Course Overview
What is Hacking?
Hacking is the process of finding loopholes in a website, intrude into it and take control of the site or make it crash. To prevent malicious hackers from intruding into computer systems and networks causing severe harm, trained hackers are employed by companies to find loopholes or weaknesses in existing websites, computer networks and take measures to solve them. It is called ethical hacking.
About Hacking Training Course
EduCBA’s Hacking Training course is intended to help software professionals get an overview of hacking methods with practical examples. It will provide insights into hacking techniques, strategies, study configuration, topology, understand network types and enhance skills to effectively use ethical hacking for corporates. It will enhance your skills and knowledge to convince the industry or employers about your capability in handling internet security. The course is spread into 105 lectures with 19 hours of HD video.
Introduction to hacking:
The course introduces the concept of hacking, how malicious hackers intrude into computer systems causing huge losses both in terms of data and financial for companies- How hacking has emerged as a career option and what needs to be done to achieve mastery in hacking.
General Hacking Methods:
This chapter introduces the learner to hacking methods employed by hackers and information security professionals.
- Port Scanning: Port scanning is the process by which hackers send messages to ports to see which are open and susceptible to vulnerabilities. Just as a burglar looks for a open window, door or ventilation to make his entry into a house, hackers send messages to ports to check weaknesses.
- ICMP Sweep/Scanning: basic network scanning to find out which IP addresses map to live hosts or computers. Internet Control Message Protocol (ICMP) – ping is an ICMP ECHO to multiple hosts, a return ICMP echo is received if port is live.
- Tools for ICMP Echo- fping, gping, nmap for UNIX, Pinger Software- Rhino9, Ping Sweep for Windows
- Netbios Hacking – getting entry into a computer system through Network Basic Input Output System (NETBIOS). This is how computers in a LAN or WAN is targeted- sniffing – ip addresses-local subnet
- Internet Application Security and Vulnerability: Security breach, proactive,defensive strategies, Authenitcation, authorization. Common flaws – injection flaws-passing unfiltered data to the sQL server, to the browser, preventing injection flaws, Cross Site scripting, insecure direct object references, security misconfiguration. Sensitive data exposure, missing function level acess control, cross site request forgery. Components with vulnerabilities, unvalidated redirects and forwards.
- Introduction to attack techniques, classes of attacks-passive attack, active attack, distributed attack, insider attack, close-in attack, phishing attack, hijack attack, spoof attack, buffer overflow, exploit attack, password attack. Online identity-location, birth date, family connections, hacking , banking, financial transactions.
Protecting online identity:
Protecting identity of user, tips for protecting online identy- social media, profiles, privacy settings,usage of multiple passwords,phishing emails, https for online transactions – s stands for security.
- Reducing risk of online identity theft: Stealing personal information, impersonating, social security number, signature, name, address, phone number, mobile number,financial details- bank,credit card info.-committing fraud.
- Reducing Risk of online identify theft- online transactions- ask companies how data will be used, Secure Socket Layer (SSL), Site security certificate,, data encryption, credit card info – storage and use. Destroy papers containing credit card info.
- Action taken- Online identity theft- contact, credit bureaus- Experian, Equifax, TransuUnion, fraud alert, thief may not be able to open bank account on time.; monitor credit reports.security freeze, child identity theft, FTC Identity Theft Affidavit. ATM/Debt cards, social security number misuse,victim statement, reporting to police, legal support, keeping records.
- Phishing- Introduction to phishing- sending email to user falsely claiming to be a genuine enterprises – get personal information for identity theft- directing to a site-updating password, credit cards , account information-bogus website, stealing information. Anti-Phishing-
Type of Phishing email/spam
fraudsters sent same email to millons of users seeking personaliinformaiton, account verification, urgency, web based delivery- hacker – intermediary between website and phising system.- Instant messaging, Trojan hosts, link manipulation, key loggers, session hacking, system reconfiguration, content injection, phishing through search engines, phone phishing, malware phishing. Anti-phishing-steps to protect computer- using firewalls, anti-virus software, Secure Socket Layer (SSL), bank,credit care statements. Summary of approaches.
Introduction to computer security and cyber crime:
Computer crime refers to stealing data, intrusioin into websites and systems- examples- cyber terrorism, cyber bullying, denial of service attack, espionage, fraud- manipulating data, changing banking records, creating malware,spoofing, unauthorized access, spamming, harvesting, salami slicing.
- Cyber Security-IT security aims to protect computers, programs, networks, unauthorized access, modification or alteration. Importance of cyber security– government organizations, companies, corporates,financial institutions, hospitals- integrity of data,confidiential information,privacy, data transmission and theft, cyber attacks.
- Types of hacker attacks, spoofing- unauthorized access to user’s system impersonation, steal personal data, bank account, passwords,credit card info.- email spoofing,caller ID, URL spoof attacks- fraudulent website to obtain info from users, install viruses.credit card info.
- Web spoofing, session hijacking- allows hackers to see and modify pages sent to victim’s machine. JavaScript and web server plugins, malicious web pages, web browers don’t prevent spoofing.
- Session hijacking –exploitation of web session control mechanism, by exposing the session token by means of predicting a valid session token to get unauthorized entry to the web server- methods- predicting session token, session sniffing,IP snooping, client side attacks, man-in-the-middle attack,man-in-the-browser attack.
- DOS and Buffer over Flow Attack- takes advantage of a program awaiting on user’s input –Stack based and heap based attacks. Heap based- floods memory reserved for a progam execution- buffer over run, memory object or stack. When user inputs data, the stack which empty until then writes a return memory address to the stack putting the user’s input on top of it. When the stack is processed, user data is sent to return address mentioned in the pgoram.
- Password attack- three types– Brute Force, Dictionary Attack, Keylogger attack. Brute Force- hacker tries to login with different password combinations using computer program/script. Dictionary attack- runs a program to enter using different combination of dictionary words,- Key Logger Attack-tracks key strokes of a user- this helps hackers record login IDs and passwords.
Data Mining
- Introduction to Data Mining- analysing data from different perspectives and codify into useful information- it may be how to cut transportation costs, increase sales revenue etc. Data Mining software is used to analyse data from different angles and dimensions.
- Data Mining sub types-Information Recovery-finds relevant data, filters the irrelevant. Eg Google,MSN Yahoo, Data Control, Web crawler and software, web page indexing.
- Data Mining– threatsto Data privacy, online privacy- legitimate use of data mining-corporate use- to increase market size and depth- to find out what consumers will buy before they buy something- retail chain Target (2012) predicted a teenage girl becoming pregnant even before their family did it- goals of data mining. Nordstrom, retailer- sneaked into smart phones when connected to their in-store wi-fi to get shopping info- it drew widespread criticism- abandonment of data analytics service by Nordstrom.
Spamming
- Introduction to spamming- electronic junk mail, unsolicited email, network bandwidth, real spam- advertising- market promotion sent to newsgroups and mails. Spam refers to endless repetition of text received by mail.
- Types of spam- email spam, forum spam, registration spam. Counter reactions-emails- anti-spam software- websites- Captcha- silent Java script, disallowing links, run comments, messages through spam filter, limiting comments, validation of emails – confirmation link or number.
- General counterreactions against Spamming
- Damages caused by spamming-Communication overload, wastage of time, discontent and irritation, missing important email, wastage of inbox space, criminalisation of spam- soliciting data, information for ulterior motives.
Cyber Terrorism:
Introduction to Cyber Terrorism-o r electronic terrorism-or information warfare- refers to any pre-planned, politically motivated attack targeted at computer system, programs or data, resulting in destruction of systems at the physical level. It is not just a virus attack or hacking with denial of service. It is intended to cause physical harm to banking industry, power plants ,military installation, air traffic control, water system, etc. – potential of cyber terrorism- strength of Internet.
More on data mining
- introduction continued, applications, KDD, key steps,evaluation process, data mining and knowledge discovery of databases-KDD- Data cleaning, data integration, data selecton, data transformation, data mining, pattern evaluation, knowledge presentation. Data mining and business intelligence (BI).
- Data Mining Classifications-Genetic algorithms, rough set approach, fuzzy set approach. Data mining query language- dmql-structured query language-to work on databases, data warehouses, define mining task- syntax- characterization-discrimination, association, classification, prediction.- Data Mining Issues- mining methodology, Performance issues, diverse data type issues, mining methodology-user interaction issues.
- Association rules in mining-help in uncovering relationships between unrelated data in a relational database. Data Mining system integration with data base or data warehouse- integration schemes- no coupling, loose coupling, semi-tight coupling, tight coupling.
- Pattern mining algorithms– types of data- transaction databases, sequence databases,streams, strings,spatial data, graphs. Interesting pattern- pattern that appears more number of times in a database, or rare patterns, top patterns. Pattern mining- developing data mining algorithms to find unexpected, interesting or useful patterns.
Cryptography:
- Art of encryption and decryption of data and files– the technique of converting data to unreadable format-Cryptography-symmetric key systems- single key used by sender and receiver- public-key systems- two keys – one public key and other private key used by recipient of the message.
- Forms of encryption– Caesar cipher-plain text to unreadable text. AES- Advanced Encryption Standard, several times faster than Data Encryption Systems (DES).- symmetric key symmetric block cipher, 128-bit data, operation of AES. RSA Cryptosystem-public-key encryption, securing sensitive data sent over insecure networks. RSA first devised by Ron Rivest, Adi Shamir and Leonard Adleman of Massachusetts Institute of Technology. Digital signature-electronic, encrypted stamp of authenticity of digital documents- emails, files, signing certificate, digital signature assurances. Digital certificates,certifying authority, public key, Certificate Authority (CA).
SQL Injection:
- Introduction to SQL Injection – security threat when an input in web page is sent to MYSQL database. Prevention o f SQL injection.SQL Query-SELECT Command to fetch data from MYSQL database, syntax, Insert Query- to insert data, Where clause, Update Query,Delete query, like clause, sorting results. Dynamic Candidate Evaluation for automatic prevention of SQL injection. Prepared statements- anti SQL injection
- Wireless Fidelity: Wireless local area networks (WLAN), specifications 802.11, history of wifi, specifications of 802.11 standards,privacy and security of wireless networks, working and application of wifi.
- Wireless hacking: Hacking an internet connection, use of wireless hacking fake ap wifi tool, airjack tool for wifi, uses of wireless hacking- scan wireless networks, determine signal strength, Crack WEP, WPA/WP2 passwords, sniff users mode, block users, specifying ports and targets within wireless. Airjack-device driver for 802.11 raw frame injection , reception., tool for 802.11apps.
Requirements for Hacker Training:
Basic computer knowledge, software skills,networking technology, internet, intuitive problem solving ability, data mining capability. The course is meant for students undergoing graduate courses and post graduation in IT, professionals in software, networking, students from economics, finance, statistics, professionals, freshers and consultants.
Why learn Hacking?
With rapid use of computers, telecommunications equipments and networking, threats to data security, online privacy and vulnerability to attacks have increased. Hacking instances can cause heavy loss of image, money and credibility for a company.IT industry is looking for ethical hackers, IT security analysts, Certified Ethical Hackers, information analysts to come up with solutions to meet the stringent technology, regulatory norms across industry.
Frequently Asked Questions (FAQ)
- Can people with basic knowledge of computers do this program successfully?
Hacking Training is for IT professionals who are associated with software, networking , or IT students keen to have additional skills in information security.
- Is it affiliated to any university?
No, the course is not affiliated to any university?
- Is practicals taught as part of the course?
Hacking Training is a comprehensive programme that provides good grounding in core principles and concept s of hacking, information security, databases, wireless networks. Yes it is integrated course with theory and practicals.
- Can we become a Certified Ethical Hacker after this course?
There is a separate body for issuing certification in Ethical Hacking, EduCBA is only providing training in hacking.
- Will we be caught if we do hacking after completing the course?
Yes, hacking is an illegal activity and punishable under IT Act. If you are working for a company or a project, get an agreement drafted for executing the hacking assignment to find IT security loopholes. Intruding into a system without the knowledge of its owners is punishable.
- Should we invest in hardware, software for the training?
EduCBA is offering an online program and no investment in hardware or software is necessary for students.
Testimonials
Edward Jacak:
I was really impressed on doing the Hacking Training programme which no doubt is unique. In this era of concerns regarding information security, threat to online privacy, IT industry needs more professionals who can address these issues that impact profitability of enterprises. Even for management professionals awareness of security threats and hacking can ensure they implement IT systems with utmost caution.
Alex Kollar:
I am happy to undergo EduCBA courses which are well structured, and content delivery done through video and lectures. The Hacking Training helped me understand many of the issues that we read about in the newspapers- web site hacking, spamming, digital signature, digital certificates, wireless technologoy, interaction with database systems. I am sure this course will help IT professionals get better consulting or job opportunities in information security.
Steven Mancini:
If you haven’t done an EduCBA programme, you are missing something. The rich variety of courses offered, quality of content and delivery systems make it unique. The Hacking Training programme is very comprehensive and uses a step-by-step method for understanding all the concepts related to information security, networking, phishing, sniffing and the rough world of cyber criminals.
Where do our learners come from? |
Professionals from around the world have benefited from eduCBA’s Hacking Training courses. Some of the top places that our learners come from include New York, Dubai, San Francisco, Bay Area, New Jersey, Houston, Seattle, Toronto, London, Berlin, UAE, Chicago, UK, Hong Kong, Singapore, Australia, New Zealand, India, Bangalore, New Delhi, Mumbai, Pune, Kolkata, Hyderabad and Gurgaon among many. |