Ethical Hacking

The Ethical Hacking workshop through SkillThon will help you to stop hackers by learning to think like one. This class immerses students in an interactive environment where they will scan, test, hack, and secure their own systems. Workshop participants will learn how intruders escalate privileges and what steps can be taken to secure a system. Also covered will be Intrusion Detection, Policy Creation, Social Engineering and DDoS Attacks. All students will leave the class with a detailed plan on conducting vulnerability assessments.

 

Prerequisites:-

Can access computer system and make use of internet to perform search over Google.

 

Need to Prepare?

Prior programming experience is not required.

 

 Tools Expected:-

  1. Windows 8.1 / 8 / 7
  2. 64 bit  windows
  3. System RAM minimum 4GB With Windows
  4. Intel Core i3, i5
  5. Windows Intel i3 4th gen , i5 ,i7
  6. Smart phone with Internet
  7. Notebook and Pen

 

Tools Provided (for the session):-

DVD with software development tools for Cloud computing & Big Data.

 

Concepts:-

Virtualization, Cyber Laws, Penetration testing, SQL injection, Cryptography, Social Engineering, Foot printing, Enumeration, Windows security

 

Summary:-

Ethical Hacking workshop is to educate users of digital media of the threats, risks and privacy concerns that go with using them as well as expose issues and vulnerabilities to drive the digital media.

 

Project:-

  • Hacking and Securing Windows Systems
  • Malware: Attack, Detect and Defend
  • Software Cracking: Product Key Generation
  • Hacking Emails and Social Networks
  • Google Hacking
  • Data Security and Recovery

 

Commitment:-

  • 2 Days (7 hours each including 1-hour lunch break)

 

Agenda:-

 

Day 1

Session 1-  (03:30 hrs)
Concept of Hacking
Elements of Information Security
  • Information Security Supports the Mission of the Organization
  • Information Security Should Be Cost-Effective
  • Responsibilities and Accountability Should Be Made Explicit
  • Owners Have Security Responsibilities Outside Organizations
Roles and Responsibilities
  • Senior Management
  • Program and Functional Managers/Application Owners
  • Users
Common Threats: A Brief Overview
  • Fraud and Theft
  • Employee Sabotage
  • Loss of Physical and Infrastructure Support
  • Threats to Personal Privacy
Information Technology Act 2000-2008
  • Introduction to IT Act 2000
  • Amendment 2008
  • Under Umbrella of IT Act 2000
    • Cyber Crimes
    • Intellectual Property
    • Data Protection and Property
  • Limitations of Indian IT Act
Introduction to Penetration Testing
  • Legal and Ethical Implications
  • Types of Penetration Testing
    • White Box Penetration Testing
    • Black Box Penetration Testing
    • Grey Box Penetration Testing
Setting Up Web Application Penetration Testing Lab
  • Collecting and Installing PenTest Tools
  • Flexible Browser with Security Add-ons
  • Setting up Browser Proxies
Beginning Application Penetration Testing
  • Identification of Application Entry Points
    • Get and Post Parameters
  • Testing for Security Vulnerabilities
    • SQL Injection
    • Cross Site Scripting
    • Session Hijacking
    • Local and Remote File Inclusion Attacks
    • Parameter Tampering
Use Cryptography for Application Security
  • Hashes
  • Secure Key Storage
  • Weak Practices in Cryptography
Data Validation Strategies
  • Where to include Data Validation
  • Prevent Parameter Tampering
    • Hidden Fields
  • Encoded Strings
    • HTML and URL Encoding
    • Delimiter and Special Characters
Session Management
  • Session ID Generation
  • Session Handling
    • Regeneration of Session Tokens
    • Session Validation
    • Session Bruteforcing
  • Session Termination

 

Session 2- (02:30 hrs)
Hacking Email & Social Network
Cyber Social Media Threats
  • Social Engineering
    • Human Based Social Engineering
    • Computer Based Social Engineering
  • Fake Emails
  • Keystroke Loggers
  • Phishing
  • Identity Theft
Securing Your Cyber Social Life
  • Awareness is the Key
  • Email Security
    • Detecting Fake Emails
    • Creating Account Filters
  • Online Account Security
    • Strong Password Setup
    • Designing Account Recovery Mechanism
    • Secure Logout
    • Browser Remember Password
  • Recognizing Phishing Websites
Google Hacking
Working of Google and its methodology
  • Introduction to Crawlers, Bots
  • Caching Process of Crawlers
Various Roles of Google as a Friend of Hacker
  • Advance Google Search Operators
  • Directory Traversal Tool
    • Finding Directory Listings
    • Locating Specific Directories
  • Vulnerable Website Locator
    • Locating via Company Tags
    • Locating via Web Applications
    • Locating via Common Names
Various Attacks with the help of Google
  • Password Harvesting
  • Controlling CCTV Camera
Data security & Recovery
Data Security with Cryptography
  • Securing Data by Using EFS and BitLocker
  • File and Folder Permissions
  • Alternate Data Streams
  • Encrypting Office Documents
Recovering Techniques
  • Corrupt Partitions
  • Corrupt File System
  • Media Errors
  • Overwritten Damage
Data Acquisition
  • OS Volume Information
  • Disk Imaging
Digital Virtualization
Introduction to Virtual Machines and Virtualization
  • Concept of Virtualization
  • Need and Advantages of Virtualization
Installation and Configuration
  • Hardware and Software Requirements
  • Installation and Configuration
  • Performance Optimization
    • CPU & Memory Performance
    • Network Performance Optimization
      • Host to Host Networking
      • Host to LAN Networking
    • Storage Performance

 

Session Recap
 
Day 2
Session 1- (03:30 hrs)
Introduction to Windows Security
  • Overview of Windows OS
  • Windows File System
  • Security Architecture in Windows
    • Local Security Authority
    • Security Account Manager
    • Security Reference Monitor
User Account Security
  • Password Attacks in Windows
    • Bruteforcing, Dictionary and Rainbow Table Attacks
  • Account Security Strengthening
    • Strong Password Policy
    • Additional Security: Syskey Encryption
    • User Account Control : Parental Controls
    • Restricting BIOS Setup
Services, Port and Protocol Security
  • Auditing and Monitoring Network Connections
  • Restricting Ports, Protocols and Services
  • Windows Firewall with Advance Restrictions
Security Applications in Windows
  • Auditing and Monitoring Windows Auto Startup
  • Defending Windows via Windows Defender
  • Policy Management with MBSA
  • File and Folder Scanning with MSSE
Malware Attack, Detect & Defend
Introduction to Computer Malware
  • Overview Malware: Malicious Software
  • Proliferation and Purposes
  • Types of Malware
    • Virus: Vital Information Resources Under Seize
    • Worm: Write Once Read Multiple
    • Trojan Horse, Rootkit
    • Spyware, Keystroke Logger
Virus and Worm: Infectious Malware
  • Significance of Virus and Worm
  • Behavioral Activity of Virus and Worm
  • Virus and Worm Development
    • By Automated Tools
    • Coding own Viruses and Worms
Trojan Horse: Concealment
  • Overview of Trojan
  • Trojan Attack
    • Direct Connection
    • Reverse Connection
  • Injection in System Files
Detection and Removal
  • Anti Malware Tools
  • Manual Removal of Malwares

 

Session 2- (02:30 hrs)
Software Cracking
Introduction to Assembly Language
  • Role of Assembly Language in Reverse Engineering
  • Concept of Debuggers and Dis-assemblers
Understanding Data Flow
  • “Step Over” view of Data flow
  • “Step Into” view of Data flow
Principles of Software Security
  • Encryption
  • Online Key Checking
  • Fake Checking Points
  • DLL Breakpoints
Security Challenge Requirements
  • Computer Device (Bring Your Own Device)
  • Windows Operation System
  • Working CD/DVD Drive
  • Removable Storage Media (Pen Drives 1GB)
  • Battery Backup for 60 minutes
Participants will be asked to install Virtual PC in their machines so that they can use the challenge machine.
Level 1: Windows Password Cracking

Windows virtual machine will be password protected. Participants will be required to recover the password of the administration user account using the password cracking techniques demonstrated during the workshop.

Level 2: Product Key Generation

Windows virtual machine will carry a software setup. Participants will be required to generate a valid product key against their name. Target application will be with the Loophole+ Software Toolkit

Demonstration

Winners will be required to demonstrate the solution of both the levels to all the participants of the workshop to declare their win.

Mobile Hacking Techniques
Attacks for Faking Caller ID
  • via Softphones
  • via Websites
Attacks for SMS Technology
  • Faking Sender ID: Fake SMS
  • Faking Sender ID: Fake MMS
Mobile Security Kit
  • Anti Virus
  • Key Guard
  • Secure Password Setup

Threats Posted by Third Party Applications

 

Session Recap
Zonal Round of SkillThon
  • Competition
  • Certificate distribution and acknowledgement

Charges:

INR 1100 (GST exclusive) Per Participation