IT Security & Ethical Hacking

Bangladesh is reaching towards the highest peak of digitalization and issues like server and network security are getting more and more importance. To secure our network systems from any kind of trouble or hacking, people are depending on Certified Ethical Hackers. At present, certified ethical hacking program has gained the most importance among the desired information security training program and it has achieved its captivating status among security professionals.



Batch Duration

Starting Date : 25th January, 2023

Last Date of Registration :24th January, 2023

Class Schedule : Offline/Online, 2 Months (40 Hours)Monday & Wednesday: Time: 7:00 PM - 9:00 PM,

Total Hours : 40

Course Curriculum

Module 1: Information security basics & Lab preparation

Information security basics

  • Understanding ethical hacking concepts
  • Concept of policy, procedure and awareness

Lab preparation

  • Installing Kali linux as attacker machine
  • Installing metasploitable as victim machine

Module 2: Footprinting, Reconnaissance, Scanning & Enumeration

Footprinting & Reconnaissance

  • Understanding footprinting concept
  • Footprint using advance google hacking techniques
  • Footprinting uisng recon-ng

Scanning & Enumeration

  • Scanning techniques using nmap
  • Enumeration using Nmap Scripting Engine (NSE)

Module 3: Vulnerability Assessment

Vulnerability Assessment

  • Vulnerability Assessment using ZAP
  • Analyzing ZAP Result
  • Vulnerability Assessment using Nikto
  • Analyzing Nikto Result

Module 4: Gaining AccessModule

Gaining Access – Server-Side Attack

  • Basic enumeration and exploitation
  • Hacking remote server using basic Metasploit Exploit
  • Hacking remote server using code execution vulnerabilities
  • VNC/IRCd exploitation to hack into remote server
  • Exploiting Samba Vulenrability to hack remote server

Gaining Access – Client-Side Attack

  • Generating undetectable backdoor using VEIL framework
  • Listening for incoming connections
  • Basic delivery method to test and hack windows

Gaining Access – client-side attack – Social Engineering

  •  Backdooring any file types (images/pdfs etc)
  • Compiling and changing trojan’s icon
  • Spoofing .exe extension to any extension (pdf/jpg etc)

Module 5: Post exploitation

Post exploitation

  • Maintaining access – basic method
  • Maintaining access – using reliable and undetectable method

Exam - 1

  • Putting knowledge all together to Hack a real life like Machine

Module 6: Website Hacking

Website hacking – Reconnaissance

  • Shodan for recon
  • DNS Enumeration
  • CMS Identification
  • Fuzzing – Introduction/Importance
  • Fuzzing – process, for sensitive files
  • Fuzzing – use of Wfuzz, FFUF
  • Github Recon – Manual & Automated way
  • Advance Subdomain Recon (https://www.youtube.com/watch?v=9mSLSC7aUcY)

Website hacking – SQL Injection

  • What is SQL injection
  • UNION based attack
  • Reading database information, login bypass
  • Blind SQL injection attack

Website hacking – XSS

  • Introduction to Burpsuite – configuring with firefox
  • Introduction to Burpsuite – Reaper, Intruder
  • Background concept of XSS
  • Manual building XSS vector
  • Basic XSS on Lab
  • Hunting XSS using Burpsuite
  • Advance method for hunting XSS-1
  • Advance method for hunting XSS-2

Website hacking – Authentication

  • Username enumeration using different responses/processes
  • 2FA simple bypass
  • 2FA brute forcing
  • 2 FA broken logic
  • Password reset poisoning/broken logic
  • Password brute forcing via password change

Website hacking – Server-Side Request Forgery (SSRF)

  • Basic SSRF
  • SSRF with blacklisted/whitelisted input filter
  • SSRF filter bypass

Website hacking - Directory Traversal   

  • File path traversal/absolute path bypass/URL encode/null byte bypass

Website hacking - Information Disclosure

  • Information disclosure in error message/debug page/backup files

Website hacking – Cross Site Request Forgery (CSRF)

Website hacking - Cross Origin Resource Sharing (CORS)

Website hacking – HTTP Host Header Attack

Website hacking – Server-Side template Injection

 

Module 7: Network hacking

Network hacking – Pre-connection attack - WPA/WPA2 cracking

  • Hacking WPA/WPA2 without wordlist
  • Cracking WPA/WPA2 using wordlist attack

Network hacking – Post connection attack – MITM attack

  • ARP poisoning using Kali
  • Bettercap basics and sniffing
  • Bypassing HTTPS
  • Bypassing HSTS
  • Wireshark basics
  • Stealing password using Wireshark

 

Module 8: Hack a real life like machine

Exam – 2

  • Hack a real life like machine
MD JAHANGIR ALAM

Course Instructor

MD JAHANGIR ALAM

Sr. Faculty, CEH, CISA & Cyber Security

Admission Open

50% OFF

Course Fee : ৳ 18000

Our Clients


We're proud of our strategies and glad to work with some fantastic companies.