The document outlines a comprehensive training diploma course in ethical hacking provided by the UK Cyber Defence Academy. The course covers various units that include topics such as techniques for hacking, malware threats, and security testing methodologies, alongside practical tools and laws relevant to the industry. Each module is designed to equip participants with knowledge and skills essential for effectively conducting ethical hacking and ensuring cybersecurity.

1. Ethical System Hacking – Training Diploma
Course Module Descriptors
UK Cyber Defence Academy
www.tech-strategygroup.com

2. Course
Structure
Unit 1: Introduction to Ethical Hacking
Unit 2: Technical Processes of Hacking
Unit 3: Footprint and Scanning
Unit 4: Enumeration and System Hacking
Unit 5: Fundamentals of Malware Threats
Unit 6: Sniffers, Session Hijacking and Denial of Service
Unit 7: Web Server Hacking, Web Applications and Database Hacking
Unit 8: Wireless Technologies, Mobile Security and Attacks
Unit 9: IDS, Firewalls and Honeypots

3. Course
Structure
Unit 10: Physical Security and Social Engineering
Unit 11: Cryptographic Attacks and Defences
Unit 12: Cloud Computing and Botnets
Unit 13: Fundamentals of Kali Linux
Unit 14: Encryption Cracking Tools

4. Module 1:
Introduction
to Ethical
Hacking

5. Learning
Objectives
• Develop broad understanding about the Security Fundamentals
• Learn about the differences between ethical hackers and hackers
• Develop understanding about the different types of hacking attacks
• Develop understanding about the different types of security testing that is
performed by ethical hackers: white box testing, grey box testing, black box
testing, penetration testing
• Develop understanding about system risks, threats and vulnerabilities
• Learn how to conduct Quantitative Risk Assessments.
• Learn about the different types of hackers such as white hat hackers, black hat
hackers, grey hat hackers, suicide hackers.
• Learn about the hacker’s workflow methodology with regards to reconnaissance
and footprinting, scanning and enumeration, gaining access, maintaining access
and covering trackers.
• Learn about the technical skills and knowledge ethical hackers should possess to
be effective in your role.
• Develop detailed understanding about the ethical hacking methods with regards to
information gathering, external penetration testing, internal penetration testing,
network gear testing and DoS testing, wireless network testing, application testing
and social engineering, physical security testing, authentication system testing,
database testing, communication system testing.
• Learn about US federal laws that ethical hackers must be aware with regards to
cyber fraud, cyber breaches and PCI DSS Company compliance.

6. Module 2:
Technical
Process of
Hacking

7. Learning
Objectives
• Learn about the attacker’s process with regards to the following: Performing
reconnaissance and footprinting, scanning and enumeration, gaining access, escalation
of privilege and maintaining access and covering tracks.
• Develop understanding about the most prominent security methodologies for security
testing purposes
• Develop understanding about the fundamentals of networking protocols and networking
devices.
• Develop understanding about the OSI Model and TCP/IP Layers: application,
presentation, session, transport, network, data link and physical.
• Learn about global application security and operation issues.
• Develop understanding about the TCP packet structure, datagram fragmentation and
how hackers manipulate packets

8. Module 3:
Footprint
and Scanning

9. Learning
Objectives
• Develop comprehensive understanding about the 7-step information gathering process
with regards to footprinting mapping, mapping attack surface and exploring ways to
penetrate external environments.
• Learn how to identify active machines, open ports and access points and how to shut
down TCP connection termination
• Learn about the most popular scanning techniques and applications such as NMAP that
can be used effectively.
• Develop understanding about war driving, active fingerprint methods, fingerprinting
services and how to explore open services
• Learn how to map the network attack surface in depth

10. Module 4 :
Enumeration
and System
Hacking

11. Learning
Objectives
• Develop understanding about enumeration, system hacking with regards to NetBIOS
enumeration tools, Windows security, Linux Unix enumeration, NTP- SMTP enumeration,
DNS enumeration, technical password attacks, automated password guessing, password
sniffing, keylogging.
• Learn how to exploit buffer overflow, access the SAM and the different types of windows
authentication types.
• Develop understanding about cracking windows passwords, hiding files and covering
tracks, rootkit, ethical hacker response rootkit and file hiding.

12. Unit 5:
Fundamentals
of Malware
Threats

13. Learning
Objectives
• Develop comprehensive understanding about the different types of attacks with regards
to viruses and worms
• Learn about transmission methods of viruses, trojans its behaviour and characteristics,
virus payload characteristics and the architecture component structure of viruses.
• Develop understanding about cover communication, keystroke logging and spyware.
• Learn about Malware countermeasures.
• Develop understanding about trojan behaviours with regards to remote access, data
hiding, e-banking, denial of service (DoS), proxy and ftp.
• Learn about RAT trojans tools, wrapper binding programs, trojan ports and
communication methods, trojan targets and infection mechanisms.
• Develop understanding about the deployment of a trojan, covert communication and
tunneling via the internet, application layer
• Learn about keystroke logging and spyware, hardware keyloggers, software keyloggers,
spyware and malware countermeasures
• Develop understanding about how to detect malware, and the types of known
techniques antivirus programs implement with regards to the following: signature
scanning, heuristic scanning, integrity checking and activity blocking.
• Learn about how to conduct malware analysis

14. Module 6:
Sniffers, Session
Hijacking and
Denial of
Service

15. Learning
Objectives
• Develop understanding about sniffers as hacking tools
• Learn about the core fundamentals of session hijacking techniques and denial of service and
distributed denial of service
• Learn about the prominent types of sniffing tools that are used, passive sniffing, active sniffing,
address resolution protocol (ARP) and ARP spoofing attacks
• Develop understanding about ARP poisoning, MAC Flooding processes and how hackers launch
server attacks on the DHCP servers
• Develop understanding about MAC Spoofing, DNS spoofing and tools which ethical hackers
can implement spoofing purpose
• Learn about sniffing and spoofing countermeasures, session hijacking, transport layer hijacking
and the lifecycle of a session hijack
• Develop understanding of the detailed steps that are involved in how session hijack is used to
manipulate the TCP start-up.
• Learn how hackers can launch attacks through the following methods: session sniffing,
predictable session token ID, man in the middle attacks, man in the browser attacks, client side
attacks and session replay attacks.
• Learn about the session hijacking attacks and tools that can be used by hackers and how to
prevent session hijacking
• Develop understanding about the role of DoS in the hacker’s methodology
• Learn about the different types of techniques which can be incorporated in the DoS attacks
such as the following: bandwidth attacks, SYN flood attacks, internet control message protocol
(ICMP) attacks, peer to peer (P2P) attacks and application level attacks
• Develop understanding of the countermeasures and best practices that can be implemented
for DoS and DDOS attacks

16. Unit 7:
Fundamentals of
Webserver
Hacking, Web
Applications and
Database Attacks

17. Learning
Objectives
• Develop comprehensive understanding about Web Server Hacking patterns, approaches and
techniques
• Understand the process of Web Application Hacking
• Learn about the fundamentals of Database Hacking
• Learn about the tools that hackers can employ when launching a webserver attack
• Develop understanding about scanning webservers, banner grabbing and enumeration, website
ripper tools and webserver vulnerability identification
• Learn about the following types of webserver attacks: DoS/DDoS attacks , DNS server hijacking,
DNS amplification attacks, Directory traversal, Man in the middle, Website defacement, Web
server misconfiguration, HTTP response splitting and Web server password cracking
• Learn about the following ways web applications can be attacked by hackers: Unvalidated Input,
Parameter/form tampering, Injection flaws, Cross-site scripting, Cross-site request forgery
attacks, Hidden field attacks, Attacking web-based authentication, Web-based password
cracking, Web based authentication attacks, and intercepting web traffic.
• Develop understanding about the most common authentication types: basic, message digest,
certificate based, forms based
• Learn about web application hacking and how hackers launch dictionary attacks, hybrid attacks,
brute force attacks and the types of tools hackers can utilise.
• Learn how hackers intercept web traffic and how to secure web applications using source
scanners and relevant tools
• Learn how database hacking occurs and the vulnerabilities which exist within SQL databases
• Learn about the types of tools which can be incorporated to hack SQL Databases.

18. This Photo by Unknown Author is licensed under CC BY-ND

19. Learning
Objectives
• Learn about the diverse types of mobile phone technologies that can be hacked
• Learn how mobile security violations happen and mobile attacks launched by hackers
• Develop core understanding about the essentials of Wireless LANS
• Develop understanding about the concerns with mobile platforms and global mobile
security issues
• Learn about security issues associated with android applications
• Learn about the techniques and the types of tools that can be used for jail breaking
apple iphone, windows, blackberry and android mobile applications
• Learn about the tools which can be implemented to prevent hackers exploiting
vulnerable mobile devices
• Learn about the Bluetooth tools which can be used to attack Bluetooth security
loopholes
• Develop understanding about WLAN threats and issues
• Develop understanding about evil twin attacks, denial of service (DoS), wireless hacking
tools, and how to perform wireless traffic analysis.
• Learn how to launch wireless attacks and prevent Wi Fi networks from being
compromised and make wireless networks more secure
• Learn how to build high level defence designs and develop understanding about wireless
authentication

20. Module 9:
IDS, Firewalls
and
Honeypots
This Photo by Unknown Author is licensed under CC BY-NC

21. Learning
Objectives
• Develop understanding about the Intrusion Detection Systems that are used to detect
malicious activity
• Learn about Firewalls that exist amongst trusted and untrusted networks
• Develop understanding about Honeypots and fake systems that are used to lure in
attackers
• Learn about the essential components of intrusion detection systems and pattern
matching anomaly detection techniques
• Learn about insertion attacks employed by hackers, overlapping fragments and TCP,
Protocol ambiguities, session splicing, shellcode attacks and other form of IDS evasion
techniques.
• Develop understanding about the differences between the following types of firewalls:
packet filters, application-level gateway, circuit-level gateway and stateful multilayer
inspection
• Learn about firewalking, banner grabbing, different types of honeypots and how to
detect them.

22. Module 10
Cryptographic
Attacks and
Defenses

23. Learning
Objectives
• Develop understanding about the functions of Cryptography with regards to providing
confidentiality, integrity, authenticity and non-repudiation
• Learn about Algorithms, and the differences between asymmetric, symmetric and
hashing algorithms
• Develop understanding about the objectives of the Public Key Infrastructure (PKI and it’s
communication and third-party trust
• Develop broad understanding about Protocols, Standards and Applications with regards
to Secure Shell, IPSec and PGP.
• Learn about the hashing process, SHA-1 and how asymmetric encryptions implemented
for confidentiality and integrity.
• Develop understanding about steganography, steganogrpahic tools, steganalysis, digital
watermark, PGP, SSH, SSL, IPSec, PPTP, EFS
• Develop understanding about the following types of attacks carried out by hackers:
Known plain text attack: cipher text only attack, Man in the middle attack, replay attack,
side channel attack, chosen plan text attack and chosen ciper text attack

24. Module 11:
Physical
Security and
Social
Engineering

25. Learning
Objectives
• Learn about the different types of threats to physical security
• Develop understanding about the various types of physical controls which can be
implemented to protect enterprises from hackers and thieves
• Develop broad understanding about the different types of Social Engineering attacks and
the various ways in how hackers manipulate people
• Develop understanding about the common types of backup media and by passing
techniques
• Develop understanding about biometric systems, social engineering, person social
engineering, computer based social engineering, phishing, social networking and
targeted attacks.

26. Module 12
Cloud
Computing
and Botnets

27. Learning
Objectives
• Develop understanding about the different types of cloud-based services
• Learn about cloud deployment models and cloud computing models
• Learn about the issues with cloud computing and the following types of cloud attacks:
session hijackings, DNS attacks, cross site scripting (XSS), SQL injection and session
riding, distributed denial of service (DDoS), man in the middle cryptographic attacks,
side channel attacks, authentication attacks, wrapping attacks.
• Develop understanding about cloud security control layers.
• Learn about botnets and botnet architecture, botnet client server models, botnet peer
to peer models.
• Develop understanding about banking trojans, botnet countermeasures and techniques
to build defences.
• Learn how to create a botnet in order to achieve malicious gains

28. Module 13
Fundamentals
of Kali Linux

29. Learning
Objectives
• Learn how to install Kali Linux on your network
• Learn how to setup a virtual laboratory
• Learn how to use information gathering tools in Kali Linux
• Learn about vulnerability analysis tools and wireless attacks
• Learn about penetration testing tools in Kali Linux
• Learn about database tools, CMS scanning tools, forensic tools and exploitation Tools
• Learn about social engineering toolkit, stressing tools, sniffing and spoofing Tools
• Learn about password cracking tools, reverse engineering tools and reporting tools.

30. Module 14:
Encryption
Cracking
Tools

31. Learning
Objectives
Learn about the following types of tools that you can implement as part of your workflow
strategy when performing tasks as a Ethical Hacker:
• Encryption Cracking tools
• Cyber security Tools and Sites
• Footprinting Tools
• Competitive Intelligence
• Tracking Online Reputation
• Website Research
• DNS and Whois Tools
• Traceeroute Tools and Links

32. Learning
Objectives
Learn about the following types of tools that you can implement as part of your workflow
strategy when performing tasks as a Ethical Hacker:
• Website Mirroring Tools and Sites
• Google Hacking
• Scanning and Enumeration Tools
• System Hacking Tools
• Cryptography and Encryption
• Sniffing
• Wireless Attacking
• Trojans and Malware
• Web Attacking Tools
• SQL Injection Tools

33. End