$50 – $65

Cyber Security Web Application, Network Pen Testing and Cloud Security

Event Information

Share this event

Date and Time

Location

Location

Business Intelligence

3535 Victory Group Way

Building 4

Frisco, TX

View Map

Refund Policy

Refund Policy

Refunds up to 7 days before event

Friends Who Are Going
Event description

Description

TRACK 1 :: [07-30 , 08-06, 08-13]

1. Introduction

▪ About CEH Certification
▪ Information Security Outline
▪ Air, Food, Water, Shelter, and...The Internet?
▪ A day in the life of an ethical hacker
▪ Key Terms You Should Know
▪ Why people fail in exams?
- Cone of Learning
- Best Practices you can actually start from today
▪ Hackers, Crackers, Black-White-Gray Hats, Cyber Terrorists
▪ Core Rules of Ethical Hacking
▪ Benefits of Ethical Hacking
▪ Types of Testing
- Black – White – Gray Box Testing
- Vulnerability Testing,
- Pen-testing
- Targeted Testing
- Secure Code Review
▪ Lab Setup – Hardware and Software Configuration
- Virtual Machine
- Kali Linux
- Recommended Virtual Environment
▪ Information Security Controls
▪ Hacking Methodology
- Foot printing and Reconnaissance
- Scanning
- Gaining Access
- Maintaining Access
- Clearing Tracks

2. Web Security

▪ Understanding Web application request and response cycle
▪ Web application architecture
▪ Web application frameworks
▪ Build Break Fix – XSS Injection
▪ Build Break Fix – SQL Injection
- Blind SQL Injection
- Advanced SQL Injection
▪ Build Break Fix – Command Injection
▪ OWASP Top 10
▪ Web Service Attacks
- SOAP Injection
- XML Injection
- Web Services Parsing Attacks
- Web Service Attack Tool: soapUI and XMLSpy
▪ Web Application Hacking Tools
- Burp Suite Professional
- WebScarab
- Owasp ZAP
▪ Web Application Pen Testing Framework
- Kali Linux
- Browser Exploitation Framework (BeEF)

3. Session Hijacking

▪ What is Session Hijacking?
▪ Why Session Hijacking is Successful?
▪ Session Hijacking Process
▪ Application Level Session Hijacking
- Compromising Session IDs Using Man-in-the-Middle Attack
- Compromising Session IDs Using Man-in-the-Browser Attack
- Compromising Session IDs Using Session Replay Attack
- Compromising Session IDs Using Session Fixation
- Session Hijacking Using Proxy Servers
▪ Network-level Session Hijacking
- The 3-Way Handshake
- TCP/IP Hijacking
- UDP Hijacking
▪ Packet Analysis of a Local Session Hijack
▪ Types of Session Hijacking
▪ Session Hijacking in OSI Model
▪ Spoofing vs. Hijacking
- Metasploit

Appendix::
1. Computer Network - Basics

▪ Computer Networking Overview
▪ A Brief History of the Internet
▪ Architectural Design Principles
▪ Packet Switching
▪ File Transfer
▪ Switching and Bridging
▪ ARP: Address Resolution Protocol
▪ Switches vs. Routers
▪ Internet Routing
▪ Naming, Addressing & Forwarding
▪ IP Addressing
▪ Network Address Translation (NAT)
▪ Domain Name System (DNS)
▪ Lookup IP Address

2. Cryptography Concepts

▪ Case Study : Heartbleed
▪ Case Study : Poodlebleed
▪ Encryption Algorithms
- Data Encryption Standard (DES)
- Advanced Encryption Standard (AES)
- RSA
- Message Digest
- Secure Hashing Algorithm (SHA)
- SSH (Secure Shell)
▪ Public Key Infrastructure (PKI)
▪ Email Encryption
- Digital Signature


TRACK 2: [08-20, 08-27. 09-03]

1. Foot-printing and Reconnaissance
* Foot printing sources
* Types of Information Gathered in Foot-printing
* Foot-printing methods
- Active Foot-printing
- Passive Foot-printing
* Goal of Foot-printing
* Google Searching
* Email Tracking
* Defeating Foot-Printing 2. Enumeration
* Different types of Enumeration Techniques
- NetBIOS Enumeration
- SNMP Enumeration
- LDAP Enumeration
- SMTP Enumeration
* Enumeration Countermeasures 3. Network Scanning
* Goals of Scanning
* Scanning Techniques
* Stealth Scan
* TCP, ICMP and UDP Scans
* IDS Evasion
* NMap Scan and Analysis
* Wireshark Scan and Analysis
* Use of Proxy
* Banner Grabbing


2. Sniffing
* How attacker hacks the Network using Sniffers
* Sniffing network with passive and active technique
* Protocols Vulnerable to Sniffing
* Defending MAC attacks
* How to Defend Against DHCP Starvation and Rogue Server Attack
* What is Address Resolution Protocol
* Defending against ARP poisoning
* Defending against MAC Spoofing
* How to Defend against DNS poisoning
* Sniffing Detection Techniques 5. Denial-of-Service
* Difference between DoS and DDoS
* Understanding DoS/DDoS Attack Techniques
- Syn Attack
- Syn Flooding
- ICMP Flood Attack
- Peer to Peer Attack
* All about Botnets
* DoS/DDoS Attack Tools
* DoS/DDoS Protection Tools 6. System Hacking
* Goals of System Hacking
* Steps on how to Compromise a System
* How to break a Password
* Dictionary, Brute Forcing and Rule-based Attack
* Man-in-the-Middle and Replay Attack
* NTLM Authentication Process
* Kerberos Authentication
* How to Defend Against Password Cracking
* Password Salting
* Privilege Escalation
* Defending against Privilege Escalation
* What does the spyware and key loggers do?
* Defending against Keyloggers and Spywares
* All about Rootkits
* Stegonagraphy and Steganalysis
* Covering Tracks and Clearing Logs


3. Evading IDS, Firewall and Honeypots
* Intrusion Detection Systems (IDS)
* Firewall
* DMZ
* Honeypot
* Evading Firewalls
* IP Address Spoofing
* DS/Firewall Evasion Counter-measures
* Honeypot Detecting Tool: Send-Safe Honeypot Hunter
* IDS/Firewall Evasion Counter-measures 8. Malware Threats
* Ways malware can get into a System
* Malware Distribution Technique
* How hackers use Trojans to infect Systems
* Different types of Trojans
- Shell Trojans
- Defacement Trojans
- Http / Https Trojans
- E-banking Trojans
* Difference between Virus and Worms
* Types of Viruses
- Boot Sector
- Shell Virus
- Metamorphic Virus
* Writing a Simple Virus Program
* Malware Reverse Engineering
* Online malware testing using Virus Total
* Detecting malwares on Ports,Registry,Drivers,Files, Folders and Startup Programs
* Countering Trojan, Backdoors, Virus and worms
* Using Anti-Malware Software


TRACK 3:: [09-10, 09-17]

1. Cloud Computing

* Cloud Computing Attacks
- Service Hijacking using Social Engineering Attacks
- Service Hijacking using Network Sniffing
- Session Hijacking using XSS Attack
- Session Hijacking using Session Riding
- Domain Name System (DNS) Attacks
- Side Channel Attacks or Cross-guest VM Breaches
- Side Channel Attack Countermeasures
- SQL Injection Attacks
- Cryptanalysis Attacks
- Cryptanalysis Attack Countermeasures
- Wrapping Attack
- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
* Cloud Security
- Cloud Security Control Layers
- Cloud Security is the Responsibility of both Cloud Provider and Consumer
- Cloud Computing Security Considerations
- Placement of Security Controls in the Cloud
- Best Practices for Securing Cloud
- NIST Recommendations for Cloud Security
- Organization/Provider Cloud Security Compliance Checklist


2. Social Engineering
* Factors that Make Companies Vulnerable to Attacks
* Why Is Social Engineering Effective?
* Warning Signs of an Attack
* Phases in a Social Engineering Attack
* Types of Social Engineering
- Human-based Social Engineering
- Impersonation
- Eavesdropping and Shoulder Surfing
- Dumpster Diving
- Reverse Social Engineering, Piggybacking, and Tailgating
* Computer-based Social Engineering
- Phishing
- Spear Phishing
* Mobile-based Social Engineering
- Publishing Malicious Apps
- Repackaging Legitimate Apps
- Fake Security Applications
- Using SMS
* Identify Theft
* Social Engineering Countermeasures
- How to Detect Phishing Emails
- Anti-Phishing Toolbar
- Netcraft
- PhishTank
- Identity Theft Countermeasures

3. Wireless Networks

- Are You Protected from Hackers on Public Wi-Fi?
- Wireless Concepts
- Wireless Networks
- Wi-Fi Networks at Home and Public Places
- Wireless Technology Statistics
- Types of Wireless Networks
- Service Set Identifier (SSID)
- Wi-Fi Authentication Modes
- Wi-Fi Authentication Process Using a Centralized Authentication Server
- Wi-Fi Chalking
- WEP vs. WPA vs. WPA2
- Wireless Threats
- Access Control Attacks
- Integrity Attacks
- Confidentiality Attacks
- Wireless Threats
- Access Control Attacks
- Integrity Attacks
- Confidentiality Attacks
- Availability Attacks
- Wireless Hacking Methodology
- Wi-Fi Discovery
- GPS Mapping
- How to Discover Wi-Fi Network Using Wardriving
- Wireless Traffic Analysis
- Wireless Traffic Analysis
- Wireless Cards and Chipsets
- Wi-Fi USB Dongle: AirPcap
- Wi-Fi Packet Sniffer

Total Hands-on Lab Hours workshop = 22

Share with friends

Date and Time

Location

Business Intelligence

3535 Victory Group Way

Building 4

Frisco, TX

View Map

Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved