v2)                 Detailed Course Module             Certified Infor...
Chapter 1 – Introduction     Concept of Security     Physical and Digital Assets     Security Triangle     Introductio...
Chapter 4 – Google Hacking     Introduce Google     Working of Google – Outline     Working of Google – Crawling, Index...
   Syskey     Privilege Escalation     Hiding Files     Concept of Alternate Data Stream and Advantages     Detecting...
   Reverse Connection in relation to Trojans     Detecting a Trojan in a computer     Anti-Trojan Software     Tips to...
 Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy   Diff. between Transparent, Anonymous and El...
   ARP Poisoning     Countermeasures of ARP Poisoning     DNS Spoofing     Changes in Host file for DNS Redirection  ...
 Steganography       o What is Steganography?       o History       o Steganography today       o Steganography tools   ...
   Setting and detecting a wireless network     Advantages and Disadvantages of wireless network     Antennas, SSID, Ac...
   Types of Honeypots     Uses of Honeypots     Detecting Honeypot     Honeynets     Architecture of Honeynet     Wo...
   How to Conduct Vulnerability Assessment     Vulnerability Analysis Stages     Vulnerability Assessment Consideration...
o Active         o Passive     TCP 3 Way Hand Shake     Sequence Numbers     Dangers Posed by Hijacking     Countermea...
 Shutting Down SQL Server   Extended Stored Procedures   Preventive MeasuresChapter 25 – Cross Site Scripting     Intr...
   Issues Involved With Shellcode Writing     Buffer     Static Vs Dynamic Variables     Stack Buffers, Data Region an...
 Simple Buffer Overflow in C   Code Analysis   Countermeasure of Buffer Overflow AttackChapter 28 – Reverse Engineering...
   Incident Eradication Process     Incident Recovery Process     Incident Follow up Process     Incident Response Tea...
   Hijacking outgoing calls   Hijacking outgoing calls with encryption enabled   Hijacking incoming calls   Hijacking ...
o Location Information File       o Serial Number       o Subscriber Identifier       o Phone Number       o Text Message ...
Upcoming SlideShare
Loading in...5
×

Cisel1 d

2,781

Published on

Published in: Technology
1 Comment
0 Likes
Statistics
Notes
  • free free download this latest version 100% working.
    download link- http://gg.gg/hqcf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
2,781
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
21
Comments
1
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Cisel1 d"

  1. 1. Certified Information Security Expert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in
  2. 2. Chapter 1 – Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous HackersChapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of VirtualizationChapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
  3. 3. Chapter 4 – Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory BrowsingChapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & PassiveChapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
  4. 4.  Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application IsolationChapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using BacktrackChapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
  5. 5.  Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of RootkitChapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programsChapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
  6. 6.  Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet FilteringChapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack ForensicsChapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
  7. 7.  ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC SpoofingChapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social EngineeringChapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o SpywareChapter 15 – Steganography
  8. 8.  Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o ReferencesChapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority)Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
  9. 9.  Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless NetworkChapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
  10. 10.  Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROMChapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’sChapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
  11. 11.  How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment ToolsChapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service EmulationChapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
  12. 12. o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSecChapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web ServerChapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
  13. 13.  Shutting Down SQL Server  Extended Stored Procedures  Preventive MeasuresChapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSSChapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
  14. 14.  Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload?Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
  15. 15.  Simple Buffer Overflow in C  Code Analysis  Countermeasure of Buffer Overflow AttackChapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work?Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP ScriptChapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
  16. 16.  Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT ServicesChapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  CountermeasuresChapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
  17. 17.  Hijacking outgoing calls Hijacking outgoing calls with encryption enabled Hijacking incoming calls Hijacking incoming calls with encryption enabled Introduction of Cryptography, Fake BTS and Terminology Terminal and SIM Discuss about Mobile Execution Environment GSM Data, Signaling and Signaling Security SS7: Opening up to World, Waiting for disaster, Evolution and What to do Diff. between :- o PSTN vs VOIP o VOIP vs SS7 GSM Network Elements and Architecture Home Location Register (HLR) and Authentication Center (AuC) Mobile Switching Center (MSC) Customer Care and Billing System Value-Added Services WAP Security Model, The WAP Gap and WTLS Security WAP: o No end-to-end Trust o Man-in-the-middle Introduction of third Generation of Wireless 3G Security Architecture and Security Model Diff. Between 3G vs GSM AKA Message Flow and Connection Establishment Overview of Ciphering and Integrity Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts Circuit and Packet Data Event Records Discuss the Security of Interception Components of GSM Network Overview of Subscriber and its Identification Electronic Access to the SIM Extraction From A SIM
  18. 18. o Location Information File o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator GSM Security Operation and Forensics Tools Overview of Cell Seizure Features Of Cell Seizure Advantages and Disadvantages of Cell Seizure Tool of Cell Seizure

×