Workshop on Ethical Hacking

Program overview:

This course meets the standards of highly skilled security professionals by providing a comprehensive set of ethical hacking and network security skills, tools and methodologies.

Participants will begin by understanding how perimeter defenses work and will be guided into scanning and attacking their own networks (no real network is harmed). They will then learn how intruders escalate privileges and what steps can be taken to secure their organization’s system.

Participants will also gain in-depth knowledge on intrusion detection, policy creation, social engineering, Distributed Denial-of-Service (DDoS) attacks, buffer overflows and virus creation.

This course will prepare all participants wishing to take the EC-Council ANSI accredited Certified Ethical Hacker exam 312-50.

For Whom:

IT professionals, security professionals, auditors, site administrators, general management and anyone tasked with managing and protecting the integrity of the network infrastructure. This also includes anyone already familiar and involved with IT/Cyber/Digital Security and seeking to build on their fundamental principles of security. This course will also prepare professionals wishing to take the EC-Council ANSI accredited Certified Ethical Hacker exam 312-50.

Learning Objectives:

At the end of the program, participants will be able to:

• describe how perimeter defenses function by ethically scanning and attacking networks;
• conduct information systems security audits by understanding the latest security threats, advanced attack vectors, hacking techniques, methodologies and security measures;
• identify intruders, understand how they escalate privileges, and take the necessary steps to secure a system;
• conduct vulnerability assessments, risk assessments, penetration testing, and system protection measures;
• create policies and apply countermeasures against social engineering, Distributed Denial-ofService (DDoS) attacks, buffer overflows, and virus creation; and
• apply countermeasures to secure mobile infrastructure against the attacks to mobile platforms and tablet computers.

Course Outline:

Day 1: Introduction to Ethical Hacking

• Short History of hacking
• Current developments
• Evolution and growth
• What is an “Ethical” Hacker
• Types of hackers
• Hacking methodologies
• Key issues plaguing the information security world
• Penetration testing
• System fundamentals
• Incident management processes

Day 2: Identifying the systems at risk

• Wireless networking
• Mobile platform security guidelines
• Mobile platform security tools
• Web servers
• Web applications
• Foot printing tools
• Foot printing reconnaissance
• Scanning networks
• Enumeration of services

Day 3: System hacking techniques and countermeasures

• Types of Trojans
• Working of viruses
• Computer worms
• Covert channels
• Sniffers
• Social engineering
• Denial of Service (DoS)
• Cryptography
• Public Key Infrastructure (PKI)
• Cryptanalysis tools

Day 4: Hacking your own system

• Gaining access to a system
• Session hijacking
• Wireless hacking tools
• Hacking mobile platforms
• Structured Query Language (SQL) injection
• Evading an Intrusion Detection System (IDS)
• Firewalls
• Honeypots

Day 5: Penetration testing   

• Types of penetration testing
• Vulnerability assessment
• Penetration testing roadmap

The auditor in court

• Evidence
• Relevance of evidence
• Exclusion of the evidence
• The chain of custody
• Document collection and analysis
• Interviewing skills
• Documenting evidence
• Testifying as a witness

Training Methodology

Lectures, discussions, exercises, and case studies will be used to reinforce these teaching/learning methods