Certified Information Security Expert (CISEv20)

Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider for courses in the field of Information Security, Systems and Open-Source The hands on security courses in the field of offensive security are built by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real world experience www.innobuzz.in

Certified Information Security Expert (CISE level 1 v2)

Detailed Course Module

Chapter 1 – Introduction Concept of Security

Physical and Digital Assets

Security Triangle

Introduction: Ethical hacking

Types of Ethical Hackers

Basic Terminologies

Elements of Security

5 Phases of Hacking

Profile of an Ethical Hacker

Security Testing, Computer Crimes and Law

History of Hacking & Famous Hackers

Chapter 2 – Networking & Basics Concept of Networking

Types of Networks and Networking Devices

Concept of Network and Ports

TCP, IP & UDP

Addressing and Types of Addressing

IP Address and Classes

Client Server Relationship

Domain name and DNS

ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP

Virtualization and Advantages of Virtualization

Chapter 3 – Footprinting Footprinting/Information Gathering

Steps of Information Gathering

Crawling and Mirroring of Websites

Whois and Domain Registry

Gathering Target Information

Parallel Domain

MX Entry

Trace Route

Archive Pages

Banner Grabbing

Chapter 4 – Google Hacking Introduce Google

Working of Google – Outline

Working of Google – Crawling, Indexing & Searching

Vulnerable Objects

Using Cache and Google as Proxy

Directory Listing and Locating Directory Listings along with specific folders

Google Hacking and what it is about

The basics of Google Hacking: Advanced Search in Google

Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:

Wildcard and Quotes

Understanding and Viewing Robots.txt for important Files

Normal Countermeasures

o Robottxt

o Metatag and Google Official Remove

o Hiding Detailed Error Messages

o Disabling Directory Browsing

Chapter 5 – Scanning Definition of Scanning

Types of Scanning

Diff b/w Port and Network Scanning

Objectives and Benefits of Scanning

TCP three way hands shake

Various Classification of Scanning

Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep

Concept of War Dialer (History)

OS Finger Printing and Types – Active & Passive

Chapter 6 – Windows Hacking Definition and Objectives of Windows Hacking

Types of Passwords

Manual & Automatic Password Cracking Algorithm

Types of Password Attacks – Dictionary, Brute Force, and Hybrid

LMHash and SAM File

Password Cracking Countermeasures

Syskey

Privilege Escalation

Hiding Files

Concept of Alternate Data Stream and Advantages

Detecting ADS

NTFS Streams countermeasures

Keystroke Loggers and Types – Software & Hardware

Concept of Auditing, Logs and Covering Tracks

Concept of Application Isolation

Chapter 7 – Linux Hacking Introduction of Linux as an OS

Advantages of using Linux

Basics about linux – Commands, Shell types and User types

Why Linux is hacked?

Recent Linux Vulnerabilities

Password cracking in Linux

Introduction and explanation of IP Tables & IP Chains

TCP wrappers

Remote connection using SSH

Log and Traffic Monitors in Linux

Understanding Post Install Linux Security Auditing

Understanding and using Backtrack

Chapter 8 – Trojans & Backdoors Definition and Objectives of Trojans & Backdoors

Overt and Covert Channels

Working of Trojans

Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy

Trojans

Target Data Types of Trojans

Different Modes of Trojan Infection

Auto-run of Trojans

Common Symptoms of a Trojan Infection

Ports used by Famous Trojans

Wrappers & Binders

Uses of Wrappers and Binders

Reverse Connection in relation to Trojans

Detecting a Trojan in a computer

Anti-Trojan Software

Tips to Avoid Trojan Infection

Concept of Rootkit

Effects and Types of Rootkit

Countermeasures of Rootkit

Chapter 9 – Virus & Worms Introduction to Virus & Worms

Diff. between Virus & Worms

Characteristics, Symptoms of a Virus

History and Terminologies used for a Virus

Types of Virus Damage

Effects of a Virus Attack

Access Methods of a Virus

Modes of Virus infection

Life Cycle of a Virus

Types of Virus Programs – What and how?

Famous Virus & Worms

Batch File programming

Concept of Virus Construction Kit

Virus Detection Methods

Virus Incident Response

Sheep Dip

Tips on Prevention from Virus Infection

Types of Worms

Zombies

Botnets

Antivirus Program

Popular Antivirus programs

Chapter 10 – Proxy Server & Packet filtering Proxy Server

Advantages of using Proxy Servers

Proxy Server Based Firewalls

Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy

Diff. between Transparent, Anonymous and Elite Proxies

Anonymizers

Socks Chain Proxy

Http Tunnel Proxy

Countermeasures of Proxy

Packet Filtering

Packet Filtering Devices and Approaches

Stateless Packet Filtering

Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags,

Fragmentation and Packet Contents

Filtering Suspicious Inbound Packets

Stateful Packet Filtering

Proxy Server Vs Packet Filtering

Chapter 11 – Denial of Service Attack Concept of DOS Attacks

Goal of DOS Attack

Impact and Modes of Dos Attack

Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal

flow

Concept of DDOS Attack

Diff. between Dos and DDos Attack

Characteristics of DDos Attacks

Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy,

Amplification Attack

Concept of the Reflected Dos

Countermeasures - Reflected DoS

DDoS Countermeasures

Detect and Neutralize Handlers

Detect Potential Attacks

Mitigate or Stop the Effects of DDoS Attacks

Post-Attack Forensics

Chapter 12 – Sniffers Concept of Sniffing

Types of Sniffing – Active & Passive

ARP Poisoning

Countermeasures of ARP Poisoning

DNS Spoofing

Changes in Host file for DNS Redirection

Countermeasures of sniffing

MAC Spoofing

Chapter 13 – Social Engineering Social Engineering

Techniques of Social Engineering

Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider

Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person

Approach, Technical Support

Countermeasures of Social Engineering

Chapter 14 – Physical security Physical Security

Current Statistics

Accountability and Need of Physical security

Factors Affecting Physical Security

Physical Security Checklist

o Company Surroundings

o Premises

o Reception

o Server

o Workstation Area

o Wireless Access Points

o Other Equipments such as fax, removable media etc

o Access Control

o Computer Equipment Maintenance

o Wiretapping

o Remote Access

o Locks

o Spyware

Chapter 15 – Steganography

Steganography

o What is Steganography?

o History

o Steganography today

o Steganography tools

Steganalysis

o What is Steganalysis?

o Types of analysis

o Identification of Steganographic files

Steganalysis meets Cryptanalysis

o Password Guessing

o Cracking Steganography programs

Forensics/Anti-Forensics

Conclusions

o What’s in the Future?

o Other tools in the wild

o References

Chapter 16 – Cryptography Concept of Cryptography

Advantages and uses of Cryptography

PKI (Public Key Infrastructure)

Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK

Concept of Digital Signature

Encryption Cracking Techniques

Disk Encryption

Cracking S/MIME encryption using idle CPU time

Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc

CA (Certificate Authority)

Chapter 17 - Wireless Hacking Wireless Technology

Introduction to wireless networking

Basics & Terminologies

Advantages of Wireless Technology

Components of Wireless Network

Types of Wireless Network

Setting and detecting a wireless network

Advantages and Disadvantages of wireless network

Antennas, SSID, Access Point Positioning and Rogue Access Point

Concept of Wired Equivalent Privacy (WEP)

MAC Sniffing & AP Spoofing

Terminology of Wi-Fi Access

Denial-of-Service and MITM Attack in Wi-Fi

Wireless Intrusion Detection System

Tips to Secure Wireless Network

Chapter 18 - Firewalls & Honeypots

Firewall What Does a Firewall Do?

What a firewall cannot do

How does a firewall work?

Types of Firewall

Working of Firewall

Advantages and Disadvantages of Firewall

Firewalls Implementing for Authentication Process

Types of Authentication Process

Steps for Conducting Firewall Penetration Testing

o Locate the Firewall

o Traceroute to identify the network range

o Port scan the router

o Grab the banner

o Create custom packet and look for firewall responses

o Test access control Enumeration

o Test to indentify firewall architecture

o Test firewall using firewalking tool

o Test for port redirection

o Test Convert channels

o Test HTTP Tunneling

o Test firewall specific vulnerabilities

How to Bypassing the Firewall

Concept of Honeypots

Purpose and working of Honeypots

Advantages and Disadvantages of Honeypots

Types of Honeypots

Uses of Honeypots

Detecting Honeypot

Honeynets

Architecture of Honeynet

Working process of Honeynet

Types of Honeynet

Honeywall CDROM

Chapter 19 - IDS & IPS

Concept of IDS (Intrusion Detection System)

History and Characteristics of IDS

Importance of IDS

Deployment of IDS

Intro, Advantages and Components of Distributed IDS

Aggregate Analysis with IDS

Types and Architecture of IDS:-

o Network Based IDS

o Host Based IDS

Diff. Between Network Base IDS and Host Base IDS

Methods to Detect IDS

Signatures

Types of Signature:-

o Network Signatures

o Host-based Signatures

o Compound Signatures

Methods to Detect Signature

Prelude of IDS

Concept of IPS (Intrusion Prevention System)

Diff. Between IDS and IPS

Network Antivirus Software’s

Chapter 20 – Vulnerability Assessment Concept of Vulnerability Assessment

Purpose Types of Assessment

Vulnerability Classification

How to Conduct Vulnerability Assessment

Vulnerability Analysis Stages

Vulnerability Assessment Considerations

Vulnerability Assessment Reports

TimeLine and Penetration Attempts

Vulnerability Assessment Tools

Chapter 21 – Penetration Testing

Concept of Penetration Testing

Security assessments Categories

Vulnerability Assessment

Limitation of Vulnerability assessment

Why Penetration Testing?

Types of Penetration Testing

o External Testing

o Internal Testing

Sourcing Penetration Testing

Terms of Engagement

Project Scope

Agreements of Pentest Service

Testing Points, Locations, Automated Testing, Manual Testing,

Gathering information for Penetration Testing By :-

o Domain name and IP address information

o Enumerating Information about Hosts

o Testing Network-Filtering Devices

o Enumerating Devices

o Denial of Service Emulation

Chapter 22 – Session Hijacking Session Hijacking

Difference between Spoofing and Session Hijacking

Phases of Session Hijacking:-

o Tracking the session

o Desynchronizing the connection

o Injecting the attacker’s packet

Types of Session Hijacking:-

o Active

o Passive

TCP 3 Way Hand Shake

Sequence Numbers

Dangers Posed by Hijacking

Countermeasure of Session Hijacking

Protection Against Session Hijacking

Countermeasure: IPSec

Chapter 23 – Hacking Web Server Web Servers

Working process of Web Server

Loopholes of Web Server

Introduction of Popular Web Server and Common Security Threats

Apache Vulnerability

Attacks against IIS

Components of IIS

IIS Directory Traversal

Unicode and Unicode Directory Traversal Vulnerability

Unspecified Executable Path Vulnerability

File System Traversal Counter measures

WebDAV / ntdlldll Vulnerability

RPC DCOM Vulnerability

ASN Exploits

IIS Logs

Escalating Privileges on IIS

Hot Fixes and Patches

Countermeasures of Web Server

Chapter 24 – SQL Injection Introduction of SQL

What SQL Can do

SQL Queries

Use of Quotes, AND & OR

Concept of SQL Injection

OLE DB Error

Login Guessing & Insertion

Shutting Down SQL Server

Extended Stored Procedures

Preventive Measures

Chapter 25 – Cross Site Scripting Introduction Cross Site Scripting

Cross-Site Scripting

Ways of Launching Cross-Site Scripting Attacks

Working Process of Cross-Site Scripting Attacks

When will be an attack successful?

Programming Languages Utilized in XSS Attacks

Types of XSS Attacks

Steps of XSS Attack

Not Fixing CSS/XSS Holes Compromises

Methodology of XSS

How to protect Against XSS

Chapter 26 – Exploit Writing Concept of Exploit Writing

Purpose of Exploit Writing

Requirements of Exploits Writing & Shell codes

Types of Exploits:-

o Stack Overflow Exploits

o Heap Corruption Exploit

o Format String Attack

o Integer Bug Exploits

o Race Condition

o TCP/IP Attack

The Proof-of-Concept and Commercial Grade Exploit

Converting a Proof of Concept Exploit to Commercial Grade Exploit

Attack Methodologies

Socket Binding Exploits

Steps for Writing an Exploit

Shellcodes

Null Byte

Types of Shellcode

Steps for Writing a ShellCode

Issues Involved With Shellcode Writing

Buffer

Static Vs Dynamic Variables

Stack Buffers, Data Region and Memory Process Regions

About the Stack

Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure

Prolog) , Return Address (RET), Word Size and Buffer Overflows,

Why do we get a segmentation violation and Segmentation Error

Writing Windows Based Exploits

EIP Register and ESP

Metasploit Framework, msfconsole

Development with Metasploit

Need for Creating of Exploit

Determining the Attack Vector

Debugger

Determine the offset & pattern create

Where to place the payload?

Chapter 27 – Buffer Overflow Why Applications are vulnerable

Buffer Overflow Attack

Reasons of Buffer Overflow

Knowledge for Buffer Overflow

Understanding Stacks

Understanding Heaps

Types of Buffer Overflow Attack

o Stack Based

o Heap Based

Heap Memory Buffer overflow Bug

Understanding Assembly Language

Intro of Shell Code

Detection of Buffer Overflows in a program

Attacking a Real Program

Once the Stack is smashed

NOPS

Mutate a Buffer Overflow Exploit

Comparing Functions of libc and libsafe

Simple Buffer Overflow in C

Code Analysis

Countermeasure of Buffer Overflow Attack

Chapter 28 – Reverse Engineering Concept of Reverse Engineering

Positive Application of Reverse Engineering

Ethical Reverse Engineering

DMCA ACT

Disassembler

Decompilers

Program Obfuscation

Why do you need to decompile ?

NET Obfuscator and NET Obfuscation

Java Byte code Decompilers

How does OllyDbg Work?

Chapter 29 – Email Hacking Concept of Email

Spam and Spam Laws

E-Mail Tracking By Header

Concept of Fake E-mails

Various steps to send Fake mails

Traceip by PHP Script

Chapter 30 – Incident Handling & Response Incident

Different Categories of Incidents

Various Types of Incidents

Who should I report an incident

Step by Step Procedure of Incident Handling

Managing Incidents

Incident Response

Incident Handling Process

Incident Detection Process

Incident Containment Process

Incident Eradication Process

Incident Recovery Process

Incident Follow up Process

Incident Response Team

CSIRT Services

Chapter 31 – Bluetooth Hacking Bluetooth Technology

Concept of Bluetooth Hacking

Attacks on Bluetooth Mobile

Why Bluetooth hacking?

Working of Bluetooth Hacking

Mobile Dos Attack

Mobile Viruses & Worms

Mobile Security Tips & Tricks

Samsung Mobile Security Tips & Tricks

Motorola Mobile Security Tips & Tricks

Conclusions

Countermeasures

Chapter 32 – Mobile Phone Hacking

Mobile Technologies Introduction and Facts of GSM

Low-Tech Fraud

Countermeasure of Low-Tech Fraud

GSM Security Problems

Attacks on GSM Networks

De-Registration and Location Update Spoofing

Camping on a False BTS and False BTS/MS

Active and Passive Identity Caching

Suppressing encryption between the target user and the intruder

Suppressing encryption between target user and the true network

Compromised cipher key

Eavesdropping on user data by suppressing encryption

Eavesdropping

User impersonation with compromised authentication vector

Hijacking outgoing calls

Hijacking outgoing calls with encryption enabled

Hijacking incoming calls

Hijacking incoming calls with encryption enabled

Introduction of Cryptography, Fake BTS and Terminology

Terminal and SIM

Discuss about Mobile Execution Environment

GSM Data, Signaling and Signaling Security

SS7: Opening up to World, Waiting for disaster, Evolution and What to do

Diff. between :-

o PSTN vs VOIP

o VOIP vs SS7

GSM Network Elements and Architecture

Home Location Register (HLR) and Authentication Center (AuC)

Mobile Switching Center (MSC)

Customer Care and Billing System

Value-Added Services

WAP Security Model, The WAP Gap and WTLS Security

WAP:

o No end-to-end Trust

o Man-in-the-middle

Introduction of third Generation of Wireless

3G Security Architecture and Security Model

Diff. Between 3G vs GSM

AKA Message Flow and Connection Establishment

Overview of Ciphering and Integrity

Interception and It’s :-

o Definitions

o Terminology

o Logical Configuration

o Concepts

Circuit and Packet Data Event Records

Discuss the Security of Interception

Components of GSM Network

Overview of Subscriber and its Identification

Electronic Access to the SIM

Extraction From A SIM

o Location Information File

o Serial Number

o Subscriber Identifier

o Phone Number

o Text Message Data

o Status of Text Message Data

o Threats to a SIM Data

Equipments:-

o Generic Properties

o Ms data

o Threats to MS Data

o Network and :-

o Network Operator Data

o Call Data Records

o Threats to Network Operator

GSM Security Operation and Forensics Tools

Overview of Cell Seizure

Features Of Cell Seizure

Advantages and Disadvantages of Cell Seizure

Tool of Cell Seizure