Advance IT Security & Ethical Hacking
Bangladesh is reaching the highest peak of digitalization, and issues like server and network security are getting more and more important. To secure our network systems from any kind of trouble or hacking, people are depending on Certified Ethical Hackers. At present, the certified ethical hacking program has gained the most importance among the desired information security training programs, and it has achieved its captivating status among security professionals.
Batch Duration
Starting Date : 7th December, 2023
Last Date of Registration :3rd December, 2023
Class Schedule : Tuesday & Thursday : Time: 9:00 PM - 11:00 PM
Total Hours : 40
Course Curriculum
Module 1: Information security basics & Lab preparation
Information security basics
- Understanding ethical hacking concepts
- Concept of policy, procedure and awareness
Lab preparation
- Installing Kali linux as attacker machine
- Installing metasploitable as victim machine
Module 2: Footprinting, Reconnaissance, Scanning & Enumeration
Footprinting & Reconnaissance
- Understanding footprinting concept
- Footprint using advance google hacking techniques
- Footprinting uisng recon-ng
Scanning & Enumeration
- Scanning techniques using nmap
- Enumeration using Nmap Scripting Engine (NSE)
Module 3: Vulnerability Assessment
Vulnerability Assessment
- Vulnerability Assessment using ZAP
- Analyzing ZAP Result
- Vulnerability Assessment using Nikto
- Analyzing Nikto Result
Module 4: Gaining AccessModule
Gaining Access – Server-Side Attack
- Basic enumeration and exploitation
- Hacking remote server using basic Metasploit Exploit
- Hacking remote server using code execution vulnerabilities
- VNC/IRCd exploitation to hack into remote server
- Exploiting Samba Vulenrability to hack remote server
Gaining Access – Client-Side Attack
- Generating undetectable backdoor using VEIL framework
- Listening for incoming connections
- Basic delivery method to test and hack windows
Gaining Access – client-side attack – Social Engineering
- Backdooring any file types (images/pdfs etc)
- Compiling and changing trojan’s icon
- Spoofing .exe extension to any extension (pdf/jpg etc)
Module 5: Post exploitation
Post exploitation
- Maintaining access – basic method
- Maintaining access – using reliable and undetectable method
Exam - 1
- Putting knowledge all together to Hack a real life like Machine
Module 6: Website Hacking
Website hacking – Reconnaissance
- Shodan for recon
- DNS Enumeration
- CMS Identification
- Fuzzing – Introduction/Importance
- Fuzzing – process, for sensitive files
- Fuzzing – use of Wfuzz, FFUF
- Github Recon – Manual & Automated way
- Advance Subdomain Recon (https://www.youtube.com/watch?v=9mSLSC7aUcY)
Website hacking – SQL Injection
- What is SQL injection
- UNION based attack
- Reading database information, login bypass
- Blind SQL injection attack
Website hacking – XSS
- Introduction to Burpsuite – configuring with firefox
- Introduction to Burpsuite – Reaper, Intruder
- Background concept of XSS
- Manual building XSS vector
- Basic XSS on Lab
- Hunting XSS using Burpsuite
- Advance method for hunting XSS-1
- Advance method for hunting XSS-2
Website hacking – Authentication
- Username enumeration using different responses/processes
- 2FA simple bypass
- 2FA brute forcing
- 2 FA broken logic
- Password reset poisoning/broken logic
- Password brute forcing via password change
Website hacking – Server-Side Request Forgery (SSRF)
- Basic SSRF
- SSRF with blacklisted/whitelisted input filter
- SSRF filter bypass
Website hacking - Directory Traversal
- File path traversal/absolute path bypass/URL encode/null byte bypass
Website hacking - Information Disclosure
- Information disclosure in error message/debug page/backup files
Website hacking – Cross Site Request Forgery (CSRF)
Website hacking - Cross Origin Resource Sharing (CORS)
Website hacking – HTTP Host Header Attack
Website hacking – Server-Side template Injection
Module 7: Network hacking
Network hacking – Pre-connection attack - WPA/WPA2 cracking
- Hacking WPA/WPA2 without wordlist
- Cracking WPA/WPA2 using wordlist attack
Network hacking – Post connection attack – MITM attack
- ARP poisoning using Kali
- Bettercap basics and sniffing
- Bypassing HTTPS
- Bypassing HSTS
- Wireshark basics
- Stealing password using Wireshark
Module 8: Hack a real life like machine
Exam – 2
- Hack a real life like machine
Our Clients
We're proud of our strategies and glad to work with some fantastic companies.
Pay With
All rights reserved PeopleNTech Software