Ngày 1

Introduction

About the training

Scope of course, timing

How it all begin (history)

Hackers, Crackers and used terms

Social Engineering - The weakest link

Social Engineering types

Vulnerable Behaviors

Countermeasures and Defenses

Impersonating, Identity Theft

Protecting from Identity Theft

Procedures and Policies

Phishing

What is phishing, common types?

Reasons for phishing

Methods and process of phishing

How not to be a phish bait?

Hoaxes

Anti-phishing Tools

Email Account Security

Email account information gathering

Common Vulnerabilities

Sign-in Seal

Demo (real-time email account hacking)

Ngày 2

Firewall Technologies

Firewall types

Hardware firewalls

Software firewalls

Windows host firewalls

Linux host firewalls

Authentication techniques

Creating strong passwords

Password stealing techniques

Key press logging techniques

One-time-passwords

Centralized authentication (tokens, certification)

Intrusion Detection/Prevention Systems (IDS)

IDS Types

Detection of attacks

Bypassing IDS systems

Honeypots and its Types

System Integrity Verifiers

Sniffing techniques

Definition of sniffing

Vulnerable protocols

ARP and ARP Spoofing

MAC flooding

DNS Poisoning

Detecting Sniffing

Demo (sniffing, password cracking demo)

Ngày 3

Application Security

Common programming mistakes

Definition of Stacks and Heaps

Buffer/stack overflows

Format string exploitation

Detecting and Defense against buffer overflows

User Input Validation

Patch management

Patches and Hotfixes

Patch monitoring and management

Best Practices

Patch Management Tools

Windows update (Microsoft patch types)

Reverse Engineering

Disassemblers, Decompilers

Revealing hidden hotfixes

Code obfuscators

Binary encryption

Demonstration

Creating vulnerable program with a Patch

Reverse engineering patch – hidden hotfix !

Writing exploit for hidden buffer overflow

Exploitation

Ngày 4

Cryptography

Symmetric  and Assymetric  encryption

Digital signatures

Steganography

Common cipher mistakes and wrong choices

Cryptanalysis – countering encryption

Bruteforcing and hash collision

Time-Memory tradeoff (Rainbow tables)

Physical security

Perimeter security

Wired network security

Laptop/Desktop thefts

Challenges in ensuring Physical Security

Access Control

Wireless Security

Bluetooth security

802.11 Wireless Security

Encryption algorithms

Known vulnerabilities and weaknesses

Demonstration

Setting up an insecure Wireless network

WEP hacking

WPA hacking

Securing the hacked wireless network

Bluetooth hacking

Ngày 5

Database Security

Common database administration mistakes

Enumeration of databases

SQL Injection techniques

Code Injection Attack

Oracle system vulnerabilities

Web Application Security

Web Application Vulnerabilities

Cross site scripting

Cookie security

SQL injection on web frontend

Countermeasures

Viruses, Worms and Trojans

Indication of Virus Attack

Virus incident response

Backdoor types

Ant-Virus Software

Virus Hoaxes

Demo

Web application hacking

SQL Injection

Cross-site scripting