Internet

• History of internet

• Internet life cycle

• Submarine cable map

Network

• Types of networks

• Topologies

• OSI model

• TCP/IP model

• IP address

Operating system

• Kernel’s

• Architectures of OS

Introduction to Ethical Hacking

• What is Hacking

• Who is a Hacker

• Skills of a Hacker

• Types of Hackers

• Reasons for Hacking

• Who are at the risk of Hacking attacks

• Effects of Computer Hacking on an organization

• The Security, Functionality & Usability Triangle

• What is Ethical Hacking

• Why Ethical Hacking is Necessary

• Scope & Limitations of Ethical Hacking

Foot printing and Reconnaissance

• What is Foot Printing

• Objectives of Foot Printing

• Finding a company’s details

• Finding a company’s domain name

• Finding a company’s Internal URLs

• Finding a company’s Server details

• Finding the details of domain registration

• Finding the range of IP Address

• Finding the DNS information

• Finding the location of servers

• Traceroute analysis

• Tracking e-mail communications

Scanning

• What is network scanning

• Objectives of network scanning

• Finding the live hosts in a network

• SNMP Enumeration

• SMTP Enumeration

• DNS Enumeration

• Finding open ports on a server

• Finding the services on a server

• OS fingerprinting

• Server Banner grabbing tools

• What is a Vulnerability Scanning

• What is a proxy server

• How does proxy server work

• Why do hackers use proxy servers

• What is a TOR network

• Why hackers prefer to use TOR networks

Hacking Web Servers & Web Applications

• What is a web server

• Different webserverapplications in use

• Why are webservers hacked & its consequences

• Directory traversal attacks

• Website defacement

• Website password brute forcing

Cross site scripting

• Persistent XSS, where the malicious input originates from the website’s database.

• Reflected XSS, where the malicious input originates from the victim’s request.

• DOM-based XSS, where the vulnerability is in the client-side code rather than the server-side code.

SQL Injection

• What is SQL Injection

• Effects of SQL Injection attacks

• Types of SQL Injection attacks

• SQL Injection detection tools

Session Hijacking

• What is session hijacking

• Dangers of session hijacking attacks

• Session hijacking techniques

• How to defend against session hijacking

Denial of Service

• What is a DoS attack

• What is a DDoS attack

• Symptoms of a Dos attack

• DoS attack techniques

• What is a Botnet

Social Engineering

• Phishing

• What is Phishing

• How Phishing website is hosted

• How victims are tricked to access Phishing websites

• How to differentiate a Phishing webpage from the original webpage

• How to defend against Phishing attacks

• Homograph attack Evading Firewalls, IDS & Honeypots

• What is a Firewall

• What are the functions of a Firewall

• Types of firewalls

• What is an IDS

• How does an IDS work

• What is a honeypot

Kali Linux

• What is Kali Linux

• How Kali Linux is different from other Linux distributions

• What are the uses of Kali Linux

• Tools for Foot printing, Scanning & Sniffing

• What is Metasploit framework

• Using Metasploit framework to attack Windows machines

• Using Metasploit framework to attack Android devices

System Hacking

• What is system Hacking ·

• Goals of System Hacking

• Password Cracking

• Password complexity

• Finding the default passwords of network devices and software’s

• Password cracking methods o Online password cracking

• Man-in-the-middle attack

• What is system Hacking ·

• Goals of System Hacking

• Password Cracking

• Password complexity

• Finding the default passwords of network devices and software’s

• Password cracking methods o Online password cracking

• Man-in-the-middle attack

• Password guessing o Offline password cracking

• Brute force cracking

• Dictionary based cracking

• USB password stealers

• Elcomsoft Distributed password recovery tools

• Active password changer

• What is a keylogger

• How to deploy a keylogger to a remote pc

• How to defend against a keylogger

Mobile Hacking

• What is mobile Hacking

• Goals of mobile Hacking

• Countermeasures

Sniffers

• What is a sniffer

• How sniffer works

• Types of sniffing

• Active sniffing

• Passive Sniffing

• What is ARP

• ARP poison attack

• Threats of ARP poison attack

• How MAC spoofing works

• MAC Flooding

• How to defend against MAC Spoofing attacks

• How to defend against Sniffers in network

Wireless Hacking

• Types of wireless networks

• Finding a Wi-Fi network

• Types of Wi-Fi authentications

• Using a centralized authentication server

• Using local authentication

• Types of Wi-Fi encryption methods

1.WEP

2.WPA

3.WPA2

• How does WEP work

• Weakness of WEP encryption

• How does WPA work

• How does WPA2 work

• Hardware and software required to crack Wi-Fi networks

• How to crack WEP encryption 

• How to crack WPA encryption

• How to crack WPA2 encryption

• How to defend against Wi-Fi cracking attack

Malware

• What is malware

• Types of malware

 Virus

• What is a virus program

• What are the properties of a virus program

• How does a computer get infected by virus

• Types of virus

• Virus making tools

• How to defend against virus attacks

  Worm

• What is a worm program

• How worms are different from virus

 Trojan

• What is a Trojan horse

• How does a Trojan operate

• How to defend against Trojans

 Spyware

• What is a spyware

• Types of spywares

• How to defend against spyware

Rootkits

• What is a Rootkit

• Types of Rootkits

• How does Rootkit operate

• How to defend against Rootkits

 

Vulnerability Assessment & Penetration Testing

• Introduction to the web application Vulnerability Assessment & Penetration Testing

Standards to follow

• OWASP Top 10 Overview
• OWASP Security Testing Methodology
• SANS  Top 25 Overview

Intro to Big Bunty Program

• Different Bug Bounty Platforms
• Understanding In-Scope & Out-of-Scope
• Understanding the Vulnerability Priority 4. Explanation about any one Bug bounty platform
• About CTF in bug bounty (i.e. Hackerone)

Application Analysis

• Understanding difference between Static & Dynamic Applications
• Analysis of the application flow
• Different categories of applications
• Analysis of the application functionalities and their functional cycle

Authentication Testing

• About Authentication Process Cycle
• Understanding different login patterns
• Introduction to Burp Suite
• Authentication Bypass using SQL payloads
• Login Brute force
• User Enumeration
• Hard Coded Credentials
• Insecure Logout Implementation
• Strict Transport Security Not Enforced
• Testing OTP Length, Duration & Rate Limitation
• Mobile/Email OTP Bombing
• Leakage of OTP in Later Response
• Response Tampering OTP Bypass
• Testing IDOR – Token Based Authentication
• Sending User Credentials using GET method

Testing the User Registration Process

• About User Registration Process Cycle
• Testing Input Validation – XSS
• Verification of Email address / Mobile Number
• Weak Username or un-enforced policies
• Weak password policies

Testing Password Reset Functionality

• About Password Reset Functionality Cycle
• Testing authorization issue in-case of UID & Token
• Testing Life time of reset link
• Predictability of the token encryption (Base64 based encryption)
• Testing password reset token expiration

Sensitive Data Exposure

• About Sensitive Data Exposure depending on Application Category
• Insecure Error Handling
• Information disclosure via metadata
• Insecure communication channel
• Hidden/sensitive directories & files in robots.txt
• Return of sensitive information in later responses (example: password, otp, other user’s private/sensitive information)

API Communication

• About API Communication
• Authorization Header Analysis
  • Basic Authentication token
  • Barer Token
  • None
  • Custom
• About JWT Token pattern
• Un-Authenticated/Anonymous Access

Testing for Cookie Attacks

• Understanding the cookie Life Cycle
• Weakness in cookie life cycle
• Cookie with sensitive data
• XSS via cookie
• Missing HTTP only Flag
• Missing Secure Flag
• Analysing authorization/privileges implementation through cookies

Headers and Policy Scrunity

• CRLF Injection
• Host Header Injection
• Cross Origin Resource Sharing
• Click Jacking
• URL Redirection

 Session Management Issues

• Testing for Insecure Logout Implementation
• Testing for CSRF Vulnerability
• Bypass Methods of CSRF Vulnerability

 Testing for Authorized Testing

• Concept of Access Control & RBAC
• Insecure Direct Object Reference (IDOR)
• Testing for Vertical Privilege Escalation
• Testing Horizontal Privilege Escalation
• Directory Traversal

Data Validation Testing

• Malicious file upload
• Cross Site Scripting
• CSV Injection
• HTTP Parameter Solution

Injections

• Remote Code Execution
• SQL Injection
• XML Injection / XXE
• OS Command Injection

Testing Server Side Issues

• Testing for SSRF
• Template Injection

Business Logic Issues

• About different payment methods Integration
• About Payment Tampering Method
• Straight Forward Payment Tampering
• Add-on Based Payment Tampering
• Coupon Based Payment Tampering
• Longitude and Latitude based payment tampering (In Case of CAB booking, if validation process depends on Long & Lat)
• Failure to Success Journey
• HTTP Parameter pollution (In case of Amount parameter)
• Getting High Benefits Features with Low
• Benefit cost (In case of Feature id)
• Test with Fake DC/CC with CVV
• Sensitive information Leakage
• Insecure Direct Object Reference (Getting Booking & Billing Details, in case of E-Comers application)
• Testing IDOR (In case QR Code generated based on ID value)
• Bypassing Attaching Mandatory Entities

Cloud Misconfiguration

• AWS S3 Misconfiguration

 Testing for Security Misconfiguration

• Outdated Framework /CRM/ WordPress
• Enabled Directory Listing
• Default accounts with default passwords

Miscellaneous 

• Reflected File Download
• Accessing Default Files (i.e: phpmyadmin)

 Other Vulnerabilities

•  Web Cache Posioning

 Foot Printing & Information Gathering

• About Red Team Assessment overview (RTA)
• Foot Printing & Info Gathering Concepts

API Testing

• Introduction to postman Collection
• Integrating burp proxy to the postman collection.