Académique Documents
Professionnel Documents
Culture Documents
PART I – Ethics
• What is Google?
• How does Google work?
• Google Tricks
• Basic Hacks
• Google Calculator
• Google News
• Google Tools
• How can Google hacking help an ethical hacker?
• Preventing Google Crawls
• Practical Class: Case Studies
• What is Scanning?
• Objectives of Scanning
• Practical Class
• Scanning Tools to be used:
• Nmap
• Null Scan
• Firewalk
• XMAS Scan
• NIKTO
• GFI Languard
Part V – Trojans
• Definition
• Legend
• Difference b/w Trojan, virus and worms
• Working of Trojans
• Server, Client, Direct & Reverse connections
• Trojan Practical
• Beast, Bandook etc.
• Both direct and reverse connection
• Trojans on WAN
• Problems – Dynamic IP
• NAT
• Using netcat as a Trojan
• Antivirus Detection process
• Heuristics, signatures
• Hex editing, source code changes, custom, binders, packers, DLL injection
• Social Engineering – Deploying Trojans
• Manual Detection
• TCP-view, process monitors
• Understanding Sessions
• Passive vs. Active session hijack
• TCP sessions and HTTP sessions
• TCP session hijacking – Telnet
• Stealing Cookies to Hijack Session ID - XSS
• Defining SQL
• Understanding web application
• Using SQL to login via middleware language
• Checking SQL Injection vulnerability
• URL and forms
• SQL query SELECT, DROP etc.
• SQL cheat sheets
• Using source changes to bypass client side validation
• PHP magic quotes
• Using SQL injection tools
• Importance of Server side validation
Part IX – Sniffing
• Introduction
• Active, Passive
• DNS, ARP
• Tools
• Wireshark, Ettercap Cain n Abel
• Detecting Sniffing
• DNS Poisoning
• Router Hacking
• Emulating WAN sniffing
• Bluetooth Introduction
• Security Issues
• Security Attacks
• Bluejacking
• Tools for Bluejacking
• Tools for Bluejacking
• BlueSpam
• Blue snarfing
• BlueBug Attack
• Short Pairing Code Attacks
• Man-In-Middle Attacks
• OnLine PIN Cracking Attack
• BTKeylogging attack
• BTVoiceBugging attack
• Blueprinting
• Bluesmacking - The Ping of Death
• Denial-of-Service Attack
• BlueDump Attack
Part XI – Cryptography
• Introduction to Cryptography
• Classical Cryptographic Techniques - Encryption/Decryption
• Cryptographic Algorithms
• RSA (Rivest Shamir Adleman)
• Example of RSA Algorithm
- RSA Attacks
- RSA Challenge
• Data Encryption Standard (DES)
• DES Overview
• RC4, RC5, RC6, Blowfish
• One-way Bash Functions - MD5
• SHA (Secure Hash Algorithm)
• SSL (Secure Sockets Layer)
• What is SSH?
• SSH (Secure Shell)
• Algorithms and Security
• Disk Encryption
• Government Access to Keys (GAK)
• Code Breaking: Methodologies
• Cryptanalysis
• Cryptography Attacks
• vBrute-Force Attack
• Cracking S/MIME Encryption Using Idle CPU Time
• Use Of Cryptography
• Introduction: Broadband
• Airtel
• MTNL/BSNL
• Internet Grabbing
• Making Broadband Topography – National
• Making Broadband Topography - Regional
• Deploying Black Hat Scripts
• Using Default Passwords
• Special Trick: Hack any MTNL/BSNL/Airtel Broadband!
• Using Support Administrator Login
• Exploiting the Router
• Poisoning the Router
• Controlling User’s Internet Access
• Getting to the System from the Router
• E-Crime
• Statistics
• Credit Card
• Credit Card Fraud
• Credit Card Fraud Over Internet
• Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
• Credit Card Generator
• RockLegend’s !Credit Card Generator
• Credit Card Fraud Detection
• Credit Card Fraud Detection Technique: Pattern Detection
• Credit Card Fraud Detection Technique: Fraud Screening
• MaxMind Credit Card Fraud Detection
• 3D Secure & Limitation
• What to do if you are a Victim of a Fraud - Facts to be Noted by Consumers
• Best Practices: Ways to Protect Your Credit Cards
Workshop Duration:
16 hours (Covered over 2 Days)