Pakistan Computer Emergency Response Team

The Security Standard


HOME | ABOUT US | SERVICES | ADVISORIES | RESOURCES | DEFACEMENT ARCHIVE | MEMBERS AREA | TRAINING | CONTACT US

Copyright | Disclaimer

 

 

 


 

PAKCERT ADVANCED NETWORK SECURITY/ETHICAL HACKING COURSE

  • FREE 1 month membership to the premium PakCERT Security Archive!
  • Gain practical experience under the expert guidance of CISSP and CPTS certified PakCERT instructor
  • State-of-the-art class environment with Windows and UNIX operating systems

Course Fee:
5 students maximum in every class. Guaranteed!
Mensans can apply for special Mensa Member Discount


Starting Date

23rd February, 2007

Timing

6:00pm - 9:00pm (Friday and Saturday)

Last Date for Registration

20th February, 2007

Interested candidates are advised to visit our office at their earliest to avoid any inconvenience

What Will You Learn?
  • Sophisticated, stealthy techniques used by professional hackers to gain access to systems in a purpose-built lab environment
  • How to circumvent traditional security mechanisms
  • How hackers can accurately collect and assimilate information about an organization's infrastructure whilst avoiding detection
  • How end-users thwart security restrictions imposed upon them
  • How hackers conceal their tracks and the route through which access to a target may be maintained
  • Limitations of firewalls and the tools used to bypass them
  • How hackers evade Intrusion Detection Systems (IDS)

Benefits

  • Gain practical experience under the expert guidance of CISSP certified PakCERT instructor
  • Learn about the hacker mindset and become familiar with the tools used to attack systems
  • Develop your skills in a state-of-the-art class environment with Windows and UNIX operating systems and associated server software
  • Receive a hacking tools resource pack CDROM with all the tools and exploits discussed in the course
  • FREE! 1 month membership to the premium PakCERT Security Archive

Who Teaches the Class?

Security Assessment and Penetration Testing Expert, Qazi Ahmed (MBA-MIS, CISSP, CPTS, COBIT, ITIL, AMBCI) is the pioneer of Security Assessment and Penetration Testing services in Pakistan. He has performed several penetration tests, forensic analysis and incident response procedures for many national and multi-national companies. He is currently a member of Network Security Taskforce working under the Technology Resource Mobilization Unit of Ministry of IT&T, Government of Pakistan. He has conducted several workshops for high profile companies and is a regular speaker at many IT events and conferences like E-Merge, IT Expo, ProCOM, ITCN Asia ProQuest and also served as a coordinator and Judge at the ITCN Asia ProQuest Hacking Competition. Qazi Ahmed is routinely called to comment and discuss on IT security events and has been featured on several TV channels like GEO, ARY Digital, Indus News, PTV and newspapers, magazines and newsletters like Spider, @internet, YAHOO!, CISCO, Newsbytes, Wall Street Journal, India Times, Hindustan Times etc. Qazi Ahmed is also credited for finding the most severe security vulnerability ever discovered in Microsoft .NET Passport services affecting millions of people worldwide. Qazi Ahmed also enjoys the membership of renowned worldwide High IQ society, Mensa.


Who Should Take This Course?

Those responsible for the security of IT systems including (but not limited to):

    • System Administrators
    • Network Administrators
    • Penetration Testers
    • Information Security Professionals
    • Law Enforcement Officials
    • Computer Auditors
    • IT Security Officers

Our information security training sessions have been attended by professionals from organizations such as:

  • Ministry of Defence
  • Pakistan Atomic Energy Commission
  • Ernst & Young
  • Juma Al Majid Group (UAE)
  • Unilever
  • Habibsons Bank (UK)
  • Allied Bank Limited
  • Qasim International Container Terminal
  • Agha Khan University
  • Dubai Islamic Bank
  • Qatar Airways
  • Central College London (UK)
  • Union Bank
  • Alliance Frances
  • Central Depository Company
  • Karachi Electricity Supply Corporation
  • Getz Pharma
  • Xpert2go Inc. (USA)
  • Compunet Online (ISP)
  • Lucky Textile Mills
  • Nadra
  • Agha Khan Education Service
  • Hamdard University Network
  • Habib Bank AG Zurich
  • Nakshbandi Industries
  • Sidat Hyder Morshed Associates

COURSE TOPICS

INTRODUCTION

  • Basic Definitions
  • Hacker Hats
  • Security Myths and Mysteries
  • Security Comparison between Microsoft Windows and Linux Variants
  • The Hacking Process
  • Types of Attacks
  • Types of Password Attacks
  • Buffer Overflows
  • Penetration Testing (Ethical Hacking)
  • Electronic Transaction Ordinance and proposed Electronic Crimes act 2003 of Pakistan
  • Hacker Hall of Fame
  • Answers to All Those Frequently Asked Questions (FAQs)

UNDSTANDING NETWORKS AND TCP/IP

  • Basic Networking and TCP/IP in a Nutshell
  • Components of the TCP/IP Protocol Suite
  • Understanding the ISO/OSI Network Model
  • The Protocol Stack
  • Understanding the Data Flow between the Layers
  • Exploring TCP/IP Implementation of the ISO/OSI Model
  • Understanding the Physical Layer
  • Understanding the Data-link Layer
  • Understanding the Network Layer
  • Understanding Encapsulation
  • Understanding the Transport Layer
  • Understanding the Application Layer
  • Understanding the Transport Control Protocol (TCP)
  • Ensuring Reliability
  • Understanding a Simple ACK Handshake
  • Understanding a Sliding Window
  • Defining a TCP Message
  • Establishing a TCP Connection
  • Understanding the Initial Sequence Number
  • Acknowledging Data Transmissions
  • Officially Establishing a Connection
  • Understanding Sequencing Numbers
  • Using Full-Duplex Services
  • Closing a TCP Connection
  • Understanding the TCP Header
  • Source and Destination Port
  • Sequence Number
  • Acknowledgement Number
  • Header Length
  • Flags
  • Window Size
  • TCP Checksum
  • Urgent Pointer
  • Options
  • Moving from Concept to Design
  • Understanding Network Topologies
  • The Star Topology
  • The Ring Topology
  • The Bus Topology
  • Understanding Bus Arbitration
  • Understanding Token Passing

FOOTPRINTING

  • Network Surveying
  • Whois Lookups
  • APNIC, ARIN, RIPE Lookups
  • DNS Interrogation
  • Zone Transfers
  • Gathering Information from Websites, Mailing Lists, Job Postings, Newspapers and Television

SCANNING

  • Scan Types
  • Ping Sweeps
  • Port Scanning
  • NMAP Scan Types
  • Banner Grabbing
  • Operating System Identification
  • War Dialing
  • War Driving

ENUMERATION

  • Windows NetBIOS Null Sessions
  • NetBIOS Enumeration
  • Enumeration Using SNMP
  • Registry Enumeration
  • Enumerating Users and Groups
  • Banner Grabbing
  • DNS Zone Transfers
  • UNIX RPC Enumeration

NETWORK HACKING

  • Introduction to Spoofing
  • Sending Spoofed Packets
  • Sniffing
  • Denial of Service (DoS) Using ARP
  • Changing Your MAC Address
  • Hacking a Manageable Switch to Sniff LAN Traffic

WINDOWS 95/98 HACKING

  • Abusing Terminal Access
  • Cracking .PWL Password Files
  • Advance Instant Windows9x Share Password Cracking

WINDOWS NT/2000/XP/2003 HACKING

  • Introduction to Windows NT
  • Important DOS Commands
  • Exploiting NetBIOS
  • Enumeration
  • net.exe
  • Windows NT Resource Kit (NTRK)
  • netcat
  • Cracking the SAM File
  • Dumping Password Hashes
  • Cracking Password Hashes
  • Dumping Local Security Authority (LSA) Secrets
  • Privilege Escalation Attacks
  • Retrieving Password Hashes Remotely
  • NetBIOS Password Cracking
  • Abusing the Windows 2000 Authentication Mechanism
  • Abusing SNMP
  • Gaining full access remotely (Remote Exploits)
  • Remote Denial of Service (DoS)

VIRUS, WORMS AND TROJANS

  • Virus Writing
  • Worm Construction Kits
  • Trojan Construction Kits
  • Making Virus, Worms and Trojans Undetected from Anti-Virus and Anti-Trojan Softwares
  • Famous Virus, Worms and Trojans

CRYPTOGRAPHY

  • Understanding Cryptography Concepts
  • History
  • Encryption Key Types
  • Learning about Standard Cryptographic Algorithms
  • Understanding Symmetric Algorithms
  • DES
  • AES (Rijndael)
  • IDEA
  • Understanding Asymmetric Algorithms
  • Diffie-Hellman
  • RSA

FIREWALLS, IDS AND HONEYPOTS

  • Introduction to Firewalls
  • Why Firewalls?
  • Issues and Problems with Firewalls
  • Firewall Components
  • Service Access Policy
  • Firewall Design Policy
  • Packet Filtering
  • Which Protocols to Filter?
  • Problems with Packet Filtering Firewalls
  • Application Gateways
  • Circuit-level Gateways
  • Bypassing Firewalls and Access Control Lists (ACLs)
  • Intrusion Detection Systems (IDS)
  • Overview
  • Types of Intrusion Detection
  • Host-based IDS
  • Network-based IDS
  • IDS Techniques
  • Anomaly Detection
  • Misuse Detection or Signature Detection
  • Target Monitoring
  • Stealth Probes
  • IDS evasion
  • Honeypot
  • Uncensored Logs of Pakistani hackers caught in honeypot

LINUX HACKING

  • Introduction to Linux
  • Important Linux Commands
  • Installing Programs on Linux
  • Compiling Exploits
  • Linux Scanners
  • Cracking Linux Password File
  • Major Linux Vulnerabilities
  • Privilege Escalation
  • Rooting a Linux System Remotely

BACKDOORS AND ROOTKITS

  • Abusing Windows Registry Keys
  • Backdooring the Linux Kernel
  • Windows NT/2000/XP/2003 Rootkits

CISCO HACKING

  • Decrypting Router Passwords
  • Cracking Router Passwords Remotely
  • Cracking Router Passwords Hash Locally
  • Remotely Upload/Download Router Configuration without any Password
  • Remotely Reset Router Access and Enable Password
  • Cracking Router SNMP Community Strings
  • Managing a Router Remotely using SNMP
  • Cracking PIX Password Hashes

DENIAL OF SERVICE (DoS) ATTACKS

  • Motivation of DoS Attackers
  • Types of DoS Attacks
  • Bandwidth Consumption
  • Resource Starvation
  • Programming Flaws
  • Routing & DNS Attacks
  • Generic DoS Attacks
  • Sites Under Attack
  • Unix & Windows NT DoS
  • Distributed Denial of Service Attacks
  • Distributed Reflective Denial of Service Attacks

SQL HACKING

  • SQL Password Cracking
  • Getting Full Access using SQL Vulnerabilities
  • Introduction to SQL Injection
  • Using SQL Injection to Access Restricted Web Areas

SOCIAL ENGINEERING

  • Overview of Social Engineering
  • The Biggest Social Engineer of the Computer Underground
  • Common Types of Social Engineering
  • Exploiting the Human Weaknesses
  • The Importance of Employee Education

WEB SERVER HACKING

  • Web Server Enumeration
  • Web Vulnerability Scanners
  • Site Duplication
  • Web Based Password Cracking
  • Microsoft IIS Vulnerabilities
  • Executing Commands Using IIS Vulnerabilities
  • Getting Full Access using IIS Vulnerabilities
  • Hacking Apache Web Server

WIRELESS HACKING

  • 802.11x protocols
  • Wardriving
  • 802.11x Detection without a Computer
  • Hidden SSID Discovery
  • Sniffing on Wireless Networks
  • WEP Keys Cracking
  • Spoofing Wireless LAN MAC Address


All rights reserved. Copyright© PakCERT 2000-2017