Description
Cybersecurity encompasses many different concepts, from information security to operational security to the security of computer systems. Cyber security is the practice of protecting computers, servers, mobile devices, electronic systems, networks and data from malicious attacks.
This course introduces the basic concepts and aspects of the discipline of cyber security and presents in detail the current and future perspectives of hackers and the cyber attacks they cause. In addition to these fundamentals, this course also explains more clearly and comprehensively how attackers conduct cyber attacks and build defenses against them through the defense-in-depth approach and the Cyber Kill Chain™ pattern.
Cybersecurity Training is a basic security course, but it still requires participants to have certain knowledge such as TCP/IP, networking, and sufficient Linux knowledge before attending the course.
About Education
Education Objectives:
- Cyberspace phenomenon and cybersecurity evolving from information security
to introduce the discipline, - To reveal the types and basic motives of the counterparty in cyber security – the “hackers” referred to as “hackers”/”hacktivists”,
- Demonstrate the key points of being an effective cybersecurity expert,
- Classify and explain cyber threats/attacks,
- Demonstrate known, current and future threats and attacks,
- One of the most fundamental approaches to cybersecurity
defense” approach and to present cyber attackers and the path they follow in a step-by-step manner through the Cyber Kill Chain™.
Training Content:
- Introduction to Cyber Security
What is a Hacker? Who is it called?
Hacker Types & Concepts
Underground Hacking World
General Penetration Testing Concepts
Penetration Test Types
White-box, Black-box, Gray-box
Penetration Testing Steps and Methodologies
Commercial and Free Software Used in Penetration Testing
What Should a Penetration Test Report Look Like?
- Password/Passphrase Cracking Attacks
Password and Passcode concept
Preparation of Wordlist Suitable for the Institution
Hacking Windows LM/NTLM Passwords
Finding HASH Results from Search Engines
Hacking Linux User Passwords
Password Cracking Using the Cain & Abel Tool
Password Cracking Using John the Ripper Tool
Password Attack on SMB Service
Password Attack on RDP Service
Password Attack on SSH Service
Password Attack against MySQL Service
Password Attack against MSSQL Service
Password Attack on FTP Service
Password Attack on HTTP Service
Password Attack on Telnet Service
- Gathering Information about Target Systems
What is Active / Passive Information Collection?
Information Collection Techniques
Whois, Subdomain Discovery etc.
Shodan Usage
Pipl Usage
Use of Leaked Source
Discovery of Other Sites Hosted on the Server
Using Pastebin
Using Cyberthint
Use of Internet Archive (Archive.org, etc.)
Web Application Firewall (WAF) Detection
Determination of Mail Addresses of the Employees of the Institution
Gathering Information from Underground Hacking Forums
Local IP Block Detection via Mail
Using Nmap
-
- Open, Closed, Filterd, Unfiltered, Open | Filtered, etc. Concepts
- FIN Screening
- TCP Port Scan
- UDP Port Scan
- Version Detection
- OS Detection
- Port Scanning with Fake IP Addresses
- Port Range Determination
- Using Scripts
- Local Network Poisoning Attacks
Interception and Session Intervention in TCP/IP Networks
Various Session Intervention Methods
ARP Spoofing
IP Spoofing
DNS Spoofing
MAC Flooding
Cain & Abel
HTTP Session Interception
- Vulnerability Scanning
Vulnerability Definition and Types
What is Vulnerability Scanning?
Vulnerability Scanning Tools
Network and Web Vulnerability Scanning Tools
Paid Vulnerability Scanning Tools
-
- Netsparker
- Acunetix
- Nexpose
- Nessus
- CoreImpact
- Etc. o Free Vulnerability Scanning Tools
- OpenVas
- Nikto
- Uniscan
- Etc.
Risk Assessment
Validation of Vulnerabilities
CVE, EDB, etc. Explanations & Usage of Abbreviations
- DoS/DDoS Attacks
What is Denial Of Service?
Objectives o DDoS/DoS Attack Types
DNS Amflication, GET/POST Flood, SYN Flood, UDPFlood
DDOS Attacks
DDOS Types and Tools
Ircbot, zombie, BotNet Concepts
- Exploitation Attempts and Processes to Infiltrate Target Systems
What is an Exploit?
Exploit Types
-
- Zeroday Exploits
- Local Exploits
- Remote Exploits
Manual Exploit Usage
What is Metasploit?
- Metasploit Modules
- Web Application Security & Attacks
Web Applications and HTTP
Http Protocol Details
Hacking, Defacement, Rooting, Shell etc.
What Does Web Application/Site Security Depend on?
Information Collection for Hacking in Web Applications
Web Server, Application Version Discovery
Gathering Information from Error Messages
Collecting Information Using Google
Subdirectory and File Discovery
Admin Panel Discovery
XSS, CSRF Vulnerabilities
SQL Injection Vulnerabilities
Google’s Automatic SQLi Vulnerability Search
File Inclusion Vulnerabilities
Shell Types and Purposes of Use
Shell Concept and Usage
PHP, ASP and JSP Shell Types
Commonly Used Shell Software
Web Application Security Test Software
- Auxilary, Encoder, Scanner, Nops, Payload, etc.
What is a Payload?
-
- Payload Types
- Reverse_Shell & Bind_Shell Differences
- Encryption of Payloads
Exploitation Using Metasploit
- Introduction to Malware
Basic concepts
Malware, Virus, Worm, Trojan, Spyware, Ransomware
Creating Different Types of Malware
Shellter, Msfvenom Usage
Creating Malware Suitable for Android Phones
File Merger (Binder)
- Post Exploitation Attacks on Target Systems
Escalation Attacks
Interfering with Another Application
Password Review with Memory Dump
Starting a Remote Desktop Connection
Transition to Target’s Live Session
Trace Cleaning
Traffic Sniffing (Packet Sniffing)
Screenshot Capture
Keylogger Usage
Microphone Recording
File Upload / Download Activities
- Social Engineering Attacks
What is Social Engineering?
How Social Engineering Attacks Are Conducted
Social Engineering Attack Examples
Scenario Building in Social Engineering Attacks
GoPhish Usage
- Local Network Attacks
CAM table attack
CDP Protocol attack
DHCP protocol attack
ARP protocol attack
Spoofing attack
VTP protocol attack
VLAN attack
HSRP attack
SNMP attack
- Wireless Network Attacks
Introduction to Wireless Networks
Definitions
Wireless Network Types
Hazards in Wireless Networks
Fake Access Points and Their Damages
WLAN discovery methods
Exploration Techniques
Hidden SSID Detection
WEP/WPA/WPA2 Attacks
Hazards in Public Wireless Networks
Using Intrusion Detection System in Wireless Networks
Who Should Receive the Training?
- Recognize the discipline of cyber security and comprehend its basic aspects/facts
anyone who wants to, - Introduction to cybersecurity or cybersecurity certification
students or employees who wish to take part in the program, - Individuals or managers working in any technical/administrative field related to Information Security / Cyber Security,
- More in a specific area of information security or cybersecurity
specialists who are already working but feel deficient in general topics and concepts, - Those who want to have knowledge about cyber security,
- Experts/employees who plan a career in penetration testing and want to enter this sector,
- Those who want to have knowledge about information security,
- Those who want to protect themselves from attacks by hackers,
- Those who want to learn the latest hacking methods and software,
- Network administrators and security professionals.
Plan this training institutionally!
This training can be planned in different durations and content specific to your organization. Please contact us for detailed rich content and planning to realize your training objectives.
