Uploaded bychandu_sai
3,004 views

Cisel1 d

This document provides an overview of the Certified Information Security Expert (CISE level 1 v2) course. The course covers 22 chapters on topics such as networking basics, footprinting, scanning, hacking Windows and Linux systems, trojans and backdoors, cryptography, wireless hacking, firewalls and honeypots, intrusion detection systems, vulnerability assessment, penetration testing, and session hijacking. Each chapter outlines the key concepts and terminology covered in that topic area to provide students with real-world hacking experience and techniques in an ethical manner.

Embed presentation

Downloaded 22 times
Certified Information Security Expert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in
Chapter 1 – Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous Hackers Chapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of Virtualization Chapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
Chapter 4 – Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory Browsing Chapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & Passive Chapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
 Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application Isolation Chapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using Backtrack Chapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
 Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of Rootkit Chapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programs Chapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
 Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet Filtering Chapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack Forensics Chapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
 ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC Spoofing Chapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social Engineering Chapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o Spyware Chapter 15 – Steganography
 Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o References Chapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority) Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
 Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless Network Chapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
 Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROM Chapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’s Chapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
 How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment Tools Chapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service Emulation Chapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSec Chapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web Server Chapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
 Shutting Down SQL Server  Extended Stored Procedures  Preventive Measures Chapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSS Chapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
 Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload? Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
 Simple Buffer Overflow in C  Code Analysis  Countermeasure of Buffer Overflow Attack Chapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work? Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP Script Chapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
 Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT Services Chapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  Countermeasures Chapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
 Hijacking outgoing calls  Hijacking outgoing calls with encryption enabled  Hijacking incoming calls  Hijacking incoming calls with encryption enabled  Introduction of Cryptography, Fake BTS and Terminology  Terminal and SIM  Discuss about Mobile Execution Environment  GSM Data, Signaling and Signaling Security  SS7: Opening up to World, Waiting for disaster, Evolution and What to do  Diff. between :- o PSTN vs VOIP o VOIP vs SS7  GSM Network Elements and Architecture  Home Location Register (HLR) and Authentication Center (AuC)  Mobile Switching Center (MSC)  Customer Care and Billing System  Value-Added Services  WAP Security Model, The WAP Gap and WTLS Security  WAP: o No end-to-end Trust o Man-in-the-middle  Introduction of third Generation of Wireless  3G Security Architecture and Security Model  Diff. Between 3G vs GSM  AKA Message Flow and Connection Establishment  Overview of Ciphering and Integrity  Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts  Circuit and Packet Data Event Records  Discuss the Security of Interception  Components of GSM Network  Overview of Subscriber and its Identification  Electronic Access to the SIM  Extraction From A SIM
o Location Information File o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data  Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator  GSM Security Operation and Forensics Tools  Overview of Cell Seizure  Features Of Cell Seizure  Advantages and Disadvantages of Cell Seizure  Tool of Cell Seizure

More Related Content

PPT
Hacking
bylalpethajji
 
PPT
Data security & cryptography
byMuhammad Danish
 
PPTX
fundamental of network security
byManish Tiwari
 
PDF
Cryptographic Algorithms For Secure Data Communication
byCSCJournals
 
PPTX
Network Security Fundamental
byMousmi Pawar
 
PDF
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
byIJNSA Journal
 
DOC
Summer report crypto
byGaurav Shukla
 
PDF
Intrusion Detection Systems
byNapier University
 
Hacking
bylalpethajji
 
Data security & cryptography
byMuhammad Danish
 
fundamental of network security
byManish Tiwari
 
Cryptographic Algorithms For Secure Data Communication
byCSCJournals
 
Network Security Fundamental
byMousmi Pawar
 
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...
byIJNSA Journal
 
Summer report crypto
byGaurav Shukla
 
Intrusion Detection Systems
byNapier University
 

What's hot

PPTX
Communication security
bySotheavy Nhoung
 
PDF
Ce hv8 module 03 scanning networks
byMehrdad Jingoism
 
PPT
Practical Network Security
bySudarsun Santhiappan
 
PPT
Chapter 2
byshahhardik27
 
PDF
CNS Solution
byNitin Kanzariya
 
PDF
Network Security & Attacks
byNetwax Lab
 
PDF
Network Attack and Intrusion Prevention System
byDeris Stiawan
 
PPTX
SteganographySecond
byKiakaha17
 
PPT
Net Sec
bybackdoor
 
PDF
On-Analyzing-a-Layered-Defense-System
bySarah Rudd
 
PPT
Computersystemssecurity 090529105555-phpapp01
byMiigaa Mine
 
DOC
Social Engg. Assignment it17 final (1)
byrosu555
 
DOCX
Antony's Final Draft v7
byAntony Law
 
PPT
Network Security
byRamasubbu .P
 
PDF
Analysis of Cryptography Techniques
byeditor1knowledgecuddle
 
PDF
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
byIJNSA Journal
 
PPTX
Cryptography
byJasim Jas
 
PDF
Modified honey encryption scheme for encoding natural language message
byIJECEIAES
 
ODP
Network Security
byhj43us
 
Communication security
bySotheavy Nhoung
 
Ce hv8 module 03 scanning networks
byMehrdad Jingoism
 
Practical Network Security
bySudarsun Santhiappan
 
Chapter 2
byshahhardik27
 
CNS Solution
byNitin Kanzariya
 
Network Security & Attacks
byNetwax Lab
 
Network Attack and Intrusion Prevention System
byDeris Stiawan
 
SteganographySecond
byKiakaha17
 
Net Sec
bybackdoor
 
On-Analyzing-a-Layered-Defense-System
bySarah Rudd
 
Computersystemssecurity 090529105555-phpapp01
byMiigaa Mine
 
Social Engg. Assignment it17 final (1)
byrosu555
 
Antony's Final Draft v7
byAntony Law
 
Network Security
byRamasubbu .P
 
Analysis of Cryptography Techniques
byeditor1knowledgecuddle
 
Hybrid cryptographic technique using rsa algorithm and scheduling concepts
byIJNSA Journal
 
Cryptography
byJasim Jas
 
Modified honey encryption scheme for encoding natural language message
byIJECEIAES
 
Network Security
byhj43us
 

Similar to Cisel1 d

PPT
Introduction To Information Security
bybelsis
 
PPT
Computer Security
byVaibhavi Patel
 
PPT
Hacking and its Defence
byGreater Noida Institute Of Technology
 
PPT
Network Security. Different aspects of Network Security.
bygregtap1
 
PPT
Network Security Attacks, and Solutions.
bygregtap1
 
PPT
Network security
byAkhilesh Jain
 
PPT
Network security
byMD. IFTEKARUL ALAM
 
PPT
Hackers
byguesta04f59b
 
PPT
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
PPT
How to become Hackers .
byGreater Noida Institute Of Technology
 
PPT
Hackers
byMohamed Boudchiche
 
PPTX
Ethical System Hacking- Cyber Training Diploma
bybegmohsin
 
PPT
Cyber security and detailed informat.ppt
byraga04269
 
PPT
Computer Security
byVaibhavi Patel
 
PPT
Ethical hacking
byshahhardik27
 
PPT
Ethical Hacking
byshahhardik27
 
PPT
Hackers
byyozusaki
 
PPT
Hackers
byAlvaro Cipriano
 
PPTX
Ethical Hacking
byLalit Kumar
 
PPT
Meletis Belsis - Introduction to information security
byMeletis Belsis MPhil/MRes/BSc
 
Introduction To Information Security
bybelsis
 
Computer Security
byVaibhavi Patel
 
Hacking and its Defence
byGreater Noida Institute Of Technology
 
Network Security. Different aspects of Network Security.
bygregtap1
 
Network Security Attacks, and Solutions.
bygregtap1
 
Network security
byAkhilesh Jain
 
Network security
byMD. IFTEKARUL ALAM
 
Hackers
byguesta04f59b
 
Hackers Cracker Network Intruder
byErdo Deshiant Garnaby
 
How to become Hackers .
byGreater Noida Institute Of Technology
 
Hackers
byMohamed Boudchiche
 
Ethical System Hacking- Cyber Training Diploma
bybegmohsin
 
Cyber security and detailed informat.ppt
byraga04269
 
Computer Security
byVaibhavi Patel
 
Ethical hacking
byshahhardik27
 
Ethical Hacking
byshahhardik27
 
Hackers
byyozusaki
 
Hackers
byAlvaro Cipriano
 
Ethical Hacking
byLalit Kumar
 
Meletis Belsis - Introduction to information security
byMeletis Belsis MPhil/MRes/BSc
 

Recently uploaded

PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
PDF
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
PDF
December Patch Tuesday
byIvanti
 
PDF
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
PPTX
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
PDF
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
PDF
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
DIGITAL FORENSICS - Notes for Everything.pdf
bypankajkumavatbeit
 
Top Cybersecurity Threats 2025 Guide by Sureshdas
byPrintersassist
 
December Patch Tuesday
byIvanti
 
Generative AI in UiPath: Mastering the Generative Extractor for Intelligent D...
byDianaGray10
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Ethics in AI - Artificial Intelligence Fundamentals.pptx
byemenyiblessing
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Unser Jahresrückblick – MarvelClient in 2025
bypanagenda
 
API206-S: Transforming Supply Chains with Amazon Bedrock AgentCore - AWS re:I...
byChris Bingham
 
Generative AI in 2026: Hype, Bubble, Winter or The Real Deal?
byDr. Tathagat Varma
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
Greetings All Students Update 3 by Mia Corp
by©LDMMIA, ©Reiki Yoga
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 

Cisel1 d

  • 1.
    Certified Information SecurityExpert (CISE level 1 v2) Detailed Course Module Certified Information Security Expert (CISEv20) Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open- Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in
  • 2.
    Chapter 1 –Introduction  Concept of Security  Physical and Digital Assets  Security Triangle  Introduction: Ethical hacking  Types of Ethical Hackers  Basic Terminologies  Elements of Security  5 Phases of Hacking  Profile of an Ethical Hacker  Security Testing, Computer Crimes and Law  History of Hacking & Famous Hackers Chapter 2 – Networking & Basics  Concept of Networking  Types of Networks and Networking Devices  Concept of Network and Ports  TCP, IP & UDP  Addressing and Types of Addressing  IP Address and Classes  Client Server Relationship  Domain name and DNS  ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP  Virtualization and Advantages of Virtualization Chapter 3 – Footprinting  Footprinting/Information Gathering  Steps of Information Gathering  Crawling and Mirroring of Websites  Whois and Domain Registry  Gathering Target Information  Parallel Domain  MX Entry  Trace Route  Archive Pages  Banner Grabbing
  • 3.
    Chapter 4 –Google Hacking  Introduce Google  Working of Google – Outline  Working of Google – Crawling, Indexing & Searching  Vulnerable Objects  Using Cache and Google as Proxy  Directory Listing and Locating Directory Listings along with specific folders  Google Hacking and what it is about  The basics of Google Hacking: Advanced Search in Google  Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:  Wildcard and Quotes  Understanding and Viewing Robots.txt for important Files  Normal Countermeasures o Robottxt o Metatag and Google Official Remove o Hiding Detailed Error Messages o Disabling Directory Browsing Chapter 5 – Scanning  Definition of Scanning  Types of Scanning  Diff b/w Port and Network Scanning  Objectives and Benefits of Scanning  TCP three way hands shake  Various Classification of Scanning  Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep  Concept of War Dialer (History)  OS Finger Printing and Types – Active & Passive Chapter 6 – Windows Hacking  Definition and Objectives of Windows Hacking  Types of Passwords  Manual & Automatic Password Cracking Algorithm  Types of Password Attacks – Dictionary, Brute Force, and Hybrid  LMHash and SAM File  Password Cracking Countermeasures
  • 4.
    Syskey  Privilege Escalation  Hiding Files  Concept of Alternate Data Stream and Advantages  Detecting ADS  NTFS Streams countermeasures  Keystroke Loggers and Types – Software & Hardware  Concept of Auditing, Logs and Covering Tracks  Concept of Application Isolation Chapter 7 – Linux Hacking  Introduction of Linux as an OS  Advantages of using Linux  Basics about linux – Commands, Shell types and User types  Why Linux is hacked?  Recent Linux Vulnerabilities  Password cracking in Linux  Introduction and explanation of IP Tables & IP Chains  TCP wrappers  Remote connection using SSH  Log and Traffic Monitors in Linux  Understanding Post Install Linux Security Auditing  Understanding and using Backtrack Chapter 8 – Trojans & Backdoors  Definition and Objectives of Trojans & Backdoors  Overt and Covert Channels  Working of Trojans  Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy Trojans  Target Data Types of Trojans  Different Modes of Trojan Infection  Auto-run of Trojans  Common Symptoms of a Trojan Infection  Ports used by Famous Trojans  Wrappers & Binders  Uses of Wrappers and Binders
  • 5.
    Reverse Connection in relation to Trojans  Detecting a Trojan in a computer  Anti-Trojan Software  Tips to Avoid Trojan Infection  Concept of Rootkit  Effects and Types of Rootkit  Countermeasures of Rootkit Chapter 9 – Virus & Worms  Introduction to Virus & Worms  Diff. between Virus & Worms  Characteristics, Symptoms of a Virus  History and Terminologies used for a Virus  Types of Virus Damage  Effects of a Virus Attack  Access Methods of a Virus  Modes of Virus infection  Life Cycle of a Virus  Types of Virus Programs – What and how?  Famous Virus & Worms  Batch File programming  Concept of Virus Construction Kit  Virus Detection Methods  Virus Incident Response  Sheep Dip  Tips on Prevention from Virus Infection  Types of Worms  Zombies  Botnets  Antivirus Program  Popular Antivirus programs Chapter 10 – Proxy Server & Packet filtering  Proxy Server  Advantages of using Proxy Servers  Proxy Server Based Firewalls
  • 6.
     Types ofProxy Servers – Software Proxy, Proxy Websites, and Server Proxy  Diff. between Transparent, Anonymous and Elite Proxies  Anonymizers  Socks Chain Proxy  Http Tunnel Proxy  Countermeasures of Proxy  Packet Filtering  Packet Filtering Devices and Approaches  Stateless Packet Filtering  Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags, Fragmentation and Packet Contents  Filtering Suspicious Inbound Packets  Stateful Packet Filtering  Proxy Server Vs Packet Filtering Chapter 11 – Denial of Service Attack  Concept of DOS Attacks  Goal of DOS Attack  Impact and Modes of Dos Attack  Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal flow  Concept of DDOS Attack  Diff. between Dos and DDos Attack  Characteristics of DDos Attacks  Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy, Amplification Attack  Concept of the Reflected Dos  Countermeasures - Reflected DoS  DDoS Countermeasures  Detect and Neutralize Handlers  Detect Potential Attacks  Mitigate or Stop the Effects of DDoS Attacks  Post-Attack Forensics Chapter 12 – Sniffers  Concept of Sniffing  Types of Sniffing – Active & Passive
  • 7.
    ARP Poisoning  Countermeasures of ARP Poisoning  DNS Spoofing  Changes in Host file for DNS Redirection  Countermeasures of sniffing  MAC Spoofing Chapter 13 – Social Engineering  Social Engineering  Techniques of Social Engineering  Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person Approach, Technical Support  Countermeasures of Social Engineering Chapter 14 – Physical security  Physical Security  Current Statistics  Accountability and Need of Physical security  Factors Affecting Physical Security  Physical Security Checklist o Company Surroundings o Premises o Reception o Server o Workstation Area o Wireless Access Points o Other Equipments such as fax, removable media etc o Access Control o Computer Equipment Maintenance o Wiretapping o Remote Access o Locks o Spyware Chapter 15 – Steganography
  • 8.
     Steganography o What is Steganography? o History o Steganography today o Steganography tools  Steganalysis o What is Steganalysis? o Types of analysis o Identification of Steganographic files  Steganalysis meets Cryptanalysis o Password Guessing o Cracking Steganography programs  Forensics/Anti-Forensics  Conclusions o What’s in the Future? o Other tools in the wild o References Chapter 16 – Cryptography  Concept of Cryptography  Advantages and uses of Cryptography  PKI (Public Key Infrastructure)  Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK  Concept of Digital Signature  Encryption Cracking Techniques  Disk Encryption  Cracking S/MIME encryption using idle CPU time  Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc  CA (Certificate Authority) Chapter 17 - Wireless Hacking  Wireless Technology  Introduction to wireless networking  Basics & Terminologies  Advantages of Wireless Technology  Components of Wireless Network  Types of Wireless Network
  • 9.
    Setting and detecting a wireless network  Advantages and Disadvantages of wireless network  Antennas, SSID, Access Point Positioning and Rogue Access Point  Concept of Wired Equivalent Privacy (WEP)  MAC Sniffing & AP Spoofing  Terminology of Wi-Fi Access  Denial-of-Service and MITM Attack in Wi-Fi  Wireless Intrusion Detection System  Tips to Secure Wireless Network Chapter 18 - Firewalls & Honeypots  Firewall  What Does a Firewall Do?  What a firewall cannot do  How does a firewall work?  Types of Firewall  Working of Firewall  Advantages and Disadvantages of Firewall  Firewalls Implementing for Authentication Process  Types of Authentication Process  Steps for Conducting Firewall Penetration Testing o Locate the Firewall o Traceroute to identify the network range o Port scan the router o Grab the banner o Create custom packet and look for firewall responses o Test access control Enumeration o Test to indentify firewall architecture o Test firewall using firewalking tool o Test for port redirection o Test Convert channels o Test HTTP Tunneling o Test firewall specific vulnerabilities  How to Bypassing the Firewall  Concept of Honeypots  Purpose and working of Honeypots  Advantages and Disadvantages of Honeypots
  • 10.
    Types of Honeypots  Uses of Honeypots  Detecting Honeypot  Honeynets  Architecture of Honeynet  Working process of Honeynet  Types of Honeynet  Honeywall CDROM Chapter 19 - IDS & IPS  Concept of IDS (Intrusion Detection System)  History and Characteristics of IDS  Importance of IDS  Deployment of IDS  Intro, Advantages and Components of Distributed IDS  Aggregate Analysis with IDS  Types and Architecture of IDS:- o Network Based IDS o Host Based IDS  Diff. Between Network Base IDS and Host Base IDS  Methods to Detect IDS  Signatures  Types of Signature:- o Network Signatures o Host-based Signatures o Compound Signatures  Methods to Detect Signature  Prelude of IDS  Concept of IPS (Intrusion Prevention System)  Diff. Between IDS and IPS  Network Antivirus Software’s Chapter 20 – Vulnerability Assessment  Concept of Vulnerability Assessment  Purpose Types of Assessment  Vulnerability Classification
  • 11.
    How to Conduct Vulnerability Assessment  Vulnerability Analysis Stages  Vulnerability Assessment Considerations  Vulnerability Assessment Reports  TimeLine and Penetration Attempts  Vulnerability Assessment Tools Chapter 21 – Penetration Testing  Concept of Penetration Testing  Security assessments Categories  Vulnerability Assessment  Limitation of Vulnerability assessment  Why Penetration Testing?  Types of Penetration Testing o External Testing o Internal Testing  Sourcing Penetration Testing  Terms of Engagement  Project Scope  Agreements of Pentest Service  Testing Points, Locations, Automated Testing, Manual Testing,  Gathering information for Penetration Testing By :- o Domain name and IP address information o Enumerating Information about Hosts o Testing Network-Filtering Devices o Enumerating Devices o Denial of Service Emulation Chapter 22 – Session Hijacking  Session Hijacking  Difference between Spoofing and Session Hijacking  Phases of Session Hijacking:- o Tracking the session o Desynchronizing the connection o Injecting the attacker’s packet  Types of Session Hijacking:-
  • 12.
    o Active o Passive  TCP 3 Way Hand Shake  Sequence Numbers  Dangers Posed by Hijacking  Countermeasure of Session Hijacking  Protection Against Session Hijacking  Countermeasure: IPSec Chapter 23 – Hacking Web Server  Web Servers  Working process of Web Server  Loopholes of Web Server  Introduction of Popular Web Server and Common Security Threats  Apache Vulnerability  Attacks against IIS  Components of IIS  IIS Directory Traversal  Unicode and Unicode Directory Traversal Vulnerability  Unspecified Executable Path Vulnerability  File System Traversal Counter measures  WebDAV / ntdlldll Vulnerability  RPC DCOM Vulnerability  ASN Exploits  IIS Logs  Escalating Privileges on IIS  Hot Fixes and Patches  Countermeasures of Web Server Chapter 24 – SQL Injection  Introduction of SQL  What SQL Can do  SQL Queries  Use of Quotes, AND & OR  Concept of SQL Injection  OLE DB Error  Login Guessing & Insertion
  • 13.
     Shutting DownSQL Server  Extended Stored Procedures  Preventive Measures Chapter 25 – Cross Site Scripting  Introduction Cross Site Scripting  Cross-Site Scripting  Ways of Launching Cross-Site Scripting Attacks  Working Process of Cross-Site Scripting Attacks  When will be an attack successful?  Programming Languages Utilized in XSS Attacks  Types of XSS Attacks  Steps of XSS Attack  Not Fixing CSS/XSS Holes Compromises  Methodology of XSS  How to protect Against XSS Chapter 26 – Exploit Writing  Concept of Exploit Writing  Purpose of Exploit Writing  Requirements of Exploits Writing & Shell codes  Types of Exploits:- o Stack Overflow Exploits o Heap Corruption Exploit o Format String Attack o Integer Bug Exploits o Race Condition o TCP/IP Attack  The Proof-of-Concept and Commercial Grade Exploit  Converting a Proof of Concept Exploit to Commercial Grade Exploit  Attack Methodologies  Socket Binding Exploits  Steps for Writing an Exploit  Shellcodes  Null Byte  Types of Shellcode  Steps for Writing a ShellCode
  • 14.
    Issues Involved With Shellcode Writing  Buffer  Static Vs Dynamic Variables  Stack Buffers, Data Region and Memory Process Regions  About the Stack  Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure Prolog) , Return Address (RET), Word Size and Buffer Overflows,  Why do we get a segmentation violation and Segmentation Error  Writing Windows Based Exploits  EIP Register and ESP  Metasploit Framework, msfconsole  Development with Metasploit  Need for Creating of Exploit  Determining the Attack Vector  Debugger  Determine the offset & pattern create  Where to place the payload? Chapter 27 – Buffer Overflow  Why Applications are vulnerable  Buffer Overflow Attack  Reasons of Buffer Overflow  Knowledge for Buffer Overflow  Understanding Stacks  Understanding Heaps  Types of Buffer Overflow Attack o Stack Based o Heap Based  Heap Memory Buffer overflow Bug  Understanding Assembly Language  Intro of Shell Code  Detection of Buffer Overflows in a program  Attacking a Real Program  Once the Stack is smashed  NOPS  Mutate a Buffer Overflow Exploit  Comparing Functions of libc and libsafe
  • 15.
     Simple BufferOverflow in C  Code Analysis  Countermeasure of Buffer Overflow Attack Chapter 28 – Reverse Engineering  Concept of Reverse Engineering  Positive Application of Reverse Engineering  Ethical Reverse Engineering  DMCA ACT  Disassembler  Decompilers  Program Obfuscation  Why do you need to decompile ?  NET Obfuscator and NET Obfuscation  Java Byte code Decompilers  How does OllyDbg Work? Chapter 29 – Email Hacking  Concept of Email  Spam and Spam Laws  E-Mail Tracking By Header  Concept of Fake E-mails  Various steps to send Fake mails  Traceip by PHP Script Chapter 30 – Incident Handling & Response  Incident  Different Categories of Incidents  Various Types of Incidents  Who should I report an incident  Step by Step Procedure of Incident Handling  Managing Incidents  Incident Response  Incident Handling Process  Incident Detection Process  Incident Containment Process
  • 16.
    Incident Eradication Process  Incident Recovery Process  Incident Follow up Process  Incident Response Team  CSIRT Services Chapter 31 – Bluetooth Hacking  Bluetooth Technology  Concept of Bluetooth Hacking  Attacks on Bluetooth Mobile  Why Bluetooth hacking?  Working of Bluetooth Hacking  Mobile Dos Attack  Mobile Viruses & Worms  Mobile Security Tips & Tricks  Samsung Mobile Security Tips & Tricks  Motorola Mobile Security Tips & Tricks  Conclusions  Countermeasures Chapter 32 – Mobile Phone Hacking  Mobile Technologies  Introduction and Facts of GSM  Low-Tech Fraud  Countermeasure of Low-Tech Fraud  GSM Security Problems  Attacks on GSM Networks  De-Registration and Location Update Spoofing  Camping on a False BTS and False BTS/MS  Active and Passive Identity Caching  Suppressing encryption between the target user and the intruder  Suppressing encryption between target user and the true network  Compromised cipher key  Eavesdropping on user data by suppressing encryption  Eavesdropping  User impersonation with compromised authentication vector
  • 17.
    Hijacking outgoing calls  Hijacking outgoing calls with encryption enabled  Hijacking incoming calls  Hijacking incoming calls with encryption enabled  Introduction of Cryptography, Fake BTS and Terminology  Terminal and SIM  Discuss about Mobile Execution Environment  GSM Data, Signaling and Signaling Security  SS7: Opening up to World, Waiting for disaster, Evolution and What to do  Diff. between :- o PSTN vs VOIP o VOIP vs SS7  GSM Network Elements and Architecture  Home Location Register (HLR) and Authentication Center (AuC)  Mobile Switching Center (MSC)  Customer Care and Billing System  Value-Added Services  WAP Security Model, The WAP Gap and WTLS Security  WAP: o No end-to-end Trust o Man-in-the-middle  Introduction of third Generation of Wireless  3G Security Architecture and Security Model  Diff. Between 3G vs GSM  AKA Message Flow and Connection Establishment  Overview of Ciphering and Integrity  Interception and It’s :- o Definitions o Terminology o Logical Configuration o Concepts  Circuit and Packet Data Event Records  Discuss the Security of Interception  Components of GSM Network  Overview of Subscriber and its Identification  Electronic Access to the SIM  Extraction From A SIM
  • 18.
    o Location InformationFile o Serial Number o Subscriber Identifier o Phone Number o Text Message Data o Status of Text Message Data o Threats to a SIM Data  Equipments:- o Generic Properties o Ms data o Threats to MS Data o Network and :- o Network Operator Data o Call Data Records o Threats to Network Operator  GSM Security Operation and Forensics Tools  Overview of Cell Seizure  Features Of Cell Seizure  Advantages and Disadvantages of Cell Seizure  Tool of Cell Seizure