Menu
Menu
6 Months Job Oriented Cyber Security Training
A full fledged cyber security training covering from basics to the master in web application security & mobile application security (Android & iOS) along with guaranteed internship, interview preparations, CV building and placements.
- 4.80+ Ratings
- English
₹49,999
Course Type
Lectures
Duration
Training Mode
Instructor-Led
225
240HRS
Online/Offline
Course Overview
Are you the one who do not know about Ethical Hacking & Cyber Security but, thinking to begin your career in Ethical Hacking & Cyber Security and want to start from the basics OR You have began with and dreamt of your career in Cyber Security but, stuck somewhere or need a career guidance or a roadmap with a guaranteed job placement then this full-fledged course is for you.
In this course we have covered all the things right from the dawn of Ethical Hacking & Cyber Security which covers all the basics to the dusk of advanced Cyber Security practices. This course has been prepared in a manner which makes yourself comfortable –
- To Basics of Cyber Security (even more than basics)
- To be firm enough with Web Application Security
- To be firm enough with Mobile Application Security
- To the demonstrations for almost all topics
The theoretical and hands-on practical approach under this course, to prepare yourself industry ready to get your first job in the field of Ethical Hacking & Cyber Security, is our vision and mission with this Cyber Security Training.
Our efforts to deliver a realistic scenario-based learning environment with the same approach attackers use to compromise the cyber world, the difference is we will use it for ethical and legitimate purpose, will represent yourself as a Cyber Security Professional in true sense.
Salient Features
- Learn from scratch about cyber security
- You will be acquainted with different Cyber Security domains
- Advanced learning in Web Application Security
- Advanced learning in Mobile Application Security (Android & iOS)
- Guide to Bug Bounty
- Guaranteed Internship
- 100% support in Interview preparations & CV making
- Guaranteed Job Placement
- Dedicated Support Team to get your doubts and queries solved
- eSecurify Community Access to stay updated in Cyber Security
- Appreciated with participation certificate
Exciting Bonus
- Private Bug Bounty Website to maximize your chance of earning your life’s first bounty.
- Bug Bounty Report Templates (present the way how it should be)
Curriculum
PART 1: Certified Cyber Security Professional
- Understanding Cyber Security
- Understanding Ethical Hacking
- Types of Hackers
- Malicious Hacker Strategies Vs. Ethical Hacker Strategies
- Phases of Ethical Hacking
- What is Security Culture?
- How Data Breaches occur?
- Positive Vs. Negative Security Culture
- Security Cultures Framework
- Enterprise-wide Implementation of Security Culture
- What is Network?
- Why do we Network?
- Types of Networks – LAN: Point2Point | Topologies, WLAN, MAN
- Understanding IP Address & Versions of IP Address
- Need of IP Address
- Types of IP Address
- Classes of IP Address
- Category of IP Address
- Binary to Decimal Conversion of IP Address
- Packet & Packet Switching
- OSI Model
- Understanding the Protocols – TCP/IP, UDP | ARP
- Network Address Translation (NAT)
- Domain Name System (DNS)
- Understanding the Ports
- Common Ports
- Routers & Routing
- Proxy
- Virtual Private Network (VPN)
- TOR with Bridges
- WebKit Spoofing
- What is Virtual Machine?
- Download and Configure VMware
- Download and Configure Kali Linux for Vmware
- Download and Configure Metasploitable for Vmware
- Download and configure bWAPP & DVWA in Kali Linux
- Introduction to Linux
- Introduction to Kali Linux
- Kali Linux Tools
- Basic Linux Commands
- Understanding Information Gathering
- What is WHOIS?
- Information Gathering Tools
- Information Gathering Using Shodan Search Engine
- Search Like a Pro Using Google Dorks
- What is Network Footprinting?
- Need of Network Footprinting
- What is Port Scanning?
- Port Scanners
- Understanding TCP Packet Header
- Port Scanning Techniques – TCP/IP Three Way Handshake | TCP Connect/Full Open Scan | TCP Half Open Scan | TCP Stealth Scan Techniques: TCP SYN Scan, FIN Scan, Null Scan or Inverse TCP Scan, XMAS Scan | UDP Scan
- Nmap | Nmap Options
- Understanding Ping Sweep
- Banner Grabbing
- Network Sniffing
- Wireshark Tool & its Uses
- Promiscuous Mode/Monitor Mode
- ARP Poisoning
- DNS Hijacking – Working, Risk & Prevention
- DNS Leak & its Testing
- Tracking with JavaScript
- Malicious JavaScript
- Understanding OSINT & its Framework
- What is Malware?
- Types of Malwares
- Uses of Malware in Real World
- What is Virus?
- Making of Virus
- Debugging a Virus
- Virus Database
- What are Worms?
- Trojan & its Types
- Direct & Indirect Trojan
- Adware | Spyware | Ransomware | Keylogger HW/SW
- System Footprinting
- System Scanning
- System Hacking Using Metasploit
- System Hacking Using Trojan
- Anti-Virus Evasion
- Maintaining Access & Covering Tracks
- Security Measures against System Hacking
- Detection and Removal of Malware from Compromised System
- What is Social Engineering?
- Phishing & its Types
- Vishing
- Safety Awareness against Phishing & Vishing
- Email Security
- Email Tracing
- Email Encryption & its Tools | Encrypted Mailboxes
- Email Spoofing
- Security Configuration against Email Spoofing – SPF Record | DKIM | DMARC
- Introduction to Web Server
- Web Server Vs. Web Application
- Server Scanning
- Unauthorised Access of Server Based on Known Vulnerabilities
- Introduction to Wireless Technologies
- Wireless Encryption & its Types
- MAC Filtering
- Packet Sniffing
- Wi-Fi Hacking – Exploiting Wireless Encryption | Wi-Fi Phishing | Deauth Attack
- Security against Wireless Hacking
- Introduction to Reverse Engineering
- Assembly Language
- Reverse Engineering Tool
- Software Debugging
- What is Keying? | What is Patching?
- Cracking a Software
- Preventive Measures
- Introduction to IoT
- Uses of IoT
- Weak Points in IoT
- OWASP IoT Top 10
- Firmware Analysis
- Hacking of An IoT Device
- Security Measures against IoT Hacking
- Introduction to Cloud Computing
- Uses of Cloud Computing
- Advantages & Disadvantages of Cloud Computing
- AWS – S3 | EC2
- Misconfigurations on Cloud Platforms
- Preventive Measures
- Cyber Forensics
- Log Analysis – System Based | Web Based
- Data Recovery
- Data Recovery Tools
- What is Cryptography?
- Encryption & Decryption | Encoding & Decoding | Differences between them
- Symmetric and Asymmetric Encryption
- Cryptographic Algorithms
- What is Digital Signature?
- Cryptographic Tools
- Introduction to Threat Intelligence
- Purpose and Need of Threat Intelligence
- Threat Intelligence Life Cycle
- Types of Threat Intelligence
- Data, Information, Intelligence
- Transforming Data ⇒ Information ⇒ Intelligence
- Role of SOC Analyst, Intel Analyst & CSIRT
- Implementing Cyber Threat Intelligence
- Tactics, Techniques & Procedures (TTP)
- Threat Intelligence Tools
- Introduction to GRC
- Purpose and Need of GRC
- Environment Without GRC
- Advantages of GRC
- GRC Framework
- GRC Tools
- Introduction to Honeypots
- Types of Honeypots
- What is DoS Attack?
- What is DDoS Attack?
- DoS Vs. DDoS
- DoS/DDoS Attack Tools
- Prevention of DoS/DDoS Attack
- What is Botnet?
- Uses of Botnet
- Prevention of Botnet
PART 2: Certified Web Application Security Professional
- Importance of Web Application Security
- Understanding Industrial Standards
- What is OWASP?
- Introduction to OWASP Top 10 Vulnerabilities
- Introduction to Burp Suite
- What is SQL?
- Basic Queries of SQL
- Authentication Bypass using Basic SQL Injection
- Advanced MySQL Injections
- Advanced MSSQL Injections
- Advanced Oracle Injections
- Database Dumping using Advanced SQL Injection
- Firewall Evasion Techniques for SQL Injection
- Automated Tools
- Practical Demonstration on Real Web Application
- Account Lockout Mechanism
- Enumeration Techniques
- Captcha Bypass
- Session Expiration
- Logout Management
- Concurrent Misconfigured Sessions
- Practical Demonstration eSecurify Buggy Web Applications
- Introduction to Cross Site Scripting
- Types of Cross Site Scripting
- Non-Persistent XSS
- Persistent XSS
- DOM Based XSS
- Exploiting XSS to steal session cookies, csrf tokens, etc.
- Preventing XSS
- Introduction to CSP
- Practical Demonstration on Real Web Application
- Introduction to IDOR Vulnerability
- Finding out IDOR
- Exploiting IDOR
- Preventing IDOR
- Practical Demonstration on Real Web Application
- Arbitrary File Upload
- Introduction to CORS
- Exploiting CORS
- Introduction to SOP
- SOP Bypass
- Introduction to HSTS
- Exploiting HSTS
- MITM Attack using Wireshark
- Directory Listing
- Practical Demonstration on Real Web Application
- Full Path Disclosure
- Cross Domain Referrer Leakage
- Robots.txt Disclosure
- Practical Demonstration on Real Web Application
- Introduction to Missing Functional Level Access Control
- OTP Bypassing Techniques
- Privilege Escalation
- Practical Demonstration on Real Web Application
- Introduction to Cross Site Request Forgery
- Finding CSRF
- Exploiting CSRF
- Preventing CSRF
- Practical Demonstration on Real Web Application
- Introduction to 3rd Party Components
- Finding 3rd Party Components
- Exploiting 3rd Party Components
- Preventing Using Components with Known Vulnerabilities
- Practical Demonstration on Real Web Application
- What are Redirects & Forwards
- Finding Redirects & Forwards
- Exploiting Redirects & Forwards
- Preventing Unvalidated Redirects & Forwards
- Practical Demonstration on Real Web Application
- Server-Side JavaScript Injection
- Server-Side Template Injection
- Server-Side Request Forgery
- Cross Site Port Attack
- XML External Entities (XXE) Attacks
- Subdomain Takeover
- Local File Inclusion
- Host Header Attack
- Homograph Attack
- Race Condition Issue
- What are Responsible Disclosure Programs?
- What are Bug Bounty Programs?
- Bug Bounty Platforms
- How to Report a Bug to Company?
- How to earn money (bounty) by reporting a legitimate bug?
- Websites
- Facebook Groups
- LinkedIn Groups
- Twitter Profiles
PART 3: Certified Mobile Application Security Professional
- Overview on Mobile Device
- Risks Associated with the Data Stored on Mobile Device
- Introduction to OWASP Mobile Top 10 Project
- OWASP Mobile Top 10 2014
- OWASP Mobile Top 10 2016
- OWASP Mobile Top 10 2014 Vs. 2016
- Understanding Android Architecture
- Android Security Model
- Application Isolation
- Secure Interprocess Communication (IPC)
- Application Lifecycle
- APK Generation
- What is inside an APK?
- Components of APK
- Android Permission Model
- Application Signing
- Application Verification
- Application Sandbox
- Application Permissions
- UI Input
- Network
- IPC
- Internal Storage | External Storage
- Structure of AndroidManifest.xml file
- Understanding AndroidManifest.xml file
- Identifying Security Issues
- Static & Dynamic Analysis of Security Issues
- List of Tools to be installed
- Brief understanding of tools
- Android Pentesting Distros
- Alternative & Easy Way to setup the lab quickly without any Distros
- Reverse Engineering
- Analyzing Permissions through AndroidManifest.xml
- Insecure Hardcoding – API Keys Leakage
- Insecure Hardcoding – Authentication Token
- Insecure Hardcoding – Internal IP Disclosure
- Insecure Hardcoding – Embedded Third-Party Secrets
- Insecure Hardcoding – Sensitive Information Disclosure
- Clear text data in Logs
- Risky Java APIs
- Weak Hashing Algorithm
- Predictable Random Number Generator
- Weak Encryption Implementation
- Weak Initialization Vector
- Weak Encoding Usage of banned API functions
- Cleartext SQLite database
- Temp File Creation
- Android Pasteboard vulnerability
- Android keyboard cache issues
- Android Backup Vulnerability
- Insecure SD Card storage
- Developer Backdoor
- Insecure HTTP Connection
- Setting up Burp Suite
- Untrusted CA Acceptance
- Certificate Pinning
- SQL Injection
- Local File Inclusion
- Cross Site Scripting
- HTML Injection
- Application-Level Denial of Service (DoS) Attack
- Session Misconfigurations
- Weak Authorization Mechanism
- Intent Sniffing and Injection
- Flawed Broadcast Receiver
- Exploiting Debuggable Apps
- Introduction to Frida – A Dynamic Instrumentation Toolkit
- Setting up Frida Server
- Setting up Frida CLI
- Root Detection Bypass
- Certificate Pinning Bypass
- Playing with Frida Scripts
- Runtime Mobile Security
- Automating Frida
- Secure Code Review
- Automated Static, Dynamic & Runtime Analysis
- iOS Security Mechanisms & Security Architecture
- Secure Boot Chain
- Model View Controller (MVC) And Event Driven Architecture
- ARM Processor
- Application Isolation
- Data Encryption & Network Security
- iOS Security Model
- iOS File System isolation
- Application Sandbox
- iOS Device Architecture
- Analysing Application Permissions
- iOS App Development Background Concepts
- Simulator Vs. Emulator
- XCode Methodologies
- iOS Simulators
- Jailbreaking Essentials
- Jailbroken Device Lab Setup
- Exploring Custom App Stores
- iOS Pentesting Tools Setup
- Static Code Analysis of an iOS application
- Need for Static Analysis Sources for Static Analysis
- IPA File Package Container
- IPA File Initialise on Device IPA Manual File Installation
- Code Resources
- Tampering with IPA Content
- Investigating View Controllers
- Investigating Info.plist file
- Listing all CFUR Types on a Device Investigating Binaries
- Understating of iOS Binary Application Structure Encryption
- Decrypting Applications Binaries
- Investigating Binary Content of App
- Scanning iOS applications
- Burp Suite Essentials
- Certificate Pinning
- Runtime Analysis with Cycript
- Working with Cycript + Class-dump-Z
- Snoop-it & Keychain Dumper
- Working Frida and Objection for Dynamic Analysis
- Local Data Storage Issues
- Insecure Cryptography Attacks
- Attacking URL Schemes
- Client -Server API and Web attacks
- Privilege Escalation Methodologies
- Basics of Machine Level Analysis
- Sensitive Files Issues at Memory Level
- Runtime Analysis & Manipulation with GDB, IDA, Hooper
- Audit iOS applications
- iOS Secure Development Best Practices
- Course Complication Certificate
Prerequisites
- Keen interest in learning Cyber Security
- Basic Understanding of Computer Operations and Internet
- PC/Laptop to practice