Information & Cyber Security

PART I – Ethics

• Why is Security needed?

• What is ethical hacking?
• Ethical Hacker vs Malicious Hacker
• Types of Hackers
• Building an approach for ethical hacking

PART II – Google Hacking

• What is Google?
• How does Google work?
• Google Tricks
• Basic Hacks
• Google Calculator
• Google News
• Google Tools
• How can Google hacking help an ethical hacker?
• Preventing Google Crawls
• Practical Class: Case Studies

PART III – Scanning

• What is Scanning?
• Objectives of Scanning
• Practical Class
• Scanning Tools to be used:
• Nmap
• Null Scan
• Firewalk
• XMAS Scan
• NIKTO
• GFI Languard

PART IV – Email Hacking

• How does Email work?

• Tracing an Email
• Spam
• What is Spamming?
• Methods of Prevention
• Laws about Spamming
 • Fake Emails
• Detecting Fake Emails
• Tracing Server variables through
• Practical Class: Case Studies

Part V – Trojans

• Definition
• Legend
• Difference b/w Trojan, virus and worms
• Working of Trojans
• Server, Client, Direct & Reverse connections
• Trojan Practical
• Beast, Bandook etc.
• Both direct and reverse connection
• Trojans on WAN
• Problems – Dynamic IP
• NAT
• Using netcat as a Trojan
• Antivirus Detection process
• Heuristics, signatures
• Hex editing, source code changes, custom, binders, packers, DLL injection
• Social Engineering – Deploying Trojans
• Manual Detection
• TCP-view, process monitors

Part VI – Session Hijacking

• Understanding Sessions
• Passive vs. Active session hijack
• TCP sessions and HTTP sessions
• TCP session hijacking – Telnet
• Stealing Cookies to Hijack Session ID - XSS

Part VII – PHP Injection

• Understanding Sever side scripting

• Using code-injection to escalate privileges
• Briefings on PHP, ASP etc.
• Coding PHP shell
• Using PHP shells
• Exploiting file upload vulnerability
• PHP vulnerable functions and safe mode
• Prevention of code injection
Part VIII – SQL Injection

• Defining SQL
• Understanding web application
• Using SQL to login via middleware language
• Checking SQL Injection vulnerability
• URL and forms
• SQL query SELECT, DROP etc.
• SQL cheat sheets
• Using source changes to bypass client side validation
• PHP magic quotes
• Using SQL injection tools
• Importance of Server side validation

Part IX – Sniffing

• Introduction
• Active, Passive
• DNS, ARP
• Tools
• Wireshark, Ettercap Cain n Abel
• Detecting Sniffing
• DNS Poisoning
• Router Hacking
• Emulating WAN sniffing

Part X – Bluetooth Hacking

• Bluetooth Introduction
• Security Issues
• Security Attacks
• Bluejacking
• Tools for Bluejacking
• Tools for Bluejacking
• BlueSpam
• Blue snarfing
• BlueBug Attack
• Short Pairing Code Attacks
• Man-In-Middle Attacks
• OnLine PIN Cracking Attack
• BTKeylogging attack
• BTVoiceBugging attack
• Blueprinting
• Bluesmacking - The Ping of Death
• Denial-of-Service Attack
 • BlueDump Attack

Part XI – Cryptography

• Introduction to Cryptography
• Classical Cryptographic Techniques - Encryption/Decryption
• Cryptographic Algorithms
• RSA (Rivest Shamir Adleman)
• Example of RSA Algorithm
- RSA Attacks
- RSA Challenge
• Data Encryption Standard (DES)
• DES Overview
• RC4, RC5, RC6, Blowfish
• One-way Bash Functions - MD5
• SHA (Secure Hash Algorithm)
• SSL (Secure Sockets Layer)
• What is SSH?
• SSH (Secure Shell)
• Algorithms and Security
• Disk Encryption
• Government Access to Keys (GAK)
• Code Breaking: Methodologies
• Cryptanalysis
• Cryptography Attacks
• vBrute-Force Attack
• Cracking S/MIME Encryption Using Idle CPU Time
• Use Of Cryptography

Part XII – Social Networking Sites & Hacking

• Impersonating Orkut, Facebook, MySpace

• Orkut
• Impersonating on Orkut
• MW.Orc worm
• Facebook
• Impersonating on Facebook
• MySpace
• Impersonating on MySpace
• How to Steal Identity
• Comparison
• Original
• Identity Theft
• http://www.consumer.gov/idtheft/
Part XIII – Broadband Hacking

• Introduction: Broadband
• Airtel
• MTNL/BSNL
• Internet Grabbing
• Making Broadband Topography – National
• Making Broadband Topography - Regional
• Deploying Black Hat Scripts
• Using Default Passwords
• Special Trick: Hack any MTNL/BSNL/Airtel Broadband!
• Using Support Administrator Login
• Exploiting the Router
• Poisoning the Router
• Controlling User’s Internet Access
• Getting to the System from the Router

Part XIV – Hacking Mobile Phones, PDA and Handheld Devices

• Different OS in Mobile Phone
• Different OS Structure in Mobile Phone
• Evolution of Mobile Threat
• Threats
• What Can A Hacker Do
• Vulnerabilities in Different Mobile Phones
• Best Practices against Malware
• Blackberry
• Blackberry Attacks
• Blackberry Attacks: Blackjacking
• BlackBerry Wireless Security
• BlackBerry Signing Authority Tool
• Countermeasures
• PDA
• PDA Security Issues
• ActiveSync attacks
• HotSync Attack
• PDA Virus: Brador
• PDA Security Tools: TigerSuite PDA
• iPod
• Misuse of iPod
• Jailbreaking
• Tools for jailbreaking: iFuntastic
• Prerequisite for iPhone Hacking
• Step by Step iPhone Hacking using iFuntastic
• Defending Cell Phones and PDAs Against Attack
• Mobile Phone Security Tips
Part XV – Credit Card Hacking

• E-Crime
• Statistics
• Credit Card
• Credit Card Fraud
• Credit Card Fraud Over Internet
• Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
• Credit Card Generator
• RockLegend’s !Credit Card Generator
• Credit Card Fraud Detection
• Credit Card Fraud Detection Technique: Pattern Detection
• Credit Card Fraud Detection Technique: Fraud Screening
• MaxMind Credit Card Fraud Detection
• 3D Secure & Limitation
• What to do if you are a Victim of a Fraud - Facts to be Noted by Consumers
• Best Practices: Ways to Protect Your Credit Cards

Workshop Duration:
16 hours (Covered over 2 Days)