Information security basics

• Understanding ethical hacking concepts
• Concept of policy, procedure and awareness

Lab preparation

Installing Kali linux as attacker machine

Installing metasploitable as victim machine

Footprinting & Reconnaissance

• Understanding footprinting concept
• Footprint using advance google hacking techniques
• Footprinting uisng recon-ng

Scanning & Enumeration

• Scanning techniques using nmap
• Enumeration using Nmap Scripting Engine (NSE)

Vulnerability Assessment

• Vulnerability Assessment using ZAP
• Analyzing ZAP Result
• Vulnerability Assessment using Nikto
• Analyzing Nikto Result

Gaining Access – Server-Side Attack

• Basic enumeration and exploitation
• Hacking remote server using basic Metasploit Exploit
• Hacking remote server using code execution vulnerabilities
• VNC/IRCd exploitation to hack into remote server
• Exploiting Samba Vulenrability to hack remote server

Gaining Access – Client-Side Attack

• Generating undetectable backdoor using VEIL framework
• Listening for incoming connections
• Basic delivery method to test and hack windows

Gaining Access – client-side attack – Social Engineering

•  Backdooring any file types (images/pdfs etc)
• Compiling and changing trojan’s icon
• Spoofing .exe extension to any extension (pdf/jpg etc)

Post exploitation

• Maintaining access – basic method
• Maintaining access – using reliable and undetectable method

Exam - 1

• Putting knowledge all together to Hack a real life like Machine

Website hacking – Reconnaissance

• Shodan for recon
• DNS Enumeration
• CMS Identification
• Fuzzing – Introduction/Importance
• Fuzzing – process, for sensitive files
• Fuzzing – use of Wfuzz, FFUF
• Github Recon – Manual & Automated way
• Advance Subdomain Recon (https://www.youtube.com/watch?v=9mSLSC7aUcY)

Website hacking – SQL Injection

• What is SQL injection
• UNION based attack
• Reading database information, login bypass
• Blind SQL injection attack

Website hacking – XSS

• Introduction to Burpsuite – configuring with firefox
• Introduction to Burpsuite – Reaper, Intruder
• Background concept of XSS
• Manual building XSS vector
• Basic XSS on Lab
• Hunting XSS using Burpsuite
• Advance method for hunting XSS-1
• Advance method for hunting XSS-2

Website hacking – Authentication

• Username enumeration using different responses/processes
• 2FA simple bypass
• 2FA brute forcing
• 2 FA broken logic
• Password reset poisoning/broken logic
• Password brute forcing via password change

Website hacking – Server-Side Request Forgery (SSRF)

• Basic SSRF
• SSRF with blacklisted/whitelisted input filter
• SSRF filter bypass

Website hacking - Directory Traversal

• File path traversal/absolute path bypass/URL encode/null byte bypass

Website hacking - Information Disclosure

• Information disclosure in error message/debug page/backup files

Website hacking – Cross Site Request Forgery (CSRF)
Website hacking - Cross Origin Resource Sharing (CORS)
Website hacking – HTTP Host Header Attack
Website hacking – Server-Side template Injection

Network hacking – Pre-connection attack - WPA/WPA2 cracking

• Hacking WPA/WPA2 without wordlist
• Cracking WPA/WPA2 using wordlist attack

Network hacking – Post connection attack – MITM attack

• ARP poisoning using Kali
• Bettercap basics and sniffing
• Bypassing HTTPS
• Bypassing HSTS
• Wireshark basics
• Stealing password using Wireshark

Exam – 2

• Hack a real life like machine