hacking packing
TRANSCRIPT
Overview
A Penetration test will help your company understand the present hidden problems in your
networks. Right from ERP package to Network Printers and Workstations to firewalls, everything
will be tested for in-depth security.
We will immediately identify any sub-standard products / services present in the network that may
lead to machine downtime or compromise from a security outlook. A must for every company,
Penetration test must be performed every six months for Network self-diagnostics and self-
assessment.
What all will be reviewed in a complete penetration test? Here is a list:
1. Internet Vulnerability Assessment and Penetration Testing
2. DMZ or Network Architecture Designs / Reviews
3. Web Application Assessments
4. Intranet Vulnerability Assessment and Penetration Testing
5. Host Diagnostic Reviews
6. Firewall Diagnostic Reviews
7. Physical Security Reviews
8. Security Policy Review or Development
9. Server Vulnerability report
10. Incident Response Program Development or Review
What’s my benefit of going for a Penetration test for my network?
Let's start with a simple example. Penetration testing, like vulnerability assessment, is similar to a
health check-up. You may not know if anything is wrong until you go to the doctor's office and
have him examine you. There are many services, products, applications and programs in your
company on which both internal and external users are dependent on. How will you assess its
durability and security? Penetration test is the likely answer for all such existing resources.
How will a firewall review help us? It is already in place and working smoothly.
It is working smoothly only because no one is touching it. When we say touching it, we mean
probing and poking it like a real hacker. We will use every trick to bypass the firewall and observe
its response. This is as good as testing your water-proof watch once by throwing it in water!
But wait, it says it is also going to assess Web applications? What does it mean?
It means your company will be in a position to test its current website, and any intranet based
dashboard / ERP package that it is deploying for collaboration and consolidation. A Pen test will
check for possible loopholes in implementation of these services.
Incident response program? Now what is that?
An incident response program is like how fast the fire brigade will come to your rescue if your
house catches fire. We will design a framework that will enable your organization to respond in
time towards an incident. This can mean suggesting additional hardware resources or
implementing a process in place for quick response in event of a technical disaster.
What are the deliverables? How will we know you are doing it at all?
At the conclusion of the assessment, Orchidseven will provide written documentation of the
approach, findings and recommendations associated with this project. The documentation will
consist of the following:
DETAILED TECHNICAL REPORT
A document developed for the use of Company’s technical staff which discusses:
The methodology employed
Positive security aspects identified
Detailed technical vulnerability findings
An assignment of a risk rating for each vulnerability
Supporting detailed exhibits for vulnerabilities when appropriate
Detailed technical remediation steps.
EXECUTIVE SUMMARY REPORT
A document developed to summarize:
The scope
Approach
Findings and recommendations, in a manner suitable for senior management.
Customers who have taken this service, have also shown interest in the following
certifications - H3X and WAPT
Overview
H3X (Ethical Hacking Expert) is the First track in Orchid Seven certifications. It tests the approach
skills of a candidate towards security and Ethical hacking. Unlike other programs which are tool
oriented, Orchid seven's H3X focuses more on practical aspects of approach, hands-on with live
hacking, Application security issues, Managed Services pre-sales skills, Security Management and a
lot more... If you are already into Security then H3X is the Certification to complete the missing
gaps.
Powered by Boot camps, the certification is only attainable with good hands-on knowledge. You
must be able to deploy, design and attack a network practically before attempting the Three Hour
Lab Exam
Objectives
Ethical Hacking Expert is an advanced certification program and at the end of the training, following
objectives will be achieved:
- Design and create attack plan methodologies
- Understand social engineering aspects used for fraud
- Get an insight into enterprise security trend
- Use latest techniques to hack into systems and networks
- Configure and administer a firewall / IDS / IPS for security
- Harden your critical servers and workstations
- Conduct regular audits and penetration test in your company
- Understand Reverse engineering and application security
- Get hands-on experience in reversing a software
- Understand Digital Forensics
- Conduct investigations and digital forensic analysis
- Get awareness of IT Act Law 2000 and other international laws
- Understand importance of compliance
- Overview of ISO 27001 domains, controls and control objectives
- Plan overall security for your enterprise
Duration
40 hours (one week)
Pre-requisites
The candidate must have a background of Networking. Following are the recommended topics to
learn before attending a training for H3X
- LAN concepts
- TCP/IP concepts
- Port and Sockets
- VPN technology
- IPSec concepts
- Overview of DNS/DHCP/RAS/CA servers
- Awareness of firewalls / IDS and Anti-virus
- Regular user of Internet
Course outline: H3X v3.1
The program covers the following domains:
Module One: Art of Hacking
History of hacking
Hacker Culture
Open Source
Moral debate: Ethics
Social and political impact
The need of hacking
Emerging trends
Defining a system
Understanding Workflow
People, Process and Technology
Knowing your enemy
Module Two: Scenario of Enterprise security
The truth behind enterprise security
What happens in a real company?
Technology Vs Management
Security budget across different verticals
Insider trading
Business Applications
Why is it always possible to hack?
Module Three: Planning and gathering
Information
Making the Plan
Creating a layout
Defining a process to work
Designing attack strategy
Conceiving possible threats
Exit strategy
Information Gathering
Footprinting
Scanning
Identifying weakness
Enumerating your target
Finding Loopholes
Module Four: Social Engineering
Introduction to Social Engineering
understanding your victims
Character analysis
Body language
‘Blink’ factor
Psychology fundamentals
Physiological factors
Using SMS and Chat for effectively gaining trust
How SMS has taken over our lives
Getting personal on SMS
How to craft an emotion
SMS and Chat Etiquettes
Finding the right words
Making a person attached to you on chat
Using the art effectively for gaining information
Possible Psychological damage
Not crossing the line
Scripting in daily life
Games people play
Transactional Analysis
Introduction to Reality Hacking
Module Five: Taking on the system
System Architecture
Introduction to systems
Windows 2008 Architecture
Linux architecture
File System internals
Introducing LDAP
Active Directory Fundamentals
FSMO Roles
GPMC / RSOP
Windows Power shell
Hacking Techniques
Hiding Data – NTFS streaming
Gaining root access
Privilege Escalation
Man in the Middle attacks
Finding Vulnerabilities
Using exploits
Module Six: Attacking passwords
Password Hacking
Secret of passwords
Attacking SAM
Hacking a Domain Controller Password
Breaking Linux server password
Breaking application passwords
Other approaches
Using Brute Force Tools
Steganalysis concepts
Using Rainbow Tables
Default Passwords of devices
Using Key loggers
Module Seven: Malwares, Rootkits and
Trojans
Viruses and Trojans
What are Malwares?
Building a Trojan
Binding a Trojan to another file
Approaches for deploying a Trojan
Using Bit-torrent to spread Trojans
Targeting Victims by Games and movies
Worms
Anatomy of a worm
Worm propagation process in a network
Target Harvesting
Defense against worms
Worm Propagation possibilities in IPv6!
Rootkits and Botnets
What are rootkits?
Rootkits infection techniques
How botnets work?
Analysis of a Malware.
Module Eight: Reality Hacking
Reality Hacking
Understanding reality hacking
Weakest link in security
Application in real life
Exploiting Religion and Occult Science
People and belief
How religion plays a big role
Understanding occult science
Astrology and daily life
How is Faith Exploited
How to be a walking Linda Goodman
How to get personal information
Bluff master: How to be a palmist
How to induce self-fulfilling prophecies
Respecting the science
Into the Mind: Inflicting damage
Introducing hope
Crafting your words carefully
Attachment in Adults
Turning people against each other
Planning a sabotage against a business
Confidence: boosting and destroying
Using information for hacking
Using phishing and spam based on information
gathered
Crafting mails and messages to lure people
Module Nine: Getting Offensive
DoS / DDoS attacks
Conduction Basic DOS Attack
Targeting Firewalls and Routers
Defense - Clustering and NLB
Honeypots Overview
Deploying Honeypots
Sniffing: Ethereal and Wireshark
Encryption – overview
Session Hijacking: T-sight / Hunt
RFID & Biometrics Security
Understanding identity management
Using a Live Distribution Toolkits
Using BackTrack 3
Hiren Boot CD
Using BartPE based CDs
Other Security Boot Disks
Module Ten: Web Application Hacking
Web applications Architecture
Technologies used in Web 2.0
Web server Security
Web Application threats
Basic Authentication Attacks
SQL Injection
Cross site scripting
Directory Traversal
Google Hacking
Google Maps / WikiMapia
Advanced Google search techniques
Search engine optimization
Google API key
Blog Hacking
Using blogs to gather Information
Misleading people
Using Splogs
Module Eleven: Buffer Overflow Attacks &
Reverse Engineering
Buffer Overflow Attacks
Using OllyDbg
Practical Buffer Overflow walkthrough
Reverse Engineering
Essence of Cracking
General Protection mechanisms
Ripping it apart
Studying the target Monitoring techniques
Disassembling with Win32Dasm
Hex-Editing a binary application
Cracking / Reversing
Finding Valid Serial Keys
Removing NAG screens
Creating patches
Module Twelve: IDS, Firewalls and Forensics
IDS and Firewalls
Configuring and Deploying Snort
Snort Rules
Firewalls and UTM devices
Evasion Techniques
Removing Traces
Forensics Introduction
The Scene of Cyber Crime
Forensics foundation
Scenario based case study
Acquiring Evidence
Recovering data
Analysis of sound / Voice
Co-relating with log files
Anti-Forensics and Cyber Law
Using Anti-Forensic Tools
Removing evidence
Cyber Laws – overview
Module Thirteen: Bluetooth and Wireless
Security
Bluetooth fundamentals
Overview of Bluetooth technology
The Bluetooth stack
Vulnerabilities with the protocol
Hacking Mobile phones from Bluetooth
PDA security
Wireless security
The 802.11 network
Wireless security standards
WEP and inherent vulnerabilities
Sniffing Wireless networks
Breaking WEP
Breaking WPA
Wireless security – Best practices
Module Fourteen: VA & PT
Vulnerability Assessment
Building an approach
Using a VA framework
Using Nessus
Fuzzing
Penetration Testing
Overview of Ruby
Using Metasploit
Web Application Security
Building reports
Web application penetration testing
Using Acunetix WVS
Case Studies - Drupal , PHPbb
Firefox Plugins
Security as a continuous process
Impact of Log Analysis & co-relation
Importance of Audits
Need of compliance
Module Fifteen: Patch Management and
ISMS
Insider Threats
Having people centric approach
Role of training
Importance of demonstrating faith
Containing insider threats
Patch Management
The need for compliance
ISO27001 Overview
Asset and Risk Management
ISO27001 implementation
Best practices & Case study
Courseware
There is no specific recommended book for the above program. Candidates attending the training
will be given latest Reference notes in the industry for all the domains under the GNU GFDL License.
Alternatively, a regularly updated electronic copy (pdf) will be freely available for download for all
registered candidates. A DVD Kit with the tools covered in the domains will be given to the
candidates.
Certification
H3X certification can be obtained after giving the Lab Exam:
Gold Level : Achieved when a delegate clears the Bootcamps (Lab exams)