HOME

Introduction to Ethical Hacking

Ethical Hacking:
To crack passwords or to steal data? No, it is much more than that. Ethical hacking is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weak points or loopholes in a computer, web applications or network and reports them to the organization. So, let’s explore more about Ethical Hacking step-by-step.

These are various  types of hackers:

(1) White Hat Hackers (Cyber-Security Hacker)           
(2) Black Hat Hackers (Cracker)                         
(3) Gray Hat Hackers (Both) 

 

1. White Hat Hackers:
   Here, we look for bugs and ethically report it to the organization. We are authorized as a user to test for bugs in a website or network and report it to them. White hat hackers generally get all the needed information about the application or network to test for, from the organization itself. They use their skills to test it before the website goes live or attacked by malicious hackers.
2. Black Hat Hackers:
   Here, the organization doesn’t allow the user to test it. They unethically enter inside the website and steal data from the admin panel or manipulate the data. They only focus on themselves and the advantages they will get from the personal data for personal financial gain. They can cause major damage to the company by altering the functions which lead to the loss of the company at a much higher extent. This can even lead you to extreme consequences.
3. Grey Hat Hackers:
   They sometimes access to the data and violates the law. But never have the same intention as Black hat hackers, they often operate for the common good. The main difference is that they exploit vulnerability publicly whereas white hat hackers do it privately for the company.

What are the key concepts of ethical hacking?

• Stay legal- Obtain proper approval before accessing and performing a security assessment.
• Define the scope- Determine the scope of the assessment so that the ethical hacker’s work remains legal and within the organization’s approved boundaries
• Report vulnerabilities- Notify the organization of all vulnerabilities discovered during the assessment. Provide remediation advice for resolving these vulnerabilities.
• Respect data sensitivity- Depending on the data sensitivity, ethical hackers may have to agree to a non-disclosure agreement, in addition to other terms and conditions required by the assessed organization.

OS Module

• OS Concepts, Architecture and Features
• Windows OS Basics
• Windows 7, 10, 11 Installations
• Advanced Networking with Windows
• Users and Permissions management in Windows
• Disk and Device management in Windows
• Linux Kernel, Shell Basics
• Linux Installation
• RedHat, Ubuntu, Kali, Parrot
• Advanced Networking with Linux
• Users and Permissions management in Linux
• Disk and Device management in Linux

Networking Module

• Networking Devices
• Cables, Connectors and WiFi standards
• Networking Topology and Standards
• Networking Protocols
• OSI layers
• IP Addressing and Subnets
• Assigning IP in Windows and Linux
• Connectivity checking and troubleshooting
• Planning and Implementing a LAN
• Understanding Networking Services DNS, DHCP and Gateway
• Creating a secure LAN to WAN connection

Security Module

• LAN and WAN Security Basics
• Implementing Firewall
• IDS -Intrusion Detection Systems
• IPS – Intrusion Prevention Systems
• Software Based Security in infrastructures –Passwords, PIN, Pattern, TP
• Hardware Based Security in infrastructures – Access CARDS, RFID, SIM
• Biometric Security in infrastructures –IRIS and Finger Print Scanners, Face Recognition
• Physical/Perimeter Security- CCTV, Bollards, Tyre Killers, Auto Toll Gate, Motion/Thermal Alarms

Penetration Testing Module

• Sand Box Environments
• Pen Testing Tools
• Pen Testing OS
• White Box Testing
• Black Box Testing
• Grey Box Testing
• Writing Test Reports

Ethical Hacking Introduction Module

• Information Security Overview
• Information Security Threats and Attack Vectors
• Hacking Concepts
• Ethical Hacking Concepts
• Information Security Controls
• Penetration Testing Concepts
• Information Security Laws and Standards
• Cyber Kill Chain Concepts

Information Gathering ,Footprinting and Reconnaissance Module

• Footprinting Concepts
• Footprinting Methodology
• Footprinting through Search Engines
• Footprinting through Web Services
• Footprinting through Social Networking Sites
• Website Footprinting
• Email Footprinting
• Competitive Intelligence
• Whois Footprinting
• DNS Footprinting
• Network Footprinting
• Footprinting through Social Engineering
• Footprinting Tools
• Footprinting Countermeasures
• Footprinting Pen Testing

Scanning Networks Module

• Network Scanning Concepts
• Scanning Tools
• Scanning Techniques
• Host Discovery
• Port and Service Discovery
• Banner Grabbing
• OS Discovery
• OS Fingerprinting
• Draw Network Diagrams
• Nmap scanning
• Scanning using Hping3

Enumeration Module

• Enumeration Concepts
• NetBIOS Enumeration
• SNMP Enumeration
• LDAP Enumeration
• NTP Enumeration
• SMTP Enumeration
• DNS Enumeration
• Other Enumeration Techniques (Telnet, SMB)
• Enumeration Countermeasures
• Other Enumeration Techniques
• Enumeration Pen Testing

Vulnerability Analysis Module

• Vulnerability Assessment Concepts
• CVE Concepts
• CWE Concepts
• Vulnerability Classification

• Vulnerability Assessment Types
• Vulnerability Assessment Solutions
• Vulnerability Scoring Systems
• Vulnerability Assessment Tools
• Vulnerability Assessment using Nessus
• Vulnerability Assessment using Acunetix
• Vulnerability Assessment using Nikto
• Vulnerability Assessment Reports

System Hacking Module

• System Hacking Concepts
• Gaining Access
• Vulnerability Exploitation
• Cracking Passwords
• Escalating Privileges
• Executing Applications
• Hiding Files
• Maintaining Access
• Clearing Logs
• Covering Tracks
• Penetration Testing

Malware Threats Module

• Malware Concepts
• HTTPRAT
• njRAT
• ProRAT
• Trojan Concepts
• Virus and Worm Concepts
• JPS VirusMaker
• Internet Worm Maker
• Ransomware Analysis
• Malware Analysis
• APT – Advanced persistent threat
• Countermeasures
• Anti-Malware Software
• Microsoft Defender
• Virustotal
• Penetration Testing using Malware
• Cports/CurrPorts
• TCPView
• Autoruns

Sniffing Module

• Sniffing Concepts
• Sniffing Technique: MAC Attacks
• Sniffing Technique: DHCP Attacks
• Sniffing Technique: ARP Poisoning
• Sniffing Technique: Spoofing Attacks
• Sniffing Technique: DNS Poisoning
• Sniffing Tools
• Wireshark
• Ettercap
• Microsoft Networking Monitor Tool
• TCP Dump
• Cain and Abel
• Countermeasures
• Sniffing Detection Techniques
• XARP
• Sniffing Pen Testing

Social Engineering Module

• Social Engineering Concepts
• Social Engineering Techniques
• Setoolkit
• Insider Threats
• Impersonation on Social Networking Sites
• Identity Theft
• Countermeasures
• Netcraft Toolbar
• Virustotal
• Social Engineering Penetration Testing

Denial-of-Service Module

• DoS/DDoS Concepts
• DoS/DDoS Attack Techniques
• Botnets
• DDoS Case Study
• DoS/DDoS Attack Tools
• Hping3
• HOIC
• LOIC
• Countermeasures
• DoS/DDoS Protection Tools
• DoS/DDoS Attack Penetration Testing

Session Hijacking Module

• Session Hijacking Concepts
• Application Level Session Hijacking
• Network Level Session Hijacking
• Session Hijacking Tools
• OWASP Zap Proxy
• Burp Suite
• Countermeasures
• Penetration Testing

Evading IDS, Firewalls, and Honeypots Module

• Intrusion Detection System Concepts
• Firewall Concepts
• Windows Firewall
• Iptables Linux Firewall
• Honeypot Concepts
• HoneyBOT
• IDS, Firewall, and Honeypot Solutions
• Evading IDS
• Snort IDS
• Evading Firewalls
• IDS/Firewall Evading Tools
• Detecting Honeypots
• IDS/Firewall Evasion Countermeasures
• Penetration Testing

Hacking Web Servers Module

• Web Server Concepts
• Apache Server
• Tomcat Server
• IIS Server
• Ngix Server
• Web Server Attacks
• Web Server Attack Methodology
• Web Server Attack Tools
• Hydra
• HTTPRecon
• IDServ
• Countermeasures
• Patch Management
• Web Server Security Tools
• Web Server Pen Testing

Hacking Web Applications Module

• Web App Concepts
• Web App Threats
• Hacking Methodology
• Web Application Hacking Tools
• Countermeasures
• Web App Security Testing Tools
• Web App Pen Testing

SQL Injection Module

• SQL Injection Concepts
• Types of SQL Injection
• SQL Injection Methodology
• SQL Injection Tools
• Evasion Techniques
• Countermeasures

Wireless Networks Hacking Module

• Wireless Concepts
• Wireless Encryption
• Wireless Threats
• Wireless Hacking Methodology
• Wireless Hacking Tools
• Bluetooth Hacking
• Countermeasures
• Wireless Security Tools
• Wi-Fi Pen Testing

Mobile Platforms Hacking Module

• Mobile Platform Attack Vectors
• Hacking Android OS
• Hacking iOS
• Mobile Spyware
• Mobile Device Management
• Mobile Security Guidelines and Tools
• Mobile Pen Testing

Hacking IoT Module

• IoT Concepts
• IoT Attacks
• IoT Hacking Methodology
• IoT Hacking Tools
• Countermeasures
• IoT Pen Testing

Cloud Computing Module

• Cloud Computing Concepts
• Owncloud
• Cloud Computing Threats
• Cloud Computing Attacks
• Cloud Security
• Cloud Security Tools
• Cloud Penetration Testing

Cryptography Module

• Cryptography Concepts
• Encryption Algorithms
• Cryptography Tools
• Public Key Infrastructure (PKI)
• Email Encryption
• Disk Encryption
• Cryptanalysis
• Countermeasures
• Md5calc
• Hashcalc
• VeraCrypt

Computer Forensics Module

• Introduction to Forensics
• Legal study of evidence acquisition
• Forensics Tools
• Forensics steps in real time incident handling
• RAM/Memory forensics
• Disk based forensics
• Network Forensics
• Data packet analysis
• Mobile forensics
• Browser forensics
• USB forensics
• Windows forensics
• Volatility and Encase
• Data recovery tools

Data Recovery Module

• Data Recovery Concepts
• Data Recovery Tools
• Recovery4all