Certified Information Security Expert (CISE level 1 v2)

Detailed Course Module

Certified Information Security Expert (CISEv20)

Innobuzz Knowledge Solutions Pvt Ltd is high quality-training provider
for courses in the field of Information Security, Systems and Open-
Source

The hands on security courses in the field of offensive security are built
by the Innobuzz Knowledge Solutions Pvt Ltd members to ensure real
world experience

www.innobuzz.in
Chapter 1 – Introduction
 Concept of Security
 Physical and Digital Assets
 Security Triangle
 Introduction: Ethical hacking
 Types of Ethical Hackers
 Basic Terminologies
 Elements of Security
 5 Phases of Hacking
 Profile of an Ethical Hacker
 Security Testing, Computer Crimes and Law
 History of Hacking & Famous Hackers

Chapter 2 – Networking & Basics

 Concept of Networking
 Types of Networks and Networking Devices
 Concept of Network and Ports
 TCP, IP & UDP
 Addressing and Types of Addressing
 IP Address and Classes
 Client Server Relationship
 Domain name and DNS
 ARP, RARP, ICMP, FTP, Telnet, SMTP, SNMP, HTTP, POP
 Virtualization and Advantages of Virtualization

Chapter 3 – Footprinting
 Footprinting/Information Gathering
 Steps of Information Gathering
 Crawling and Mirroring of Websites
 Whois and Domain Registry
 Gathering Target Information
 Parallel Domain
 MX Entry
 Trace Route
 Archive Pages
 Banner Grabbing
Chapter 4 – Google Hacking
 Introduce Google
 Working of Google – Outline
 Working of Google – Crawling, Indexing & Searching
 Vulnerable Objects
 Using Cache and Google as Proxy
 Directory Listing and Locating Directory Listings along with specific folders
 Google Hacking and what it is about
 The basics of Google Hacking: Advanced Search in Google
 Advance Search Operators: site:, filetype:, inurl:, intitle:, cache:, info:
 Wildcard and Quotes
 Understanding and Viewing Robots.txt for important Files
 Normal Countermeasures
o Robottxt
o Metatag and Google Official Remove
o Hiding Detailed Error Messages
o Disabling Directory Browsing

Chapter 5 – Scanning
 Definition of Scanning
 Types of Scanning
 Diff b/w Port and Network Scanning
 Objectives and Benefits of Scanning
 TCP three way hands shake
 Various Classification of Scanning
 Fragments, UDP, ICMP, Reverse Ident, List & Idle, RPC, Window Scan, Ping Sweep
 Concept of War Dialer (History)
 OS Finger Printing and Types – Active & Passive

Chapter 6 – Windows Hacking

 Definition and Objectives of Windows Hacking
 Types of Passwords
 Manual & Automatic Password Cracking Algorithm
 Types of Password Attacks – Dictionary, Brute Force, and Hybrid
 LMHash and SAM File
 Password Cracking Countermeasures
  Syskey
 Privilege Escalation
 Hiding Files
 Concept of Alternate Data Stream and Advantages
 Detecting ADS
 NTFS Streams countermeasures
 Keystroke Loggers and Types – Software & Hardware
 Concept of Auditing, Logs and Covering Tracks
 Concept of Application Isolation

Chapter 7 – Linux Hacking

 Introduction of Linux as an OS
 Advantages of using Linux
 Basics about linux – Commands, Shell types and User types
 Why Linux is hacked?
 Recent Linux Vulnerabilities
 Password cracking in Linux
 Introduction and explanation of IP Tables & IP Chains
 TCP wrappers
 Remote connection using SSH
 Log and Traffic Monitors in Linux
 Understanding Post Install Linux Security Auditing
 Understanding and using Backtrack

Chapter 8 – Trojans & Backdoors

 Definition and Objectives of Trojans & Backdoors
 Overt and Covert Channels
 Working of Trojans
 Different Types of Trojans – Remote Access, Data Sending, Destructive, DOS, Proxy
Trojans
 Target Data Types of Trojans
 Different Modes of Trojan Infection
 Auto-run of Trojans
 Common Symptoms of a Trojan Infection
 Ports used by Famous Trojans
 Wrappers & Binders
 Uses of Wrappers and Binders
  Reverse Connection in relation to Trojans
 Detecting a Trojan in a computer
 Anti-Trojan Software
 Tips to Avoid Trojan Infection
 Concept of Rootkit
 Effects and Types of Rootkit
 Countermeasures of Rootkit

Chapter 9 – Virus & Worms

 Introduction to Virus & Worms
 Diff. between Virus & Worms
 Characteristics, Symptoms of a Virus
 History and Terminologies used for a Virus
 Types of Virus Damage
 Effects of a Virus Attack
 Access Methods of a Virus
 Modes of Virus infection
 Life Cycle of a Virus
 Types of Virus Programs – What and how?
 Famous Virus & Worms
 Batch File programming
 Concept of Virus Construction Kit
 Virus Detection Methods
 Virus Incident Response
 Sheep Dip
 Tips on Prevention from Virus Infection
 Types of Worms
 Zombies
 Botnets
 Antivirus Program
 Popular Antivirus programs

Chapter 10 – Proxy Server & Packet filtering

 Proxy Server
 Advantages of using Proxy Servers
 Proxy Server Based Firewalls
  Types of Proxy Servers – Software Proxy, Proxy Websites, and Server Proxy
 Diff. between Transparent, Anonymous and Elite Proxies
 Anonymizers
 Socks Chain Proxy
 Http Tunnel Proxy
 Countermeasures of Proxy
 Packet Filtering
 Packet Filtering Devices and Approaches
 Stateless Packet Filtering
 Different Types of Filtering Based on IP Header, TCP, TCP/UDP, ICMP, ACK flags,
Fragmentation and Packet Contents
 Filtering Suspicious Inbound Packets
 Stateful Packet Filtering
 Proxy Server Vs Packet Filtering

Chapter 11 – Denial of Service Attack

 Concept of DOS Attacks
 Goal of DOS Attack
 Impact and Modes of Dos Attack
 Types of Dos Attack – smurf, Buffer Overflow, Ping of death, Teardrop, SYN, Tribal
flow
 Concept of DDOS Attack
 Diff. between Dos and DDos Attack
 Characteristics of DDos Attacks
 Concept of Agent Handler Model, IRC Based Model, DDos Attack Taxonomy,
Amplification Attack
 Concept of the Reflected Dos
 Countermeasures - Reflected DoS
 DDoS Countermeasures
 Detect and Neutralize Handlers
 Detect Potential Attacks
 Mitigate or Stop the Effects of DDoS Attacks
 Post-Attack Forensics

Chapter 12 – Sniffers
 Concept of Sniffing
 Types of Sniffing – Active & Passive
  ARP Poisoning
 Countermeasures of ARP Poisoning
 DNS Spoofing
 Changes in Host file for DNS Redirection
 Countermeasures of sniffing
 MAC Spoofing

Chapter 13 – Social Engineering

 Social Engineering
 Techniques of Social Engineering
 Attempt Using Phone, E-mail, Traditional mail, In person, Dumpster Diving, Insider
Accomplice, Extortion and Blackmail, Websites, Shoulder surfing, Third Person
Approach, Technical Support
 Countermeasures of Social Engineering

Chapter 14 – Physical security

 Physical Security
 Current Statistics
 Accountability and Need of Physical security
 Factors Affecting Physical Security
 Physical Security Checklist
o Company Surroundings
o Premises
o Reception
o Server
o Workstation Area
o Wireless Access Points
o Other Equipments such as fax, removable media etc
o Access Control
o Computer Equipment Maintenance
o Wiretapping
o Remote Access
o Locks
o Spyware

Chapter 15 – Steganography
  Steganography
o What is Steganography?
o History
o Steganography today
o Steganography tools
 Steganalysis
o What is Steganalysis?
o Types of analysis
o Identification of Steganographic files
 Steganalysis meets Cryptanalysis
o Password Guessing
o Cracking Steganography programs
 Forensics/Anti-Forensics
 Conclusions
o What’s in the Future?
o Other tools in the wild
o References

Chapter 16 – Cryptography
 Concept of Cryptography
 Advantages and uses of Cryptography
 PKI (Public Key Infrastructure)
 Algorithm’s of encryption – RSA, MD5, SHA, SSL, PGP, SSH, GAK
 Concept of Digital Signature
 Encryption Cracking Techniques
 Disk Encryption
 Cracking S/MIME encryption using idle CPU time
 Concept of Command Line Scriptor and Crypto Heaven, Cyphercalc
 CA (Certificate Authority)

Chapter 17 - Wireless Hacking

 Wireless Technology
 Introduction to wireless networking
 Basics & Terminologies
 Advantages of Wireless Technology
 Components of Wireless Network
 Types of Wireless Network
  Setting and detecting a wireless network
 Advantages and Disadvantages of wireless network
 Antennas, SSID, Access Point Positioning and Rogue Access Point
 Concept of Wired Equivalent Privacy (WEP)
 MAC Sniffing & AP Spoofing
 Terminology of Wi-Fi Access
 Denial-of-Service and MITM Attack in Wi-Fi
 Wireless Intrusion Detection System
 Tips to Secure Wireless Network

Chapter 18 - Firewalls & Honeypots

 Firewall
 What Does a Firewall Do?
 What a firewall cannot do
 How does a firewall work?
 Types of Firewall
 Working of Firewall
 Advantages and Disadvantages of Firewall
 Firewalls Implementing for Authentication Process
 Types of Authentication Process
 Steps for Conducting Firewall Penetration Testing
o Locate the Firewall
o Traceroute to identify the network range
o Port scan the router
o Grab the banner
o Create custom packet and look for firewall responses
o Test access control Enumeration
o Test to indentify firewall architecture
o Test firewall using firewalking tool
o Test for port redirection
o Test Convert channels
o Test HTTP Tunneling
o Test firewall specific vulnerabilities
 How to Bypassing the Firewall
 Concept of Honeypots
 Purpose and working of Honeypots
 Advantages and Disadvantages of Honeypots
  Types of Honeypots
 Uses of Honeypots
 Detecting Honeypot
 Honeynets
 Architecture of Honeynet
 Working process of Honeynet
 Types of Honeynet
 Honeywall CDROM

Chapter 19 - IDS & IPS

 Concept of IDS (Intrusion Detection System)
 History and Characteristics of IDS
 Importance of IDS
 Deployment of IDS
 Intro, Advantages and Components of Distributed IDS
 Aggregate Analysis with IDS
 Types and Architecture of IDS:-
o Network Based IDS
o Host Based IDS
 Diff. Between Network Base IDS and Host Base IDS
 Methods to Detect IDS
 Signatures
 Types of Signature:-
o Network Signatures
o Host-based Signatures
o Compound Signatures
 Methods to Detect Signature
 Prelude of IDS
 Concept of IPS (Intrusion Prevention System)
 Diff. Between IDS and IPS
 Network Antivirus Software’s

Chapter 20 – Vulnerability Assessment

 Concept of Vulnerability Assessment
 Purpose Types of Assessment
 Vulnerability Classification
  How to Conduct Vulnerability Assessment
 Vulnerability Analysis Stages
 Vulnerability Assessment Considerations
 Vulnerability Assessment Reports
 TimeLine and Penetration Attempts
 Vulnerability Assessment Tools

Chapter 21 – Penetration Testing

 Concept of Penetration Testing
 Security assessments Categories
 Vulnerability Assessment
 Limitation of Vulnerability assessment
 Why Penetration Testing?
 Types of Penetration Testing
o External Testing
o Internal Testing
 Sourcing Penetration Testing
 Terms of Engagement
 Project Scope
 Agreements of Pentest Service
 Testing Points, Locations, Automated Testing, Manual Testing,
 Gathering information for Penetration Testing By :-
o Domain name and IP address information
o Enumerating Information about Hosts
o Testing Network-Filtering Devices
o Enumerating Devices
o Denial of Service Emulation

Chapter 22 – Session Hijacking

 Session Hijacking
 Difference between Spoofing and Session Hijacking
 Phases of Session Hijacking:-
o Tracking the session
o Desynchronizing the connection
o Injecting the attacker’s packet
 Types of Session Hijacking:-
 o Active
o Passive
 TCP 3 Way Hand Shake
 Sequence Numbers
 Dangers Posed by Hijacking
 Countermeasure of Session Hijacking
 Protection Against Session Hijacking
 Countermeasure: IPSec

Chapter 23 – Hacking Web Server

 Web Servers
 Working process of Web Server
 Loopholes of Web Server
 Introduction of Popular Web Server and Common Security Threats
 Apache Vulnerability
 Attacks against IIS
 Components of IIS
 IIS Directory Traversal
 Unicode and Unicode Directory Traversal Vulnerability
 Unspecified Executable Path Vulnerability
 File System Traversal Counter measures
 WebDAV / ntdlldll Vulnerability
 RPC DCOM Vulnerability
 ASN Exploits
 IIS Logs
 Escalating Privileges on IIS
 Hot Fixes and Patches
 Countermeasures of Web Server

Chapter 24 – SQL Injection

 Introduction of SQL
 What SQL Can do
 SQL Queries
 Use of Quotes, AND & OR
 Concept of SQL Injection
 OLE DB Error
 Login Guessing & Insertion
  Shutting Down SQL Server
 Extended Stored Procedures
 Preventive Measures

Chapter 25 – Cross Site Scripting

 Introduction Cross Site Scripting
 Cross-Site Scripting
 Ways of Launching Cross-Site Scripting Attacks
 Working Process of Cross-Site Scripting Attacks
 When will be an attack successful?
 Programming Languages Utilized in XSS Attacks
 Types of XSS Attacks
 Steps of XSS Attack
 Not Fixing CSS/XSS Holes Compromises
 Methodology of XSS
 How to protect Against XSS

Chapter 26 – Exploit Writing

 Concept of Exploit Writing
 Purpose of Exploit Writing
 Requirements of Exploits Writing & Shell codes
 Types of Exploits:-
o Stack Overflow Exploits
o Heap Corruption Exploit
o Format String Attack
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
 The Proof-of-Concept and Commercial Grade Exploit
 Converting a Proof of Concept Exploit to Commercial Grade Exploit
 Attack Methodologies
 Socket Binding Exploits
 Steps for Writing an Exploit
 Shellcodes
 Null Byte
 Types of Shellcode
 Steps for Writing a ShellCode
  Issues Involved With Shellcode Writing
 Buffer
 Static Vs Dynamic Variables
 Stack Buffers, Data Region and Memory Process Regions
 About the Stack
 Need of Stack, Stack Region, Stack frame, Stack pointer, Procedure Call (Procedure
Prolog) , Return Address (RET), Word Size and Buffer Overflows,
 Why do we get a segmentation violation and Segmentation Error
 Writing Windows Based Exploits
 EIP Register and ESP
 Metasploit Framework, msfconsole
 Development with Metasploit
 Need for Creating of Exploit
 Determining the Attack Vector
 Debugger
 Determine the offset & pattern create
 Where to place the payload?

Chapter 27 – Buffer Overflow

 Why Applications are vulnerable
 Buffer Overflow Attack
 Reasons of Buffer Overflow
 Knowledge for Buffer Overflow
 Understanding Stacks
 Understanding Heaps
 Types of Buffer Overflow Attack
o Stack Based
o Heap Based
 Heap Memory Buffer overflow Bug
 Understanding Assembly Language
 Intro of Shell Code
 Detection of Buffer Overflows in a program
 Attacking a Real Program
 Once the Stack is smashed
 NOPS
 Mutate a Buffer Overflow Exploit
 Comparing Functions of libc and libsafe
  Simple Buffer Overflow in C
 Code Analysis
 Countermeasure of Buffer Overflow Attack

Chapter 28 – Reverse Engineering

 Concept of Reverse Engineering
 Positive Application of Reverse Engineering
 Ethical Reverse Engineering
 DMCA ACT
 Disassembler
 Decompilers
 Program Obfuscation
 Why do you need to decompile ?
 NET Obfuscator and NET Obfuscation
 Java Byte code Decompilers
 How does OllyDbg Work?

Chapter 29 – Email Hacking

 Concept of Email
 Spam and Spam Laws
 E-Mail Tracking By Header
 Concept of Fake E-mails
 Various steps to send Fake mails
 Traceip by PHP Script

Chapter 30 – Incident Handling & Response

 Incident
 Different Categories of Incidents
 Various Types of Incidents
 Who should I report an incident
 Step by Step Procedure of Incident Handling
 Managing Incidents
 Incident Response
 Incident Handling Process
 Incident Detection Process
 Incident Containment Process
  Incident Eradication Process
 Incident Recovery Process
 Incident Follow up Process
 Incident Response Team
 CSIRT Services

Chapter 31 – Bluetooth Hacking

 Bluetooth Technology
 Concept of Bluetooth Hacking
 Attacks on Bluetooth Mobile
 Why Bluetooth hacking?
 Working of Bluetooth Hacking
 Mobile Dos Attack
 Mobile Viruses & Worms
 Mobile Security Tips & Tricks
 Samsung Mobile Security Tips & Tricks
 Motorola Mobile Security Tips & Tricks
 Conclusions
 Countermeasures

Chapter 32 – Mobile Phone Hacking

 Mobile Technologies
 Introduction and Facts of GSM
 Low-Tech Fraud
 Countermeasure of Low-Tech Fraud
 GSM Security Problems
 Attacks on GSM Networks
 De-Registration and Location Update Spoofing
 Camping on a False BTS and False BTS/MS
 Active and Passive Identity Caching
 Suppressing encryption between the target user and the intruder
 Suppressing encryption between target user and the true network
 Compromised cipher key
 Eavesdropping on user data by suppressing encryption
 Eavesdropping
 User impersonation with compromised authentication vector
 Hijacking outgoing calls
 Hijacking outgoing calls with encryption enabled
 Hijacking incoming calls
 Hijacking incoming calls with encryption enabled
 Introduction of Cryptography, Fake BTS and Terminology
 Terminal and SIM
 Discuss about Mobile Execution Environment
 GSM Data, Signaling and Signaling Security
 SS7: Opening up to World, Waiting for disaster, Evolution and What to do
 Diff. between :-
o PSTN vs VOIP
o VOIP vs SS7
 GSM Network Elements and Architecture
 Home Location Register (HLR) and Authentication Center (AuC)
 Mobile Switching Center (MSC)
 Customer Care and Billing System
 Value-Added Services
 WAP Security Model, The WAP Gap and WTLS Security
 WAP:
o No end-to-end Trust
o Man-in-the-middle
 Introduction of third Generation of Wireless
 3G Security Architecture and Security Model
 Diff. Between 3G vs GSM
 AKA Message Flow and Connection Establishment
 Overview of Ciphering and Integrity
 Interception and It’s :-
o Definitions
o Terminology
o Logical Configuration
o Concepts
 Circuit and Packet Data Event Records
 Discuss the Security of Interception
 Components of GSM Network
 Overview of Subscriber and its Identification
 Electronic Access to the SIM
 Extraction From A SIM
 o Location Information File
o Serial Number
o Subscriber Identifier
o Phone Number
o Text Message Data
o Status of Text Message Data
o Threats to a SIM Data
 Equipments:-
o Generic Properties
o Ms data
o Threats to MS Data
o Network and :-
o Network Operator Data
o Call Data Records
o Threats to Network Operator
 GSM Security Operation and Forensics Tools
 Overview of Cell Seizure
 Features Of Cell Seizure
 Advantages and Disadvantages of Cell Seizure
 Tool of Cell Seizure