Introduction to Hacking Training

Introduction to Hacking Training is a 3-day course that focuses on the main concepts of hacking in mobile platforms, web platforms, Wi-Fi exploits, operating system hacking and security and provides you with the broad outline with lot of case studies.

Participants also learn about preventative measures to repel hackers and ensure data privacy.

Cybercriminal strategies are also evolving.

Take hacking. Organizations need to stay on top of what’s happening in the realm of cyber-attacks. What worked yesterday to thwart an attack, might be useless tomorrow.

For example, for about a year now, ransomware hackers have been launching a new kind of attack that outright destroys data rather than just encrypting it.

Ransomware hacking has been one of the biggest cybersecurity issues facing global commerce. And while most companies are reluctant to give in to the extortion, many feel there is no other way and will pay hackers for a decryption key just to keep the whole matter on the QT.

It’s important for organizations to know the odds:

More than 80% of U.S. companies indicate their systems have been successfully hacked in an attempt to steal, change or make public important data.

This is why organizations need to plan ahead for what is quickly becoming inevitable.

Most cybersecurity professionals advise companies to have formed a breach response team before hacking activities occur. Then when your company discovers the cyber-attack, the breach response team should the first call.

According to CISA’s Incident Response Plan Basics, businesses should assign an incident manager to lead the response, a tech manager to serve as a subject matter expert, and a communications manager to handle internal and external communications. This team then needs to follow your incident response plan (IRP) detailing various scenarios and corresponding actions.

Introduction to Hacking Training Course by Tonex

Introduction to hacking training introduces the world of computer hacking and hacker’s approaches against security. The advanced hacking training gives you the comprehensive understanding of hackers and how the systems can be attacked so that proper defense technique can be implemented. Tonex as a leader in security industry for more than 15 years is now announcing the introduction to hacking training which helps you to view hacking as a system engineering problem and provides you with practical hands-on and labs on different hacking problems.

Introduction to hacking training course covers the main topics in ethical hacking including: Introduction to modern IT and vulnerabilities, ethical hacking phases, network hacking, system hacking, reconnaissance and Footprinting, SQL injection, mobile platform hacking, web hacking, sniffing, enumeration, session hijacking, social engineering, scanning, stack smashing and operating system security.

By taking introduction to hacking training, you will learn the most important phases of hacking from reconnaissance and scanning, to access and track clearing.

Learn about:

• The hacking problems in networks and main concepts of hacking in networks such as: Footprinting, port scanning, penetrating, ping sweeping, network enumerator and scanning service for identifying the vulnerabilities in networks.
• The importance of system hacking, steps to system hacking, password cracking, keystroke logging, privilege escalation, denial of service, eavesdropping and file hiding as the most important concepts in system hacking.
• The foot-printing with complete experimental tests, SQL injection and several demos, different types of Trojans and worms used by hackers and approaches to protect the system against them.
• The main concepts of hacking in mobile platforms, web platforms, Wi-Fi exploits, operating system hacking and security and provides you with the broad outline with lot of case studies.
• Social engineering in social network, in mobile applications and concepts of pretexting, identity theft and approaches to protect against them. Furthermore, learn about scanning approaches such as: SSDP scanning, IPv6 scanning, Xmas tree scan, TCP connect scanning, port scans and Null scan.

Who Will Benefit from Introduction to Hacking Training?

If you are an IT professional who specialize in network security, you will benefit the presentations, examples, case studies, discussions, and individual activities upon the completion of the introduction to hacking training and will prepare yourself for your career.

Tonex Training Methodology

Introduction to hacking training will introduce a set of labs, workshops and group activities of real world case studies in order to give you a clear idea of hackers’ action and provides you with the solution method for different types of attacks.

Audience

Introduction to hacking training is a 3-day course designed for:

• IT professionals in the area of information security and network security
• Security officers, site administrators and any individual working on network infrastructure
• Executives and managers of cybersecurity and system engineering areas
• Information technology professionals, network engineers, security analysts, policy analysts
• Security operation personnel, network administrators, system integrators and security consultants
• Security traders to understand the network security, or cybersecurity.
• Investors and contractors who plan to make investments in system engineering industry.
• Technicians, operators, and maintenance personnel who are or will be working on cybersecurity projects
• Managers, accountants, and executives of cybersecurity industry.

Training Objectives

Upon completion of the introduction hacking training course, the attendees are able to:

• Understand the approaches to be done for hacking
• Identify different types of hacking attacks to networks and mobile platforms
• Explain the threats to operating systems and security of the system
• Identify exploits and defend the system against hacking
• Understand penetration testing and scanning approaches
• Explain the concept of social engineering
• Identify different types of viruses, Trojans and worms threatening the system security
• Understand the basics of SQL injection, reconnaissance, footprinting and protection against them

Training Outline

The introduction to hacking training course consists of the following lessons, which can be revised and tailored to the client’s need:

A Brief History of Hacking

• Brief Overview of Information Security
• Information Security Vulnerabilities and Attacks
• Types of Attacks to the System
• Definition of Hacking
• Who Is Considered as a Hacker?
• What Are Different Classes of Hacking?
• What Are the Phases of Hacking?
• Network Infrastructure Attack
• Operating System Attack
• Application Attacks
• Ethical Hacking
• Information Security Management
• Enterprise Information Security Architecture (EISA)
• Defense against Hackers
• Security Policies for Information Security Systems

 Modern IT and Vulnerabilities

• Security in Digital System
• Individual Security
• Malicious Software
• Security of Network
• Security Tools
• Encoding and Encryption
• Organization Security
• E-Security and Risk Management
• Loss Analysis
• Computer Crime
• Mobile Risk Management
• Protecting Government Systems
• Government Cyber Security Policies
• Administration Security
• Server Security
• Authentication
• Network Security
• Attacks and Defenses

 Ethical Hacking Phases

• Reconnaissance
• Scanning
• Access
• Maintaining Access
• Clearing Tracks
• Damaging
• Ethical Hacking Skills

Network Hacking

• Foot Printing
• Port Scanning
• Banner Grabbing
• Searching for Vulnerabilities
• Penetrating
• Countermeasures
• Identifying Network Targets
• Programming Errors
• Unintentional Mistakes
• Improper System Configuration
• Hooked Browser’s Internal IP
• Gateway-Finder
• Ping Sweeping
• Port Scanning
• IMG Tag for Network Port
• Distributed Port Scanning
• Inter Protocol Communication
• Nat Pinning
• Fingerprinting Non-HTTP Services
• Attacking Non-HTTP Services
• Network Enumerator
• Network Vulnerability Scanner
• Web Application Security Scanner
• Host Based Vulnerability Scanner

 System Hacking

• Introduction to System Hacking
• Steps to System Hacking
• Certified Ethical Hacking (CEH)
• Password Cracking
• Password Cracking Algorithms
• Password Types
• Password Attacks
• LAN Manager Hashes
• Countermeasures
• Keystroke Loggers
• Log Keyboard Activity
• Types of Loggers
• Keystroke Logger Tools
• Privilege Escalation
• Sniffing Password
• Sniffing VLAN Traffic
• Unencrypted Passwords
• Eavesdropping Tools
• Denial of Service
• Eavesdropping
• Remote Password Guessing
• Covering Attacks
• Remote Control and Backdoors
• Hiding Files

 Reconnaissance and Footprinting

• Terminologies and Objectives
• Footprinting Threats
• Finding Internal URLs
• Public Restricted Websites
• Footprinting through Search Engines
• Social Network Footprinting
• Footprinting through Websites
• People Search
• Footprinting through Job Sites
• Email Footprinting
• DNS Interrogation
• Network Footprinting
• Penetration Testing

 SQL Injection

• Web Application Environment
• SQL Attack Overview
• Illegal/Logically Incorrect Queries
• Alternate Encoding Obfuscation
• Combination Attacks
• Error Based SQL Injection
• Union SQL Injection
• Blind/Double Blind SQL Injection
• No Error Message SQL Injection
• Boolean Exploitation
• WAITFOR DELAY
• SQL Hashes
• Second Order SQL Injection
• BSQL Hacker
• SQL Power Injector
• Applications Open to SQL Injection
• Effective Security
• Tautologies
• Union Query
• Defend against SQL Injection
• SQL Injection Detection

 Mobile Platform Hacking

• Mobile Security Goals
• Web-Based and Network-Based Attacks
• Device Architecture and Common Mobile Threats
• Device Security Models
• Apple iOS Security
• Android Security
• Mobile Platform Access and Application Analysis
• Mobile Data Security and Encryption
• Reverse Engineering for Mobile Applications
• Mobile Public Key Infrastructure Management
• Penetration Testing for Mobile Devices
• Mobile Security Solutions
• Mobile Antivirus
• Data Loss Prevention (DLP)

 Web Hacking

• Web Application Security
• Web Server Security
• Web Server Attacks
• Denial of Service Attacks
• DNS Amplification
• Directory Traversal Attacks
• HTTP Response Splitting
• Web Cache Poisoning
• Phishing Attack
• SSH Brute-force Attack
• Footprinting in Web Servers
• Session Hijacking
• Password Cracking
• Web Application Attack
• Cross Site Scripting
• SQL Injection
• XSS Proxy
• Nasty SQL Injection
• Blind SQL Injection
• Defense Mechanisms
• Patch Management
• Web Application Manager
• Malware Infection
• Web Application Security and Network Security
• Managing Web Application Security
• Web Application Technologies
• Attacking Authentication
• Attacking Session Management
• Attacking Access Control
• Attacking Data Stores
• Attacking Application Logic
• Back-End Component Attacks
• Automating Customized Attacks
• Exploiting Information Disclosure
• Attacking Application Architecture
• Finding Vulnerabilities in Source Code
• Attacking in the Application Server

 Sniffing

• Basic Terminology of Sniffing
• Client Sniffing
• Server Sniffing
• Browser Sniffing
• Content Sniffing
• Password Sniffing
• Password Sniffing Process
• Sniffing Attacks
• Phishing
• Hybrid Attack
• Shoulder Surfing
• Bots and Botnets
• Denial of Service
• MAC Attacks
• DHCP Attacks
• DNS Poisoning
• ARP Poisoning

Enumeration

• Definition
• User Accounts Names
• Misconfigured Shared Resources
• Old Software Versions
• Finger, RCP/UDP 79
• HTTP HEAD
• NetBIOS Enumeration
• SNMP Enumeration
• LDAP Enumeration
• NTP Enumeration
• SMTP Enumeration

 Trojans and Worms

• Trojan Dropper
• Trojan Downloader
• Trojan PSV
• Trojan Spy
• Trojan DDOS
• Trojan Ransom
• Trojan Game Thief
• Trojan IM
• Trojan Banker
• Trojan SMS
• Trojan Proxy
• Trojan Arcbomb
• Trojan Clicker
• P2P Worm
• IRC Worm
• IM Worm

 Session Hijacking

• Session Hijacking Definition
• Spoofing and Session Hijacking
• Steps to Session Hijacking Attack
• Types of Session Hijacking
• Application Level Session Hijacking
• Network Level Session Hijacking
• Sequence Number Prediction
• TCP/IP Hijacking
• Session Hijacking Tools
• Countermeasures

 Social Engineering

• Basic Overview of Social Engineering
• Information Gathering
• Computer Based Social Engineering
• Mobile Based Social Engineering
• Social Engineering in Social Network
• Elicitation
• Pretexting
• Identity Theft
• Psychological Principles used in Social Engineering
• Power of Persuasion
• Tools of a Social Engineer
• Dissecting the Social Engineer
• Prevention and Mitigation

Scanning

• War Dialing-Insecure Modems
• War Driving-Insecure WLANS
• Network Mapping
• Blocking ICMP
• SSDP Scanning
• IPv6 Scanning
• Nmap Scanning
• TCP Connect Scanning
• TCP SYN Scan
• FIN Scan
• Xmas Tree Scan
• Null Scan
• TCP ACK Scan
• FTP Bounce Scan
• UDP Scan
• TCP Stack Fingerprinting
• Vulnerability Scanners
• Nessus
• Port Scans
• IP Fragmentation
• Intrusion Prevention System (IPS)
• Host IDS
• Honeypots
• Network Diagram
• Network Mapping Tool
• Proxy Tools

 Wi-Fi Exploitation

• Wireless Hacking
• Wi-Fi Hacking Process
• Human Security
• Airway Containing
• Wi-Fi Client Hacking
• Wi-Fi Attack Tools
• Confidentiality Attacks
• Availability Attacks
• Bluetooth Attacks
• Network Attacks
• Denial of Service
• Encryption Cracking
• Authentication Attacks
• WEP Encryption
• WPA/2 Encryption

 Security of OSs

• Overview of Operating System Security
• Security Evaluation Criteria
• Security Levels in Operating Systems
• Multi-Level Security
• Operating System Security Planning
• Operating System Hardening
• Security Mechanisms
• Security Management
• Patch Management
• Windows Security
• Linux/Unix Security
• Native Virtualization Security Layers
• Hosted Virtualization Security Layers
• Account Security
• File System Security
• Assessing Risks in Operating Systems
• Risk Management in Operating Systems

 Stack Smashing

• Basic Principles
• Definition of Stack
• Function Calls
• Stack Based Overflows
• Frame Pointer Overwrites
• Stack Region
• Buffer Overflow
• Buffer Overflow Mitigation
• Shell Code
• Exploits
• BSS Overflow
• Heap Overflow

 Hands On, Workshops and Group Activities

• Labs
• Workshops
• Group Activities

 Sample Workshops and Labs for Introduction to Hacking Training

• Evaluation of Buffer Overflow Through a Simple Program
• Wireless Scanner for Internet Security test
• Web Server Hacking Experiment
• Demonstration of Denial of Service Attacks
• Scanning tool for Passwords
• Enumeration Tool on Information of Network
• AnyWho Footprinting Reconnaissance Tool Demo
• DNS Enumeration Tool Demo
• Scanning a Vulnerable Network Experiment
• Trojan Analysis Lab
• How to Create and Analyze Viruses
• Sniffing Tools for Packet Analysis Demo
• Breaking Wireless Security
• Data Retrieval with SQL Injection
• Spoofing Endpoints Demo
• Auditing Logging in Windows Demo
• Auditing Logging in Windows
• Enforcing Password Complexity in Windows/Linux

Introduction to Hacking Training