Troika Cyber Security Analyst 1 Troika Systems

Size: px

Start display at page:

Download "Troika Cyber Security Analyst 1 Troika Systems"

Russell Ryan
5 years ago
Views:

1 Trika Cyber Security Anal yst 1

2 Intrductin Cyber breaches are increasing wrld ver and india t is ne f the majr targets f cyber attacks, as per reprt by PWC Cybersecurity breaches incidents spurt 117% in India. Organizatins in INDIA are lking twards innvative security slutins t mitigate new range f attacks. Security prfessinals with Vulnerabilityy assessment, penetratin testing and malware analysis skills can be 1st line f defence t rganizatins layered security architecture. This curse is designed fr students wh are new cyber security dmain with mre emphasis n hand s n lab (80% lab and 20% thery). TCSA has been designed by industry skilled prfessinals and cvers cmprehensive attack vectrs, with Trika ilab s prfessinals s can master their learning by expliting varius vulnerabilities and analysing attack behaviur Wh shuld attend: Infrmatin security staff, Netwrk security administratrs, System admins and thers requiring in depth understanding f cyber security Prerequisites: General knwledge f cmputer and perating system fundamentals is required. Sme expsure t sftware develpment t and experience in assembly and C prgramming languages is recmmended. Take away: After cmpletin f this curse students will attain understanding f varius attack vectrs and hands-n learning f vulnerabilities explitatin Understanding f cyber security and why its imprtant in tday s wrld varius attack vectrs & attack life-cycle essentials Infrmatinn gathering - Scanning the netwrk Explring KALI Linux and prgramming Active recnnaissance Passive recnnaissance Understanding and explringmetasplit framewrk Type f shell s Reversee TCP shell Bind TCP shell 2 Attacking yur first machine Pst explitatin using meterpreter. shell cde and crafting yur shell cde Buffer verflws Assembly language basics

3 Understanding varius registers OWASP & Web applicatin security Understanding OPWASP tp vulnerabilities Brwser explitatin Lcal & remte file inclusinn SQL injectin & XSS attacks mbile hacking & smartphne pentest framewrk Tracing malware in yur lab envirnment Static analysis Dynamic analysis Curse cntent Mdule 0 Intrductin t Ethical Hacking Cyber security verview Tp infrmatin security attack vectrs Understanding threat vectrs Operating systems attacks Applicatin riented attacks Netwrk level threats Attack lifecycle and phases f attacks Attackers mtives Essential terminlgies Mdule 1 Intrductin t Kali Linux 3 Setup virtual envirnment fr Kali Linux and target virtual machines Linux cmmand line Directry structure File permissinss User privileges Prcess and services Install new packages n Kali Linux Managing packages

4 Netcat - The Swiss Army Knife f TCP/IP Cnnectins Mdule 2 Prgrammingg refresher bash scripting & Pythn A sample bash script Adding functinality with if statement Bash script with fr statement Writing and cmpiling the prgram Streamlining the resultss Mdule 3 Befre the snap: Scanning the netwrk Infrmatinn gathering Identifying the Target Passive Recnnaissance Open surce intelligence gathering Netcraft Whis Lkups DNS Recnnaissance Malteg Harvester Prt scanning Manual prt scanning Prt scan with NMAP Identifying the Target Active Recnnaissancee Finding vulnerabilities with Nessus and Nmap Nmap NSE scripts fr advance scanningg Web applicatin scanning Mdule 4 Explitatin using Metasplit -1 4 Understanding Metasplit framewrk Essential Metasplit terminlgy Explit, paylad, shell cde Mdule, listener, handler Understanding Metasplit interface and utilitiess MSFcnsle, MSFcli, Armitage MSFpaylad, Nasm shell

5 Expliting yur first machine with Metasplit Types f shell Bind shell, reverse shell Understanding meterpreter framewrk pst explitatin Basic meterpreter cmmands Capturing keystrkes Dumping username and passwrd Privilege escalatin using meterpreter Tken impersnatin Aviding detectin creating standalne binaries with MSFpaylad Evading antivirus detectin Encding with MSFpaylad Multi-encding Understanding packers Mdule 5 Explitatin using Metasplit -22 Explitatin using client side attacks Hw brwser based attacks wrks Lking at NOP s File frmat explits Understating Metasplit auxiliary mdules Anatmy f an auxiliary mdule Creating Standalne Paylads with Msfvenm Chsing a Paylad Using the Multi/ /Handler Mdule Creating yur wn explits Art f fuzzing Remte cde executin Mdule 6 passwrd attacks 5 Passwrd management Online passwrd attacks Wrdlists Guessing Usernames and Passwrds with Hydra Offline Passwrd Attacks

6 Recvering Passwrd Hashes frm a Windws SAM File Dumping Passwrd Hashes with Physical Access LM vs. NTLM Hashing Algrithms Jhn the Ripper Cracking Linux Passwrds Rainbw Tables Online Passwrd-Cracking Services Dumping Plaintext Passwrds frm Memry with Windws Credential Editr Mdule7 OWASP & Web applicatin security 6 Understanding OWASP tp 10 vulnerabilities Understating brwser explitatin framewrk SQL injectin Testing fr SQL Injectin Vulnerabilities Expliting SQL Injectin Vulnerabilities Using SQLMap Lcal File Inclusin Remte File Inclusin Cmmand Executin Crss-Site Scripting Checking fr a Reflected XSS Vulnerability Leveraging XSS with the Brwser Explitatin Framewrk Crss-Site Request Frgery Web Applicatin Scanning with w3af Plicy based frwarding, Static and dynamic ruting prtcls Web attack tls Using Burp Prxy OWASP ZAP SET passwrd harvesting Fimap Attacking sessin management Clickjacking Web sessin tls Firefx plugins: ckie injectr, ckie manager, etc.

7 Ckie cadger Mdule 8 Scial engineering The Scial-Engineer Tlkit Spear-Phishing Attacks Chsing a Paylad Setting Optins Naming Yur File, Single r Mass Creating the Template, Setting the Target Setting Up a Listener Multiprnged attacks Mdule 9 Buffer verflw Understanding memry Thery buffer verflw attacks Understanding vulnerable prgram Causing a crash Running GDB Crashing prgram in GDB Cntrlling EIP Hijacking executin Searching knwn vulnerability in any knwn applicatin Causing a crash Lcating EIP Hijacking executin Getting a shell Mdule 10 Mbile hacking 7 Using smartphne pentest framewrk Understanding mbile attack vectrs Text messages Near Field Cmmunicatin QR Cdes

8 The Smartphne Pentest Framewrk Setting Up SPF Andrid Emulatrs Attaching a Mbile Mdem Remte Attacks Default iphne SSH Lgin Client-Side Attacks Client-Side Shelll USSD Remte Cntrl Malicius Apps Creating Malicius SPF Agents Mbile Pst Explitatin Infrmatin Gathering Remte Cntrl Pivting Thrugh Mbile Devices Privilege Escalatin Mdule 11 Malware analysis -1 What Is Malware Analysis? Hw t create a safe malware analysis envirnment The malware analysis and reprting prcess Malware Analysis Techniques Basic static analysis techniques Antivirus Scanning: A Useful First Step Hashing: A Fingerprint fr Malware Finding Strings Packed and Obfuscated Malware Packing Files Detecting Packers with PEiD Prtable Executable File Frmat 8 Static, Runtime, and Dynamic Linkingg Explring Dynamically Linked Functins with Dependency Walker Imprted Functins Exprted Functins

9 Static Analysis in Practice PtentialKeylgger.exe: An Unpacked Executable PackedPrgram.exe: A Dead Endd The PE File Headers and Sectins Examining PE Files with PEview Viewing the Resurce Sectin with Resurcee Hacker Malware analysis in virtual machine Creating yur malware analysis machine Simulating malware in virtual envirnment Mdule 12 Malware analysis-2 Basic dynamic analysis techniques Using a Malware Sandbx Running Malware Mnitring with Prcess Mnitr The Prcmn Display Filtering in Prcmn Viewing Prcesses with Prcess Explrer Using Dependency Walker Analyzing Malicius Dcuments 9 Cmparing Registry Snapshts with Regsht Faking a Netwrk Using ApateDNS Mnitring with Netcat Packet Sniffing with Wireshark Using INetSim Basic Dynamic Tls in Practice Malware behavir Backdrs Reverse Shell, RAT s Btnets Privilege Escalatin

10 Stay Ahead f the curve 10

threats. & kali linux security Exposure to other Packet filter firewall o o o o o Stateful Inspection next generation Stateful and

threats. & kali linux security Exposure to other Packet filter firewall o o o o o Stateful Inspection next generation Stateful and Trika Firewall Maestr 1 Trika Systems Intrductin Firewall is essential design element fr enterprise and datacenter security requirements. Organizatins are using firewall and ther security technlgies t