FSP-201:
OVERVIEW
ABOUT SIFS INDIA
COURSE INTRODUCTION
ENTRY REQUIREMENTS
HOW TO APPLY
FEE STRUCTURE
COURSE MODULES
CAREER PROSPECTS
LIBRARY
01
ABOUT SIFS INDIA
COURSE INTRODUCTION
SIFS INDIA was founded from 2005 with an aim to impart high quality and easily accessible
Forensic Services and Education to meet the growing demand of Law enforcement and other Government and private legal Departments. We aim to encourage new developments and research in the field of Forensic Sciences including Cyber Law, Cyber Forensic, Fingerprint Verification and Handwriting Analysis.
SIFS INDIA is registered with Govt. of India, We provide various science services
including-Forensic Education-Department of Education provides various including-Forensic Science Courses in the
fields of Forensic Science and Criminal Investigation. These courses provide you advantages for the development of your career in the fields of Private Forensic Investigation, Banks, Police Departments, Detective agency, IT industries, IB, CBI and many more..
We impart services to the several Govt. and Corporate agency to help them in field of forensics under our other departments such
as-• Forensic Investigation • Forensic Training • Forensic Internship • Forensic Research
• Security Services • Scientific Equipment Department
Ethical hacking – Ethical hackers are normally white hat guys who normally penetrates and secure IT system. Introduction to Computer Crime and Ethical Hacking: In this module we will have introduction to computers and cyber crime, printing counterfeit currency and documents. In addition software piracy and data recovery.
Networking for Ethical Hacking: In this module we will discuss about networked computer
crimes and unauthorized access and interception. We will Basics of computer viruses and programs, manipulating computer security and Internet. Image Identification: This module is about image processing, tapes, and video image processing and encryption methods.
Database Searching: We will discuss basics of bioinformatics and in detail about database
searching. Searching for sequence homology and alignment, basics of UNIX database programming and computing concepts.
HOW TO APPLY
www.sifsindia.com/payment
1. First select the course. Then Check the fees and fill up the complete online application form or download the application form.
2. Make sure to sign the application form. Include your complete mailing address and all other details. Please provide telephone number and/or email address and also attach a self-attested photograph of the candidate.
3. Things to be send with application form:
Attach photocopies of the Academic qualification certificates duly attested by a notary or a Gazetted Officer (Mandatory); Send three additional passport size photographs along with the application form.
Payment: Include the total fee as per the course selected as per your choice. Amount can be
deposited in the bank or send a cheque or demand draft (DD) or money order (MO) or banker's cheque in favor of "SIFS INDIA" payable in Delhi. Visit:
Post/e-Mail the above required items to- SIFS INDIA, 2443, Basement, Hudson Line, Kingsway
Camp, Delhi-110009, India.
What You Will Receive: Admission Letter, Online User name and Password to excess the course
content, Printed Material (Books / Notes/ CD/DVD/Software's/Tools/Kit) (For Distance Courses Only), Identity Card and Examination Card, Course Completion Certificate, Mark Sheet and
Certification.
ENTRY REQUIREMENTS
12th Passed in any discipline from Recognized
Board/School/basic knowledge of Science
related field.
LEVEL - II
LEVEL - I
LEVEL - III
10th Passed from Recognized Board/School
and basic knowledge of Science related field.
Graduation Passed from Registered Board/College
and basic knowledge of Science related field.
FEE STRUCTURE
16,000/-COURSE MODULES
INTRODUCTION TO ETHICAL HACKING
FOOTPRINTING AND RECONNAISSANCE
SCANNING NETWORK
ENUMERATION
SYSTEM HACKING
TROJANS AND BACKDOORS
VIRUSES AND WORMS
SNIFFING
SESSION HIJACKING
SOCIAL ENGINEERING
DENIAL OF SERVICE (DOS)
HACKING WEBSERVER
SQL INJECTION
HACKING WIRELESS NETWORKS
MODULE-1 INTRODUCTION TO ETHICAL HACKING
MODULE-2 FOOTPRINTING AND RECONNAISSANCE
1.1 What is Hacking?
1.2 Understanding Security
1.3 Understanding Ethical Hacking 1.4 History of Hacking
1.5 Famous Hackers 1.6 Phases of Hacking
1.7 Ethical Hacking Industry Practices
1.8 Difference between Ethical Hacker and Malicious Hacker 1.9 Types of Hackers 2.1 Footprinting Concepts 2.1.1 Footprinting Terminology 2.1.2 What is Footprinting? 2.1.3 Why Footprinting? 2.1.4 Objectives of Footprinting 2.2 Footprint Methodology
2.2.1 Footprint through Search Engines
2.2.2 Finding Company's External and Internal URLs 2.2.3 Collect Location Information
2.2.4 People Search
2.2.5 People Search Online Services
2.2.6 People Search on Social Networking Services 2.3 Footprinting through Job Sites
2.3.1 Website Footprinting 2.3.2 Website Mirroring Tools 2.3.3 Extract Website Information 2.4 Email Footprinting
2.4.1 Tracking Email Communications
05 FSP-201: Ethical Hacking & IT Security
2.5 Footprinting using Google
2.5.1 Footprinting using Google Hacking Techniques 2.5.2 What a Hacker can do with Google Hacking? 2.5.3 Google Advance Search Operators
2.5.4 Finding Resources Using Google Advance Operator 2.5.5 Google Hacking Tool: Google Hacking Database (GHDB) 2.6 WHO IS Footprinting
2.6.1 WHO IS Lookup
2.6.2 WHO IS Lookup Result Analysis 2.7 DNS Footprinting
2.7.1 Extracting DNS Information 2.7.2 DNS Interrogation Tools
2.8 Footprinting through Social Engineering
2.8.1 Footprinting through Social Engineering
2.8.2 Collect Information Using Shoulder Surfing and Dumpster Diving 2.9 Footprinting Tools
2.9.1 Maltego 2.9.2 DNSEnum 2.9.3 Dmitr
2.9.4 Additional Footprinting Tools
3.1 Introduction to Scanning
3.2 Introduction of Ports and Protocols 3.3 Types of Scanning
3.3.1 Port Scanning 3.3.2 Network Scanning 3.3.3 Vulnerability Scanning 3.4 Objective of Scanning
3.4.1 Detect Live Systems on Network 3.4.2 Discover Open Ports on System 3.4.3 OS Detection
3.4.4 Service Detection and Version Detection 3.4.5 Obtaining IP from Host
3.4.6 Obtaining Host from IP
3.4.7 Discover IP Addresses in Network 3.5 Overview of TCP 3.6 Scanning Tools 3.6.1 Nmap 3.6.2 Host 3.6.3 NBT scan 3.6.4 Fping 3.6.5 Alive6 3.6.6 Netcat 3.6.7 Vega 3.6.8 Nessus 4.1 Enumeration Concepts 4.2 What is Enumeration?
4.3 Techniques for Enumeration 4.4 Services and Ports to Enumerate
5.1 Information at Hand before System Hacking Stage 5.2 System Hacking
5.2.1 Cracking Password
5.2.2 Window Hacking by Ophcrack 5.2.3 Window Hacking by Hiren Boot 5.2.4 Window Hacking by Cmd
5.2.5 Linux Hacking
6.1 Trojan Concepts
6.1.1 What is a Trojan?
MODULE-4 ENUMERATION
MODULE-5 SYSTEM HACKING
07 FSP-201: Ethical Hacking & IT Security
6.1.2 Purpose of Trojans
6.1.3 What Do Trojan Creators Look For 6.1.4 Indications of a Trojan Attack 6.1.5 Common Ports used by Trojans 6.2 Trojan Infection
6.2.1 How to Infect Systems Using a Trojan
6.2.2 Different Ways a Trojan can Get into a System 6.2.3 How to Deploy a Trojan
6.3 Trojan Tools 6.3.1 Prorat 6.3.2 Cybergate 6.4 Trojan Detection
7.1 What is Virus? 7.2 What are Worms?
7.3 Difference between Viruses and Worms 7.4 What are Key loggers?
7.5 How to infect system with Key loggers 7.6 Counter-measures
7.6.1 Virus Detection Methods
7.6.2 Virus and Worms Countermeasures 7.6.3 Anti-virus Tools
8.1 Overview of Sniffing 8.2 Types of Sniffing
8.2.1 Active and Passive 8.3 What is ARP Poisoning? 8.4 What is MITM?
8.5 Sniffing Tools
MODULE-7 VIRUSES AND WORMS
8.5.1 Ettercap 8.5.2 Cain and Able 8.5.3 Wireshark 8.6 HTTP Sniffing
8.7 SSL Stripping
9.1 What is Session Hijacking?
9.2 Difference between Spoofing and Hijacking 9.3 Steps of Session Hijacking
9.4 Types of Session Hijacking
9.5 Brief introduction of TCP three way handshake 9.6 Client-Server Model
9.6.1 Two-tier 9.6.2 Three-tier
9.7 How to prevent Session Hijacking?
10.1 Social Engineering Concepts
10.1.1 What is Social Engineering? 10.1.2 Behaviors Vulnerable to Attacks
10.1.3 Factors that Make Companies Vulnerable to Attacks 10.1.4 Why Is Social Engineering Effective?
10.2 Social Engineering Techniques 10.3 Types of Social Engineering
10.3.1 Human Based 10.3.2 System Based 10.3.3 Mobile Based
10.4 How to Detect Phishing Emails 10.5 Phishing with Se Toolkit
10.6 Phishing on Web server
MODULE-9 SESSION HIJACKING
09 FSP-201: Ethical Hacking & IT Security
MODULE-11 DENIAL OF SERVICE (DOS)
MODULE-12 HACKING WEBSERVER
MODULE-13 SQL INJECTION
MODULE-14 HACKING WIRELESS NETWORKS
11.1 DoS/DDoS Concepts
11.1.1 What is a Denial of Service Attack?
11.1.2 What Are Distributed Denial of Service Attacks? 11.1.3 How Distributed Denial of Service Attacks Work 11.1.4 Symptoms of a DoS Attack
11.1.5 Cyber Criminals 11.2 DDoS Case Study
11.2.1 DDoS Attack
11.2.2 DDoS Attack Tools: 11.2.2.1 LOIC
11.2.2.2 Anonymous
12.1 What is Webserver? 12.2 What is Database?
12.3 Hacking Webserver with Metasploit
13.1 What is SQL Injection?
13.1.1 SQL Injection Attacks
13.1.2 How Web Applications Work? 13.2 Vulnerability Testing for SQL Injection 13.3 SQL Injection Cheat Sheet
13.4 SQL Injection Tools 13.4.1 SQL MAP 13.4.2 Havij
13.5 SQL Injection counter measures
14.1 Wireless Concepts
14.1.2 Wireless Standards
14.1.3 Service Set Identifier (SSID) 14.1.4 Wi-Fi Authentication Modes
14.1.5 Wi-Fi Authentication Process Using a Centralized Authentication Server 14.2 Wireless Encryption
14.2.1 Types of Wireless Encryption 14.2.2 WEP Encryption
14.2.3 How WEP Works? 14.2.4 What is WPA? 14.2.5 How WPA Works?
15.1 IDS, Firewall and Honeypot Concepts
15.1.1 Intrusion Detection System (IDS) and their Placement 15.1.2 How IDS Works?
15.1.3 Ways to Detect an Intrusion 15.2 Firewall
15.2.1 Firewall Architecture 15.2.2 Demilitarized Zone (DMZ) 15.2.3 Types of Firewall
15.2.4 Packet Filtering Firewall
15.2.5 Circuit-Level Gateway Firewall 15.3 Honeypot
15.3.1 Types of Honeypots
15.3.2 How to Set Up a Honeypot?
16.1 Buffer Overflow Concepts 16.2 Buffer Overflows
16.3 Why Are Programs and Applications Vulnerable to Buffer Overflows? 16.4 Buffer Overflow Counter-measures
16.5 Defense against Buffer Overflows 16.6 Preventing BOF Attacks
MODULE-15 EVADING IDS, FIREWALLS AND HONEYPOT
11 FSP-201: Ethical Hacking & IT Security
MODULE-17 CRYPTOGRAPHY
MODULE-18 PENETRATION TESTING
MODULE-19 MOBILE HACKING
17.1 Cryptography Concepts 17.2 Cryptography 17.3 Types of Cryptography 17.4 Algorithms 17.4.1 Symmetric 17.4.2 Asymmetric 17.4.3 Hash
17.5 How to create Hash in any file
17.6 How to generate public and private keys
18.1 Pen Testing Concepts 18.2 Security Assessments 18.3 Security Audit
18.4 Vulnerability Assessment
18.5 Limitations of Vulnerability Assessment 18.6 Introduction to Penetration Testing 18.7 Penetration Testing
18.8 Why Penetration Testing?
18.9 Comparing Security Audit, Vulnerability Assessment and Penetration Testing 18.10 What should be tested?
18.11 What Makes a Good Penetration Test? 18.12 Types of Pen Testing
18.12.1 Black-box Penetration Testing 18.12.2 Grey-box Penetration Testing 18.12.3 White-box Penetration Testing
19.4 Hacking Codes 19.5 Hacking Android OS
20.1 What is Stenography? 20.2 Hiding Text behind Image 20.3 Hiding Image behind Image 20.4 Hiding Video behind Image 20.5 Hiding Text behind Text 20.6 Drive Hiding
20.7 Tools of Stenography
MODULE-20 STENOGRAPHY
Cyber investigator: Electronic evidence is fragile and can easily be modified. Moreover, cyber
thieves, criminals, dishonest and even honest employees hide, wipe, disguise, cloak, encrypt and destroy evidence from storage media using a variety of freeware, shareware and commercially available utility programs. Cyber investigator can easily detect it at private level.
Ethical Hacker: Ethical Hackers is a term commonly applied to a “computer user who intends to
gain authorized access to a computer system”. Ethical Hackers are skilled computer users who penetrate computer systems to gain knowledge about computer systems and how they work.
Placement Agencies: In government sector: Central Bureau of Investigation (CBI), Intelligence
Bureau (IB), Central Forensic Science Lab (CFSL), State Forensic Lab (SFL)
In private sector: Private Detective Agencies, Banks & Insurance Company, Legal firms and
private companies...
We have online Forensic e-Library, which have more than 1000 Forensic Books. We provide membership number with username and password to enrolled students. Students can use this to access our online materials straight away.
LIBRARY
13 FSP-201: Ethical Hacking & IT Security
All right including copyrights reserved with the publishers. No part of this book may be reproduced or Copied in any form of by any means (Graphic, Electronic or Mechanical), or reproduced on any information storage devices, without the written permission of the publishers.
Note: Due care has been taken while publishing this book, but the author, Publisher and Printers are not responsible in any manner for any mistake that may have inadvertently crept in. In case of doubts the reader shall cross-check the contents with original Government Publication of Notifications, Any mistakes noted may be brought to our notice which shall be taken care in the next edition. All disputes subject to Delhi Jurisdiction only.
2015-16
Office: 2443, Basement, Hudson Line,
Kingsway Camp, Delhi-110009, India
Phone : +91-11-47074263, +91-9871502343
Email : [email protected], Web : www.sifs.in
CONTACT US
Published by© 2015-16 SIFS INDIA
