BECOME A CYBER SECURITY ANALYST

What is Hacking?

Hacking is the process of finding loopholes in a website, intrude into it and take control of the site or make it crash. To prevent malicious hackers from intruding into computer systems and networks causing severe harm, trained hackers are employed by companies to find loopholes or weaknesses in existing websites, computer networks and take measures to solve them. It is called ethical hacking.

About Hacking Training Course

EduCBA’s Hacking Training course is intended to help software professionals get an overview of hacking methods with practical examples. It will provide insights into hacking techniques, strategies, study configuration, topology, understand network types and enhance skills to effectively use ethical hacking for corporates. It will enhance your skills and knowledge to convince the industry or employers about your capability in handling internet security. The course is spread into 105 lectures with 19 hours of HD video.

General Hacking Methods:

This chapter introduces the learner to hacking methods employed by hackers and information security professionals.

Port Scanning: Port scanning is the process by which hackers send messages to ports to see which are open and susceptible to vulnerabilities. Just as a burglar looks for a open window, door or ventilation to make his entry into a house, hackers send messages to ports to check weaknesses.

ICMP Sweep/Scanning: basic network scanning to find out which IP addresses map to live hosts or computers. Internet Control Message Protocol (ICMP) – ping is an ICMP ECHO to multiple hosts, a return ICMP echo is received if port is live.

Tools for ICMP Echo- fping, gping, nmap for UNIX, Pinger Software- Rhino9, Ping Sweep for Windows

Netbios Hacking – getting entry into a computer system through Network Basic Input Output System (NETBIOS). This is how computers in a LAN or WAN is targeted- sniffing – ip addresses-local subnet

Internet Application Security and Vulnerability: Security breach, proactive,defensive strategies, Authenitcation, authorization. Common flaws – injection flaws-passing unfiltered data to the sQL server, to the browser, preventing injection flaws, Cross Site scripting, insecure direct object references, security misconfiguration. Sensitive data exposure, missing function level acess control, cross site request forgery. Components with vulnerabilities, unvalidated redirects and forwards.

Introduction to attack techniques, classes of attacks-passive attack, active attack, distributed attack, insider attack, close-in attack, phishing attack, hijack attack, spoof attack, buffer overflow, exploit attack, password attack. Online identity-location, birth date, family connections, hacking , banking, financial transactions.

Protecting online identity:

Protecting identity of user, tips for protecting online identy- social media, profiles, privacy settings,usage of multiple passwords,phishing emails, https for online transactions – s stands for security.

Reducing risk of online identity theft: Stealing personal information, impersonating, social security number, signature, name, address, phone number, mobile number,financial details- bank,credit card info.-committing fraud.

Reducing Risk of online identify theft- online transactions- ask companies how data will be used, Secure Socket Layer (SSL), Site security certificate,, data encryption, credit card info – storage and use. Destroy papers containing credit card info.

Action taken- Online identity theft- contact, credit bureaus- Experian, Equifax, TransuUnion, fraud alert, thief may not be able to open bank account on time.; monitor credit reports.security freeze, child identity theft, FTC Identity Theft Affidavit. ATM/Debt cards, social security number misuse,victim statement, reporting to police, legal support, keeping records.

Phishing- Introduction to phishing- sending email to user falsely claiming to be a genuine enterprises – get personal information for identity theft- directing to a site-updating password, credit cards , account information-bogus website, stealing information. Anti-Phishing-

Type of Phishing email/spam

fraudsters sent same email to millons of users seeking personaliinformaiton, account verification, urgency, web based delivery- hacker – intermediary between website and phising system.- Instant messaging, Trojan hosts, link manipulation, key loggers, session hacking, system reconfiguration, content injection, phishing through search engines, phone phishing, malware phishing. Anti-phishing-steps to protect computer- using firewalls, anti-virus software, Secure Socket Layer (SSL), bank,credit care statements. Summary of approaches.

Introduction to computer security and cyber crime:

Computer crime refers to stealing data, intrusioin into websites and systems- examples- cyber terrorism, cyber bullying, denial of service attack, espionage, fraud- manipulating data, changing banking records, creating malware,spoofing, unauthorized access, spamming, harvesting, salami slicing.

Cyber Security-IT security aims to protect computers, programs, networks, unauthorized access, modification or alteration. Importance of cyber security– government organizations, companies, corporates,financial institutions, hospitals- integrity of data,confidiential information,privacy, data transmission and theft, cyber attacks.

Types of hacker attacks, spoofing- unauthorized access to user’s system impersonation, steal personal data, bank account, passwords,credit card info.- email spoofing,caller ID, URL spoof attacks- fraudulent website to obtain info from users, install viruses.credit card info.

Web spoofing, session hijacking- allows hackers to see and modify pages sent to victim’s machine. JavaScript and web server plugins, malicious web pages, web browers don’t prevent spoofing.

Session hijacking –exploitation of web session control mechanism, by exposing the session token by means of predicting a valid session token to get unauthorized entry to the web server- methods- predicting session token, session sniffing,IP snooping, client side attacks, man-in-the-middle attack,man-in-the-browser attack.

DOS and Buffer over Flow Attack- takes advantage of a program awaiting on user’s input –Stack based and heap based attacks. Heap based- floods memory reserved for a progam execution- buffer over run, memory object or stack. When user inputs data, the stack which empty until then writes a return memory address to the stack putting the user’s input on top of it. When the stack is processed, user data is sent to return address mentio