Introduction to Ethical Hacking
• The main objective of this course is to provide the foundations of network security standards applications, and present some of the attacks and defense solutions.
• The goal is to expose students to the knowledge and capabilities to start applying security best practices and supporting network security using various tools.
• The topics will cover the protocols for cybersecurity, ethical hacking, ethics, security fundamentals, scanning networks, system hacking, attacks, and defense.
• Introducing the foundations of network security standards, and their applications.
• Understanding scanning networks, and system hacking.
• Gaining knowledge on applying security best practices and supporting network security using various tools.
• Identifying the increasing threat of exploiting an existing bug or vulnerability in Ethical Hacking with some basic hands-on experience.
• Understanding the difference between Ethical Hacking and illegal Hacking in terms of breaching a security system and detecting potential security threats.
• There will be 2 quizzes
• The first one (40 points)
• The second one (60 points)
Review networking topics,TCP/IP, Protocols, and system modeling.
Review of security fundamentals
Definition of Ethical and Unethical Computer Hacking.
Identify the groups and the classes of different hackers.
Importance of ethical hacking and its stages such as Reconnaissance and Footprinting, Scanning and Enumeration, Gaining Access, Maintaining Access, and Covering Tracks.
• Examine information available to an ethical hacker and its targets.
• Learning the locations to acquire information about your target.
• Learning about Domain Name System (DNS) and ways to gather information from the DNS servers.
• Performing a port scan on the target system after doing the reconnaissance and gathering information.
• Learning about vulnerability scanners and their processes.
• Learning about SMB, SNMP, and MIB protocols.
• Learning about hacking a target system using a list of vulnerabilities, looking for exploits, and penetration testing.
• Learning about different methods of gaining access and post-exploitation activities to the target machine.
• Examine the different types of malware.
• Learning about how malware spreads and infects the target machine.
• Learning about analyzing malware dynamically or statically as well as antimalware.
• Examine network packet sniffing.
• Learning different software for capturing packets using Ethereal and Wireshark.
• Learning about different attacks for web applications.
• Different types of defensive strategies.
• Types of Denial of Service (DoS) attacks.
Password-based authentication.
Examining Password security risks and policies.
Unix-type Passwords and their maintenance.
1. Executing a TCP/IP model using Network Simulator 3
• The goal of this lab is to introduce the use of NS3 and implement an existing protocol such asTCP/IP.
2. Setting Up a Kali Linux Sandbox | AllVirtual Machines
• The goal of this lab is to provide the necessary steps to setup a Kali Linux, Windows XP, and Metasploitable 2 machines to use for the upcoming labs.
3. Open-Source Intelligence (OSINT) | Reconnaissance
• The objective of this lab is to expose the students to various ways of collecting data that is publicly available using Google Dorking and Email Harvester.
• WHOIS, HOST, NSLOOKUP, and DIG.
• The objective of this lab is to determine which systems are accessible and the services/ports that are accessible with an active connection to target hosts.
• Host Discovery, Nmap, Enumerate SMB Protocol, Nbtscan, and Snmpwalk.
• The purpose of this lab is to identify known vulnerabilities and associated Metasploit exploits and payloads to compromise the target system.
• Metasploit, msfconsole, Exploits, Networking & Metasploit Core commands.
• The goal of this lab is to learn how to use the Metasploit framework and build your own malware and see how many anti-virus programs will detect it as malware.
• Reverse_tcp, Msfvenom,Trojanize file, and VirusTotal.
4. Scanning Networks | Enumeration
5. System Hacking
6. Malware
• The purpose of this lab is to capture data transmitted over a network (wired or wireless) looking for a protocol and HTTP traffic.
• Wireshark,Testfire.net, Ettercap, and Driftnet.
• The goal of this lab is to conduct a web vulnerability assessment and conduct simple scans.
• Zap scanner, simple scan, and Metasploitable 2.
• The objective of this lab is to learn how to use John the Ripper to crack passwords.
• Hash Crack, Rainbow tables, Salt tables, and John the Ripper.
