Scribd
Upload
15 views8 pages

Ethical Hacking & VAPT Training Syllabus

The document outlines the syllabus for Ethical Hacking and VAPT training at Hacking Trainer Institute, covering topics such as penetration testing, network security, web application security, and mobile application security. It includes practical training on tools and methodologies, as well as an introduction to various security frameworks and best practices. The curriculum is aligned with recognized certifications like CEH, WAHS, and CPENT.

Uploaded by

Rakesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views8 pages

Ethical Hacking & VAPT Training Syllabus

The document outlines the syllabus for Ethical Hacking and VAPT training at Hacking Trainer Institute, covering topics such as penetration testing, network security, web application security, and mobile application security. It includes practical training on tools and methodologies, as well as an introduction to various security frameworks and best practices. The curriculum is aligned with recognized certifications like CEH, WAHS, and CPENT.

Uploaded by

Rakesh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Ethical Hacking & VAPT Training

Syllabus @ HACKING TRAINER INSTITUTE

#1

Introduction to Ethical Hacking

➔ Information Security Overview


➔ Identification, Authentication, and Authorization
➔ CIA Triad
➔ Cyber Kill Chain Methodology
➔ MITRE ATT&CK® Framework
➔ Hacking vs Ethical Hacking
➔ Vulnerability Assessment vs Penetration Testing
➔ Types of Hackers
➔ Hacking Phases
➔ Information Security Threats and Vulnerabilities
➔ Information Security Attacks
➔ Information Security Controls & Compliances

Introduction to Penetration Testing and Methodologies

➔ Penetration Testing Concepts


➔ Penetration Testing Methodology
➔ Guidelines and Recommendations for Penetration Testing

Penetration Testing Scoping and Engagement

➔ Request for Proposal (RFP)


➔ Preparing Response Requirements for Proposal Submission
➔ Setting the Rules of Engagement
➔ Preparing for the Test

Footprinting and Reconnaissance

➔ Footprinting Concepts
➔ Footprinting through Search Engines
➔ Footprinting through Web Services & Social Networking Sites
➔ Open Source Intelligence (OSINT)

Contact @ +91 8686892922 / [email protected] 1


Social Engineering

➔ Social Engineering Concepts & Techniques


➔ Phishing & V(W)ishing
➔ Impersonation
➔ Insider Threats
➔ Email ID Spoofing & Caller ID Spoofing Techniques
➔ Social Engineering Penetration Testing Concepts

Sniffing

➔ Network Sniffing with Wireshark


➔ Man in the middle attack with Ettercap
➔ MAC Spoofing Techniques
➔ DNS Spoofing Techniques

Basics of Computer Networks & Network Security Fundamentals

➔ Goals of Networks
➔ Types of Area Networks - LAN, MAN and WAN
➔ Types of Network Topology
➔ Layers of OSI Model vs TCP/IP Model
➔ TCP vs UDP - Ports & Services
➔ TCP 3-Way Handshake Process
➔ Understanding TCP/IP Model with Wireshark
➔ IPv4 vs IPv6
➔ Network Traffic Monitoring and Analysis

Scanning Networks & Enumeration

➔ Network Scanning Concepts


➔ Scanning Tools - Nmap/Zenmap, netdiscover
➔ Host Discovery
➔ Port and Service Discovery
➔ OS Discovery (Banner Grabbing / OS Fingerprinting)
➔ Scanning Beyond IDS and Firewall
➔ Draw Network Diagrams
➔ Enumeration Concepts
➔ NetBIOS, SNMP, LDAP, NTP, NFS,SMTP and DNS Enumeration ..etc.

Contact @ +91 8686892922 / [email protected] 2


Vulnerability Analysis

➔ Vulnerability Assessment & Management


➔ Vulnerability Assessment Tools & Reporting
➔ Vulnerability Scanning with Tenable Nessus

System Hacking / Exploitation & Post-exploitation

➔ System Hacking Concepts


➔ Gaining Access
➔ Escalating Privileges
➔ Maintaining Access
➔ Clearing Logs
➔ Windows & Unix/Linux Exploitation
➔ Post Exploitation
➔ Tools:- Metasploit Framework (msfconsole & msfvenom), Hydra, John the ripper, Ophcrack,
mimikatz ..etc.
➔ Practice on Virtual Vulnerable Lab Network & Devices
➔ Performing Dictionary based attacks on FTP,SSH,TELNET,MySQL,VNC,MSSQL ..etc.
➔ Android Phone Hacking with Metasploit
➔ Mastering Metasploit Framework

Network Penetration Testing - External & Internal

Network Penetration Testing - Perimeter Devices

IoT and OT Hacking & Security

IoT Penetration Testing

OT/SCADA Penetration Testing

Cloud Computing & Penetration Testing

Cryptography & Data Security

Contact @ +91 8686892922 / [email protected] 3


#2

Web Security: Introduction & Case Studies / Application Security Concepts

➔ Introduction to Web Applications & Web Application Architecture.


➔ HTTP Protocol Basics.
➔ HTTP Methods.
➔ HTTP Attack Vectors.
➔ Case Studies.
➔ Lab Environment Setup
➔ Introduction to Burp Suite Professional and ZAP.
◆ Introduction to Burp Suite Community vs Burp Suite Professional
◆ Burp Proxy
◆ Burp Intruder
◆ Burp Repeater
◆ Burp Sequencer
◆ Burp Scanner
◆ Burp Extensions
◆ Burp User & Project Options
◆ Introduction to ZAP
◆ ZAP Modes – Attack Mode
◆ Vulnerability Scanning & Reporting

OWASP Top 10 2021

➔ What is OWASP
➔ OWASP Top 10
➔ The ‘OWASP Top 10’ for WebAppSec
➔ A1-Broken Access Control
◆ Insecure Direct Object References (IDOR)
◆ Directory Traversal
◆ Local File Inclusion (LFI) / Remote File Inclusion (RFI)
◆ Privilege Escalation
◆ Missing Function Level Access Controls
◆ Cross Site Request Forgery (CSRF)
➔ A2-Cryptographic Failures
◆ A3:2017-Sensitive Data Exposure
➔ A3-Injection
◆ SQL Injection
● Introduction to SQL & SQL Injection
● SQL Injection Techniques
○ Authentication Bypass Techniques
○ In-band SQLi - Union-based SQLi, Error-Based
○ Inferential (Blind) SQLi - Boolean Based, Time Based

Contact @ +91 8686892922 / [email protected] 4


○ Out-of-band SQLi
○ WAF Bypass Techniques
○ SQL Injection Testing with SQLMAP
○ SQLi Labs for Practice
○ Remediation of SQL Injection (Input Validation & Parameterized
Queries)
◆ A07:2017-Cross Site Scripting (XSS)
● Introduction
● Reflected XSS
● Stored/Persistent XSS
● DOM based XSS
● Remediation of XSS
○ Input Validation
○ Output Encoding
◆ OS Command Injection
◆ Code Injection
◆ XML/XPATH Injection
◆ HTML Injection
➔ A4-Insecure Design
◆ Unvalidated Redirects and Forwards
◆ Unrestricted File Upload (Web Shells /RCE)
➔ A5-Security Misconfiguration
◆ A4:2017-XML External Entities (XXE)
◆ Missing Secure HTTP Response Headers
◆ Directory Listing
◆ Error Handling
➔ A6-Vulnerable and Outdated Components
◆ A9:2017-Using Components with Known Vulnerabilities
➔ A7-Identification and Authentication Failures
◆ A2:2017-Broken Authentication
● Testing for Credentials Transported over an Encrypted Channel or Plaintext
● Testing for default / weak credentials
● Testing for Weak lock out mechanism
● Session Management Issues
● Cookies attributes Analysis
● Session Hijacking & Fixation
● Testing for logout functionality
● Testing Session Timeout
● Session ID analysis
➔ A8-Software and Data Integrity Failures
◆ A8:2017-Insecure Deserialization
➔ A9-Security Logging and Monitoring Failures
◆ A10:2017-Insufficient Logging & Monitoring
➔ A10- Server Side Request Forgery (SSRF)
➔ Countermeasures of OWASP Top 10 2021

Contact @ +91 8686892922 / [email protected] 5


Beyond OWASP TOP 10 2021

➔ OWASP TOP 10 2013 vs 2017 vs 2021


➔ Introduction to BUG BOUNTY PROGRAM

Practical Tips for Defending Web Application Attacks

➔ Common Mistakes in Development


➔ Security Best Practices for Web Application Security
➔ Secure SDLC
➔ Threat Modeling
➔ SAST vs DAST
➔ Source Code Review / SAST Tools
➔ DAST Tools

#3

API Security Top 10 2019

➔ Lab Environment Setup - Installation & Integration of Postman & Burp Suite
➔ Introduction to API & API Security
➔ SOAP vs REST
➔ Case Studies
➔ Common API Vulnerabilities
➔ API Assessment Approach
➔ API Security Top 10 2019
◆ A1: Broken Object Level Authorization
◆ A2: Broken User Authentication
◆ A3: Excessive Data Exposure
◆ A4: Lack of Resources & Rate Limiting
◆ A5: Broken Function Level Authorization
◆ A6: Mass Assignment
◆ A7: Security Misconfiguration
◆ A8: Injection
◆ A9: Improper Assets Management
◆ A10: Insufficient Logging & Monitoring

Contact @ +91 8686892922 / [email protected] 6


#4

OWASP Mobile Top 10 2016

➔ Introduction to Mobile Platforms


➔ Hacking Mobile Platforms & Mobile Device Security
➔ Android OS vs iOS Architecture
➔ Case Studies
➔ Common Mobile App Vulnerabilities
➔ Mobile Apps Assessment Approach
➔ Pentesting Process
➔ Mobile Application Penetration Testing Process
➔ Lab Environment Setup - Installation of Tools
➔ Static Analysis vs Dynamic Analysis
➔ OWASP Mobile Top 10 2016
◆ M1: Improper Platform Usage
◆ M2: Insecure Data Storage
◆ M3: Insecure Communication
◆ M4: Insecure Authentication
◆ M5: Insufficient Cryptography
◆ M6: Insecure Authorization
◆ M7: Client Code Quality
◆ M8: Code Tampering
◆ M9: Reverse Engineering
◆ M10: Extraneous Functionality

Android Application Penetration Testing

➔ Basics of Android & Security


➔ Android Architecture & Security
➔ Configure the Virtual Lab and Tools - JADX-GUI, Apktool, Android Studio, Emulator, MobSF &
Burp Suite
➔ Download Apps from App Store for analysis
➔ Configure the Physical Devices
➔ Static Analysis
◆ Reverse Engineering Process
◆ Android Manifest
◆ Activities
◆ Content Providers
◆ Stored Secrets / API Keys
◆ Firebase
◆ Storage Buckets
◆ Automation using MobSF

Contact @ +91 8686892922 / [email protected] 7


➔ Dynamic Analysis
◆ Introduction to SSL Pinning & Bypass Techniques
◆ Configure the Burp Suite Proxy & Traffic Analysis
◆ Introduction to Frida / Objection
◆ Dumping Memory and Sensitive Data
◆ Local Storage at Runtime

Our Course Curriculum covers the core concepts of EC-Council’s Certified Ethical Hacker
(CEHv12), Web Application Hacking & Security (WAHS), Certified Penetration Testing
Professional (CPENT) Certification Courses and additional Application Security Testing
Concepts also.

Contact @ +91 8686892922 / [email protected] 8

You might also like