Ethical hacking. Attack techniques and countermeasures - course RUB 133,990. from Specialist, training, Date: November 20, 2023.

You will learn:
use basic security terminology;
understand hacking methods, hacking concepts, information security threats and attack vectors;
collect information, master collection techniques and methodology;
scan computers and identify services;
prevent account hacking;
bypass password cracking and privilege escalation techniques in operating systems;
test the system for penetration;
use enumeration techniques;
resist attacks on wireless networks and hacking of web servers;
distinguish the operating principles of Trojans, backdoors, viruses, worms and other malware;
apply a set of social engineering tools and other methods of countering incidents;
own cloud computing security tools;
anticipate possible hacker actions and successfully resist them.

Module 1. Introduction to ethical hacking (2 ac. h.)
Information Security Overview Examples and Statistics of Data Leaks Basic Security Terms Components of Information Security
Examples and statistics of data leaks
Basic Security Terms
Components of information security
Information security threats and attack vectors
Hacking Concepts What is Hacking? Hacker Classes Hacking Phases
What is hacking?
Hacker classes
Hacking phases
Ethical Hacking Concepts What is Ethical Hacking? Need for Ethical Hacking Scope and Limitations of Ethical Hacking Skills of an Ethical Hacker
What is ethical hacking?
The need for ethical hacking
Scope and Limitations of Ethical Hacking
Ethical Hacker Skills
Information Security Management
Ensuring information security
Information Security Management Program
Enterprise information security architecture
Network zoning
Defense in depth
Information security policies
Threat modeling and risk management
Incident Response Management
Network Security Controls
Penetration Testing Concepts
Information security standards and laws
Hands-on: Learning Concepts and Lab Preparation
Module 2. Collection of information (2 ac. h.)
Reconnaissance Concepts
Information Collection Methodology Using Search Engines Advanced Search Techniques in Google Google Hacking Database (GHDB) VoIP and VPN Search in GHDB Social Media Data Collection Collection information from a website Collecting information from email systems Competitive intelligence Collecting data using registrar data Collecting DNS data Collecting network information Social engineering to collect data
Using search engines
Advanced Google Search Techniques
Google Hacking Database (GHDB)
Search VoIP and VPN in GHDB
Collection of data from social networks
Collection of information from the website
Collecting information from email systems
Competitive intelligence
Data collection using logger data
DNS Data Collection
Collecting network information
Social engineering for data collection
Information Collection Tools
Countermeasures against information collection
Testing for the ability to collect information
Practical work: Application of information gathering techniques
Module 3. Scanning (2 ac. h.)
Network scanning concepts
Network scanning tools
Network scanning techniques
ICMP scanning
TCP Connect scan
Scanning with half-open connections
Scanning with inverse TCP flags
Xmas scanning
ACK scanning
Covert scanning technique
UDP Scan
SSDP Scan
Techniques for evading intrusion detection systems
Packet fragmentation
Source Routing
IP Masking
IP spoofing
Using Proxy when scanning
Anonymizers
Collection of banners
Building network diagrams
Practical work: Scanning laboratory computers and identifying services
Module 4. Transfer (2 ac. h.)
Enumeration Concepts
Enumeration techniques
NetBIOS enumeration
SNMP Enumeration
LDAP enumeration
NTP Enumeration
NFS enumeration
SMTP Enumeration
DNS Enumeration
IPSec enumeration
VoIP transfer
RPC enumeration
Unix enumeration
Anti-transfer measures
Practical work: Application of enumeration techniques
Module 5. Vulnerability analysis (1 academic. h.)
Vulnerability Assessment Concepts Vulnerability Research Vulnerability Classification Types of Vulnerability Assessment Vulnerability Management Life Cycle
Vulnerability Research
Vulnerability classification
Types of Vulnerability Assessments
Vulnerability Management Lifecycle
Vulnerability Assessment Solutions Approaches to Vulnerability Assessment Types of Vulnerability Assessment Tools Characteristics of Solutions Selecting a Vulnerability Assessment Solution
Approaches to assessing vulnerabilities
Types of Vulnerability Assessment Tools
Characteristics of solutions
Selecting a Vulnerability Assessment Solution
Vulnerability assessment systems Common Vulnerability Scoring System (CVSS) Common Vulnerabilities and Exposures (CVE) National Vulnerability Database (NVD) Vulnerability Research Resources
Common Vulnerability Scoring System (CVSS)
Common Vulnerabilities and Exposures (CVE)
National Vulnerability Database (NVD)
Vulnerability Research Resources
Vulnerability assessment tools Qualys Nessus GFI LanGuard Nikto OpenVAS Retina CS SAINT MBSA (Microsoft Baseline Security Analyzer) AVDS (Automated Vulnerability Detection System)
Qualys
Nessus
GFI LanGuard
Nikto
OpenVAS
Retina CS
SAINT
MBSA (Microsoft Baseline Security Analyzer)
AVDS (Automated Vulnerability Detection System)
Vulnerability Assessment Reports
Practical work: Using Nessus to inventory vulnerabilities of laboratory computers
Module 6. Hacking systems (3 ac. h.)
Operating system architecture
Weak points of the operating system
System hacking methodology
System hacking sequence
Gaining access to the system Authentication principles Types of attacks on passwords Non-electronic attacks Active online attacks Passive online attacks Offline attacks Password cracking tools Exploiting vulnerabilities Buffer overflow
Authentication principles
Types of password attacks Non-electronic attacks Active online attacks Passive online attacks Offline attacks
Not electronic attacks
Active online attacks
Passive online attacks
Offline attacks
Password cracking tools
Exploiting vulnerabilities
Buffer overflow
Privilege escalation DLL spoofing Privilege escalation exploits Specter a Meltdown vulnerabilities Further advancement Techniques to protect against privilege escalation
DLL spoofing
Privilege escalation exploits
Specter a Meltdown vulnerabilities
Further promotion
Methods to protect against privilege escalation
System Access Support Application Execution Keyloggers Spyware Rootkits Alternate Data Streams Steganography
Running Applications
Keyloggers
Spyware
Rootkits
Alternative Data Streams
Steganography
Hiding traces
Practical work: Application of techniques for cracking passwords and escalating privileges in operating systems
Module 7. Trojans and other malware (4 ac. h.)
Malware overview
Trojans Trojan concepts How Trojans work Types of Trojans
Trojan concepts
How Trojans work
Types of Trojans
Viruses and worms How a virus works Types of viruses Computer worms
How the virus works
Types of viruses
Computer worms
Malware Analysis Malware Detection Methods
Malware detection methods
Countermeasures
Anti-malware tools
Practical work: Testing the operation of a shell Trojan, a reverse Trojan, a hidden Trojan
Module 8. Sniffers (2 ac. h.)
Sniffing Concepts How does a sniffer work? Types of sniffing Hardware protocol analyzers SPAN port
How does a sniffer work?
Types of sniffing
Hardware protocol analyzers
SPAN port
Active sniffing techniques MAC attacks DHCP attacks ARP attacks Spoofing DNS cache poisoning
MAC attacks
DHCP attacks
ARP attacks
Spoofing
DNS cache poisoning
Sniffing Tools
Anti-sniffing measures
Practical work: Using active sniffing techniques to obtain data transmitted over the network and spoof requests
Module 9. Social engineering (1 academic. h.)
Social Engineering Concepts
Social engineering techniques Without using computers Using computers Using mobile devices
Without using computers
Using computers
Using mobile devices
Insider threats
Impersonation on social networks
Identity theft
Countermeasures against social engineering
Practical work: Using the SET social engineering toolkit from Kali Linux
Module 10. Denial of service (1 ac. h.)
Denial-of-Service Concepts
What is a DDoS attack
DoS/DDoS attack techniques DoS/DDoS attack vectors UDP flood ICMP flood Ping of death Smurf attack SYN flood Fragmented attack Slowloris Multi-vector attacks DRDoS attacks
Vectors of DoS/DDoS attacks
UDP flood
ICMP flood
Ping of death
Smurf attack
SYN flood
Fragmented attack
Slowloris
Multi-vector attacks
DRDoS attacks
Bot network
Example of a DDoS attack implementation
DoS attack tools
Measures to counter DoS attacks
DoS Protection Tools
Practical work: Using DoS attack techniques to disable the services of training servers.
Module 11. Session interception (2 ac. h.)
Session Hijacking Concepts
Session hijacking process
Types of session hijacking
Session hijacking techniques Application layer hijacking Sniffing ID prediction Man-in-the-middle attack Man-in-the-browser attack Attacks on clients Cross-site scripting Cross-site request forgery JavaScript code Trojans Session replay Session fixation Usage proxy servers CRIME attack Forbidden attack Network level interception TCP/IP interception IP spoofing RST spoofing Blind interception UDP interception Spoofing ICMP ARP spoofing
Application-layer interception Sniffing ID prediction Man-in-the-middle attack Man-in-the-browser attack Client attacks Cross-site scripting Cross-site request forgery JavaScript code Trojans Session replay Session fixation Using proxy servers CRIME attack Attack Forbidden
Sniffing
ID prediction
Man in the Middle Attack
Man in the Browser Attack
Attacks on clients Cross-site scripting Cross-site request forgery JavaScript code Trojans
Cross-site scripting
Cross-site request forgery
JavaScript code
Trojans
Repeat session
Session capture
Using proxy servers
CRIME attack
Forbidden attack
Network layer interception TCP/IP interception IP spoofing RST spoofing Blind interception UDP interception ICMP spoofing ARP spoofing
TCP/IP interception
IP spoofing
Fake RST
Blind interception
UDP interception
ICMP spoofing
ARP spoofing
Session Hijacking Tools
Session Hijacking Countermeasures
Practical work: Using session hijacking techniques to gain access to training server resources
Module 12. Bypassing intrusion detection systems, firewalls and decoy systems (2 ac. h.)
Concepts of IDS, Firewalls and Honey Pot
IDS, firewall and honey pot systems
IDS evasion techniques Adding data DoS attacks Obfuscation Generating false positives Session splitting Using Unicode Fragmentation Overlapping fragments TTL usage Invalid RST packets Urgency flag Polymorphic and ASCII shellcode Application layer attacks Desynchronization
Adding Data
DoS attacks
Obfuscation
Generating false positives
Session splitting
Using Unicode
Fragmentation
Overlapping fragments
Using TTL
Invalid RST packets
Urgency flag
Polymorphic and ASCII shellcode
Application Layer Attacks
Desynchronization
Firewall bypass techniques Firewall identification IP address spoofing Source routing Microfragments Using IP in URLs Anonymizers Proxy servers TunnelingICMP tunnelACK tunnelHTTP tunnelSSH tunnelDNS tunnel Using external systems Firewall bypass using MITM Firewall bypass web applications
Firewall Identification
IP address spoofing
Source Routing
Microfragments
Using IP in URL
Anonymizers
Proxy servers
TunnelingICMP tunnelACK tunnelHTTP tunnelSSH tunnelDNS tunnel
ICMP tunnel
ACK tunnel
HTTP tunnel
SSH tunnel
DNS tunnel
Using external systems
Bypassing the firewall using MITM
Bypassing web application firewalls
Detecting Honey Pot
Firewall Bypass Tools
Anti-bypass detection systems and firewalls
Practical work: Studying the possibilities of evading detection systems
Module 13. Hacking web servers (2 ac. h.)
Web Server Concepts
Types of attacks on web servers
Methodology for attacking a web server
Web server hacking toolsMetasploit FrameworkPassword crackers
Metasploit Framework
Password crackers
Measures to counteract hacking of web servers
Patch management
Improving web server security
Practical work: Defacement of a training web server by exploiting a vulnerability using the Metasploit Framework
Module 14. Hacking web applications (4 ac. h.)
Web Application Concepts
Threats to web applications
OWASP Top 10 classification
Methodology for attacking web applications
Web Application Hacking Tools
Web API, hooks and shells
Measures to counteract hacking of web applications
Web Application Security Tools
Practice: Performing a reflected and stored XSS attack
Module 15. SQL injection (2 ac. h.)
SQL injection concepts
SQL injection testing
Types of SQL injectionSQL error-based injectionUNION SQL injectionBlind SQL injection
SQL injection based on error
UNION SQL injection
Blind SQL injection
SQL injection methodology
Examples of using SQL injection
Tools for performing SQL injections
Hiding SQL injection from IDS
Countermeasures for SQL Injection
Practical work: Hacking a training web server using SQL injections
Module 16. Hacking wireless networks (2 ac. h.)
Wireless Networking Concepts
Encryption in wireless networks
Threats to wireless networks
Methodology for hacking wireless networks Detecting wireless devices Analyzing wireless network traffic Carrying out an attack on a wireless network Cracking the encryption of wireless networks
Wireless device discovery
Wireless traffic analysis
Carrying out an attack on a wireless network
Cracking wireless encryption
Wireless Network Hacking Tools
Attacks on Bluetooth
Measures to counter attacks on wireless networks
Wireless Security Tools
Practical work: Finding access points, sniffing, de-authentication, cracking WEP, WPA, WPA2 keys and decrypting Wi-Fi traffic
Module 17. Hacking of mobile platforms (1 ac. h.)
Attack vectors for mobile platforms
Hacking Android OS
Techniques and tools for obtaining Android administrator rights
Hacking iOS
Jailbreaking Techniques and Tools
Spyware for mobile platforms
Mobile device management
Tools and best practices for protecting mobile devices
Practical work: Studying tools for carrying out attacks on mobile devices
Module 18. Hacking the Internet of Things and Operational Technologies (1 ac. h.)
Internet of Things IoT Concepts IoT Attacks IoT Hacking Methodology IoT Hacking Tools IoT Hacking Countermeasures
IoT Concepts
IoT attacks
IoT Hacking Methodology
IoT Hacking Tools
Countermeasures against IoT hacking
Operational Technologies OT Concepts Attacks on OT OT Hacking Methodology OT Hacking Tools Countermeasures for OT Hacking
OT concepts
Attacks on OT
OT hacking methodology
OT Hacking Tools
Countermeasures against OT hacking
Practical work: Studying the vulnerabilities of the Internet of Things and operational technologies
Module 19. Cloud computing (2 ac. h.)
Introduction to Cloud Computing
Types of cloud services
Container technologies Containerization and virtual machines Dockers and microservices What is Kubernetes Container security issues Management platforms
Containerization and virtual machines
Dockers and microservices
What is Kubernetes
Container Security Issues
Management platforms
Serverless computing
Threats of Cloud Computing
Attacks on clouds Service interception using social engineering Session interception using XSS Attacks on DNS SQL injection Wrapping attack Service interception using sniffing Session interception through session hijacking Side channel attack Cryptography attacks Denial of access attacks service
Service interception using social engineering
Session hijacking using XSS
DNS attacks
SQL injection
Wrapping attack
Intercepting a service using sniffing
Session hijacking via session hijacking
Side channel attack
Attacks on cryptography
Denial of service attacks
Hacking cloud technologies
Cloud Security
Cloud Security Tools
Cloud Penetration Testing
Practical work: Studying attacks on clouds and cloud security tools
Module 20. Cryptography (2 ac. h.)
Cryptography concepts
Encryption algorithms Ciphers Data Encryption Standard (DES) Advanced Encryption Standard (AES) RC4, RC5 and RC6 Twofish DSA and signature schemes Rivest Shamir Adleman (RSA) Diffie-Hellman Hash functions MD2, MD4, MD5SHA0, SHA1, SHA2, SHA3PREMID-160HMAC
Ciphers
Data Encryption Standard (DES)
Advanced Encryption Standard (AES)
RC4, RC5 and RC6
Twofish
DSA and signature schemes
Rivest Shamir Adleman (RSA)
Diffie-Hellman
Hash functionsMD2, MD4, MD5SHA0, SHA1, SHA2, SHA3PREMID-160HMAC
MD2, MD4, MD5
SHA0, SHA1, SHA2, SHA3
PREMID-160
HMAC
Cryptographic means
Public Key Infrastructure
Mail encryption
Disk encryption
Disk Encryption Tools
Cryptanalysis Cryptanalysis methods Key cracking methods Attacks on cryptography Brute force method Using the paradox of days births "Man in the Middle" in digitally signed schemesSide channel attackHash collisionDUHK attackRainbow tablesPadding attack OracleDROWN attack
Cryptanalysis methods
Key cracking methods
Attacks on CryptographyBrute Force MethodUsing the Birthday ParadoxMan in the Middle in Schemes with digital signatureSide channel attackHash collisionDUHK attackRainbow tablesPadding Oracle attackAttack DROWN
Brute force method
Using the Birthday Paradox
"Man in the middle" in digitally signed schemes
Side channel attack
Hash collision
DUHK attack
Rainbow tables
Padding Oracle attack
DROWN attack
Cryptanalysis tools
Countermeasures
Practical work: Study of encryption algorithms and steganography tools
Module 21. Additional materials
Guide to laboratory work
A selection of sites dedicated to ethical hacking
Perform additional tasks on the laboratory bench