Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Certified Penetration testing Expert 1 year Diploma is a  ethical hacking training course provided by Cyber Defence Intelligence (CDI) in Punjab, Mohali ,Chandigarh, Haryana . This Ethical Hacking Course is provided by the professionals of CDI. It is framed by the expert professionals of CDI having hands-on experience in Cyber Security. 

 

About Ethical Hacking Course

  • Full-fledged course designed by CDI covering all domains of hacking.
  • Framed in a manner such that it covers all aspects of Ethical Hacking.
  • Complete Ethical Hacking toolkit will be provided.
  • Along with the toolkit complete study material and guidance will be provided.
  • Live Hacking demonstrations will be provided.
  • Complete Industry exposure with hands-on experience on penetration testing projects.
  • Tests will be scheduled at regular intervals.

 

Why CDI?

CDI is an emerging Information Security Company providing Information Security Solutions to clients. Key factors which play role that why CDI is best for Ethical Hacking training are:  Quality, affordability, regular exams, professional environment, guidance by experts, worth time utilization.

This ethical hacking course is designed keeping in mind hacker’s enthusiasm and hacking spirit. At the end of 3 months course, candidate will be provided with complete career assistance after clearing the final exam being conducted.

Course Detail: Overview of Topics

 (1 Year Course ) - only content

Basics 

● Introduction to Cyber Security

● Introduction to Cryptography and Hashes 2 Hours

● Ethical Hacking Introduction

● Introduction

● Introduction to all Underground Ethical Hacking Community

 

● Basics of Linux 

○ Linux architecture 

○ Linux File directory architecture

○ Installation of Linux

○ Basic commands of linux and their usage 

○ Description of files like passwd, shadow, sudoers, etc.

○ Virtual Machine Installation

○ Installation of Linux

○ Introduction to Kali Linux and its Tools

○ Introduction to Backtrack/Kali Operating System

○ Penetration Testing using Backtrack/Kali

○ The Bash Environment

○ Simple Bash Scripting

○ Finding your way around Backtrack

○ Backtrack Services

 

● Basic of networks

○ Important Protocols and their headers (In Depth)

■ TCP

■ UDP

■ IP

■ ICMP

○ Ports and their basic 

○ Basics of Linux Services

○ IPV6 & IPV4

○ Basics of Networking

○ Information Gathering and Footprinting

○ Network Vulnerability Assessment - Part 1 2 Hours

○ Network Vulnerability Assessment - Part 2 2 Hours

○ WiFi Hacking and Security 2 Hours

○ Router Penetration Testing 2 Hours

○ Metasploit Framework - Part 1

○ Metasploit Framework - Part 2

○ Metasploit Framework - Part 3

○ Network Exploitation Frameworks

○ Network Scanning VA Tools

○ Network IDS IPS Implementation

○ Penetration Testing Report Generartion

 

● Network Security

○ Important Protocols and their headers (In Depth)

○ Network Traffic Analysis

○ Network Threats and Attack Methodology 

○ Reconnaissance (Basic and  Advance)

○ Information gathering tools 

○ Hashing (Cryptographic functions)

○ Port scanning via NMAP

○ Pentesting Methodology

○ Metasploit Framework

○ Manual Port Scanning

○ Scapy (MODIFY IP,PACKET HEADER , PARAMETERS , be fool the server)

○ Hping (Automatic packet generation tool)

○ Server pentesting

○ Hacking networks

○ VAPT

○ Secure network design

○ IDS & IPS

○ Rules of IDS & IPS

○ RFI & LFI

○ Denial of service (DOS) and distributed Denial of service (DDOS) attacks over the network.

○ Countermeasures of DoS and DDoS

○ Practical Aspects of Networking

○ Knowing the Basics of IP Address

○ Knowing Remote System IP Address

○ Hiding Your IP address (Proxy Server)

○ Be Anonymous in Cyber World VPN and Proxy Servers

○ VPN (Virtual Private Network)

○ Tracing an IP Address

○ Attack Scanning & Virtual Lab Preparation

○ Network Reconnaissance

○ Port Scanning, Daemon Banner Grabbing

○ OS Detection & Firewall Enumeration

○ Sniffing

○ Making Virtual Lab using VMware or Oracle Virtual Box

○ Active and Passive Information Gathering

○ Configuring and Testing Your Network

○ Live Firewall Implementation

○ Exploiting With Metasploit Framework 4.0

○ Denial of Services Attack (DDOS Attack)

○ OWASP

○ Brute Force attack

○ Secure Socket Layer (SSL) Torn Apart

○ Determining whether your connection is secure or not

○ SSL: How it works

○ Cryptography, Firewalls and Error Messages

○ Penetration Testing

○ Introduction to Penetration Testing

○ How to do Penetration Testing

○ Preparing the Report

○ Wi-Fi Ethical Hacking & Security

○ Ethical Hacking on Wi-Fi Passwords on Wi-Fi router with WEP|WPA|WPA2 encryption

○ Securing Wi-Fi Router from being hacked

○ Sniffing the Network to E-Hack passwords

○ DHCP

○ Static IP Assignment

○ SSHD

○ Apache

○ FTP

○ TFTPD

○ VNC Server

○ Net cat the Almighty

○ Connecting to a TCP/UDP port with Net cat

○ Listening on a TCP/UDP port with Net cat

○ Transferring files with Net cat

○ Remote Administration with Net cat

○ Using Wire shark

○ Peeking at a Sniffer

○ Capture and Display filters

○ Following TCP Streams

○ Information Gathering Techniques

○ Open Services Information Gathering

○ DNS Reconnaissance

○ Interacting with a DNS server

○ Automating lookups

○ Forward lookup brute force

○ Reverse lookup brute force

○ DNS Zone Transfers

○ SNMP reconnaissance

○ Enumerating Windows Users

○ Enumerating Running Services

○ Enumerating open TCP ports

○ Enumerating installed software

○ SMTP reconnaissance

○ Microsoft NetBIOS Information Gathering

○ Null sessions

○ Scanning for the NetBIOS Service

○ Enumerating Usernames/ Password policies

○ Port Scanning

○ TCP Port Scanning Basics

○ UDP Port Scanning Basics

○ Port Scanning Pitfalls

○ Nmap4

○ Network Sweeping

○ OS fingerprinting

○ Banner Grabbing / Service Enumeration

○ Nmap Scripting Engine

○ ARP Spoofing

○ Ettercap

○ Working With Exploits

○ Looking for an exploit on Backtrack

○ Looking for exploits on the web

○ Transferring Files

○ The non interactive shell

○ Uploading Files

○ Using TFTP

○ Using FTP

○ Inline Transfers

○ Exploit frameworks

○ Meta Spoilt

○ Interesting Payloads

○ Meterpreter Payload

○ Binary Payloads

○ FTP Brute force

○ POP3 Brute force

○ SNMP Brute force

● Web Application security 

○ Basics of Web Security

○ HTTP Methods

○ HTTP status codes

○ Burp Suite tool

○ Sql injection 

○ Xss Attack

○ Defence mechanism of Sql Injection and xss attack

○ Security misconfiguration

○ Session hijacking.

○ Malicious file inclusion.

○ Broken authentication and session hijacking

○ Insecure direct object reference

○ Information leakage and improper error handling

○ Failure to restrict URL access.

○ Cross site request forgery attack and countermeasures

○ Remote code execution vulnerability study

○ RFI & LFI ( remote file inclusion & local file inclusion ) vulnerability

○ Denial of service (DOS) and distributed denial of service (DDOS) attacks 

○ Countermeasures of DoS and DDoS

○ Web platform security issues and countermeasures

○ Website code review and secure coding principles.

○ Projects based on live websites.

○ Basics of Web technology 

○ Web Architecture and PHP Basics 2 Hours

○ Web Vulnerability Assessment and Penetration Testing - Part 1 2 Hours

○ Web Vulnerability Assessment and Penetration Testing - Part 2 2 Hours

○ Web Vulnerability Assessment and Penetration Testing - Part 3 2 Hours

○ Demonstration of leaking of confidential information on vulnerable website

○ Securing a website from Google Ethical Hacking

○ Website Ethical Hacking Attacks & Security (Important Module)

○ CMS Ethical Hacking Introduction

○ 10+ Website Ethical Hacking Techniques (First Time Ever In World) & Countermeasures

○ SQL Injection (Basic & Advance)

○ Website Security

○ Input Validation Attack

○ Session Hijacking

○ Protocols Vulnerabilities and Exploiting through Sniffers

○ Server routing and Countermeasures (Website Ethical Hacking)

○ Website Ethical Hacking & Security

○ Open Web Information Gathering

○ Google Hacking

○ Miscellaneous Web Resources

○ Other search engines

○ SSL Encapsulation – Stunnel

○ HTTP CONNECT Tunneling

○ Proxy Tunnel 11.5 SSH Tunneling

○ SQL Injection in ASP / MSSQL

○ Identifying SQL Injection Vulnerabilities

○ Enumerating Table Names

○ Enumerating the column types

○ Fiddling with the Database

○ Microsoft SQL Stored Procedures

○ Code execution

○ Web Proxies

○ Web Application Attack vectors

○ Cross Site Scripting

○ Browser redirection / I Frame injection

○ Stealing Cookies / Abusing Sessions

○ Local and Remote File Inclusion

○ 3 SQL Injection in PHP / MYSQL

○ Authentication Bypass

○ Enumerating the Database

○ Code Execution

○ Microsoft VPN Brute force

 

● OS and Database security 

○ LINUX And Windows Based server hardening

■ Controls and authorization Configuration (Privileges to Users)

■ Database Access Configuration

■ Database/Platform Interaction Configuration

■ Secure Communication configuration

■ Secure Services Configuration

■ Logs and Event Management

■ Security Auditing

○ Database security

○ Hijacking os with using RAT and trojan.

○ Operating System Hacking and Security\

○ CMS Exploitation and Database Pentesting

○ System Hardening | Windows | Linux | Mac

 

● FORENSICS

○ Chain of custody & 6 A's of forensics

○ Legal study of evidence acquisition

○ Disk based forensics

○ Network Forensics

○ Data packet analysis

○ Browser forensics

○ USB forensics

○ Memory analysis  

○ windows forensics

○ Tools based on forensic study

○ Deleted data recovery

○ Image Forensics

○ Case investigation

○ Evidence recovery

○ Protocol standards.

○ Firewalls

○ WLAN Security

○ Dead vs Live forensics

○ Computer Investigation process.

○ Investigating attacks

○ Cyber Forensics and Investigations 2 Hours

○ Digital Forensics Science

○ Recover data from the USB Pendrives , Hard Disk Drive – Police Forensic way

● COMPLIANCE

○ Basic principles of assessment & auditing

○ Types of Auditing

○ IT LAWS and ACTS

○ ISO 27001:2005:2013 basics

○ PCI DSS

○ Risk Assessment

○ BCM

○ Network Security Auditing

○ Physical Security and Complaince

Miscellaneous

● Email Attacks and Security 2 Hours

● Smartphone Attacks and Security 2 Hours

● Google Hacking Database 2 Hours

● Introduction to Buffer Overflows - Part 1

● Buffer Overflows - Part 2

● Wireless Sniffing

● A

● Email Ethical Hacking

● What is Email Ethical Hacking

● Tracing Email

● Email Forging

● How to Secure your Email Accounts

● Google Ethical Hacking

● Introduction to Google Ethical Hacking

● Using Google Dorks on Google Search Engine

● Other Input Validation Attack

● Important Theft Techniques

● Spamming Attacks

● USB Ethical Hacking Technique

● Implementing security against Important Theft Techniques

● Social Engineering Attack

● Ethical Hacking Anyone without even using a single tool

● Physical Security Threats

● Steganography (Hide data into images)

● Banking Ethical Hacking & Security

● Concept of how ATM Hacking happens & Security

● How Credit Card & Debit Card Hack Attacks & Security

● Advance Ethical Hacking Technique

● Ethical Hacking IIS Server

● Advance Email Ethical Hacking Techniques

● Shell Ethical Hacking (Website Ethical Hacking)

● Live Ethical Hacking Demonstration on Dedicated Server in US or at other Country

● Credit Card Ethical Hacking & Security

● Malt Ego

● Network Infrastructure

● Social Infrastructure

● PBNJ

● Unicorn Scan

● Buffer Overflow Exploitation

● Looking for Bugs

● Fuzzing

● Exploiting Windows Buffer Overflows

● Replicating the Crash

● Controlling EIP

● Locating Space for our Shell code

● Redirecting the execution flow

● Finding a return address

● Basic shell code creation

● Getting our shell

● Exploiting Linux Buffer Overflows

● Setting things up

● Controlling EIP

● Landing the Shell

● Avoiding ASLR

● Other Framework v3.x features

● Core Impact

● Client Side Attacks

● Client side attacks

● CVE-2009-0927

● MS07-017 – From POC to Shell

● MS06-001

● Client side exploits in action

● Port Fun

● Port Redirection

● John the Ripper

● Rainbow Tables

● Password Attacks

● Online Password Attacks

● Hydra

● Hydra GTK

● Password profiling

● CEWL

CMA 

● Malware Fundamentals : Reverse engineering

● Malicious Code & Pattern analysis

● Complete Malware analysis

○ Static Malware Analysis 

○ Dynamic malware Analysis

● In-depth study of Self-Defending Malware

○ Maneuvering Techniques

○ Persistence Techniques

○ Self destruction

○ Self Avoidance

○ Security degradation

● Malicious Documents

● Memory Forensics

○ Registry Settings

○ System Settings 

● Malware Illustrations - Part 1 2 Hours

● Malware Illustrations - Part 2 2 Hours

● Basics of Reverse Engineering 2 Hours

● Reverse Engineering Part 1 - Windows Memory Management 2 Hours

● Reverse Engineering Part 2 - Algorithm Reversing 2 Hours

● Reverse Engineering Part 3 - File Manipulation 2 Hours

● Demonstration of E-Hacker Virus

● Keylogger, Spyware Software

● Trojan and Backdoors Attack

● Virus, Worm & Trojan

● Binders and Cryptors

● Root kits

● Aphex Root kit

● HXDEF Root kit

● Registry Backdoors

● Trojan Horses

● Binary Trojan Horses

● Open source Trojan horses

 

 

Tools Covered:

● Basic OS

     

● Port scanning, Packet Monitoring and Tempering tool

   

● Reconnaissance Tools

    

 

● Password cracking tools

     

 

 

● Pentesting tools

  

● Packet Creation tools

 

● SQL injection Tools 

   

● IDS & IPS tools

  

● MITM tools

   

 

● WEB application security tools

   

 

● Multipurpose tools and techniques

      

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.