Cyber Security

What is Hacking ? , Computer Security Threats, Goals of Ethical Hacking, Skills and Tools required for Ethical Hackers,
Process of Ethical Hacking, Process of Ethical Hacking - Demonstration Part 1,Process of Ethical Hacking
- Demonstration Part 2

Information Gathering Concepts, Foot printing, Reconnaissance, Active Passive Scanning

CIA (Confidentiality, Integrity & Availability) Threat, Vulnerabilities, Threat Actor, Risk etc definitions & concept.
Advanced Cyber Security - Threats and Governance, What are Threats?, Types of threats (spoofing, tampering, repudiation,
information breach, DOS, elevation of privilege),GitHub DDos Attack.

Types of attack(DOS, Phishing, Ransomware).

Introduction and importance to information security, elements of information security (purpose, audience and scope,
security objective-CIA, Authority and access control, data classification (level 1-5), support and operation, security
awareness, responsibilities rights and duty. Principle of Information security (Confidentiality, Integrity, Availability).

Introduction to data security, types of data security (Encryption, Data Erasure, Data Masking, Data Resiliency),
data security strategy (Physical security of servers and user devices, Access management and controls, Backups).

Practical on Metasploit and bwap

bWAPP Features, Why should you learn bWAPP?, bwapp prct.

Dvwa feature and use

Kali Linux (tool) Demonstration - Web Application attack: Broken Authentication,
Demonstration - Web Application attack: Blind SQL Injections, Demonstration - Web Application attack: Cross site scripting.

Web Application Domain, Web Application Domain: Common Attacks, Hacking Methodology.

Mobile Application Domain, Mobile Application Domain: Types of Android Attacks, steps of Incident preventation, network
reconnaissance incidents (host detection, port enumeration, vulnerability assessment), DoS, Malicious Code.

Information gathering (Spiders, Robots and Crawlers/Search Engine Discovery/Reconnaissance/Testing Web Application
Fingerprint/. Analysis of Error Codes:).

Remediation Planning, Encryption, What is Encryption?, Prerequisites for Encryption, How does Encryption work?,
Vulnerability Assessment.

What is Decryption? , Encryption Vs Decryption, Types of Encryption, Encryption Algorithms and Protocols, Web application architecture, Web application attacks, Web server architecture, Web server attacks.

Introduction to information security controls, types of controls (organizational control, people control, physical control,
technological control), preventive, corrective and digestive control.

OSI concept, Protocols, ARP, SMTP, ICMP, TCP, 3 way Handshaking.

Security Market Outlook, Computer Networks - Architecture, Layered architecture, Open Systems Interconnect (OSI) Model,
Transmission Control Protocol/Internet Protocol (TCP/IP), Network Scanning, Enumeration, Common Network
Threats/Attacks, Packet Inspection.

Deep Packet Inspection(Intrusions detection system and Intrusion Prevention, System), IP Security, ICMP attacks.

TCP and UDP Security. Attacking Availability: Denial-of-Service, attacks, Distributed DOS attacks, SSL/TLS Data/Application
Security: confidentiality, Integrity, availability, authorization, authentication, identification, non-repudiation, types of control
(preventive, detective, corrective, deterrent, recovery, compensating), access control, Security Vulnerability Management.

Network devices (Hub, Switch, Router, Bridge, Gateway, Modem, Repeater, Access Point), Configuration of network devices,
Network configuration tool, Firewall, Firewall configuration.

Introduction to data leakage (direct losses and indirect losses.), Types of Data Leakage, NPI
(e.g. Customer Data), Confidentiality Info, PHI (e.g. Patient's Records),Intellectual Property, Data Leak Vector :- HTTP, Email, Networked Printer, End Point, Internal Mail.

IM, Webmail, Data Classification, types of data classification, steps and process of data classification.

Content awareness, Content analysis techniques (rule based, data based finger printing, partial document matching, lexicon), DLP (data in motion, data in rest, data in use), DLP limitation, DLP using DRM.

DEFINITION OF EVENT CORRELATION, EVENT CORRELATION USE CASES AND TECHNIQUES, BENEFITS OF EVENT CORRELATION, EVENT LOG.

Key concept of log management (log, event, incidents), log management process and challenges, configuration of windows event log, SIEM, Remote Software Access, Web Proxies, Firewall, Routers.

What is Data backup, Importance of data backup, why to backup, RPO, RTO, Types (Mirror, Full, Differential, incremental backup, Cloud Backup, FTP backup,).

Storage types (local or USB Disks, Network Shares and NAS, Data Backup to Tapes, Cloud Storage, ), Backup Procedures.

Information Security Policy, Top Information Security Threats (Unsecure or Poorly Secured Systems, Social Media Attacks, Social Engineering, Malware on Endpoints, Lack of Encryption.

Security Misconfiguration, Active and Passive Attack, Cyber Security Regulations, Roles of International Law, the state and Private Sector in Cyberspace, Cyber Security Standards. The INDIAN Cyberspace, National Cyber Security Policy 2013. Elements of an information security policy (Purpose, scope, Objective, authorization and access control, classification, data support operation, Security standard and guideline(COSO, COBIT,ITIL, NIST, NSA, ISO, IT act, Copyright, Patent law, IPR), Laws of Indian Govt.

Cyber Security Landscape Cyber security Policy Management , Cyber Security Policy Ecosystem, Cyber Security Policy ,Management Design, Cyber Security FrameWorks, ISMS Environment, Frameworks, ISO27001 Standard.

Security Metrics, Types of Security Metrics (Strategic security metrics, Security management metrics,Operational security
metrics), Mean-Time-to-Detect and Mean-Time-to-Respond, Number of systems with known vulnerabilities, Number of
SSL certificates configured incorrectly,Volume of data transferred using the corporate network.

Number of communication ports open during a period of time, Frequency of review of third-party accesses, frequency of
access to critical enterprise systems by third parties, Percentage of business partners with effective cybersecurity policies.

Introduction to Risk Assessment, Identification of Risk assessment, Risk assessment model (Identification, Assessment,
Mitigation, Preventation), role and need of risk assessment.

Hierarchy of Information security (Board of Director, CIO, CISO, CEO, System Architect, System Engineer, Security
Director, System Admin, Security Analyst, IS Auditor, DB Admin), Importance of information security policy, element.

Incidents, types of Incidents, Impact of incidents, Information (alert,logs, network flow), Phases of incident handling, incident response life cycle.

Firewall, why firewall, DMZ, troubleshooting Cisco IOS Firewall, troubleshooting routers, , anti virus and anti spam ware.

Unauthorized Access Incidents, Traffic filtering( NAT-Network Address Translation, VPN- Virtual Private Network.

IDP-Intrusion Detection & Prevention, CISCO IOS Firewall IDS Configuration Initializing Cisco IOS Firewall IDS.

IPS configuration, IPS Tuning, SNMP Configuration, Configuration of MoD Security.

Patch Management (windows Server Update Services).

What is Vulnerability, Need of Vulnerability, Types of Vulnerability assessment (Host assessment, Network and wireless assessment, Database assessment, Application scans, active, passive, internal, external), Vulnerability Assessment Process, Vulnerability Classification (Misconfigurations).

Default installations, Buffer overflows, Unpatched servers, Default passwords, Open services, Application flaws, Open system flaws, Design flaws).

Buffer Overflow & Vulnerabilities Case Study: WhatsApp Attack, VA tools (Nmap, Nessus, Whisker, Enum.Firewalk).

Configuration Management, Server, Server Hardening, Server and attack prevention, SecCM planning, Penetration Testing,
CM tools (Solar Wind),Benefits of Configuration Management.

What is and Why penetration testing, Stages (pre attack, attack phase, post attack), Planning and reconnaissance,
Scanning, Gaining Access, Maintaining access Analysis, SIEM, SySLog, Social Engineering.

SQL injection threat, Malware, Password attack, Zero-day attack), virus, worm, trojan, what are Vulnerabilities?,
Vulnerability Categorization, SQL Injection Anatomy, Cross Site Scripting Anatomy.

Information Security Audit, what is IT Security Audit? ,Scope of audit, Benefit and Types of Audit(Approach Based,
Methodology Based(Penetration Tests, Compliance Audits, Risk Assessments, Vulnerability Tests, Due Diligence
Questionnaires),case studies of security audit.

conduct an IT security audit using (Metasploit Framework, OWASP), Phases of audit, audit methodology, role,
responsibility, skills , ethics of auditor,

4 phases of information gathering, what is internal and external security audit and their steps, firewall security audit,
types of firewalls, Intrusion Detection System, ISD security audit steps, social engineering audit.