Post Graduate Certification in Cyber Security and Ethical

PG Certification Program in Cyber Security and Ethical Hacking 1 | Page

Post Graduate Certification in

Cyber Security and Ethical Hacking By E&ICT MNIT, Jaipur in collaboration with EC-Council


Table of Contents

1. About the Program

2. About E&ICT MNIT, Jaipur

3. Collaborating with EC-Council

4. About Intellipaat

5. Key Features

6. Placement & Career Services

7. Eligibility Criteria & Application Process

8. Learning Path

9. Course Advisors

10. Program Curriculum

11. Certification

12. Success Stories

13. Contact Us


About the Program

This PG certification in Cyber Security & Ethical Hacking by E&ICT Academy, MNIT Jaipur

in collaboration with the EC-Council aims to provide extensive training on Cyber Security

concepts including risk analysis and mitigation, data security, cloud-based security, ethical

hacking, etc. The course is designed by the top faculty at MNIT & Industry expert to help

you gain relevant skills required by the Industry and land you in your dream job!


About E&ICT Academy MNIT, Jaipur

Electronics & ICT Academy MNIT, Jaipur (E&ICT MNIT, Jaipur) is an initiative supported by

MeitY, Govt of India. The courses provided by us lay an emphasis on bridging the gap

between industry demand and academic approach to learning and provide a foundation to

build your career in top IT companies.

In this program, you will:

• Get Live Lectures from the MNIT faculty

• Receive PG Certificate from E&ICT, MNIT & Intellipaat

• Alumni status of E&ICT, MNIT Jaipur

Key Achievement of MNIT, Jaipur:

• Ranked 35 in NIRF 2020 Ranking among top engineering colleges

• Ranked 23 by the Week in 2020 for engineering


About the EC-Council

This American organization offers education, training, and services on Cyber Security. The

certification by the EC-Council validates the various cybersecurity skills that the learners will

be trained in through the programme.

Benefits for students from EC-Council

• Student kit containing e-books, exam voucher

• Certified Ethical Hacker certificate from EC Council

• 6 months free access to CEH v11 iLabs

• 24 Hacking Challenges from EC Council

About Intellipaat

Intellipaat is one of the leading online training providers with more than 600,000 learners

across 53+ countries. We are on a mission to democratize education as we believe that

everyone has the right to quality education.

Our courses are delivered by subject matter experts from top MNCs and our world-class

pedagogy enables to quickly learn difficult topics in no time. Our 24/7 technical support

and career services will help learners jump-start their careers in their dream companies.


Key Features

7 MONTHS OF LIVE CLASSES 24/7 SUPPORT

20 + REAL-TIME

INDUSTRY PROJECTS

18+ CASE STUDIES

PG CERTIFICATION PROGRAM

FROM E&ICT MNIT, JAIPUR

PROGRAM IN COLLABORATION

WITH EC-Council

INDUSTRY- RECOGNIZED

CERTIFICATION FROM EC-COUNCIL

LEARN FROM MNIT

PROFESSORS AND

INDUSTRY EXPERTS


Dedicated Learning Manager

Get mentored by experts, receive personalized feedback on your performance, and clarify your doubts in no time

Personalized Industry Mentor

We match your profile with the right industry mentor based on your past skills. Your mentor’s guidance will help you get prepared yourself for your dream job

Mock Interviews

Mock interviews to make you prepare for cracking interviews by top employers

3 Guaranteed Interviews

Upon completion of the assignments and projects, learners will be able to attend interviews arranged by Intellipaat with the hiring partners that includes top startups and MNCs.

Resume Preparation & LinkedIn Profile Building

Get assistance in creating a world-class resume from our career services team

Career Services


SUBMIT APPLICATION

Tell us a bit about yourself and why you want to join this program

APPLICATION REVIEW

Have a personal interview with the interview panel

ADMISSION LETTER

Shortlisted candidates would be offered the admission letter

Eligibility Criteria & the Application Process

Those wishing to enroll in the Post Graduate Certification in Cyber Security and

Ethical Hacking will be required to follow the admission process mentioned below.

Eligibility Criteria

For the admission to the Post Graduate Certification in Cyber Security and Ethical Hacking,

candidates should:

• Have a bachelor’s degree with an average of 50% or higher marks

• Be working professionals with zeal to build a career in Cyber Security and Ethical Hacking

Application Process The application process consists of three simple steps. Candidates have to submit

their application. An offer of admission will be made to the selected candidates, and

their application will be accepted upon the payment of the admission fee.


Learning Path


Course Advisors & Faculty

Vineet Sahula

Senior Professor at MNIT, Jaipur

A fellow of IETE and Sr. member of IEEE, he has 100+ research papers and chapters

in reputed journals. He has guided 10 PhD theses and many UG/PG dissertations.

His research area includes Trust, Integrity & Resilience in Hardware, pedagogy etc.

Dr. Pilli Emmanuel Shubhakar

Associate Professor at MNIT Jaipur

With 23 years in teaching, his research area includes Security, Privacy and

Forensics, Cloud Computing, Blockchain etc. He has co-authored “ Fundamentals of

Network Forensics” for Springer and is a senior member of the CCICI, IEEE and ACM

Murli Nambiar

Senior VP - Head Cyber security at Reserve Bank of India

Having worked in companies like ICICI, Reliance, Apollo, Murli carries ground level

expertise in Information security and Risk management, and has been instrumental in

setting up Information security divisions for premier institutions in India.

Vinod Ramakrishna

Director & Product Manager at Standard Chartered

Vinod carries 18+ years of experience specifically in Identity and Access

Management, Cyber Security, Digital Security and Cyber Law. He is also a Certified

CISSP, CISA, CISM, and has worked in organizations like PWC, Oracle, TCS and

Standard Chartered.

Dhruva Raj Pudel

Associate Director-Cyber Security at KPMG India

Certified in CISSP and CCSP by (ISC)², and Cyber security Risk management by

Harvard University, he carries 14+ years of experience with a focus on SIEM

solutions & Host Based instruction detection systems, etc. and has worked with top

MNCs like Wipro, IBM.


Program Curriculum

Core Curriculum:

Module 1 – Preliminary Course - Linux Foundation

In this preliminary Linux Foundation course, you will get to learn all the fundamentals of Linux that

will help you to move ahead and complete the Cyber Security and Ethical Hacking course

successfully.

1. Introduction to Linux

• Introduction to Linux

• Shell

• Kernel

• CentOS 8 installation and VBox additions

Hands-on Exercise – Executing basic Linux commands, installing CentOS 8 on VirtualBox and adding

guest additions to the installed OS.

2. File Management

• Text editors and file creation

• Users, groups and processes

• Root and Linux file hierarchy

• File hierarchy

• File permissions

• Editing a file using VIM

Hands-on Exercise – Using VIM, creating users and groups, creating files and directories, assigning

file permissions and ownership using chmod and chown, editing files in VIM.

3. Files and Processes

• Process control commands

Hands-on Exercise – Executing ps and kill commands on running services, monitoring the OS using

top.

4. Introduction to Shell Scripting

• What is shell scripting?

• Types of shell


• Creating and writing a shell script

• Changing the permission of the shell script

• Executing the script

• Environment variables

• Defining a local and a global variable

• User input in a shell script

Hands-on Exercise – Creating a shell script, writing and executing the shell script, creating a local and

a global variable, taking input from the user in a shell script.

5. Conditional, Looping Statements and Functions

• What are Conditional statements

• IF, IF-ELSE, Nested IF statements

• What are Looping statements

• WHILE, UNTIL and FOR statements

• Using the case…esac statement

• Functions

Hands-on Exercise – Executing IF, IF-ELSE, Nested IF statements, executing WHILE, UNTIL and

FOR statements, executing the case…..esac statement, creating a function in multiple ways, calling a

function in a file, calling a function from another file.

6. Text Processing

• Using GREP, SED, and AWK commands

• Mounting a file to the virtual box

• Mounting a folder

• SORT command and pipes to combine multiple commands

Hands-on Exercise – Executing commands using GREP, executing commands using SED, executing

commands using AWK, mounting a folder in the Windows OS to the Linux OS, installing VirtualBox

guest additions on CentOS 8, extracting zipped files.

7. Scheduling Tasks

• Daemons

• Task scheduling in Linux

• Scheduling a job in Linux

• Cron and Crontab

• Using the AT command


Hands-on Exercise – Starting, stopping and restarting Daemon processes, scheduling jobs using cron

and crontab, scheduling a one-time task using AT, managing scheduled tasks using ATQ and ATRM.

8. Advanced Shell Scripting

• Why monitoring

• Process monitoring

• Top vs HTop

• What does PGREP do

• File and folder monitoring

• Monitoring tool inotifywait

• inotifywait options for folder monitoring

• Events of a folder in inotify

• FREE command

Hands-on Exercise – Using Top to monitor the OS, installing Htop, using Htop to monitor the OS,

filtering and sorting using Htop, installing inotify tools, monitoring a folder using inotifywait, monitoring a

folder only for certain events, using the FREE command.

9. Database Connectivity

• Installing and configuring MySQL

• Securing MySQL

• Running queries from terminal

• Running queries from a shell script

Hands-on Exercise – Downloading and installing MySQL, connecting to MySQL from terminal,

querying directly from the terminal, pushing the query result inside a file, CRUD operations from a shell

script.

10. Linux Networking

• What is networking in Linux

• Why do we need networking

• Using networking commands

• Learning Firewall tools

Hands-on Exercise – Executing all the networking commands, using iptables and firewalld, adding

and removing ports, resolving IP address in /etc/hosts, looking into a websites IP and nameservers

using nslookup and dig.


Module 2 – Certified Ethical Hacking by EC Council

2.1 Introduction to Ethical Hacking

• Information Security Threats and Attack Vectors

• Motives, goals, and objectives of information security attacks

• Top information security attack vectors

• Information security threat categories

• Types of attacks on a system

• Information warfare

• Hacking Concepts

• What is hacking?

• Who is a hacker?

• Hacker classes

• Hacking phases

• Ethical Hacking Concepts

• What is Ethical Hacking?

• Why is Ethical Hacking necessary?

• Scope and limitations of Ethical Hacking

• Skills of an Ethical Hacker

• Information Security Controls

• Information Assurance (IA)

• Information security management program

• Enterprise Information Security Architecture (EISA)

• Network security zoning

• Defense-in-Depth

• Information security policies

• Physical security

• What is risk?

• Threat modeling

• Incident management

• Security Incident and Event Management (SIEM)

• User Behavior Analytics (UBA)

• Network security controls

• Identity and Access Management (IAM)

• Data leakage, backup, and recovery

• The role of AI/ML in Cyber Security

• Penetration Testing Concepts

• Why penetration testing?

• Security audit


• Vulnerability assessment

• Blue Teaming/Red Teaming

• Types and phases of penetration testing

• Security testing methodology

• Information Security Laws and Standards

• Payment Card Industry Data Security Standard (PCI-DSS)

• ISO/IEC 27001:2013

• Health Insurance Portability and Accountability Act (HIPAA)

• Sarbanes Oxley Act (SOX)

• The Digital Millennium Copyright Act (DMCA)

• Federal Information Security Management Act (FISMA)

• Cyber law in different countries

2.2 Footprinting and Reconnaissance

• Footprinting through Search Engines

• Footprinting through search engines

• Footprint using advanced Google hacking techniques

• Information gathering using Google Advanced Search and Image Search

• Google Hacking Database

• VoIP and VPN footprinting through Google Hacking Database

• Footprinting through Web Services

• Finding the company’s Top-level Domains (TLDs) and sub-domains

• Finding the geographical location of the target

• People Search on social networking sites and people search services

• Gathering information from LinkedIn

• Gather information from financial services

• Footprinting through job sites

• Monitoring target using alerts

• Information gathering using groups, forums, and blogs

• Determining the OS

• VoIP and VPN footprinting through SHODAN

• Footprinting through Social Networking Sites

• Collecting information through social engineering on social networking sites

• Website Footprinting

• Website Footprinting

• Mirroring the entire website

• Extracting website information

• Monitoring web pages for updates and changes


• Email Footprinting

• Tracking email communications

• Collecting information from the email header

• Email tracking tools

• Competitive Intelligence

• Whois Footprinting

• Whois Lookup

• Whois Lookup result analysis

• Whois Lookup tools

• Finding IP geolocation information

• DNS Footprinting

• Extracting DNS information

• DNS interrogation tools

• Network Footprinting

• Locate the network range

• Traceroute

• Traceroute analysis and tools

• Footprinting Through Social Engineering

• Footprinting through social engineering

• Eavesdropping

• Shoulder surfing

• Dumpster diving

• Footprinting Tools

• Maltego

• Recon-ng

• FOCA

• Recon-Dog

• OSRFramework

• Additional footprinting tools

• Footprinting Countermeasures

• Footprinting Pen Testing

2.3 Scanning Networks

• Introduction to Network Scanning

• Scanning tools: Nmap, Hping2 / Hping3, and Hping commands

• Scanning Techniques

• ICMP scanning


• Ping sweep

• ICMP echo scanning

• TCP connect / full-open scan

• Stealth Scan / half-open scan

• Inverse TCP flag scanning

• Xmas scan

• ACK flag probe scanning

• IDLE/IPID header Ssan

• UDP scanning

• SSDP and list scanning

• Port scanning countermeasures

• Scanning Beyond IDS and Firewall

• IDS/Firewall Evasion Techniques

• Packet fragmentation

• Source routing

• IP address decoy

• IP address spoofing

• Proxy servers

• Anonymizers

• Banner Grabbing

• How to identify target system OS

• Banner grabbing countermeasures

• Draw Network Diagrams

• Drawing network diagrams

• network discovery and mapping tools

• network discovery tools for mobile

• Scanning Pen Testing

2.4 Enumeration

• Enumeration Concepts

• What is Enumeration?

• Techniques for enumeration

• Services and ports to enumerate

• NetBIOS Enumeration

• NetBIOS enumeration tools

• Enumerating user accounts

• Enumerating shared resources using Net View


• SNMP Enumeration

• SNMP (Simple Network Management Protocol) enumeration

• Working of SNMP

• Management Information Base (MIB)

• SNMP enumeration tools

• LDAP Enumeration

• LDAP Enumeration

• LDAP Enumeration tools

• NTP Enumeration

• NTP Enumeration

• NTP Enumeration tools

• SMTP and DNS Enumeration

• SMTP enumeration

• SMTP enumeration tools

• DNS enumeration using zone transfer

• Other Enumeration Techniques

• IPsec enumeration

• VoIP enumeration

• RPC enumeration

• Unix/Linux User enumeration

• Enumeration Countermeasures

• Enumeration Pen Testing

2.5 Vulnerability Analysis

• Vulnerability Assessment Concepts

• What is vulnerability assessment?

• Vulnerability classification and research

• Vulnerability-Management Life Cycle

• Vulnerability Assessment Solutions

• Vulnerability scanning solutions

• Types of vulnerability assessment tools

• Choosing a vulnerability assessment tool

• Vulnerability Scoring Systems

• Common Vulnerability Scoring System (CVSS)

• Common Vulnerabilities and Exposures (CVE)

• National Vulnerability Database (NVD)

• Resources for Vulnerability Research


• Vulnerability Assessment Reports

• Vulnerability assessment reports

• Analyzing vulnerability scanning report

2.6 System Hacking

• System Hacking Concepts

• CEH Hacking Methodology (CHM)

• System hacking goals

• Cracking Passwords

• Password cracking

• Types of password attacks

• Password recovery tools

• Password salting

• Password cracking tools

• Escalating Privileges

• Privilege escalation techniques

• How to defend against privilege escalation?

• Executing Applications

• Tools for executing applications

• Keylogger

• Spyware

• Hiding Files

• Rootkits

• NTFS Data Stream

• What is steganography?

• Covering Tracks

• Covering tracks

• Disabling auditing: Auditpol

• Clearing logs

• Clear online tracks

• Covering BASH shell tracks,

• Covering tracks on the network and OS

• Covering tracks tools

2.7 Malware Threats

• Malware Concepts


• Introduction to malware

• Components of malware

• Trojan Concepts

• What is a trojan and its types?

• Trojan horse construction kit

• Wrappers

• Crypters

• Evading anti-virus techniques

• Virus and Worm Concepts

• Introduction to viruses

• Stages of virus life

• Different types of viruses

• Virus hoaxes

• Fake antiviruses

• Ransomware

• Creating virus

• Computer worms

• Worm makers

• Malware Analysis

• Introduction to malware analysis

• What is Sheep Dip Computer?

• Anti-virus sensor systems

• Malware analysis procedure

• Countermeasures

• Trojan countermeasures

• Backdoor countermeasures

• Virus and worms countermeasures

• Anti-Malware Software

• Anti-trojan software

• Antivirus software

• Malware Penetration Testing

2.8 Sniffing

• Sniffing Concepts

• Network sniffing

• Types of sniffing

• Hardware protocol analyzers


• SPAN port

• Wiretapping

• Lawful interception

• Sniffing Technique:

• MAC attacks

• DHCP attacks

• ARP poisoning

• Spoofing attacks

• DNS poisoning

• Sniffing Tools

• Wireshark

• Wireshark filters

• Sniffing tools

• Packet sniffing tools for mobile

• Countermeasures

• How to Defend Against Sniffing

• Sniffing Detection Techniques

• How to detect sniffing

• Promiscuous detection tools

• Sniffing penetration testing

2.9 Social Engineering

• Social Engineering Concepts

• What is social engineering?

• Phases of a social engineering attack

• Social Engineering Techniques

• Types of social engineering

• Human-based social engineering

• Computer-based social engineering

• Mobile-based social engineering

• Insider Threats

• Insider threat/insider attack

• Types of insider threats

• Impersonation on Social Networking Sites

• Social engineering through impersonation on social networking sites

• Social networking threats to corporate networks

• Identity Theft


• Countermeasures

• Social engineering countermeasures

• Insider threats countermeasures

• Identity theft countermeasures

• Detect phishing emails

• Anti-phishing toolbar

• Common social engineering targets and defense strategies

• Social Engineering Pen Testing

• Social engineering pen testing

• Social engineering pen testing tools

2.10 Denial-of-Service

• DoS/DDoS Concepts

• What is a Denial-of-Service attack?

• What is distributed Denial-of-Service attack?

• DoS/DDoS Attack Techniques

• Basic categories of DoS/DDoS attack vectors

• UDP, ICMP, and SYN flood attack

• Ping of death and smurf attack

• Fragmentation attack

• HTTP GET/POST and slowloris attacks

• Multi-vector attack

• Peer-to-peer attacks

• Permanent Denial-of-Service attack

• Distributed reflection Denial-of-Service (DRDoS)

• Botnets

• Organized cyber crime: organizational chart

• Botnet ecosystem

• Botnet Trojans

• DDoS Case Study

• DDoS attack

• Hackers advertise links to download botnet

• Use of mobile devices as botnets for launching DDoS attacks

• DDoS Case Study: Dyn DDoS Attack

• DoS/DDoS Attack Tools

• DoS/DDoS attack tools

• DoS and DDoS attack tool for mobile


• Countermeasures

• Detection techniques

• DoS/DDoS countermeasure strategies

• DDoS Attack countermeasures

• Techniques to defend against botnets

• DoS/DDoS protection at ISP Level

• DoS/DDoS Protection Tools

• Advanced DDoS protection appliances

• DoS/DDoS protection tools

• DoS/DDoS Penetration Testing

• Denial-of-Service (DoS) Attack Pen Testing

2.11 Session Hijacking

• Session Hijacking Concepts

• What is session hijacking?

• Session hijacking process

• Types of Session hijacking

• Packet analysis of a local session hijack

• Session hijacking in OSI Model

• Spoofing vs. hijacking

• Application Level Session Hijacking

• Application level session hijacking

• Compromising session IDs using sniffing and by predicting session token

• Man-in-the-Middle attack

• Man-in-the-Browser attack

• Client-side attacks

• Client-side attacks:

• Cross-site script attack

• Compromising session IDs

• Session fixation

• Session hijacking using proxy servers

• CRIME attack

• Forbidden attack

• Network Level Session Hijacking

• TCP/IP hijacking

• IP spoofing: source routed packets

• RST hijacking


• Blind hijacking

• UDP hijacking

• MiTM attack using forged ICMP and ARP spoofing

• Session Hijacking Tools

• Session hijacking tools

• Session hijacking tools for mobile

• Countermeasures

• Session hijacking detection methods

• Protection against session hijacking

• Session hijacking detection and prevention tools

• IPSec

• Penetration Testing

2.12 Evading IDS, Firewalls, and Honeypots

• IDS, Firewall and Honeypot Concepts

• Intrusion Detection System (IDS)

• Firewall

• Honeypot

• IDS, Firewall and Honeypot Solutions

• Intrusion detection tool

• Firewalls and honeypot tools

• Evading IDS

• IDS/firewall evasion tools and techniques

• Packet Fragment Generator Tools

• Detecting Honeypots

• Detecting and defeating honeypots

• Honeypot detection tool: Send-Safe Honeypot Hunter

• IDS/Firewall Evasion Countermeasures

• How to defend against IDS evasion

• How to defend against firewall evasion

• Firewall/IDS Penetration Testing

2.13 Hacking Web Servers

• Web Server Concepts

• Web server operations

• Open source web server architecture


• IIS web server architecture

• Web server security issue

• Web Server Attacks

• DoS/DDoS attacks

• DNS server hijacking

• DNS amplification attack

• Directory traversal attacks

• Man-in-the-Middle/sniffing attack

• Phishing attacks

• Website defacement

• Web Server misconfiguration

• HTTP response splitting attack

• Web cache poisoning attack

• SSH brute force attack

• Web server password cracking

• Web application attacks

• Web Server Attack Methodology

• Information gathering

• Web server footprinting/banner grabbing

• Website mirroring

• Vulnerability scanning

• Session hijacking

• Web server passwords hacking

• Using application server as a proxy

• Web Server Attack Tools

• Metasploit

• Web server attack tools

• Countermeasures

• Web servers in separate secure server security segment

• Countermeasures

• Detecting web server hacking attempts

• Defend against web server attacks

• HTTP response splitting

• Web cache poisoning

• DNS hijacking

• Patch Management

• What is patch management

• Patches and hotfixes

• Installation of a patch


• Patch management tools

• Web Server Security Tools

• Web application security scanners

• Web server security scanners

• Web server security tools

• Web Server Pen Testing

• Web server penetration testing

• Web server pen testing tools

2.14 Hacking Web Applications

• Web App Concepts

• Introduction to web applications

• Web application architecture

• Web 2.0 applications

• Vulnerability stack

• Web App Threats

• OWASP Top 10 Application Security Risks

• Web app hacking methodology

• Footprint web Infrastructure

• Attack web servers

• Analyze web applications

• Bypass client-side controls

• Attack authentication mechanism

• Attack authorization schemes

• Attack access controls

• Attack session management mechanism

• Perform injection/input validation attacks

• Attack application logic flaws

• Attack database connectivity

• Attack web app client

• Attack web services

• Web App Hacking Tools

• Countermeasures

• Web application fuzz testing

• Source code review

• Encoding schemes

• Defend against injection attacks


• Web application attack countermeasures

• Defend against web application attacks

• Web App Security Testing Tools

• Web application security testing tools

• Web application firewall

• Web App Pen Testing

• Web application pen testing

• Web application pen testing framework

2.15 SQL Injection

• SQL Injection Concepts

• What is SQL injection?

• SQL injection and server-side technologies

• HTTP POST Request

• Normal SQL Query

• SQL Injection Query

• Code Analysis

• Types of SQL Injection

• SQL Injection Methodology

• SQL Injection Tools

• SQL power injector and SQLmap

• The mole and SQL injection

• SQL injection tools for mobile

• Evasion Techniques:

• Evading IDS

• Types of signature evasion techniques:

• In-line comment

• Char encoding

• String concatenation

• Obfuscated codes

• Manipulating white spaces

• Hex encoding

• Sophisticated matches

• URL encoding

• Null Byte

• Case variation

• Declare variable


• IP fragmentation

• Countermeasures

• Defend against SQL injection attacks

• SQL injection detection tools

2.16 Hacking Wireless Networks

• Wireless Concepts

• Wireless terminologies, networks, and standards

• Service Set Identifier (SSID)

• Wi-Fi authentication modes

• Wi-Fi authentication process using a centralized authentication server

• Types of wireless antennas

• Wireless Encryption

• Types of wireless encryption

• WEP vs. WPA vs. WPA2

• WEP issues

• Weak Initialization Vectors (IV)

• Wireless Threats

• Rogue access point attack

• Client mis-association

• Misconfigured access point attack

• Unauthorized association

• Ad hoc connection attack

• Honeypot access point attack

• AP MAC spoofing

• Denial-of-Service attack

• Key Reinstallation Attack (KRACK)

• Jamming signal attack

• Wireless Hacking Methodology

• Wi-Fi discovery

• GPS mapping

• Wireless traffic analysis

• Launch wireless attacks

• Crack Wi-Fi encryption

• Wireless Hacking Tools

• WEP/WPA cracking tools

• WEP/WPA cracking tool for mobile


• Wi-Fi sniffer

• Wi-Fi traffic analyzer tools

• Other wireless hacking tools

• Bluetooth Hacking

• Bluetooth stack

• Bluetooth hacking

• Bluetooth threats

• How to blueJack a victim

• Bluetooth hacking tools

• Countermeasures

• Wireless security layers

• How to defend against WPA/WPA2 cracking, KRACK attacks, wireless attacks, and bluetooth

hacking

• How to detect and block rogue AP

• Wireless Security Tools

• Wireless intrusion prevention systems

• Wireless IPS deployment

• Wi-Fi security auditing tools

• Wi-Fi predictive planning tools

• Wi-Fi vulnerability scanning tools

• Bluetooth security tools

• Wi-Fi security tools for mobile

• Wireless Pen Testing

• Wireless Penetration Testing,

• Wireless Penetration Testing Framework

2.17 Hacking Mobile Platforms

• Mobile Platform Attack Vectors

• Vulnerable areas in mobile business environment

• OWASP top 10 mobile risks

• Anatomy of a mobile attack

• Mobile attack vectors

• Mobile platform vulnerabilities

• Security issues arising from App stores

• App sandboxing issues

• Mobile spam

• SMS Phishing Attack (SMiShing)


• Hacking Android OS

• Android OS and rooting

• Blocking Wi-Fi access using NetCut

• Hacking with zANTI

• Hacking networks using Network Spoofer

• Launching DoS attack using Low Orbit Ion Cannon (LOIC)

• Performing session hijacking using DroidSheep

• Hacking with Orbot Proxy

• Android-based sniffers

• Android trojans

• Securing android devices

• Android security tools

• Android device tracking tools

• Hacking iOS

• Apple iOS

• Jailbreaking iOS

• iOS trojans

• Guidelines for securing iOS devices

• iOS device security and tracking tools

• Mobile Spyware

• mSpy

• Mobile Device Management

• Mobile Device Management (MDM)

• MDM solutions

• Bring Your Own Device (BYOD)

• Mobile Security Guidelines and Tools

• General guidelines for mobile platform security

• Mobile device security guidelines for Administrator

• SMS phishing countermeasures

• Mobile protection tools

• Mobile anti-spyware

• Mobile Pen Testing

• Android Phone Pen Testing,

• iPhone Pen Testing,

• Mobile Pen Testing Toolkit: Hackode

2.18 IoT Hacking


• IoT Concepts

• What is IoT?

• How does IoT work?

• IoT architecture

• IoT application areas and devices

• IoT technologies and protocols

• IoT communication models

• Challenges of IoT

• Threat vs opportunity

• IoT Attacks

• IoT security problems

• OWASP top 10 IoT vulnerabilities and obstacles

• IoT attack surface areas

• IoT threats

• Hacking IoT devices

• IoT attacks

• Case Study: Dyn Attack

• IoT Hacking Methodology

• What is IoT device hacking?

• IoT hacking methodology

• IoT hacking tools

• Information gathering tools

• Sniffing Tools

• Vulnerability scanning tools

• Countermeasures

• How to defend against IoT hacking

• General guidelines for IoT device manufacturing companies

• OWASP Top 10 IoT vulnerabilities solutions

• IoT framework security considerations

• IoT security tools

• IoT Penetration Testing

2.19 Cloud Computing

• Cloud Computing Concepts

• Introduction to cloud computing

• Separation of responsibilities in cloud

• Cloud deployment models


• NIST cloud deployment reference architecture

• Cloud computing benefits

• Virtualization

• Cloud Computing Threats

• Cloud Computing Attacks

• Service hijacking using social engineering attacks

• Service hijacking using network sniffing

• Session hijacking using XSS attack

• Session hijacking using session riding

• Domain Name System (DNS) attacks

• Side channel attacks or cross-guest VM breaches

• SQL Injection attacks

• Cryptanalysis attacks

• Wrapping attack

• DoS and DDoS attacks

• Man-in-the-Cloud attack

• Cloud Security

• Cloud security control layers

• Cloud computing security considerations

• Placement of security controls in the cloud

• Best practices for securing cloud

• NIST recommendations for cloud security

• Organization/Provider cloud security compliance checklist

• Cloud Security Tools

• Cloud Penetration Testing

• What is cloud pen testing?

• Key considerations for pen testing in the cloud

• Recommendations for Cloud Testing

2.20 Cryptography

• Cryptography Concepts

• Cryptography

• Types of cryptography

• Government Access to Keys (GAK)

• Encryption Algorithms

• Ciphers

• Data Encryption Standard (DES)


• Advanced Encryption Standard (AES)

• RC4, RC5, and RC6 algorithms

• Twofish

• The DSA and related signature schemes

• Rivest Shamir Adleman (RSA)

• Diffie-Hellman

• Message digest (One-Way Hash) functions

• Cryptography Tools

• MD5 hash calculators

• Hash calculators for mobile

• Cryptography tools

• Cryptography tools for mobile

• Public Key Infrastructure (PKI)

• Public Key Infrastructure (PKI)

• Certification authorities

• Signed certificate (CA) vs. self-signed certificate

• Email Encryption

• Digital signature

• Secure Sockets Layer (SSL)

• Transport Layer Security (TLS)

• Cryptography toolkit

• Pretty Good Privacy (PGP)

• Disk Encryption

• Disk encryption

• Disk encryption tools

• Cryptanalysis

• Cryptanalysis methods

• Code Breaking methodologies

• Cryptography attacks

• Cryptanalysis tools

• Online MD5 decryption tools

• Countermeasures: How to Defend Against Cryptographic Attacks

Module 3 – Information Systems Security (CISSP)

3.1 Security and Risk Management

• Regulatory and legal issues

• Confidentiality, availability, and integrity concepts

• Principles of security governance


• Compliance and professional ethics

• Requirements of business continuity

• Policies of personnel security

• Threat modelling and risk considerations

• Security education, awareness, and training

• Security policies, standards, procedures, and guidelines

3.2 Asset Security

• Privacy protection

• Asset and information classification

• Ownership

• Data security controls and appropriate retention

• Requirements handling

3.3 Security Architecture and Engineering

• Security evaluation models

• Fundamental concepts of security models

• Security designs, architectures, and solution elements vulnerabilities

• Information systems security capabilities

• Using secure design principles for engineering processes

• Vulnerabilities of web-based and mobile systems

• Cryptography

• Vulnerabilities of cyber-physical systems and embedded devices

• Secure principles of facility and site design


3.4 Communication and Network Security

• Architectural design of a secure network

• Channels for secure communication

• Components of a secure network

• Network attacks

3.5 Identity and Access Management (IAM)

• Logical/physical access to assets management

• Authentication and identification management

• Integrating identity as a third-party service

• Mechanism of authorization

• Provisioning life cycle’s identity and access


3.6 Security Assessment and Testing

• Test outputs (e.g., manual and automated)

• Security process data (e.g., operational and management controls)

• Vulnerabilities of security architectures

• Testing of security control

• Test and assessment strategies

3.7 Security Operations

• Monitoring and logging activities

• Investigation requirements and support

• Incident management

• Resource provision

• Concepts of foundational security operations

• Recovery strategies

• Techniques of resource protection


• Measures of prevention

• Vulnerability and patch management

• Processes of change management

• Exercises and planning of business continuity

• Personnel safety concerns

• Plans and processes for disaster recovery

3.8 Software Development Security

• Security controls for the development environment

• Software development life cycle security

• Impact of acquired software security

• Effectiveness of software security

Module 4 – Secure Applications, Network & Devices (Comptia Security +)

4.1 Risk Management

• The CIA of security threat actors

• What is Risk?

• Managing Risk

• Using guides for risk assessment security controls


• Interesting security controls defense in depth

• IT security governance security policies frameworks

• Quantitative risk calculations business impact

• Analysis organizing data

• Third-party agreements

4.2 Cryptography

• Cryptography basics

• Cryptographic methods

• Symmetric cryptosystems

• Symmetric block modes

• RSA cryptosystems

• Diffie-Hellman PGP GPG

• Hashing HMAC

• Steganography certificates

• Trust public key infrastructure

• Cryptographic attacks

4.3 Identity and Access Management

• Identification

• Authorization concepts

• Access control list

• Password security

• Linux file permissions

• Windows file permissions

• User account management

• AAA

• Authentication methods

• Single sign-on

4.4 Tools of the Trade

• OS Utilities

• Network scanners

• Protocol analyzers


• SNMP

• Logs

4.5 Securing Individual Systems

• Denial of Service,

• Host Threats,

• Man in the Middle System Resiliency RAID,

• NAS and SAN Physical Hardening RFI,

• EMI, and ESD,

• Host Hardening,

• Data and System Security Disk Encryption,

• Hardware Firmware Security Secure OS Types,

• Securing Peripherals Malware,

• Analyzing Output IDS and IPS,

• Automation Strategies Data Destruction

4.6 The Basic LAN

• LAN review

• Network topologies review

• Network zone review

• Network access controls

• The network firewall

• Proxy servers honeypots

• Virtual Private Networks

• IPSec, NIDS, NIPS, and SIEM

4.7 Beyond the Basic LAN

• Wireless review

• Living in open networks

• Vulnerabilities with wireless access points cracking WEP

• Cracking WPA and WPS

• Wireless hardening

• Wireless access points

• Virtualization basics


• Virtual security

• Containers

• IaaS, PaaS, and SaaS

• Deployment models

• Static hosts,

• Mobile connectivity

• Deploying Mobile Devices

• Mobile Enforcement

• Mobile Device Management

• Physical Controls

• HVAC

• Fire Suppression

4.8 Secure Protocols

• Secure applications and protocols

• Network models

• Know your protocols TCP IP and applications

• Transport layer security

• Internet service

• Hardening

• Protecting your servers

• Secure code development

• Secure deployment concepts

• Code quality and testing

4.9 Testing Your Infrastructure

• Vulnerability scanning tools and assessment

• Social engineering principles and attacks

• Attacking websites and applications

• Exploiting a target

• Vulnerability impact

4.10 Dealing with Incidents

• Incident response digital forensics contingency planning


• Backups

Module 5 – Capstone Project

Our Cyber Security and Ethical Hacking capstone project will allow you to implement your knowledge and

skills gained during this training. Under the guidance of dedicated mentors, you will become capable of

solving industry-grade problems through this project. Also, it will mark as the last step towards learning the

course and showcasing your skills and knowledge in Ethical Hacking and Cyber Security to your future

recruiters.

CASE STUDIES AND PROJECT WORK

Learners will work on multiple case studies and projects from different domains as

mentioned below:

1. Install LAMP Stack on Centos7 and Create a Database for WordPress

Create an account on WordPress (with Database), then flush it using Flush

Privileges and Install a PHP Module.

2. Threat Detection

Detect threats and data breaches through in-depth strategies to predict and protect

your company from cybercrimes.

3. Cracking WiFi

You have to use various tools, technologies, and techniques to crack WPA/WPA2

wifi routers.

4. Security Improvement

Make essential improvements in the security branches by employing physical

security and performing security control testing.

5. Security Architectural Requirements

Analyze the current security architectural needs of the organization by checking the

security architecture vulnerability, software security effectiveness, and various

security requirements.


6. Business Process Analysis

Implement BCP and perform business tasks like job scheduling for analysis of

various business processes of the e-commerce website.

7. Improvement of Auditing in the Restaurant

Make necessary improvements in a restaurant’s auditing system using PKI

implementation, system resiliency, and more.

8. Strategic Flexibility

Maintain strategic flexibility and work with various cloud services, strategy around

unavailability, and digital marketing strategy methods.

9. Data Security of a BPO Firm

Work with the business process outsourcing firms’ machine-generated data to look

for suspicious activities, anomalies, and suspected threats. Use Splunk SIEM tool to

search through huge volumes of data


Certification

After the completion of the course, candidates will get certificate from E&ICT

MNIT, Jaipur

Intellipaat Success Stories

Vishal Pentakota

The best part of this online course is the series of hands-on demonstrations

the trainer performed. Not only did he explain each concept theoretically

but implemented all those concepts practically. Great job! A must go for

beginners.

Shreyashkumar Limbhetwala

I want to talk about the rich LMS that Intellipaat’s training offered. The

extensive set of PPTs, PDFs, and other related course material were of the

highest quality, and due to this my learning with Intellipaat was excellent.

Giri Karnal

I had taken the training course. Since there are so many technologies

involved in this course, getting your query resolved at the right time becomes

the most important aspect. But with Intellipaat, there was no such problem as

all my queries were resolved in less than 24 hours.

Sharath Reddy Yellapati

The course material was very well organized. The trainer explained the

basics of each module to me. All my queries were addressed clearly. The

trainer also made me realize how important this course is for beginners in

the IT stream.


CONTACT US INTELLIPAAT SOFTWARE SOLUTIONS PVT. LTD.

Bangalore

AMR Tech Park 3, Ground Floor, Tower B, Hongasandra Village, Bommanahalli, Hosur Road, Bangalore – 560068

USA

1219 E. Hillsdale Blvd. Suite 205, Foster City, CA 94404

If you have any further queries or want to have a conversation with us, then do call us.

IND: +91-7022374614 | US: 1-800-216-8930 E-mail – [email protected]


mailto:[email protected]

Documents

Post Graduate Certification in Cyber Security and Ethical