Ethical Hacker Training Course

  Module-1 Cyber Security
Part-1 Domain 1 Security and Risk Management 
·      Lecture-1 Understand and Apply Concepts of Confidentiality, Integrity and Availability

·      Information Security Fundamentals

·      Interactive Exercise: Security Fundamentals

·      Practical Exercise              

·      Lecture-2 Evaluate and Apply Security Governance Principles

·      Frameworks, Benchmarks, and Guidelines

·      Leadership Roles and Responsibilities

·      Interactive Exercise: Governance Roles and Responsibilities

·      Practical Exercise              

·      Lecture-3 Determine Compliance Requirements

·      Regulatory and Contractual Obligations

·      Privacy and Data Protection

·      Practical Exercise              

·      Lecture-4 Understand Legal and Regulatory Issues That Pertain to Information Security in a Global Context

·      Cybercrime and Data Breaches

·      Licensing and Intellectual Property Law

·      Practical Exercise              

·      Lecture-5 Understand, Adhere to and Promote Professional Ethics

·      Organizational and Professional Ethics

·      Practical Exercise              

·      Lecture-6 Develop, Document and Implement Security Policy, Standards, Procedures and Guidelines

·      Information Security Policy

·      Practical Exercise              

·      Lecture-7 Identify, Analyze, and Prioritize Business Continuity (BC) Requirements

·      Business Continuity Planning

·      Business Impact Analysis

·      Interactive Exercise: Business Impact Analysis Metrics_From AR (LMS)

·      Practical Exercise              

·      Lecture-8 Contribute to and Enforce Personnel Security Policies and Procedures

·      Personnel Policies and Agreements

·      Practical Exercise              

·      Lecture-9 Understand and Apply Risk Management Concepts

·      Risk Management Concepts

·      Risk Assessment

·      Interactive Exercise: Quantitative Assessment

·      Countermeasure Selection

·      Interactive Exercise: Identifying Control Categories

·      Practical Exercise              

·      Lecture-10 Understand and Apply Threat Modeling Concepts and Methodologies

·      Threat Modeling

·      Attack Vectors

·      Exercise: Threats, Vulnerabilties and Exploits

·      Practical Exercise              

·      Lecture-11 Apply Risk Management Concepts to the Supply Chain

·      Supply Chain Risk Management

·      Practical Exercise              

·      Lecture-12 Establish and Maintain a Security Awareness, Education, and Training Program

·      ETA Principles and Practices

·      Social Engineering Training

·      Interactive Exercise: Social Engineering

·      Practical Exercise              

Part-2 Domain 2 Asset Security 
·      Lecture-13 Identify and Classify Information and Assets

·      Classification Frameworks

·      Interactive Exercise: Classification

·      Practical Exercise              

·      Lecture-14 Determine and Maintain Information and Asset Ownership

·      Asset Ownership and Management

·      Practical Exercise              

·      Lecture-15 Protect Privacy

·      Privacy Principles

·      Interactive Exercise: Privacy Principles

·      Practical Exercise              

·      Lecture-16 Ensure Appropriate Asset Retention

·      Data Retention and Destruction

·      Interactive Exercise: Retention and Destruction

·      Practical Exercise              

·      Lecture-17 Determine Data Security Controls

·      Data Security Standards and Selection

·      Practical Exercise              

·      Lecture-18 Establish Information and Asset Handling Requirements

·      Labeling and Handling Standards

·      Practical Exercise              

Part-3 Domain 3 Security Architecture and Engineering 
·      Lecture-19 Implement and Manage Engineering Processes Using Secure Design Principles

·      Security Design Principles

·      Practical Exercise              

·      Lecture-20 Understand the Fundamental Concepts of Security Models

·      Information Security Models

·      Interactive Exercise: Security Models

·      Practical Exercise              

·      Lecture-21 Select Controls Based Upon Systems Security Requirements

·      Security Evaluation Models

·      Practical Exercise              

·      Lecture-22 Understand Security Capabilities of Information Systems

·      Information Systems Security Capabilities

·      Practical Exercise              

·      Lecture-23 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements

·      Traditional Computing Environments

·      Cloud Computing

·      Interactive Exercise: Cloud Delivery Models

·      Practical Exercise              

·      Lecture-24 Assess and Mitigate Vulnerabilities in Web-based Systems

·      Web Vulnerabilities

·      Interactive Exercise: Web Vulnerabilities

·      Practical Exercise              

·      Lecture-25 Assess and Mitigate Vulnerabilities in Mobile Systems

·      Mobile Systems Vulnerabilities

·      Practical Exercise              

·      Lecture-26 Assess and Mitigate Vulnerabilities in Embedded Systems

·      Embedded Systems Vulnerabilities

·      Practical Exercise              

·      Lecture-27 Apply Cryptography

·      Cryptographic Fundamentals

·      Symmetric Encryption

·      Interactive Exercise: Encryption Ciphers

·      Asymmetric Encryption

·      Hashing and Digital Signatures

·      Interactive Exercise: Digital Signatures

·      PKI and Digital Certificates

·      Cryptographic Attacks and Vulnerabilities

·      Interactive Exercise: Crypto Attacks

·      Practical Exercise              

·      Lecture-28 Apply Security Principles to Site and Facility Design

·      Physical Security Principles

·      Practical Exercise              

·      Lecture-29 Implement Site and Facility Security Controls

·      Site and Facility Security Controls

·      Environmental Issues and Controls

·      Practical Exercise              

Part-4 Domain 4 Communication and Network Security 
·      Lecture-30 Implement Secure Design Principles in Network Architectures

·      Network Models and IP Convergence

·      Interactive Execise: OSI & TCP/IP Models

·      Non-IP Multilayer Protocols

·      Wireless Networks

·      Interactive Exercise: Wireless Networks

·      Practical Exercise              

·      Lecture-31 Secure Network Components

·      Transmission and Connectivity

·      Network Access Control Devices

·      Endpoint Security

·      Practical Exercise              

·      Lecture-32 Implement Secure Communication Channels According to Design

·      Voice and Multimedia

·      Remote Access

·      Interactive Exercise: IPsec

·      Data Communications

·      Virtualization and Software-defined Networks

·      Interactive Exercise: Virtualization

·      Practical Exercise              

Part-5 Domain 5 Identity and Access Management (IAM) 
·      Lecture-33 Control Physical and Logical Access to Assets

·      Access Control Fundamentals

·      Practical Exercise              

·      Lecture-34 Manage Identification and Authentication of People, Devices, and Services

·      Identification and Authentication

·      Interactive Exercise: Authentication

·      Identity and Access Services

·      Practical Exercise              

·      Lecture-35 Integrate Identify as a Third-party Service

·      Identity Management (IdM)

·      Interactive Exercise: IdM

·      Practical Exercise              

·      Lecture-36 Implement and Manage Authorization Mechanisms

·      Access Control Models

·      Interactive Exercise: Access Control

·      Practical Exercise              

·      Lecture-37 Manage the Identity and Access Provisioning Lifecycle

·      Identity and Access Management (IAM)

·      Practical Exercise              

Part-6 Domain 6 Security Assessment and Testing 
·      Lecture-38 Design and Validate Assessment, Test, and Audit Strategies

·      Assessment and Testing Overview

·      Planning Engagements

·      Practical Exercise              

·      Lecture-39 Conduct Security Control Testing

·      Infrastructure Assessments

·      Interactive Exercise: Pen Testing

·      Code Testing and Analysis

·      Interactive Exercise: Code Testing

·      Practical Exercise              

·      Lecture-40 Collect Security Process Data

·      Activity and Error Reporting

·      Information Security Continuous Monitoring

·      Practical Exercise              

·      Lecture-41 Analyze Test Output and Generate Report

·      Metrics, KPIs, and Business Intelligence

·      Practical Exercise              

Lecture-42 Conduct or Facilitate Security Audits

·      Managing Third-party Audits and Examinations

·      Interactive Exercise: Audits & Examinations

·      Practical Exercise              

Part-7 Domain 7 Security Operations 
·      Lecture-43 Understand and Support Investigations

·      Evidence Handling

·      Forensic Investigative Techniques

·      Interactive Exercise: Forensics

·      Practical Exercise              

·      Lecture-44 Understand Requirements for Investigation Types

·      Investigation Objectives and Requirements

·      Practical Exercise              

·      Lecture-45 Conduct Logging and Monitoring Activities

·      Logging and Analysis

·      Interactive Exercise: Logging & Analysis

·      Practical Exercise              

·      Lecture-46 Securely Provisioning Resources

·      Configuration Management

·      Practical Exercise              

·      Lecture-47 Understand and Apply Foundational Security Operations Concepts

·      Security Operations

·      Practical Exercise              

·      Lecture-48 Apply Resource Protection Techniques

·      Media Management

·      Mobile Device Management

·      Interactive Exercise: Mobile Device Management

·      Practical Exercise              

·      Lecture-49 Conduct Incident Management

·      Incident Management Planning

·      Incident Response

·      Interactive Exercise: Incident Response

·      Practical Exercise              

·      Lecture-50 Operate and Maintain Detective and Preventative Measures

·      Detective and Preventative Solutions

·      Firewalls and Filters

·      IDS/IPS

·      Interactive Exercise: Decision Engines

·      Anti-Malware Techniques

·      Practical Exercise              

·      Lecture-51 Implement and Support Patch and Vulnerability Management

·      Vulnerability Management

·      Patch Management

·      Threat Intelligence and Information Sharing

·      Practical Exercise              

·      Lecture-52 Understand and Participate in Change Management Processes

·      Change Management

·      Practical Exercise              

·      Lecture-53 Implement Recovery Strategies

·      Site Recovery Strategies

·      Interactive Exercise: Site Recovery

·      Data Backup and Restoration

·      Resiliency and Fault Tolerance

·      Interactive Exercise: Resiliency

·      Practical Exercise              

·      Lecture-54 Implement Disaster Recovery (DR) Processes

·      DR Planning and Response

·      Practical Exercise              

·      Lecture-55 Test Disaster Recovery Plans (DRP)

·      DRP Training and Testing

·      Interactive Exercise: DR Exercises & Testing

·      Practical Exercise              

·      Lecture-56 Participate in Business Continuity (BC) Planning and Exercises

·      BCP Relationship

·      Practical Exercise              

·      Lecture-57 Implement and Manage Physical Security

·      Perimeter and Internal Security Controls

·      Practical Exercise              

·      Lecture-58 Address Personnel Safety and Security Concerns

·      Personnel and Workplace Safety

·      Practical Exercise              

Part-8 Domain 8 Software Development Security 
·      Lecture-59 Understand and Integrate Security in the Software Development Life Cycle (SDLC)

·      Software Development Life Cycle

·      Interactive Exercise: Software Development

·      Secure DevOps

·      Practical Exercise              

·      Lecture-60 Identify and Apply Security Controls in Development Environments

·      Staging and Deployment Strategies

·      Interactive Exercise: Staging & Deployment

·      Practical Exercise              

·      Lecture-61 Assess the Effectiveness of Software Security

·      Assessing the Effectiveness of Software Security

·      Interactive Exercise: Assessment Options

·      Practical Exercise              

·      Lecture-62 Assess Security Impact of Acquired Software

·      Software Procurement and Acquisition

·      Practical Exercise              

·      Lecture-63 Define and Apply Secure Coding Guidelines and Standards

·      Source Code Weaknesses

·      Interactive Exercise: Source Code Flaws

·      Secure Coding Techniques

·      Practical Exercise              

Part-9 Becoming a CISSP 
·      Lecture-64 Acing Your Exam

·      Understanding the Exam Structure

·      Test Taking Strategies

·      Preparing for Test Day

·      Practical Exercise              

·      Lecture-65 Certification Process

·      What to Expect at the Testing Center

·      Attaining and Maintaining Your CISSP Certification

·      Practical Exercise

  Module-2 Ethical Hacking
Part-1 Security Essentials 
·      Lecture-1 Course Overview

·      Areas of Focus and Exam Info

·      Course Is and Isn't            

·      Lecture-2 Introduction to Ethical Hacking

·      Cybersecurity Overview

·      Threats and Attack Vectors

·      Attack Concepts

·      Understanding the Legal Aspects of Penetration Testing

·      Exploring Penetration Testing Methodologies

·      Attack Phases

·      Attack Types

·      InfoSec Policies

·      Practical Exercise              

·      Lecture-3 Footprinting and Recon

·      Footprinting Concepts

·      Footprinting Objectives

·      Footprinting Methodologies

·      Search Engines

·      Finding People

·      Competitive Intelligence

·      Websites

·      Email Tracking

·      Network Discovery

·      DNS/Whois

·      Social Engineering

·      Employee Online Activities

·      Footprinting Tools

·      Footprinting Countermeasures

·      Penetration Testing: Footprinting and Recon

·      Practical Exercise              

·      Lecture-4 Scanning Networks

·      Network Scanning Overview

·      Scanning Techniques

·      TCP/UDP Refresher

·      TCP Scanning Types

·      More TCP Scanning Techniques

·      Nmap Demo

·      IDS Evasion

·      Banner Grabbing

·      Vulnerability Scanning

·      Network Diagramming

·      Using and Chaining Proxies

·      HTTP and SSH Tunneling

·      Anonymizers

·      IP Spoofing and Countermeasures

·      Penetration Testing: Scanning Networks

·      Practical Exercise              

Part-2 System Security 
·      Lecture-5 Enumeration

·      Enumeration Overview

·      NetBIOS Enumeration

·      Users and Default Passwords

·      SNMP Enumeration

·      Linux Enumeration

·      LDAP, NTP, SMTP, DNS Enumeration

·      Enumerating IKE, IPsec, VPNs

·      Enumeration Countermeasures

·      Penetration Testing: Enumeration

·      Practical Exercise              

·      Lecture-6 Vulnerability Analysis

·      Introducing Vulnerability Research and Classification

·      Exploring Vulnerability Assessment

·      Vulnerability Management Lifecycle (Vulnerability Assessment Phases)

·      Understanding Different Approaches of Vulnerability Assessment Solutions

·      Overview of Vulnerability Scoring Systems

·      Vulnerability Assessment Tools

·      Overview of Vulnerability Assessment Reports

·      Practical Exercise              

·      Lecture-7 System Hacking

·      Hacking Methodology

·      Password Cracking

·      Keyloggers and Anti-keyloggers

·      Microsoft Authentication

·      Defense Against Password Cracking

·      Privilege Escalation

·      Executing Applications

·      Rootkits and Anti-rootkits

·      NTFS Stream Manipulation

·      Steganography and Steganalysis Methods

·      Covering Tracks

·      Penetration Testing: System Hacking

·      Practical Exercise              

·      Lecture-8 Malware Threats

·      Understanding Malware and Malware Propagation Techniques

·      Trojans, Backdoors, Viruses, Worms

·      Indications of Infection

·      Common Ports

·      How Malware Gets Into a System

·      How to Detect

·      Anti-malware Software

·      Online Malware Analysis Services

·      Countermeasures

·      Penetration Testing: Malware Threats

·      Practical Exercise              

·      Lecture-9 Sniffing

·      Sniffing Overview

·      Sniffing Attack Types

·      Protocol Analyzers

·      Sniffing Tools

·      Sniffing Detection and Defense

·      Penetration Testing: Sniffing

·      Practical Exercise              

·      Lecture-10 Social Engineering

·      Social Engineering Concepts

·      Social Networking

·      Identity Theft

·      Social Engineering Countermeasures

·      Understanding Social Engineering

·      Surveying Social Engineering Methodologies

·      Understanding How to Target Employees

·      Exploring Social Engineering Tools

·      Exploring the Social Engineering Toolkit (SET)

·      Surveying Social Engineering Case Studies

·      Penetration Testing: Social Engineering

·      Practical Exercise              

Part-3 Network Security 
·      Lecture-11 Denial-of-Service (DoS)

·      DoS/DDoS Overview

·      DoS Techniques

·      Botnets

·      DoS Attack Tools

·      Detection and Countermeasures

·      DDoS Protection Tools

·      Penetration Testing: DoS

·      Practical Exercise              

·      Lecture-12 Session Hijacking

·      What Is Session Hijacking?

·      Techniques

·      Application Level Session Hijacking

·      MitM Attacks

·      Cross-site Attacks

·      Network Level Hijacking

·      Session Hijacking Tools

·      Hijacking Protection

·      Penetration Testing: Session Hijacking

·      Practical Exercise              

Part-4 Web Services Security 
·      Lecture-13 Hacking Webservers

·      What Is Session Hijacking?

·      Techniques

·      Application Level Session Hijacking

·      MitM Attacks

·      Cross-site Attacks

·      Network Level Hijacking

·      Session Hijacking Tools

·      Hijacking Protection

·      Penetration Testing: Session Hijacking

·      Practical Exercise              

·      Lecture-14 Hacking web Applications

·      Attack Vectors and Threats

·      Footprinting

·      Authentication and Authorization System Attacks

·      Understanding the Need for Web Application Penetration Testing

·      Exploring How Web Applications Have Evolved Over Time

·      Understanding the Web Application Protocols

·      Exploring the HTTP Request and Response

·      Surveying Session Management and Cookies

·      Understanding the APIs

·      Exploring the Tools Used to Test the APIs

·      Exploring Cloud Services

·      Exploring Web Application Frameworks

·      Surveying Docker Containers

·      Introducing DevOps

·      Understanding Authentication Schemes in Web Applications

·      Exploring Session Management Mechanisms and Related Vulnerabilities

·      Database Connectivity Attacks

·      Practical Exercise              

·      Lecture-15 Advanced Web Application Hacking

·      Understanding What is Command Injection

·      Exploiting Command Injection Vulnerabilities

·      Understanding What is XML Injection

·      Exploiting XML Injection Vulnerabilities

·      Undertanding How to Mitigate Injection Vulnerabilities

·      Understanding What is XSS

·      Exploiting Reflected XSS Vulnerabilities

·      Exploiting Stored XSS Vulnerabilities

·      Exploiting DOM Based XSS Vulnerabilities

·      Understanding Cross-Site Request Forgery (CSRF)

·      Exploiting CSRF Vulnerabilities

·      Evading Web Application Security Controls

·      Mitigating XSS and CSRF Vulnerabilities

·      Surveying the Client-side Code and Storage

·      Understanding HTML5 Implementations

·      Understanding AJAX Implementations

·      Mitigating AJAX, HTML5, and Client-side Vulnerabilities

·      Understanding the Other Common Security Flaws in Web Applications

·      Exploiting Insecure Direct Object References and Path Traversal

·      Surveying Information Disclosure Vulnerabilities

·      Fuzzing Web Applications

·      Web Application Security Tools

·      Web Application Firewalls

·      Practical Exercise              

·      Lecture-16 SQL Injection

·      Overview

·      Attacks Using SQL Injection

·      Methodology

·      Understanding SQL Injection

·      Exploiting SQL Injection Vulnerabilities

·      SQL Injection Defense

·      Detection Tools

·      Practical Exercise              

Part-5 Wireless and Internet Security 
·      Lecture-17 Hacking Wireless

·      Wireless LAN Overview

·      Wireless Encryption

·      Wireless Threats

·      Understanding Wireless Antennas

·      Surveying Wi-Fi Devices Like the Pinneaple

·      Building Your Own Lab

·      Introducing the Aircrack-ng Suite

·      Introducing Airmon-ng

·      Understanding Airodump-ng

·      Introducing Aireplay-ng

·      Introducing Airdecap-ng

·      Introducing Airserv-ng

·      Introducing Airtun-ng

·      Understanding WEP Fundamentals

·      Learning How to Crack WEP

·      Understanding WPA Fundamentals

·      Surveying Attacks Against WPA2-PSK Networks

·      Using coWPAtty

·      Using Pyrit

·      Exploring WPA Enterprise Hacking

·      Using Kismet

·      Using Wireshark

·      Defining Evil Twin Attacks

·      Performing Evil Twin Attacks

·      Using Karmetasploit

·      Bluetooth and Bluejacking

·      Understanding Bluetooth Vulnerabilities

·      Surveying Tools for Bluetooth Monitoring

·      Wireless Attack Defense

·      Wireless IPS

·      Practical Exercise              

·      Lecture-18 IDS, Firewalls, and Honeypots

·      IDS, Firewall, and Honeypot Concepts

·      Firewall Tools

·      Honeypot Tools

·      IDS Tools

·      Evading IDS and Firewalls

·      Evading IDS and Firewall Tools

·      Detecting Honeypots

·      Penetration Testing: IDS, Firewalls, and Honeypots

·      Practical Exercise              

·      Lecture-19 Cloud Computing

·      Overview

·      Providers

·      Detection

·      Instance and VPC Security Methods

·      Cloud Use as a Pen Testing Source

·      Understanding the Challenge of Testing Cloud Services

·      Exploring How to Test in the Cloud

·      Practical Exercise              

·      Lecture-20 Cryptography

·      Overview

·      Algorithms

·      Tools

·      Public Key Infrastructure

·      Email

·      Disk Encryption and Tools

·      Attacks Against Cryptography

·      Cryptanalysis Tools

·      Practical Exercise              

·      Lecture-21 IoT Hacking

·      Understanding IoT Fundamentals

·      Exploring ZigBee and IEEE 802.15.4

·      Exploring INSTEON

·      Exploring ZWave

·      Exploring LoRA

·      Overview of IoT Penetration Testing

·      IoT Security Tools

·      Practical Exercise              

·      Lecture-22 Hacking Mobile Platform

·      Understanding OWASP Mobile Device Vulnerabilities

·      Wrestling with the BYOD Dilemma

·      Understanding Mobile Device Management (MDM)

·      Understanding Mobile Device Security Policies

·      Exploring The Android Security Model

·      Exploring Android Emulators and SDK

·      Understanding Android Hacking Tools and Methodologies

·      Introducing iOS Security

·      Exploring Jailbraking iOS

·      Surveying Tools for Dissasembling iOS Applications

·      Understanding Mobile Spyware

·      Exploring How to Make Your Own STORM-like Mobile Hacking Device

·      Practical Exercise