Summer Training Program 2014
CCSE V3.0
TechD Facts
• Incorporated in November 2009
• Trained more than 40000 students, conducted 400 Workshops Including all IITs, NITs & Many colleges across India.
• Trained Professional from many reputed companies like Yahoo!,Google,ISACA,k7 Antivirus, Elitecore , Indian Oil, Temenos, ZOHO, HCL,TCS Infosys.
• Trained Investigation agencies of Gujarat, Maharashtra, Rajasthan, Tamilnadu, West Bengal.
TechD Facts
• Trained & Certified 2000 Students & Professionals for CCSE ( Certified Cyber Security Expert) Course.
• Helped Top Investigating Agencies to Solve Ahmedabad & Mumbai blasts Cyber trails.
• Associated for an out reach program with the Major Technical festivals of IIT Bombay, Kanpur, NIT Bhopal, NIT Calicut, Jadavpur University Kolkata, and BITS Pilani Goa for giving authorized certification.
• Major VAPT Clients includes Sulekha.com, Cyberoam.
• Supported by Ministry of Home Affairs, Malaysia & CMO, Gujarat. • Developed our own Crypters, Trojans, RATS for demonstrations.
TechD Facts
• Sunny Vaghela (Director & CTO) is recipient of Rajiv Gandhi Young
Achiever’s Award.
• TechDefence has been awarded as Best Ethical Hacking & Information
Security Company by NBC at Trident Hotel , Mumbai.
TechD Facts
• TechDefence has also been awarded as Best Ethical Hacking & Information
Security Company of Western India by BIG Research & IBN 7.
• Nominated for World Education Awards into category of Private Sector Initiative
for use of innovative Technology for skilled education
CCSE Contents
Module 1 : Cyber Ethics - Hackers & hacking methodologies • Types of hackers
• Communities of Hackers • Malicious Hacker Strategies
• Steps to conduct Ethical Hacking
• Hiding your identity while performing attacks Module 2: Basic Network Terminologies
• TCP / IP protocols • IP addresses • Classes of IP addresses • NAT • Proxies and VPN’s • SSH and putty
CCSE Contents
Module 3: Information Gathering & Footprinting
• Whois information
• Active / Passive information gathering • DNS report
• NS Report
• MX-information • DNS-cache
• Maltego
• Doxing (Peoples & Digitals Boxes) • Foot printing methodologies • Tools that aid in foot printing • Savitabhabhi.com case study
CCSE Contents
Module 4: Scanning & Enumeration • Why scanning?
• Types of scanning
• Tools to aid in scanning • Nmap - The Godfather • Banner grabbing
CCSE Contents
Module 5: Trojans, Backdoors
• How to control victim’s computer using Trojans • Binding Trojans with another file
• Undetection process of Trojans from Antivirus • Removal of Trojans from your computer
• Analysis of Trojans/Virus
Module 6: Virus & Worms • Introduction to viruses • How they work?
• Methods use to hide themselves and replicate themselves • Introduction to worms
• Causes of worms
• Method used to replicate themselves • Role of antivirus product and goat file
CCSE Contents
Module 7: Phishing & its Prevention
• Making phishing pages (3 types of Phishing) • How to detect phishing pages.
• Detecting Phishing Crimes
Module 8: System Hacking & Security • Password cracking
• Privilege escalation
• Tools to aid in system hacking • Understanding rootkits
• Clearing traces • Countermeasures
CCSE Contents
Module 9: Social engineering & Honeypots • Introduction
• Laws of social engineering • Types of social engineering • Honeypots introduction • Types of honeypots
• Setting up windows / Linux honeypot
Module 10: Bot,Bots & DOS(Denial of Service) • Introduction to bots
• Introduction to botnets and zombies • Botnet lifecycle
• IRC bots
CCSE Contents
Module 11: Cryptography • Public-key Cryptography • Working of Encryption • Digital Signature
• RSA & Example of RSA Algorithm • RC4, RC5, RC6, Blowfish
• Algorithms and Security
• Tools that aid in Cryptography Module 12: Google Hacking
• Understanding how Google works • Google basic operators
• Google advanced operators • Automated Google tools
• How to use Google to find the desired website
CCSE Contents
Module 13: SQL Injection 1 • Web Application Overview • Web Application Attacks
• OWASP Top 10 Vulnerabilities • Putting Trojans on websites • SQL injection attacks
• Executing Operating System Commands • Getting Output of SQL Query
• Getting Data from the Database Using ODBC Error Message • How to Mine all Column Names of a Table
• How to Retrieve any Data
• How to Update/Insert Data into Database • SQL Injection in Oracle
CCSE Contents
Module 14: SQL Injection 2
• Attacking Against SQL Servers
• SQL Server Resolution Service (SSRS) • SQL Injection Automated Tools
• MSSQL Injection • Blind SQL Injection
• Preventing SQL Injection Attacks Module 15: XSS – Cross Site Scripting • Introduction to XSS & Types of XSS • XSS worm and XSS shell
• Cookie grabbing • Countermeasures
CCSE Contents
Module 16: CSRF, Click Jacking & Privilege Escalation Vulnerabilities • Introduction to csrf
• Building proof of concept code • Protections against csrf
• Click Jacking & Protections
Module 17: Information Disclosure Vulnerabilities • Introduction
• Setting up the correct chmod
• Protecting the sensitive server files • Preventing the data loss
CCSE Contents
Module 18: LFI / RFI
• Introduction to LFI / RFI
• Finding out LFI / RFI Vulnerabilities • Demonstration & Prevention
Module 19:Hacking Web Servers • Understanding IIS and apache
• How to use PHP and ASP backdoors • What are local root exploits?
• Implementing web server security • Patch management
CCSE Contents
Module 20: Vulnerability Assessment & Penetration Testing • Burp Interceptor • Burp Target • Burp Spider • Burp Scanner • Burp Intruder • Burp Repeater • Burp Decoder • Burp Sequencer • Burp Extender
• Burp App Store- Introduction • Live Hacking Through Burp
CCSE Contents
Module 21: Vulnerability Assessment & Penetration Testing • Introduction to VAPT
• Categories of security assessments • Vulnerability Assessment
• Limitations of Vulnerability Assessment • Penetration Testing
• Types of Penetration Testing • Do-It-Yourself Testing
• Outsourcing Penetration Testing Services • Terms of Engagement
• Project Scope & Pentest Service Level Agreements • Testing points & Locations
CCSE Contents
Module 22: Assembly Language Basics
• Difference Assembly Language Vs High-level Language • Assembly Language Compilers
• Understanding Instruction operands, Directive & preprocessor
• Interrupts , Interrupt handler, External interrupts and Internal interrupts Handlers • Assembling the & Compiling the C code
• Linking the object files & Understanding an assembly listing file • Big and Little Endian Representation, Skeleton File
• Working with Integers, Signed integers & Signed Magnitude • Understanding Two’s Compliment, If statements, Do while loops • Indirect addressing, Subprogram
• Understanding The Stack, SS segment& ESP • The Stack UsageThe CALL and RET Instructions
CCSE Contents
Module 23 & Module 24: Buffer Overflows 1-2 • Introduction
• How BOF works
• Stack based buffer overflow • Heap based buffer overflow • Heap spray
• Understanding the shellcode • Mapping the memory
• Fuzzing
CCSE Contents
Module 25: Exploit Writing • Exploits Overview
• Prerequisites for Writing Exploits and Shellcodes • Purpose of Exploit Writing
• Types of Exploits
• Tools that aid in writing Shellcode
• Issues Involved With Shellcode Writing • Addressing problem
• Null byte problem
CCSE Contents
Module 26 : Reverse Engineering
• Introduction to RE • Briefing OllyDbg • Patching • Cracking • Keygening • Countermeasures
Module 27: Firewalls, IDS, Evading IDS
• Introduction
• How to detect Intrusion • Types of Intrusion
• Configuring IDPS • Firewall and it’s types • Evading Firewalls and IDS
CCSE Contents
Module 28 & Module 29: Metasploit Framework using BackTrack • Introduction to this framework
• Getting hands on commands
• Hacking windows with metasploit • Hacking Linux with metasploit • Web Hacking through Metasploit
CCSE Contents
Module 30: Wireless Hacking & Security • Wireless Protocols
• Wireless Routers-Working • Attacks on Wireless Routers
• Cracking Wireless routers password(WEP) • Securing routers from Hackers
• Countermeasures
Module 31: Mobile, VoIP Hacking & Security • SMS & SMSC Introduction
• SMS forging & countermeasures • Sending & Tracking fake SMSes • VoIP Introduction
CCSE Contents
Module 32: Introduction to Cyber Crime Investigation & IT ACT 2000 • Types of Cyber Crimes
• Reporting Cyber Crimes & Incidence response • Introduction to IT Act 2000 & its sections
• Flaws in IT ACT,2000
• Investigation Methodologies & Case Studies • Different Logging Systems.
• Investigating Emails ( Email Tracing)
• Ahmedabad Bomb Blasts Terror Mail case study • Investigating Phishing Cases
• Investigating Data Theft Cases
• Investigating Facebook Profile Impersonation Cases • Investigating SMS & Call Spoofing Cases
CCSE Contents
Module 33: Cyber Forensics • Cyber Forensics
• Understanding Cyber Forensics
• Hands on Cyber Forensics on Hard Disks • Preparing Cyber Forensics Reports
Module 34 - 35: Project Work 1 , Project Work 2 & Final Exam.
• Training attendees will be getting exposures to live projects like Penetration testing, Creating own vulnerable penetration testing framework , Online Malware Scanners. • Semi Final & Final Exam ( Online Hacking Challenge)
CCSE Contents
Total Hours: 80 hours
Training Duration : 30 – 45 Days.
Training Centers: Ahmedabad, Delhi , Hyderabad.