- Home
- Courses
- Cyber Security
- White Hat Hacker Training
Curriculum
- 5 Sections
- 120 Lessons
- 5 Days
Expand all sectionsCollapse all sections
- 1. Day | Threat, Vulnerability, Risk, Exposure24
- 1.1Network Security Testing
- 1.2Overview of Testing Methodologies:
- 1.3Definitions: Threat, Vulnerability, Risk, Exposure
- 1.4Types of Attacks: Active Attack, Passive Attack, Insider Threat, External Attack
- 1.5Concept of Ethical Hacking and Penetration Testing
- 1.6Types of Ethical Hacking and Penetration Tests:
- 1.7– Network Security Testing
- 1.8– Client-Side Testing
- 1.9– Wireless Security Testing
- 1.10Limitations of Ethical Hacking and Penetration Testing Approaches
- 1.11Alternative Approaches for Identifying Security Vulnerabilities
- 1.12OSSTMM
- 1.13Legal and Compliance Considerations During Testing
- 1.14– Essential Report Content
- 1.15– NIST 800-42
- 1.16– OWASP
- 1.17– Penetration Testing Execution Standard (PTES)
- 1.18Common Tools and Exploit Resources for Ethical Hacking
- 1.19Test Environments and Operational Considerations
- 1.20Overview of Ethical Hacking and Penetration Testing Phases
- 1.21Scoping and “Rules of Engagement” in Penetration Testing
- 1.22tep-by-Step Testing Methodology in Ethical Hacking
- 1.23Reporting Process:
- 1.24– Key Considerations
- 2. Day | Scanning Phase and Scanning Techniques24
- 2.1Version Detection: Identifying Service Versions Using Nmap and Amap
- 2.2– Passive Techniques
- 2.3– Active Methods
- 2.4OS Fingerprinting Techniques:
- 2.5Operating System and Version Detection
- 2.6UDP Port Scanning with Nmap
- 2.7– FTP Bounce Scan
- 2.8– ACK Scan
- 2.9– SYN (Stealth) Scan
- 2.10– TCP Connect Scan
- 2.11Nmap TCP Scanning Methods:
- 2.12– Ping and Traceroute Integration
- 2.13– Timing Options
- 2.14– Packet Trace Analysis
- 2.15Introduction to Advanced Port Scanning with Nmap:
- 2.16Understanding TCP & UDP Protocols: Impact on Port Scanning Strategies
- 2.17Port Scanning Techniques
- 2.18Scanning with Hping: Advanced Packet Crafting and Reconnaissance
- 2.19Scanning Phase and Scanning Techniques
- 2.20Introduction to Scanning Techniques
- 2.21Tips and Best Practices During the Scanning Phase
- 2.22Using Sniffers During Scanning: Benefits and tcpdump Overview
- 2.23Network Scanning Tools: Angry IP Scanner and ICMPQuery
- 2.24Network Tracing: Traceroute and Network Path Mapping
- 3. Day | Exploitation & Privilege Escalation24
- 3.1– Solutions: Upgrading to fully interactive shell, PTY allocation.
- 3.2– Common post-exploitation shell issues (e.g., limited shell, broken encoding).
- 3.3Shell Access Challenges and Terminal Limitations
- 3.4– ExploitDB, GitHub, and other reliable sources.
- 3.5– Manual exploitation techniques using public PoC (Proof of Concept) code.
- 3.6Non-Metasploit Exploits
- 3.7– Interactive shell, system control, pivoting, screenshot, and keylogging features.
- 3.8– Capabilities of the Meterpreter payload.
- 3.9Meterpreter Overview
- 3.10– Stage: Main payload component delivered by the stager.
- 3.11– Stager: Initial code loader for complex payloads.
- 3.12– Payload: Code executed on the target system.
- 3.13– Exploit: Delivery mechanism for vulnerabilities.
- 3.14Metasploit Module Types
- 3.15– Setting up and launching exploitation environments.
- 3.16– Architecture and purpose of Metasploit in ethical hacking.
- 3.17Introduction to Metasploit Framework
- 3.18Local Privilege Escalation: Gaining elevated privileges on compromised systems.
- 3.19Client-Side Exploits: Leveraging user interaction (e.g., browser-based or document-based).
- 3.20What is an Exploit?
- 3.21– Definition and objectives of exploiting vulnerabilities.
- 3.22– Real-world examples and impact of exploit execution.
- 3.23Exploit Categories
- 3.24Server-Side Exploits: Targeting services and daemons.
- 4. Day | Password Attacks24
- 4.1– LANMAN Challenge/Response
- 4.2Windows Network Authentication Protocols
- 4.3– NT Hash (NTLM): MD4-based hashing, Unicode support.
- 4.4– LANMAN (LM): Weak hash algorithm, case-insensitive, padding mechanisms.
- 4.5LANMAN and NT Hash Algorithms
- 4.6– Secure channel communication and replication issues.
- 4.7– Storage of NTLM hashes in NTDS.dit.
- 4.8Active Directory Hash Storage
- 4.9– Structure and location of password hashes in the Security Accounts Manager (SAM) database.
- 4.10Windows SAM Hashes
- 4.11Password Hash Formats
- 4.12– Filtering and preparing custom wordlists for password attacks.
- 4.13Using Pw-inspector
- 4.14– Using Hydra for brute-force and dictionary attacks over protocols like SSH, FTP, HTTP, SMB.
- 4.15Password Guessing with THC-Hydra
- 4.16– Linux/Unix: PAM (Pluggable Authentication Module) configurations, faillog, pam_tally2.
- 4.17– Windows: Account Policy, Lockout Threshold, Audit Logs.
- 4.18Account Lockout Scenarios on Windows and Linux
- 4.19– Bypassing account lockout and implementing delay logic.
- 4.20– Best practices and methodologies for different attack vectors.
- 4.21– Strategies to optimize attack success and reduce false positives.
- 4.22– Fundamental approaches to password brute-forcing and dictionary attacks.
- 4.23Tips for Conducting Effective Password Attacks
- 4.24Introduction to Password Cracking and Guessing Techniques
- 5. Day | Wireless Networks & Web Applications24
- 5.1– Basics, encryption weaknesses, IV reuse vulnerabilities.
- 5.2WEP (Wired Equivalent Privacy)
- 5.3Cryptographic Attacks on Wireless Networks
- 5.4– Hiding network names and its implications on security and detection.
- 5.5SSID Cloaking
- 5.6– Windows-based tools for access point identification and signal strength measurement.
- 5.7NetStumbler and Cain for Wireless Discovery
- 5.8– Real-time packet capturing, client/AP mapping, and signal analysis.
- 5.9Kismet for Wireless Sniffing
- 5.10– Capturing and analyzing 802.11 frames.
- 5.11Sniffing Wireless Traffic
- 5.12– Passive and active scanning strategies.
- 5.13– Interface modes: Managed vs. Monitor.
- 5.14Wireless Network Discovery Techniques
- 5.15– SSID broadcasting and suppression.
- 5.16– IEEE 802.11b/g channel allocation and frequency bands.
- 5.17Wireless Networking Basics
- 5.18– GPS modules for geolocation tagging.
- 5.19– Wireless NICs supporting monitor mode and packet injection (e.g., Alfa AWUS036ACH).
- 5.20– Directional and omnidirectional antennas.
- 5.21Hardware Selection for Wireless Security Testing
- 5.22– Common weaknesses in Wi-Fi environments, including authentication bypass, encryption flaws, and rogue access points.
- 5.23Wireless Network Vulnerabilities
- 5.24– 802.11 authentication and association handshakes.
