Summer Training Program 2014

CCSE V3.0 Certified Cyber Security Expert Version 3.0

TechD Facts

• Incorporated in November 2009

• Trained more than 40000 students, conducted 400 Workshops Including all IITs, NITs & Many colleges across India.

• Trained Professional from many reputed companies like Yahoo!,Google,ISACA,k7 Antivirus, Elitecore , Indian Oil, Temenos, ZOHO, HCL,TCS Infosys.

• Trained Investigation agencies of Gujarat, Maharashtra, Rajasthan, Tamilnadu, West Bengal.

• Successfully completed more than 10000 training hours into IT Security.

TechD Facts

• Trained & Certified 2000 Students & Professionals for CCSE ( Certified Cyber Security

Expert) Course.

• Helped Top Investigating Agencies to Solve Ahmedabad & Mumbai blasts Cyber trails.

• Associated for an out reach program with the Major Technical festivals of IIT Bombay, Kanpur, NIT Bhopal, NIT Calicut, Jadavpur University Kolkata, and BITS Pilani Goa for giving authorized certification.

• Major VAPT Clients includes Sulekha.com, Cyberoam.

• Supported by Ministry of Home Affairs, Malaysia & CMO, Gujarat. • Developed our own Crypters, Trojans, RATS for demonstrations.

TechD Facts

• Sunny Vaghela (Director & CTO) is recipient of Rajiv Gandhi Young

Achiever’s Award. • TechDefence has been awarded as Best Ethical Hacking & Information

Security Company by NBC at Trident Hotel , Mumbai.

TechD Facts

• TechDefence has also been awarded as Best Ethical Hacking & Information Security Company of Western India by BIG Research & IBN 7.

• Nominated for World Education Awards into category of Private Sector Initiative for use of innovative Technology for skilled education

CCSE Contents

Module 1 : Cyber Ethics - Hackers & hacking methodologies • Types of hackers • Communities of Hackers • Malicious Hacker Strategies • Steps to conduct Ethical Hacking • Hiding your identity while performing attacks Module 2: Basic Network Terminologies • TCP / IP protocols • IP addresses • Classes of IP addresses • NAT • Proxies and VPN’s • SSH and putty

CCSE Contents

Module 3: Information Gathering & Footprinting

• Whois information

• Active / Passive information gathering

• DNS report

• NS Report

• MX-information

• DNS-cache

• Maltego

• Doxing (Peoples & Digitals Boxes)

• Foot printing methodologies

• Tools that aid in foot printing

• Savitabhabhi.com case study

CCSE Contents

Module 4: Scanning & Enumeration

• Why scanning?

• Types of scanning

• Tools to aid in scanning

• Nmap - The Godfather

• Banner grabbing

• DNS Enumeration with Different Scripts

CCSE Contents

Module 5: Trojans, Backdoors • How to control victim’s computer using Trojans • Binding Trojans with another file • Undetection process of Trojans from Antivirus • Removal of Trojans from your computer • Analysis of Trojans/Virus Module 6: Virus & Worms • Introduction to viruses • How they work? • Methods use to hide themselves and replicate themselves • Introduction to worms • Causes of worms • Method used to replicate themselves • Role of antivirus product and goat file

CCSE Contents

Module 7: Phishing & its Prevention

• Making phishing pages (3 types of Phishing)

• How to detect phishing pages.

• Detecting Phishing Crimes

Module 8: System Hacking & Security

• Password cracking

• Privilege escalation

• Tools to aid in system hacking

• Understanding rootkits

• Clearing traces

• Countermeasures

CCSE Contents

Module 9: Social engineering & Honeypots

• Introduction • Laws of social engineering • Types of social engineering • Honeypots introduction • Types of honeypots • Setting up windows / Linux honeypot Module 10: Bot,Bots & DOS(Denial of Service) • Introduction to bots • Introduction to botnets and zombies • Botnet lifecycle • IRC bots • Customize your own bot

CCSE Contents

Module 11: Cryptography • Public-key Cryptography • Working of Encryption • Digital Signature • RSA & Example of RSA Algorithm • RC4, RC5, RC6, Blowfish • Algorithms and Security • Tools that aid in Cryptography Module 12: Google Hacking • Understanding how Google works • Google basic operators • Google advanced operators • Automated Google tools • How to use Google to find the desired website • How Google can aid in searching vulnerable website

CCSE Contents

Module 13: SQL Injection 1

• Web Application Overview

• Web Application Attacks

• OWASP Top 10 Vulnerabilities

• Putting Trojans on websites

• SQL injection attacks

• Executing Operating System Commands

• Getting Output of SQL Query

• Getting Data from the Database Using ODBC Error Message

• How to Mine all Column Names of a Table

• How to Retrieve any Data

• How to Update/Insert Data into Database

• SQL Injection in Oracle

• SQL Injection in MySql Database, 20 Hands on Demonstrations on real websites

CCSE Contents

Module 14: SQL Injection 2

• Attacking Against SQL Servers

• SQL Server Resolution Service (SSRS)

• SQL Injection Automated Tools

• MSSQL Injection

• Blind SQL Injection

• Preventing SQL Injection Attacks

Module 15: XSS – Cross Site Scripting

• Introduction to XSS & Types of XSS

• XSS worm and XSS shell

• Cookie grabbing

• Countermeasures

CCSE Contents

Module 16: CSRF, Click Jacking & Privilege Escalation Vulnerabilities

• Introduction to csrf

• Building proof of concept code

• Protections against csrf

• Click Jacking & Protections

Module 17: Information Disclosure Vulnerabilities

• Introduction

• Setting up the correct chmod

• Protecting the sensitive server files

• Preventing the data loss

CCSE Contents

Module 18: LFI / RFI

• Introduction to LFI / RFI

• Finding out LFI / RFI Vulnerabilities

• Demonstration & Prevention

Module 19:Hacking Web Servers

• Understanding IIS and apache

• How to use PHP and ASP backdoors

• What are local root exploits?

• Implementing web server security

• Patch management

CCSE Contents

Module 20: Vulnerability Assessment & Penetration Testing

• Burp Interceptor

• Burp Target

• Burp Spider

• Burp Scanner

• Burp Intruder

• Burp Repeater

• Burp Decoder

• Burp Sequencer

• Burp Extender

• Burp App Store- Introduction

• Live Hacking Through Burp

CCSE Contents

Module 21: Vulnerability Assessment & Penetration Testing

• Introduction to VAPT

• Categories of security assessments

• Vulnerability Assessment

• Limitations of Vulnerability Assessment

• Penetration Testing

• Types of Penetration Testing

• Do-It-Yourself Testing

• Outsourcing Penetration Testing Services

• Terms of Engagement

• Project Scope & Pentest Service Level Agreements

• Testing points & Locations

• Automated & Manual Testing

CCSE Contents

Module 22: Assembly Language Basics

• Difference Assembly Language Vs High-level Language

• Assembly Language Compilers

• Understanding Instruction operands, Directive & preprocessor

• Interrupts , Interrupt handler, External interrupts and Internal interrupts Handlers

• Assembling the & Compiling the C code

• Linking the object files & Understanding an assembly listing file

• Big and Little Endian Representation, Skeleton File

• Working with Integers, Signed integers & Signed Magnitude

• Understanding Two’s Compliment, If statements, Do while loops

• Indirect addressing, Subprogram

• Understanding The Stack, SS segment& ESP

• The Stack UsageThe CALL and RET Instructions

CCSE Contents

Module 23 & Module 24: Buffer Overflows 1-2

• Introduction

• How BOF works

• Stack based buffer overflow

• Heap based buffer overflow

• Heap spray

• Understanding the shellcode

• Mapping the memory

• Fuzzing

• Countermeasures

CCSE Contents

Module 25: Exploit Writing

• Exploits Overview

• Prerequisites for Writing Exploits and Shellcodes

• Purpose of Exploit Writing

• Types of Exploits

• Tools that aid in writing Shellcode

• Issues Involved With Shellcode Writing

• Addressing problem

• Null byte problem

• System call implementation

CCSE Contents

Module 26 : Reverse Engineering

• Introduction to RE

• Briefing OllyDbg

• Patching

• Cracking

• Keygening

• Countermeasures

Module 27: Firewalls, IDS, Evading IDS

• Introduction

• How to detect Intrusion

• Types of Intrusion

• Configuring IDPS

• Firewall and it’s types

• Evading Firewalls and IDS

CCSE Contents

Module 28 & Module 29: Metasploit Framework using BackTrack

• Introduction to this framework

• Getting hands on commands

• Hacking windows with metasploit

• Hacking Linux with metasploit

• Web Hacking through Metasploit

CCSE Contents

Module 30: Wireless Hacking & Security

• Wireless Protocols

• Wireless Routers-Working

• Attacks on Wireless Routers

• Cracking Wireless routers password(WEP)

• Securing routers from Hackers

• Countermeasures

Module 31: Mobile, VoIP Hacking & Security

• SMS & SMSC Introduction

• SMS forging & countermeasures

• Sending & Tracking fake SMSes

• VoIP Introduction

• Installing VoIP Server & Forging Call using VoIP

CCSE Contents

Module 32: Introduction to Cyber Crime Investigation & IT ACT 2000

• Types of Cyber Crimes

• Reporting Cyber Crimes & Incidence response

• Introduction to IT Act 2000 & its sections

• Flaws in IT ACT,2000

• Investigation Methodologies & Case Studies

• Different Logging Systems.

• Investigating Emails ( Email Tracing)

• Ahmedabad Bomb Blasts Terror Mail case study

• Investigating Phishing Cases

• Investigating Data Theft Cases

• Investigating Facebook Profile Impersonation Cases

• Investigating SMS & Call Spoofing Cases

CCSE Contents

Module 33: Cyber Forensics

• Cyber Forensics

• Understanding Cyber Forensics

• Hands on Cyber Forensics on Hard Disks

• Preparing Cyber Forensics Reports

Module 34 - 35: Project Work 1 , Project Work 2 & Final Exam.

• Training attendees will be getting exposures to live projects like Penetration testing, Creating own vulnerable penetration testing framework , Online Malware Scanners.

• Semi Final & Final Exam ( Online Hacking Challenge)

CCSE Contents

Total Hours: 80 hours

Training Duration : 30 – 45 Days.

Training Centers: Ahmedabad, Delhi , Hyderabad.

For More information Call on 7567867774, 9723373375 , 7567867770