ALL COURSES

Overview

Cybersecurity, often referred to as information security or computer security, encompasses a range of practices, technologies, and measures designed to protect computer systems, networks, data, and digital assets from unauthorized access, attacks, damage, and theft. As technology becomes increasingly integrated into our lives, cybersecurity is of paramount importance to safeguard sensitive information, maintain privacy, and ensure the continuity of operations. Cybersecurity is a dynamic field that evolves as technology and threats change. As businesses, governments, and individuals become more reliant on digital systems, ensuring robust cybersecurity measures is crucial to safeguarding sensitive information, maintaining public trust, and enabling the secure use of technology.

Course Description

               Course Introduction

§  About Swhizz Technologies

§  Course Outline?

§  Learning Path?

§  Course Components?

§  Skills Covered?

                       Introduction to Ethical Hacking

§  Overview of Ethical hacking

§  What is Ethical Hacking

§  Who is Ethical Hacker

§  Types of Ethical Hackers

 

§  Concept & Outcome

§  What are the key concepts of ethical hacking

§  What problems does hacking identify? 

§  Difference & Limitation

§  How are ethical hackers different from malicious hackers?

§  What are some limitations of ethical hacking?

 

§  Terminologies in cyber security

§  Vulnerability, Risk, Threat, Authentication, Authorization,

§  Accountability, Information security, cyber space, Intranet, Internet, Exploit 

§  Basic Concepts

§  Networking - IP address (Private & Public), subnet, Firewall, IDS/IPS, Ports, Services, Server, Client, 3 way handshake, OSI

§  Linux - Basic commands

§  API, SSO, Encryption, hashing, web application, Data base, Cloud,

§  Micro services

                   Introduction to Cyber kill chain

§  About Cyber Kill Chain

§  7 Steps of Cyber Kill Chain

§  Reconnaissance

§  Weaponization

§  Delivery

§  Exploitation

§  Installation

§  Command & Control

§  Actions on Objectives

                   Foot printing and Reconnaissance

§  Introduction to Reconnaissance        

§  What is Foot printing or Reconnaissance

§  Use of Reconnaissance

§  Types of Reconnaissance 

§  Passive Reconnaissance      

§  Crawling

§  Email foot printing

§  Google hacking / Google dorks

§  Search Engines

§  Social Media

§  DNS

§  Cookie

§  Archive

§  Social Engineering

§  Website Foot printing

 

§  Active Reconnaissance         

§  Network Enumeration

§  Network mapping

§  Network Queries

§  Operating System Identification

§  Sniffing 

§  Prevention Measures of Reconnaissance     

                    Scanning Networks

§  Network Scanning Concepts

§  Overview of Network Scanning

§  TCP IP Communication

§  Understanding Communication Flags

§  Creating Custom Packet and Traffic Generation 

§  Scanning Tools

§  Scanning Tools

§  NMAP

§  HPING 

§  Port Scanning Techniques

§  TCP Sync

§  TCP Connect

§  UDP Scan

§  TCP ACK Scan 

§  Handshake Protocol

§  TCP Window Scan

§  OSI Model

§  Mapping of OSI layer with TCP or IP

§  IP Protocol Scan

                         Evading IDS, Firewalls, and Honeypots

§  IDS/IPS - Basic Concepts     

§  IDS

§  IPS

§  Deployment Types - HIDS & NIDS & WIDS

§  Knowledge & Behavior-Based Detection

§  Types of IDS Alerts

 

§  IDS/Firewall Evasion Techniques        

§  Fragment packets

§  Packet crafting

§  source-port

§  spoof-mac

§  randomize-hosts

§  ip-options

§  Firewalls - Basic Concepts    

§  Firewalls  and its types

§  Proxy and its  Types 

§  Honeypots      

§  What is Honeypot?Advantages and disadvantages

§  Honeypot Levels of Interaction

§  Types of Honeypots 

§  How to detect a Honeypot     

§  Detecting a Honeypot

§  Detecting a UML Honeypot

§  Detecting a Virtual Machine-Based Honeypot

§  Detecting Honeyed Honeypots

§  Introduction to Banner Grabbing       

§  Banner Grabbing

§  Identify Target OS 

§  Network Diagram

§  Draw Network Diagram

§  Network Discovery and Mapping Tools

       Enumeration

§  Enumeration :Types and defenses

§  What is Enumeration

§  Enumeration Techniques

§  TCP 135:Microsoft RPC Endpoint Mapper

§  Port scanning for enumeration

§  Common tools used for enumeration

§  SNMP enumeration

§  NTP enumeration

§  SMTP enumeration

§  IPsec enumeration

§  VoIP enumeration

§  RPC enumeration

§  Unix user enumeration

§  SMB enumeration

§  Mitigation of NTP enumeration

§  Mitigation of SMTP enumeration

§  Mitigation of IPsec enumeration

§  Mitigation of VoIP enumeration

§  Mitigation of SMB enumeration

§  Services & Ports to Enumerate

§  LDAP enumeration     

§  LDAP Enumeration

§  LDAP Enumeration Tool

§  Mitigation of LDAP enumeration

§  NetBIOS Enumeration

§  NetBIOS Enumeration Tool

§  Mitigation of NetBIOS enumeration

§  User Account Enumeration

§  TCP 25: Simple Mail Transfer Protocol(SMTP)

§  DNS Enumeration

§  DNS Enumeration Tools

§  Mitigation of DNS enumeration

§  Countermeasures

        System Hacking

§  System Hacking Introduction 

§  Concept of System Hacking 

§  Password Cracking    

§  Password Cracking definition

§  Types of Password Attack

§  Password Recovery Tools

§  Microsoft Authentication

§  Windows SAM

§  NTLM Authentication

§  NTLM limitations

§  Pass the Hash?

§  How Does Pass the Hash Attack Work??

§  Who Is Vulnerable to Pass the Hash Attacks??

§  Why Are Pass the Hash Attacks a Growing Concern??

§  Kerberos Authentication

§  Password Salting

§  Tools to extract password hash

§  Password cracking Tools

§  How to defend against password Cracking

§  Privilege Escalation

§  What is Privilege Escalation

§  Privilege escalation by Exploiting Vulnerability

§  Privilege escalation using DLL Hijacking

§  Exploit Accessibility feature

§  How to Defend Against Privilege Escalation??

§  SUID

§  SUID File System Permissions?

§  SUID Programs

§  Escalating Privileges via SUID?

§  Exploiting SUID using SUID3NUM? 

§  Executing Applications                     

§  Keylogger

§  Spyware

§  CnC Beacons

§  Defense against Execution

§  Data Hiding    

§  Steganography

§  NTFS Data Stream

§  Covering Tracks         

§  Rootkits, their types and how they work to hide presence

§  Disable Auditing: AuditPol

§  Clearing Logs

§  Manually clearing event logs

§  Ways to clear online tracks

§  Covering Tracks on OS

§  Covering Tracks on Network

                 Malware Threats

§  Malware Concepts

§  What is Malware?

§  Type of Malware

§  Ways to Malware delivery

§  Drive by Download ?

§  Phishing

§  Phishing Techniques

§  Causes of Phishing attacks

§  Spear-Phishing ?

§  Watering Hole

§  How Watering Hole Works? ?

§  How to prevent Watering Hole attacks??

§  Malware Components

§  Virus and Worm

§  Introduction to virus

§  Phases of a virus attack

§  Methods of Virus Infection and Spread

§  Signs Computer Virus Infections

§  Type of Virus

§  Creating a Virus

 Sniffing

§  Sniffing Concept        

§  Introduction

§  Type of Sniffing

§  Protocols vulnerable to sniffing attacks

§  Sniffing Basics

§  Sniffing Technique

§  MAC Address / CAM Table

§  How CAM Works

§  MAC Flooding

§  Switch Port 

§  Sniffing Technique

§  ARP Poisoning           

§  What is ARP

§  ARP Spoofing Attack

§  Tools for ARP Poisoning

§  MAC Spoofing

§  MAC Spoofing Tools

§  DNS Poisoning          

§  Tools to prevent DNS Poisoning 

§  Sniffing Tools 

§  Wireshark

§  TCPDUMP 

§  Countermeasures against Sniffing    

    Social Engineering

§  Social Engineering Attacks

§  Phases, Principles, Behaviors

§  Companies Common Risks

§  Human based

§  Computer based

§  Mobile based

§  Baiting

§  Phishing

§  Spear-phishing

§  Pretexting

§  Scareware

§  Insider Threat

§  Physical Security

§  Social Networking Site

§  Social Engineering through impersonation

§  Impersonation on Facebook 

§  Identity Theft

     Denial-of-Service (DoS) Attacks

      DoS / DDoS Concept → Introduction to Dos and DDoS attacks

Ø  DoS / DDoS Attack Techniques        

Ø  Types and Categories

Ø  Volumetric Attack

Ø  UDP Flood

Ø  ICMP Flood

Ø  Ping of Death

Ø  Smurf Attack

Ø  Protocol Attack

Ø  Syn Flood

Ø  Fragmentation Attack

Ø  ACK Flood

Ø  Application Layer Attack

Ø  HTTP Get/POST Attack

Ø  Slowloris attack

Ø  Botnets           

Ø  Botnet Setup

Ø  Botnet Ecosystem

Ø  Scanning Methods for Finding Vulnerable machines

Ø  DoS / DDoS Attack Tools      

§  Role of Tools in DoS or DDoS attacks

§  Environment for tool setup

§  Different tools for DDoS or DoS attacks

§  Attack detection technique:Network Performance

§  Attack detection technique:Machine Learning Tools

§  Attack detection technique:Packet Monitoring

 

§  Countermeasures      

§  Detection Technique

§  Countermeasure strategy

§  DoS/ DDoS protection at ISP level

§  Overall Conclusion of Security Implementations?

Vulnerability Analysis

§  Vulnerability Assessment

§  Vulnerability Research

§  Vulnerability Classification

§  Vulnerability Assessment, Types and Management 

§  Tools

§  Vulnerability Assessment Tools 

§  Vulnerability Scoring System

§  CVSS

§  CVE

§  NVD

§  Exploit DB

§  Selecting the exploit

Hacking Web Servers

§  Web Server Concept 

§  Web Server operation

§  Open Source Web Server Architecture - Tomcat

§  IIS Architecture 

§  Web Server Attack Methodology       

§  Information Gathering

§  Web Server Footprinting

§  Website Mirroring

§  Vulnerability Scanning 

§  Web Server Attacks   

§  DNS Amplification attack

§  Directory Transversal attack

§  Parameter Tampering

§  MiTM Sniffing attack

§  Website Defacement

§  Web Server Misconfiguration

§  HTTP Response Splitting Attack

§  Web Cache Poisoning

§  Connection String Parameter Pollution

§  DoS / DDoS 

§  Patch management    

§  Web Server Security  

    Hacking Web Applications

§  Web Application Concept      

§  What is a Web Application?

§  Web Application Architecture

§  Web App Threats       

§  OWASP top 10

§  Other Web App Threats 

§  Hacking Methodology

§  Web App Hacking Methodology

§  Footprinting Infrastructure

§  Attacking Web Server

§  Analyzing Web Application

§  Bypass Client Side Controls

§  Input Validation Attack

§  Web Application Based Attacks- JavaScript?

§  Attack Scenario of JavaScript-based attack?

§  Countermeasures of JavaScript Injection?

§  DOM (Document-Object Model) ? 

§  Same-Origin Principle?

§  Broken Authentication

§  Sensitive Data Exposure

§  XEE

§  RFI / LFI

§  Directory Traversal

§  XSS

§  Types of XSS vulnerabilities?

§  Other Injection Attacks (LDAP, SOAP, HTML,XML,IDOR)

§  SQL Injection

§  What is SQL Injection

§  Understanding SQL Query

§  Understanding a SQL Injection Query

§  Example of Web App Vulnerable:OWASP Juice shop

§  Type of SQL Injection

§  SQL InjectionTools

§  Command Injection?

§  CSRF (Cross-Site Request Forgery)?

§  Hacking Tools

§  Web Application Hacking Tools Requirement 

§  Countermeasures      

§  OWASP, WAF, Periodic VA

§  Session Hijacking Concept

§  Session Hijacking

§  Reasons of Session Hijacking

§  Session Hijacking Process

§  Spoofing V/S Hijacking 

§  Application Level Session Hijacking  

§  Sniffing and Predicting Session

§  MiTM Attack (Man in the middle) attack

§  MiB Attack ( Man in the Browser) attack

§  Client Side Attack - XSS

§  CSRF

§  Session Fixation

§  CRIME Attack

§  Network Level Session Hijacking      

§  TCP / IP Hijacking

§  Zaproxy Tools

§  Burp Suite

§  Countermeasures      

§  Countermeasure to prevent session hijacking

§  Methods to Prevent Session Hijacking

§  Approaches to Prevent Session Hijacking

§  Session Hijacking: Issues and Solutions

§  IPSec Protocol

§  IPSec Architecture

§  Components of IPSec

§  Session Hijacking Penetration Testing

    Hacking Wireless Networks

§  Concept and Terminology     

§  What is Wireless Terminology?

§  Wireless Network Pros and cons

§  Wireless Standards

§  SSID

§  Authentication

§  Antenna Type

§  Wireless Encryption   

§  Wireless Security Protocols

§  Wireless Network Complexities

§  How does WIfi work?

§  Why do you need to test wireless networks

§  Wireless hacking        

§  Wireless Threats

§  Network Discovery 

§  Wireless Attack          

§  Rogue Access Point

§  Evil Twin

§  Honeyspot

§  Ad Hoc Connection Attack

§  DoS Attack

§  MAC Filter

§  Wireless Encryption Attacks  

§  WEP Cracking

§  WPA/WPA2 Cracking

§  ARP Cache Poisoning Attack

§  Authentication Flood Attack

§  Deauthentication Flood Attack

§  Beacon Flood Attack

§  TKIP MIC Exploit

§  Introduction to Tools Used for Wi-Fi Hacking Tools

§  Aircrack-ng

§  Wifite

§  Kismet

§  Wi-Fi Phisher

§  In-SSID-er

§  Wireshark

§  CoWPAtty

§  Airgeddon

§  Cloudcracker

§  Kali Linux Nethunter

§  Protecting Wireless Networks – Countermeasures

    Hacking Mobile Platforms

§  Mobile Platform Hacking       

§  Three Main Avenues of Attack

§  OWASP Top 10 Mobile Risks

§  Android Rooting & Tools

§  IOS Jailbreaking & Tools

§  App Store attacks

§  Phishing attacks

§  Android Device Administration API

§  Bring Your Own Device

§  Countermeasures      

§  Mobile Device Management

§  Bluetooth attacks

§  Mobile Attacks and countermeasures           

§  SMS Phishing (Smishing)

§  Mobile Attack Platforms

§  Bluetooth Attacks

§  Improving Mobile Security     

§  IoT Concept   

§  What is IoT

§  Basic Components

§  Methods of Communicating

§  Edge Computing

§  Multi-Layer Architecture of IoT

§  IoT Technology Protocols

§  Short-Range Wireless

§  Medium-Range Wireless

§  Long-Range Wireless

§  Wired Communications

§  IoT Operating Systems

§  IoT Operating Systems,Types

§  IoT Communication Models

§  Geofencing

§  Grid Computing

§  Analytics of Things

§  Industrial IoT

§  IoT Vulnerabilities and Attacks          

§  OWASP Top 10 IoT Vulnerabilities

§  Common IoT Attack Areas

§  IoT Threats

§  IoT Hacking Methodology      

§  Stages of IoT Hacking 

§  Countermeasures to help secure IoT devices

    Cloud Computing

§  Cloud Computing Concepts

§  Introduction to Cloud Computing

§  Separation of Responsibility in Cloud

§  Cloud Deployment Models

§  NIST Cloud Computing Reference Architecture

§  Understanding Virtualization

§  Cloud Computing Threats      

§  Threats

§  Cloud Computing Attacks      

§  Service hijacking via Social engineering & network sniffing

§  Side Channel Attack

§  Cross VM attacks

§  Cryptanalysis attacks

§  Wrapping attacks

§  Main-in-the-Cloud attacks

§  Cloud Security Control Layers           

§  Cloud Security Tools

    Cryptography

§  Cryptography Concepts         

§  The Goal of Cryptography

§  Basic Terms & Concepts

 

§  Encryption Algorithms

§  Symmetric Encryption

§  Symmetric Cryptosystems

§  Asymmetric Encryption

§  Asymmetric Cryptosystems 

§  Hashes           

§  Concept

§  Hashing Algorithms

§  Public Key Infrastructure                    

§  Disk Encryption          

§  Disk Encryption,Full Disk Encryption

§  Tools

§  Email Encryption        

§  Digital Signature

§  TLS

§  PGP 

§  Cryptanalysis 

§  Cryptology

§  Cryptographic attacks(KPA,PPA,COA,MiTM,ACPA)

§  Cryptanalysis tools

§  Countermeasures      

§  How to defeat attack