Overview

A Penetration test will help your company understand the present hidden problems in your

networks. Right from ERP package to Network Printers and Workstations to firewalls, everything

will be tested for in-depth security.

We will immediately identify any sub-standard products / services present in the network that may

lead to machine downtime or compromise from a security outlook. A must for every company,

Penetration test must be performed every six months for Network self-diagnostics and self-

assessment.

What all will be reviewed in a complete penetration test? Here is a list:

1. Internet Vulnerability Assessment and Penetration Testing

2. DMZ or Network Architecture Designs / Reviews

3. Web Application Assessments

4. Intranet Vulnerability Assessment and Penetration Testing

5. Host Diagnostic Reviews

6. Firewall Diagnostic Reviews

7. Physical Security Reviews

8. Security Policy Review or Development

9. Server Vulnerability report

10. Incident Response Program Development or Review

What’s my benefit of going for a Penetration test for my network?

Let's start with a simple example. Penetration testing, like vulnerability assessment, is similar to a

health check-up. You may not know if anything is wrong until you go to the doctor's office and

have him examine you. There are many services, products, applications and programs in your

company on which both internal and external users are dependent on. How will you assess its

durability and security? Penetration test is the likely answer for all such existing resources.

How will a firewall review help us? It is already in place and working smoothly.

It is working smoothly only because no one is touching it. When we say touching it, we mean

probing and poking it like a real hacker. We will use every trick to bypass the firewall and observe

its response. This is as good as testing your water-proof watch once by throwing it in water!

But wait, it says it is also going to assess Web applications? What does it mean?

It means your company will be in a position to test its current website, and any intranet based

dashboard / ERP package that it is deploying for collaboration and consolidation. A Pen test will

check for possible loopholes in implementation of these services.

Incident response program? Now what is that?

An incident response program is like how fast the fire brigade will come to your rescue if your

house catches fire. We will design a framework that will enable your organization to respond in

time towards an incident. This can mean suggesting additional hardware resources or

implementing a process in place for quick response in event of a technical disaster.

What are the deliverables? How will we know you are doing it at all?

At the conclusion of the assessment, Orchidseven will provide written documentation of the

approach, findings and recommendations associated with this project. The documentation will

consist of the following:

DETAILED TECHNICAL REPORT

A document developed for the use of Company’s technical staff which discusses:

The methodology employed

Positive security aspects identified

Detailed technical vulnerability findings

An assignment of a risk rating for each vulnerability

Supporting detailed exhibits for vulnerabilities when appropriate

Detailed technical remediation steps.

EXECUTIVE SUMMARY REPORT

A document developed to summarize:

The scope

Approach

Findings and recommendations, in a manner suitable for senior management.

Customers who have taken this service, have also shown interest in the following

certifications - H3X and WAPT

Overview

H3X (Ethical Hacking Expert) is the First track in Orchid Seven certifications. It tests the approach

skills of a candidate towards security and Ethical hacking. Unlike other programs which are tool

oriented, Orchid seven's H3X focuses more on practical aspects of approach, hands-on with live

hacking, Application security issues, Managed Services pre-sales skills, Security Management and a

lot more... If you are already into Security then H3X is the Certification to complete the missing

gaps.

Powered by Boot camps, the certification is only attainable with good hands-on knowledge. You

must be able to deploy, design and attack a network practically before attempting the Three Hour

Lab Exam

Objectives

Ethical Hacking Expert is an advanced certification program and at the end of the training, following

objectives will be achieved:

- Design and create attack plan methodologies

- Understand social engineering aspects used for fraud

- Get an insight into enterprise security trend

- Use latest techniques to hack into systems and networks

- Configure and administer a firewall / IDS / IPS for security

- Harden your critical servers and workstations

- Conduct regular audits and penetration test in your company

- Understand Reverse engineering and application security

- Get hands-on experience in reversing a software

- Understand Digital Forensics

- Conduct investigations and digital forensic analysis

- Get awareness of IT Act Law 2000 and other international laws

- Understand importance of compliance

- Overview of ISO 27001 domains, controls and control objectives

- Plan overall security for your enterprise

Duration

40 hours (one week)

Pre-requisites

The candidate must have a background of Networking. Following are the recommended topics to

learn before attending a training for H3X

- LAN concepts

- TCP/IP concepts

- Port and Sockets

- VPN technology

- IPSec concepts

- Overview of DNS/DHCP/RAS/CA servers

- Awareness of firewalls / IDS and Anti-virus

- Regular user of Internet

Course outline: H3X v3.1

The program covers the following domains:

Module One: Art of Hacking

History of hacking

Hacker Culture

Open Source

Moral debate: Ethics

Social and political impact

The need of hacking

Emerging trends

Defining a system

Understanding Workflow

People, Process and Technology

Knowing your enemy

Module Two: Scenario of Enterprise security

The truth behind enterprise security

What happens in a real company?

Technology Vs Management

Security budget across different verticals

Insider trading

Business Applications

Why is it always possible to hack?

Module Three: Planning and gathering

Information

Making the Plan

Creating a layout

Defining a process to work

Designing attack strategy

Conceiving possible threats

Exit strategy

Information Gathering

Footprinting

Scanning

Identifying weakness

Enumerating your target

Finding Loopholes

Module Four: Social Engineering

Introduction to Social Engineering

understanding your victims

Character analysis

Body language

‘Blink’ factor

Psychology fundamentals

Physiological factors

Using SMS and Chat for effectively gaining trust

How SMS has taken over our lives

Getting personal on SMS

How to craft an emotion

SMS and Chat Etiquettes

Finding the right words

Making a person attached to you on chat

Using the art effectively for gaining information

Possible Psychological damage

Not crossing the line

Scripting in daily life

Games people play

Transactional Analysis

Introduction to Reality Hacking

Module Five: Taking on the system

System Architecture

Introduction to systems

Windows 2008 Architecture

Linux architecture

File System internals

Introducing LDAP

Active Directory Fundamentals

FSMO Roles

GPMC / RSOP

Windows Power shell

Hacking Techniques

Hiding Data – NTFS streaming

Gaining root access

Privilege Escalation

Man in the Middle attacks

Finding Vulnerabilities

Using exploits

Module Six: Attacking passwords

Password Hacking

Secret of passwords

Attacking SAM

Hacking a Domain Controller Password

Breaking Linux server password

Breaking application passwords

Other approaches

Using Brute Force Tools

Steganalysis concepts

Using Rainbow Tables

Default Passwords of devices

Using Key loggers

Module Seven: Malwares, Rootkits and

Trojans

Viruses and Trojans

What are Malwares?

Building a Trojan

Binding a Trojan to another file

Approaches for deploying a Trojan

Using Bit-torrent to spread Trojans

Targeting Victims by Games and movies

Worms

Anatomy of a worm

Worm propagation process in a network

Target Harvesting

Defense against worms

Worm Propagation possibilities in IPv6!

Rootkits and Botnets

What are rootkits?

Rootkits infection techniques

How botnets work?

Analysis of a Malware.

Module Eight: Reality Hacking

Reality Hacking

Understanding reality hacking

Weakest link in security

Application in real life

Exploiting Religion and Occult Science

People and belief

How religion plays a big role

Understanding occult science

Astrology and daily life

How is Faith Exploited

How to be a walking Linda Goodman

How to get personal information

Bluff master: How to be a palmist

How to induce self-fulfilling prophecies

Respecting the science

Into the Mind: Inflicting damage

Introducing hope

Crafting your words carefully

Attachment in Adults

Turning people against each other

Planning a sabotage against a business

Confidence: boosting and destroying

Using information for hacking

Using phishing and spam based on information

gathered

Crafting mails and messages to lure people

Module Nine: Getting Offensive

DoS / DDoS attacks

Conduction Basic DOS Attack

Targeting Firewalls and Routers

Defense - Clustering and NLB

Honeypots Overview

Deploying Honeypots

Sniffing: Ethereal and Wireshark

Encryption – overview

Session Hijacking: T-sight / Hunt

RFID & Biometrics Security

Understanding identity management

Using a Live Distribution Toolkits

Using BackTrack 3

Hiren Boot CD

Using BartPE based CDs

Other Security Boot Disks

Module Ten: Web Application Hacking

Web applications Architecture

Technologies used in Web 2.0

Web server Security

Web Application threats

Basic Authentication Attacks

SQL Injection

Cross site scripting

Directory Traversal

Google Hacking

Google Maps / WikiMapia

Advanced Google search techniques

Search engine optimization

Google API key

Blog Hacking

Using blogs to gather Information

Misleading people

Using Splogs

Module Eleven: Buffer Overflow Attacks &

Reverse Engineering

Buffer Overflow Attacks

Using OllyDbg

Practical Buffer Overflow walkthrough

Reverse Engineering

Essence of Cracking

General Protection mechanisms

Ripping it apart

Studying the target Monitoring techniques

Disassembling with Win32Dasm

Hex-Editing a binary application

Cracking / Reversing

Finding Valid Serial Keys

Removing NAG screens

Creating patches

Module Twelve: IDS, Firewalls and Forensics

IDS and Firewalls

Configuring and Deploying Snort

Snort Rules

Firewalls and UTM devices

Evasion Techniques

Removing Traces

Forensics Introduction

The Scene of Cyber Crime

Forensics foundation

Scenario based case study

Acquiring Evidence

Recovering data

Analysis of sound / Voice

Co-relating with log files

Anti-Forensics and Cyber Law

Using Anti-Forensic Tools

Removing evidence

Cyber Laws – overview

Module Thirteen: Bluetooth and Wireless

Security

Bluetooth fundamentals

Overview of Bluetooth technology

The Bluetooth stack

Vulnerabilities with the protocol

Hacking Mobile phones from Bluetooth

PDA security

Wireless security

The 802.11 network

Wireless security standards

WEP and inherent vulnerabilities

Sniffing Wireless networks

Breaking WEP

Breaking WPA

Wireless security – Best practices

Module Fourteen: VA & PT

Vulnerability Assessment

Building an approach

Using a VA framework

Using Nessus

Fuzzing

Penetration Testing

Overview of Ruby

Using Metasploit

Web Application Security

Building reports

Web application penetration testing

Using Acunetix WVS

Case Studies - Drupal , PHPbb

Firefox Plugins

Security as a continuous process

Impact of Log Analysis & co-relation

Importance of Audits

Need of compliance

Module Fifteen: Patch Management and

ISMS

Insider Threats

Having people centric approach

Role of training

Importance of demonstrating faith

Containing insider threats

Patch Management

The need for compliance

ISO27001 Overview

Asset and Risk Management

ISO27001 implementation

Best practices & Case study

Courseware

There is no specific recommended book for the above program. Candidates attending the training

will be given latest Reference notes in the industry for all the domains under the GNU GFDL License.

Alternatively, a regularly updated electronic copy (pdf) will be freely available for download for all

registered candidates. A DVD Kit with the tools covered in the domains will be given to the

candidates.

Certification

H3X certification can be obtained after giving the Lab Exam:

Gold Level   : Achieved when a delegate clears the Bootcamps (Lab exams)