About the course
What is Hacking?
Hacking is the process of finding loopholes in a website, intrude into it and take control of the site or make it crash. To prevent malicious hackers from intruding into computer systems and networks causing severe harm, trained hackers are employed by companies to find loopholes or weaknesses in existing websites, computer networks and take measures to solve them. It is called ethical hacking
About Hacking Training Course
EduCBA’s Hacking Training course is intended to help software professionals get an overview of hacking methods with practical examples. It will provide insights into hackinh techniques, strategies, study configuration, topology, understand network types and enhance skills to effectively use ethical hacking for corporates. It will enhance your skills and knowledge to convince the industry or employers about your capability in handling internet security. The course is spread into 105 lectures with 19 hours of HD video.
Introduction to hacking:
The course introduces the concept of hacking, how malicious hackers intrude into computer systems causing huge losses both in terms of data and financial for companies- How hacking has emerged as a career option and what needs to be done to achieve mastery in hacking.
General Hacking Methods:
This chapter introduces the learner to hacking methods employed by hackers and information security professionals.
- Port Scanning: Port scanning is the process by which hackers send messages to ports to see which are open and susceptible to vulnerabilities. Just as a burglar looks for a open window, door or ventilation to make his entry into a house, hackers send messages to ports to check weaknesses.
- ICMP Sweep/Scanning: basic network scanning to find out which IP addresses map to live hosts or computers. Internet Control Message Protocol (ICMP) – ping is an ICMP ECHO to multiple hosts, a return ICMP echo is received if port is live.
- Tools for ICMP Echo- fping, gping, nmap for UNIX, Pinger Software- Rhino9, Ping Sweep for Windows
- Netbios Hacking – getting entry into a computer system through Network Basic Input Output System (NETBIOS). This is how computers in a LAN or WAN is targeted- sniffing – ip addresses-local subnet
- Internet Application Security and Vulnerability: Security breach, proactive,defensive strategies, Authenitcation, authorization. Common flaws – injection flaws-passing unfiltered data to the SQL Server, to the browser, preventing injection flaws, Cross Site scripting, insecure direct object references, security misconfiguration. Sensitive data exposure, missing function level acess control, cross site request forgery. Components with vulnerabilities, unvalidated redirects and forwards.
- Introduction to attack techniques, classes of attacks-passive attack, active attack, distributed attack, insider attack, close-in attack, phishing attack, hijack attack, spoof attack, buffer overflow, exploit attack, password attack. Online identity-location, birth date, family connections, hacking , banking, financial transactions.
Protecting online identity:
Protecting identity of user, tips for protecting online identy- social media, profiles, privacy settings,usage of multiple passwords,phishing emails, https for online transactions – s stands for security.
- Reducing risk of online identity theft: Stealing personal information, impersonating, social security number, signature, name, address, phone number, mobile number,financial details- bank,credit card info.-committing fraud.
- Reducing Risk of online identify theft- online transactions- ask companies how data will be used, Secure Socket Layer (SSL), Site security certificate,, data encryption, credit card info – storage and use. Destroy papers containing credit card info.
- Action taken- Online identity theft- contact, credit bureaus- Experian, Equifax, TransuUnion, fraud alert, thief may not be able to open bank account on time.; monitor credit reports.security freeze, child identity theft, FTC Identity Theft Affidavit. ATM/Debt cards, social security number misuse,victim statement, reporting to police, legal support, keeping records.
- Phishing- Introduction to phishing- sending email to user falsely claiming to be a genuine enterprises – get personal information for identity theft- directing to a site-updating password, credit cards , account information-bogus website, stealing information. Anti-Phishing-
Introduction to computer security and cyber crime:
Computer crime refers to stealing data, intrusioin into websites and systems- examples- cyber terrorism, cyber bullying, denial of service attack, espionage, fraud- manipulating data, changing banking records, creating malware,spoofing, unauthorized access, spamming, harvesting, salami slicing.
- Cyber Security-IT security aims to protect computers, programs, networks, unauthorized access, modification or alteration. Importance of cyber security– government organizations, companies, corporates,financial institutions, hospitals- integrity of data,confidiential information,privacy, data transmission and theft, cyber attacks.
- Types of hacker attacks, spoofing- unauthorized access to user’s system impersonation, steal personal data, bank account, passwords,credit card info.- email spoofing,caller ID, URL spoof attacks- fraudulent website to obtain info from users, install viruses.credit card info.
- Session hijacking –exploitation of web session control mechanism, by exposing the session token by means of predicting a valid session token to get unauthorized entry to the web server- methods- predicting session token, session sniffing,IP snooping, client side attacks, man-in-the-middle attack,man-in-the-browser attack.
- DOS and Buffer over Flow Attack- takes advantage of a program awaiting on user’s input –Stack based and heap based attacks. Heap based- floods memory reserved for a progam execution- buffer over run, memory object or stack. When user inputs data, the stack which empty until then writes a return memory address to the stack putting the user’s input on top of it. When the stack is processed, user data is sent to return address mentioned in the pgoram.
- Password attack- three types– Brute Force, Dictionary Attack, Keylogger attack. Brute Force- hacker tries to login with different password combinations using computer program/script. Dictionary attack- runs a program to enter using different combination of dictionary words,- Key Logger Attack-tracks key strokes of a user- this helps hackers record login IDs and passwords.
- Introduction to Data Mining- analysing data from different perspectives and codify into useful information- it may be how to cut transportation costs, increase sales revenue etc. Data Mining software is used to analyse data from different angles and dimensions.
- Data Mining sub types-Information Recovery-finds relevant data, filters the irrelevant. Eg Google,MSN Yahoo, Data Control, Web crawler and software, web page indexing.
- Data Mining– threatsto Data privacy, online privacy- legitimate use of data mining-corporate use- to increase market size and depth- to find out what consumers will buy before they buy something- retail chain Target (2012) predicted a teenage girl becoming pregnant even before their family did it- goals of data mining. Nordstrom, retailer- sneaked into smart phones when connected to their in-store wi-fi to get shopping info- it drew widespread criticism- abandonment of data analytics service by Nordstrom.
Introduction to Cyber Terrorism-o r electronic terrorism-or information warfare- refers to any pre-planned, politically motivated attack targeted at computer system, programs or data, resulting in destruction of systems at the physical level. It is not just a virus attack or hacking with denial of service. It is intended to cause physical harm to banking industry, power plants ,military installation, air traffic control, water system, etc. – potential of cyber terrorism- strength of Internet.
More on data mining
- introduction continued, applications, KDD, key steps,evaluation process, data mining and knowledge discovery of databases-KDD- Data cleaning, data integration, data selecton, data transformation, data mining, pattern evaluation, knowledge presentation. Data mining and business intelligence (BI).
- Data Mining Classifications-Genetic algorithms, rough set approach, fuzzy set approach. Data mining query language- dmql-structured query language-to work on databases, data warehouses, define mining task- syntax- characterization-discrimination, association, classification, prediction.- Data Mining Issues- mining methodology, Performance issues, diverse data type issues, mining methodology-user interaction issues.
- Association rules in mining-help in uncovering relationships between unrelated data in a relational database. Data Mining system integration with data base or data warehouse- integration schemes- no coupling, loose coupling, semi-tight coupling, tight coupling.
- Pattern mining algorithms– types of data- transaction databases, sequence databases,streams, strings,spatial data, graphs. Interesting pattern- pattern that appears more number of times in a database, or rare patterns, top patterns. Pattern mining- developing data mining algorithms to find unexpected, interesting or useful patterns.
- Art of encryption and decryption of data and files– the technique of converting data to unreadable format-Cyptography-symmetric key systems- single key used by sender and receiver- public-key systems- two keys – one public key and other private key used by recipient of the message.
- Forms of encryption– Caesar cipher-plain text to unreadable text. AES- Advanced Encryption Standard, several times faster than Data Encryption Systems (DES).- symmetric key symmetric block cipher, 128-bit data, operation of AES. RSA Cryptosystem-public-key encryption, securing sensitive data sent over insecure networks. RSA first devised by Ron Rivest, Adi Shamir and Leonard Adleman of Massachusetts Institute of Technology. Digital signature-electronic, encrypted stamp of authenticity of digital documents- emails, files, signing certificate, digital signature assurances. Digital certificates,certifying authority, public key, Certificate Authority (CA).
- Introduction to SQL Injection – security threat when an input in web page is sent to MYSQL database. Prevention of SQL injection. SQL Query-SELECT Command to fetch data from MYSQL database, syntax, Insert Query- to insert data, Where clause, Update Query,Delete query, like clause, sorting results. Dynamic Candidate Evaluation for automatic prevention of SQL injection. Prepared statements- anti SQL injection
- Wireless Fidelity: Wireless local area networks (WLAN), specifications 802.11, history of wifi, specifications of 802.11 standards,privacy and security of wireless networks, working and application of wifi.
- Wireless hacking: Hacking an internet connection, use of wireless hacking fake ap wifi tool, airjack tool for wifi, uses of wireless hacking- scan wireless networks, determine signal strength, Crack WEP, WPA/WP2 passwords, sniff users mode, block users, specifying ports and targets within wireless. Airjack-device driver for 802.11 raw frame injection , reception., tool for 802.11apps.
|Start date||Location / delivery|
|No fixed date||Online|