Now a days, lots of attack on website ,network happen like dos attack, SQL injection attack, Cross site scripting attack etc.

As the crime increase ,requirement of ethical hacker and pentester increase as there is direct relationship between

 hacker and ethical hacker. There is the need of ethical hacker and pentester in public as well as private organization.

but training was very expensive so people think twice before spending money ,now the opportunity to learn and do so, at no cost at https://www.cybrary.it

 

 

Content of the course

 

1:Phase of pentesting

 

PenTest, like forensics, is almost as much an art as it is a science – you can only be taught so far, technical techniques and tools are all very well, but you really need a mind that can think sideways and approach a task from as many angles as possible

 

2:Footprinting

 

Tools and tricks to get the information about the computer,ip and mac address,related user and system.

 

3:Scanning

 

Before starting the pentesting,pentester must have some information about network and system.so pentester scan the entire network with some tool like nMap,zenmap,ping and hping etc

 

4:Enumeration

 

During the enumeration phase, possible entry points into the tested systems are identified. The information collected during the reconnaissance phase is put to use.

 

5:System Hacking

 

System hacking login to system without credentials not only bypass the credentials but also you can work in system as root user by privilege escalation.

 

6:Trojans

 

It is a generally non-self-replicating type of malware program containing malicious code.A Trojan often acts as a backdoor, contacting a controller which can then have unauthorized access to the affected computer.While Trojans and backdoors are not easily detectable by themselves, computers may appear to run slower due to heavy processor or network usage

 

7:viruses and worms

 

A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections .a worm is its capability to replicate itself on your system, so rather than your computer sending out a single worm, it could send out hundreds or thousands of copies of itself, creating a huge devastating effect.

 

8:Sniffing Traffic

 

It is a program that monitors and analyzes network traffic, detecting and finding problems.Various technique and tool is used for sniffing like kali linux MITM attack,tshark,urlsnarf etc

 

9:Social engineering

 

In this technique,ethical hacker create the phishing page of website to obtain credential of users.

 

10:Denial of service

 

A DoS attack generally consists of efforts to temporarily interrupt or suspend or down the services of a host connected to the Internet.

 

11:Session Hijacking

 

It is used to gain unauthorized access to information or services in a computer system.Session hijacking is also known as man in the middle attack.This can be performed with the help of kali linux which is based on debian linux.

 

12:Hacking Web Servers

 

Web server can be hacked by varios ways like Denial of Service Attacks,Domain Name System Hijacking,Phishing etc.List of tool to hack web server are Metasploit,Mpack,Zeus etc

 

13:Webapplication

 

Webapplication is used to intercept the proxy,as an intruder,as an repeater etc after hacking the website webapplication is used to upload injecton and script in website like populer c99 injection.

 

14:SQL Injection

 

SQL injection is used to insert the qwery and confuse the database of system to gain unauthorised access.Hackers use sql injection to extract the data from website without credential Eg ‘or’‘=’

 

15:Wireless

 

In this user get to know about the type of wireless interface and how to expoit the different type of security encryption like wep ,wpa,wpa2 etc

 

16:Mobile hacking

 

users know ,how to sniff the nework using mobile ,hack another user smartphone and extract the data from smartphone,how to root the smartphone etc.

 

17:IDS,Firewell and Honeypots

 

IDS stands for Intrusion detection system.IDS  is a device or software application that monitors network or system activities.Firewell is used to set rule to inbound and outbound traffic.There are two types of firewell software and hardware.software firewell is cheap as compare to hardware firewell.

 

18:Buffer Overflows

 

A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold.Normally this is due to the vulnerability in drivers of system as when driver start performing improperly then system get crashed and blue screen appear on the screen.

 

19:Cryptography

 

Cryptography is the study and application of techniques that hide the real meaning of information by transforming it into non human readable formats and vice versa.The process of transforming information into non human readable form is called encryption.

The process of reversing encryption is called decryption.

Decryption is done using a secret key which is only known to the legitimate recipients of the information