Center for Qualified CyberSecurity Excellence & Mastery

"Where Qualified Cyber Education Happens"

Q/SAP001 Qualified/Internet Security Threat Awareness Training and Compliance for MGT Certificate for Managers

This 2 day Security Awarness class teaches IT & Computer Security Professionals how to be an Ethical Hacker while defending your network from malicious software like Trojans, viruses and phishing attempts. In this class you will see 15+ network & computer security tools demo'ed. You'll learn: Network Penetration Testing & Ethical Hacking, Firewall VPN best practices, understand how Viruses and Trojans get on your network and how to, with effective Patch Management, mitigate risk. Including, how to stop buffer overflows by writing secure code. Lastly, this class shows you how to do computer investigations without compromising your data.

Who should attend:
CIO's, Network Managers, Operations Managers, IT Security Auditor's, IT Auditors, Bank Examiners.

Course Fee: $1,195
Time: 8:00am 5:00pm
Location: Reston, VA
Learning Level: Beginner to Intermediate
Prerequisites: None
CPE Credits: 16
Instructor: TBA

Ethical Hacking - Gather the Data - You'll uncover the hackers' favorite penetration techniques and how to protect against them.

Ethical Hacker - Ethics and Legality

  • What is an Exploit?
  • The security functionality triangle
  • The attacker's process
  • Passive reconnaissance
  • Active reconnaissance
  • Types of attacks
  • Categories of exploits
  • Goals attackers try to achieve
  • Ethical hackers and crackers - who are they
  • Self proclaimed ethical hacking

 

  • Skills required for ethical hacking Categories of Ethical Hackers
  • What do Ethical Hackers do?
  • Security evaluation plan
  • Types of Ethical Hacks
  • Testing Types
  • Ethical Hacking Report
  • Cyber Security Enhancement Act of 2002
  • Computer Crimes
  • Hacking Punishment

Ethical Hacker: Footprinting

  • What is Footprinting
  • Steps for gathering information
  • Whois
  • http://tucows.com
  • Hacking Tool: Sam Spade
  • Analyzing Whois output
  • NSLookup
  • Finding the address range of the network
  • ARIN
  • Traceroute
  • Hacking Tool: NeoTrace
  • Visual Route
  • Visual Lookout
  • Hacking Tool: Smart Whois
  • Hacking Tool: eMailTracking Pro
  • Hacking Tool: MailTracking.com

Ethical Hacker: Scanning

  • Determining if the system is alive?
  • Active stack fingerprinting
  • Passive stack fingerprinting
  • Hacking Tool: Pinger
  • Hacking Tool: Friendly Pinger
  • Hacking Tools
  • Detecting Ping sweeps
  • ICMP Queries
  • Hacking Tool: netcraft.com
  • Port Scanning
  • TCPs 3-way handshake
  • TCP Scan types
  • Hacking Tool: IPEye
  • Hacking Tool: IPSECSCAN
  • Hacking Tool: nmap
  • Port Scan countermeasures
  • Hacking Tool: HTTrack Web Copier
  • Network Management Tools
  • SolarWinds Toolset
  • NeoWatch
  • War Dialing
  • Proxy Servers
  • Hacking Tool: SocksChain
  • Surf the web anonymously
  • TCP/IP through HTTP Tunneling
  • Hacking Tool: HTTPort
  • Hacking Tool: Tunneld
  • Hacking Tool: BackStealth

Defend your networks against unauthorized access and denial-of-service attacks at the permiter.

The impact of Zero-day viruses to are nothing compared to Trojans.

  • What is a Trojan Horse?
  • Overt and Covert
  • BoSniffer
  • Hacking Tool: NetBus
  • ComputerSpy Key Logger
  • Hacking Tool: Beast Trojan
  • Wrappers
  • Hacking Tool: Whack a Mole Trojan Construction Kit
  • Writing Trojans in Java
  • Covert Channels
  • ICMP Tunneling
  •  
  • Reverse WWW Shell
  • Backdoor Countermeasures
  • BO Startup and Registry Entries
  • NetBus Startup and Registry Keys
  • Port Monitoring Tools
  • fPort
  • TCPView
  • Process Viewer
  • Inzider - Tracks Processes and Ports
  • Trojan Maker
  • Man-in-the-Middle Attack
  • Hacking Tool: dsniff
  • System File Verification
  • TripWire

How to detect the crime, track the criminal, and assemble the evidence.

Computer Forensics and Investigations as a Profession 

  • Understanding Computer Forensics
  • Comparing Definitions of Computer Forensics
  • Exploring a Brief History of Computer Forensics
  • Developing Computer Forensics Resources
  • Preparing for Computing Investigations
  • Understanding Enforcement Agency Investigations
  • Understanding Corporate Investigations
  • Maintaining Professional Conduct


Understanding Computer Investigations

  • Preparing a Computer Investigation
  • Examining a Computer Crime
  • Examining a Company-Policy Violation
  • Taking a Systematic Approach
  • Assessing the Case
  • Planning Your Investigation
  • Securing Your Evidence
  • Understanding Data-Recovery Workstations and Software
  • Setting Up Your Workstation for Computer Forensics
  • Executing an Investigation
  • Gathering the Evidence
  • Copying the Evidence Disk
  • Analyzing Your Digital Evidence
  • Completing the Case
  • Critiquing the Case

Some of the penetration or anti- hacking concepts you will see during this class

  • Attacking network infrastructure devices
  • Hacking by brute forcing remotely
  • Security testing methodologies
  • Security exploit testing with IMPACT from Core Security
  • Stealthy network recon
  • Remote root vulnerability exploitation
  • Multi-OS banner grabbing
  • Privilege escalation hacking
  • Unauthorized data extraction
  • Breaking IP-based ACLs via spoofing
  • Evidence removal and anti-forensics
  • Hacking Web Applications
  • Breaking into databases with SQL Injection
  • Cross Site Scripting hacking
  • Remote access trojan hacking
  • Offensive sniffing
  • Justifying a penetration test to management and customers
  • Defensive techniques

Instructor-led demo exercises

  • Abusing DNS for host identification
  • Leaking system information from Unix and Windows
  • Stealthy Recon
  • Unix, Windows and Cisco password cracking
  • Remote buffer overflow exploit lab I Stack mashing
  • Remote heap overflow exploit lab - Beyond the Stack
  • Desktop exploitation
  • Remote keylogging
  • Data mining authentication information from clear-text protocols
  • Remote sniffing
  • Malicious event log editing
  • Transferring files through firewalls
  • Hacking into Cisco routers
  • Harvesting web application data
  • Data retrieval with SQL Injection Hacking