Module 11: Session Hijacking

Understand the various session hijacking techniques used to discover network-level session management, authentication, authorization, and cryptographic weaknesses and associated countermeasures.

Hands-On Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

• Perform session hijacking using various tools
• Detect session hijacking

Key topics covered:

• Session Hijacking
• Types of Session Hijacking
• Spoofing
• Application-Level Session Hijacking
• Man-in-the-Browser Attack
• Client-side Attacks
• Session Replay Attacks
• Session Fixation Attack
• CRIME Attack
• Network Level Session Hijacking
• TCP/IP Hijacking
• Session Hijacking Tools
• Session Hijacking Detection Methods
• Session Hijacking Prevention Tools

Module 12: Evading IDS, Firewalls, and Honeypots

Get introduced to firewall, intrusion detection system, and honeypot evasion techniques; the tools used to audit a network perimeter for weaknesses; and countermeasures.

Hands-On Lab Exercises:

Over 7 hands-on exercises with real-life simulated targets to build skills on how to:

• Bypass Windows Firewall
• Bypass firewall rules using tunneling
• Bypass antivirus

Module 13: Hacking Web Servers

Learn about web server attacks, including a comprehensive attack methodology used to audit vulnerabilities in web server infrastructures and countermeasures.

Hands-On Lab Exercises:

Over 8 hands-on exercises with real-life simulated targets to build skills on how to:

• Perform web server reconnaissance using various tools
• Enumerate web server information
• Crack FTP credentials using a dictionary attack

Key topics covered:

• Web Server Operations
• Web Server Attacks
• DNS Server Hijacking
• Website Defacement
• Web Cache Poisoning Attack
• Web Server Attack Methodology
• Web Server Attack Tools
• Web Server Security Tools
• Patch Management
• Patch Management Tools

Module 14: Hacking Web Applications

Learn about web application attacks, including a comprehensive web application hacking methodology used to audit vulnerabilities in web applications and countermeasures.

Hands-On Lab Exercises:

Over 15 hands-on exercises with real-life simulated targets to build skills on how to:

• Perform web application reconnaissance using various tools
• Perform web spidering
• Perform web application vulnerability scanning
• Perform a brute-force attack
• Perform Cross-Site Request Forgery (CSRF) Attack
• Identify XSS vulnerabilities in web applications
• Detect web application vulnerabilities using various web application security tools

Key topics covered:

• Web Application Architecture
• Web Application Threats
• OWASP Top 10 Application Security Risks – 2021
• Web Application Hacking Methodology
• Web API
• Webhooks and Web Shell
• Web API Hacking Methodology
• Web Application Security

Module 15: SQL Injections

Learn about SQL injection attack techniques, injection detection tools, and countermeasures to detect and defend against SQL injection attempts.

Hands-On Lab Exercises:

Over 4 hands-on exercises with real-life simulated targets to build skills on how to:

• Perform an SQL injection attack to extract database information
• Detect SQL injection vulnerabilities using various SQL injection detection tools

Key topics covered:

• SQL Injection
• Types of SQL injection
• Blind SQL Injection
• SQL Injection Methodology
• SQL Injection Tools
• Signature Evasion Techniques
• SQL Injection Detection Tools

Module 16: Hacking Wireless Networks

Learn about wireless encryption, wireless hacking methodologies and tools, and Wi-Fi security tools

Hands-On Lab Exercises:

Over 3 hands-on exercises with real-life simulated targets to build skills on how to:

• Foot Print a wireless network
• Perform wireless traffic analysis
• Crack WEP, WPA, and WPA2 networks
• Create a rogue access point to capture data packets

Key topics covered:

• Wireless Terminology
• Wireless Networks
• Wireless Encryption
• Wireless Threats
• Wireless Hacking Methodology
• Wi-Fi Encryption Cracking
• WEP/WPA/WPA2 Cracking Tools
• Bluetooth Hacking
• Bluetooth Threats
• Wi-Fi Security Auditing Tools
• Bluetooth Security Tools

Module 17: Hacking Mobile Platforms

Learn about mobile platform attack vectors, Android vulnerability exploits, and mobile security guidelines and tools.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

• Hack an Android device by creating binary payloads
• Exploit the Android platform through ADB
• Hack an Android device by creating APK file
• Secure Android devices using various Android security tools

Key topics covered:

• Mobile Platform Attack Vectors
• OWASP Top 10 Mobile Risks
• App Sandboxing
• SMS Phishing Attack (SMiShing)
• Android Rooting
• Hacking Android Devices
• Android Security Tools
• Jailbreaking iOS
• Hacking iOS Devices
• iOS Device Security Tools
• Mobile Device Management (MDM)
• OWASP Top 10 Mobile Controls
• Mobile Security Tools

Module 18: IoT Hacking & OT Hacking

Learn about packet-sniffing techniques and how to use them to discover network vulnerabilities, as well as countermeasures to defend against sniffing attacks.

Hands-On Lab Exercises:

Over 2 hands-on exercises with real-life simulated targets to build skills on how to:

• Gather information using Online foot printing tools
• Capture and analyze IoT device traffic

Key topics covered:

• IoT Architecture
• IoT Communication Models
• OWASP Top 10 IoT Threats
• IoT Vulnerabilities
• IoT Hacking Methodology
• IoT Hacking Tools
• IoT Security Tools
• IT/OT Convergence (IIOT)
• ICS/SCADA
• OT Vulnerabilities
• OT Attacks
• OT Hacking Methodology
• OT Hacking Tools
• OT Security Tools

Module 19: Cloud Computing

Learn different cloud computing concepts, such as container technologies and server less computing, various cloud-based threats and attacks, and cloud security techniques and tools.

Hands-On Lab Exercises:

Over 5 hands-on exercises with real-life simulated targets to build skills on how to:

• Perform S3 Bucket enumeration using various S3 bucket enumeration tools
• Exploit open S3 buckets
• Escalate IAM user privileges by exploiting misconfigured user policy

Key topics covered:

• Cloud Computing
• Types of Cloud Computing Services
• Cloud Deployment Models
• Fog and Edge Computing
• Cloud Service Providers
• Container
• Docker
• Kubernetes
• Serverless Computing
• OWASP Top 10 Cloud Security Risks
• Container and Kubernetes Vulnerabilities
• Cloud Attacks
• Cloud Hacking
• Cloud Network Security
• Cloud Security Controls
• Cloud Security Tools

Module 20: Cryptography

In the final module, learn about cryptography and ciphers, public-key infrastructure, cryptography attacks, and cryptanalysis tools.

Hands-On Lab Exercises:

Over 10 hands-on exercises with real-life simulated targets to build skills on how to:

• Calculate MD5 hashes
• Perform file and text message encryption
• Create and use self-signed certificates
• Perform email and disk encryption
• Perform cryptanalysis using various cryptanalysis tools

Key topics covered:

• Cryptography
• Encryption Algorithms
• MD5 and MD6 Hash Calculators
• Cryptography Tools
• Public Key Infrastructure (PKI)
• Email Encryption
• Disk Encryption
• Cryptanalysis
• Cryptography Attacks
• Key Stretching