iQEH - ISEH Qualified Ethical Hacker
The Ethical Hacker!
Imagine being a digital detective, prowling through the vast expanse of cyberspace, seeking out vulnerabilities and weaknesses in computer systems not to exploit them, but to fortify them against malicious attackers. This, in essence, is what an ethical hacker does.
More formerly, an ethical hacker, also known as a white-hat hacker, is a cybersecurity professional who specializes in penetrating computer systems, networks, and applications with the permission of the owner. Unlike malicious hackers, who exploit vulnerabilities for personal gain or malicious intent, ethical hackers use their skills for constructive purposes, such as identifying security weaknesses and helping organizations strengthen their defenses.
Think of them as the guardians of the digital realm, tasked with uncovering potential threats before they can be exploited by cybercriminals. Their arsenal includes a deep understanding of computer systems, networks, and programming languages, coupled with an insatiable curiosity and a keen eye for detail.
Ethical hackers employ a variety of techniques to assess the security posture of a target, including penetration testing, vulnerability assessments, and code reviews. They simulate real-world cyber-attacks to identify weaknesses that could be exploited by adversaries, providing valuable insights to organizations on how to better protect their assets.
In the ever-evolving landscape of cybersecurity, ethical hackers play a critical role in staying one step ahead of cyber threats. By thinking like the adversary, they help organizations anticipate and mitigate potential risks, ultimately safeguarding sensitive data and preserving the integrity of digital infrastructure.
For aspiring cybersecurity professionals, pursuing a course in ethical hacking offers an opportunity to delve into this fascinating field, gaining hands-on experience and practical skills under the guidance of seasoned experts. It's not just about learning how to hack; it's about using that knowledge for the greater good, defending against cyber threats and safeguarding the digital world for generations to come.
Course Detail:
Course Title: iQEH - ISEH Qualified Ethical Hacker
Duration: 12 Weeks.
Registration: Open Now.
Class Timings: Between 6PM to 9:30PM on Monday, Wednesday and Friday.
Venue: ISEH Main Campus (9 Noon Avenue, Block C, Muslim Town, Lahore).
Mode of Education/Training: On Campus physical classes.
Registration Fee (Non Refundable): Rs. 500/- (Pak Rupees Five Hundred Only).
Course Fee: Rs. 100,000.00 (Pak Rupees One Hundred Thousand Only). Deserving candidates can pay in instalments.
Discounts: Discount is available on group attendees and certain categories.
Note: Both registration and admission forms will be physically submitted at main campus of ISEH.
Who Can Join:
Anyone who wants to pursue his career in Information Security/Cybersecurity domain provided he has passed at least his 10th standard (Matric or O-Levels) and can use computer easily.
The one who is already in IT industry but wants to switch over to to Information Security/Cybersecurity track.
Already have knowledge and experience of Hacking/Ethical Hacking and wants to get certified.
Law enforcement and Defence personnel or Cyber Crime Investigators etc.
Candidate will have to clear Entrance Examination and Aptitude Interview.
What You Will Learn:
After having qualified this course, you will attain professional entry level proficiency in following subjects:
Information Security (InfoSec) and InfoSec Models. Introduction to InfoSec, sub-divisions, applications and challenges in implementing InfoSec practices. Core InfoSec models: CIA triad and AAA, along with key terminologies.
InfoSec Standards. Overview of standards like PCI-DSS, ISO/IEC 27001:2013, HIPAA, and SOX.
Understanding of InfoSec Threats, Attacks and InfoSec Controls
Web, Web Technologies and Web Applications. Evolution of web technologies and understanding web architectures including overview of web servers, HTTP basics, and web state management.
Pentesting, Hacking; its Approaches and Hackers. Differentiating pentesting and ethical hacking. Also, exploring types of hackers, skills required, and ethical hacking approaches.
Cybercrimes and Cyber Laws. Understanding cybercrime, motivations, and victims. Classification of cybercrimes and reporting procedures. An overview of international and national cyber laws.
Virtual Environment. The concept of virtualization and its importance in ethical hacking covering Hypervisors and their types, Virtual Machines (VMs), and practical exercises on installing a VM for hands-on learning.
Hacking Distros. Exploration of various hacking distributions such as Parrot Security OS, BackBox, BlackArch, and delve into a crash course on Kali Linux including installation, environment setup, essential tools, and basic security measures of Kali Linux through practical labs.
Data Representation and Coding Schemes. Understanding different types of data, data access methods, and data storage units. Also, the numbering systems, data coding schemes like ASCII and Unicode, and data hierarchy.
Programming and Scripting. Programming fundamentals and scripting languages covering programming language paradigms, software development lifecycle, and characteristics of good programs. Practical sessions include writing and executing simple programs and scripts, along with an introduction to Python and its applications in ethical hacking.
Command Line Scripting. Explore command-line interfaces in both Linux and Windows environments through learning about Bash Shell and Windows Command Line, including basic commands, scripting, conditional statements, loops, and PowerShell.
Computer Networking. Gain a solid foundation in computer networking essentials encompassing network components, topologies, switching techniques, TCP/IP protocols, DNS resolution, OSI model, IP addressing, subnetting, and network defense mechanisms.
Cryptography and Steganography. Delve into the world of cryptography and steganography. Study encryption algorithms, digital signatures, secure communication protocols, and email encryption standards.
Red Teaming
a. Client Engagement. Establishing the rules, scope, objectives, and reporting methodologies for engagements through drafting engagement agreement to formalize the terms of their red teaming activities.
b. Target Profiling and Planning. Delve into information gathering techniques, such as reconnaissance, both passive and active methods by learning tools like Nmap for port scanning and learn about enumeration techniques to gather information about networks and systems.
c. Exploitation (Attack). Understanding the purpose and planning of attacks. Also, learn about attacking web applications, including methods like Cross-Site Scripting (XSS) and Remote Control Execution (RCE) with file uploads. How to explore hacking databases through SQL injection and exploiting vulnerabilities in web servers.
d. Post Exploitation. Actions to be taken after gaining initial access, such as escalating privileges, maintaining access, pivoting to other systems, and persistence techniques to ensure continued access utilizing tools like Mimikatz and Metasploit.
e. Reporting. How to create comprehensive reports for stakeholders including preparation of executive summaries outlining the engagement's objectives, scope, findings, and their impact. Also, how to compile technical reports detailing identified vulnerabilities, remediation steps, and proofs of concept (PoCs).
Personality Development:
a. Time Management for Professionals. Understand the essence of time management, emphasizing prioritization, planning, analysis, and optimization techniques to enhance productivity and efficiency in professional settings.
b. Communication and Presentation Skills. Learn key principles and fundamentals of effective communication, along with tips for improving communication skills. It involves the importance of visuals, dressing appropriately, mastering presentation software, and delivering presentations with confidence.
c. Understanding Individual and Corporate Psychology. Understand the psychological aspects of individual and corporate behavior, providing insights into human behavior within organizational contexts.
d. Teamwork and Conflict Management. Learn about team composition, problem assessment, planning and task allocation techniques to foster effective teamwork and manage conflicts within teams.
e. The Art of CV Writing. Compares CVs and resumes, discusses considerations for crafting attractive CVs, outlines the contents of a good CV, and provides examples of good and bad CVs.
f. Job Interview Preparation, Tips and Tricks. How to minimizing interview stress, understanding the perspectives of employers and candidates, identifying question types, and receiving general interview tips. They also learn about common interview problems, mistakes to avoid, and dress code tips, with a focus on sealing the deal during interviews.
g. Introduction to Research. Understand the concept and types of research, research methodologies, the research onion model, and the process of writing research reports.
Course Syllabus:
Section 1: The Preliminary Knowledge
Module 1: Information Security (InfoSec), InfoSec Models and Policies
InfoSec and its application
InfoSec vs cybersecurity
InfoSec sub-divisions
Challenges in building InfoSec practices
InfoSec Models
InfoSec Policies
Important InfoSec Terminologies
Module 2: InfoSec Standards
Payment card industry data security standard (PCI-DSS)
ISO/ IEC 27001:2013
Health insurance portability and accountability act (HIPAA)
General Data Protection Regulation (GDPR)
Module 3: InfoSec Threats, Attacks and InfoSec Controls
InfoSec Threats
InfoSec Attacks
InfoSec Controls
Module 4: The Web Ecosystem, Web Architecture, Web System Architectures, Web Technologies, and Inter-communication
WWW, web 0, web 2.0, web 3.0 vs internet
Web Ecosystem
Web System Architectures
Inter-communication in Web Systems
Module 5: Pentesting, Hacking; Its Methodologies/Approaches and the Hackers
Pentesting Vs Ethical Hacking
The Spectrum of Hackers
Essential Skills for Ethical Hackers
Practical Methodologies/Approaches to Ethical Hacking
Individual assignment (case study of any renowned hacker)
Module 6: Cybercrimes and Cyber Laws
Understanding Cybercrime
Classification of cybercrimes
Reporting cybercrime
Overview of cyber laws
Section 2: Preliminary Skills for Ethical Hacking
Module 7: Virtual Environment
Hypervisor and its types
Virtual machine (VM) and its usage
Lab (installation of a VM)
Module 8: Hacking Distros
Parrot security OS
BackBox
BlackArch
Kali Linux-Crash Course
Lab (basic Linux commands)
Module 9: Data Representation and Coding Schemes
Data-Understanding Types, Recognition, and Access
Numbering Systems Classification
Conversion Between Positional Numbering Systems (Positive Numbers)
Alphanumeric Data Coding Schemes
Data Storage Measurement Units
Data Hierarchy
Individual assignment (conversion from/to binary)
Module 10: Programming and Scripting
Programming
Scripting
Activity 1(write and run a simple program)
Activity 2(write and run a simple Script)
Python
Group assignment (of above all)
Module 11: Command Line Scripting
Linux Bash Shell
Windows command line and powershell
Demonstrations (loops and conditions in bash)
Group assignment (of above all)
Module 12: Computer Networking
Network and Networking
PC Routing
Demonstration (Net Commands)
TCP and UDP
Demonstration (netstat command)
DNS
OSI Model and Attacks
IP Schemes
Wireshark
Video – using Wireshark
Video – Full Stack Analysis with Wireshark
Demonstration (sample traffic captures)
Individual assignment (traffic captures)
Network Defences and Attacks
Demonstration (find the secret server)
Demonstration (setting up and use of proxies)
Module 13: Cryptography and Steganography
Cryptography and its usage
Major Algorithms of Cryptography
Steganography its Types and Usage
Demonstration (use of Stego)
Individual assignment (use of Stego)
Section 3: Red Teaming
Module 14: Client Engagement
Rules of engagement
Scope and testing methodology
Objectives
Reporting methodology
Assignment (drafting an engagement agreement)
Module 15: Target Profiling and Planning
Information Gathering (Reconnaissance)
Demonstration (port scanning)
Assignment (port scanning)
Demonstration (Service identification)
Assignment (Service identification)
Demonstration Knockpy
Assignment (Sub domain enumeration)
Demonstration (Use of NetCat)
Assignment (Use of NetCat)
Module 16: Exploitation (Attack) Phase
Exploitation, its purpose and importance
Exploitation Planning
Web Apps Hacking
Demonstration (Burp Suite)
Assignment (Burp Suite)
Demonstration (Drib, Fuff, Gobuster)
Assignment (Drib, Fuff, Gobuster)
Demonstration (Stored/ Reflected/DOM based/Self XSS)
Assignment (Stored/ Reflected/DOM based/Self XSS)
Demonstration (CSRF)
Assignment (CSRF)
Demonstration (both LFI and RFI)
Assignment (both LFI and RFI)
Demonstration (RCE with file upload)
Assignment (RCE with file upload)
Hacking Databases
Demonstration (Error based/Blind/Get based/POST based/In Band/Out of Band SQL injections)
Assignment (Error based/Blind/Get based/POST based/In Band/Out of Band SQL injections)
Hacking Web Servers
20. System Hacking
21. Demonstration (backdoor)
22. Demonstration (HashCat)
23. Assignment (Hash cracking)
24. Demonstration (Buffer overflow)
25. Assignment (Buffer overflow)
26. Demonstration (SET)
27. Network Hacking
28. Demonstration (Hydra)
29. Assignment (Hydra)
30. Demonstration (badly configured shares)
31. Demonstration (exploitation of Null sessions)
32. Assignment (exploitation of Null sessions)
33. Demonstration (ARP spoofing)
34. Demonstration (jmeter)
35. Demonstration (Metasploit)
36. Group Assignment (Metasploit)
37. Demonstration (Meterpreter)
38. Assignment (Meterpreter)
39. Hacking the Cloud Computing
40. Hacking IoTs
41. Mobile Phone Hacking
42. Demonstration (Metasploit)
Module 17: Post Exploitation Phase
Definition, purpose and importance
Methodology of Post Exploitation Phase
Privilege Escalation
Demonstration (Levels of Privilege Escalation)
Lateral Movement and Pivoting
Activity (Pivoting and Lateral Movement)
Persistence
Tools for post exploitation phase
Module 18: Reporting Phase
Executive Report
Technical Report
Module 19: Artificially Intelligent Information Security
Introduction to AI in Offensive Security
AI-Enhanced Attack Surface Analysis
Advanced AI-Based Attack Vectors
Machine Learning for Exploitation
Practical Laboratory Exercises
Emerging Attack Methodologies
Section 4: Personality Development
Module 20: Time Management for Professionals
What is Time Management?
Time Management Methodology
Module 21: Communication and Presentation Skills
Key Principles of Communication
Fundamentals of Communication
Good Communication Tips
Miscommunication
Subject Matter and Visuals
Dressing Up
Mastering Your Presentation Software
Delivery of Presentation
Check Lists for Effective Presentation
Assignment (planned and extempore presentations)
Module 22: Understanding Individual and Corporate Psychology as an Employee
Individual Psychology in the Workplace
Dynamics of Team Interactions
Conflict Resolution and Negotiation
Organizational Culture and Leadership
Workplace Relationships and Networking
Psychological Resilience and Adaptability
Module 23: Teamwork and Conflict Management in Work Place
Introduction to Teamwork
Building Effective Teams
Communication in Teams
Conflict Resolution
Team Leadership
Collaboration Tools and Technologies
Case Studies and Practical Applications
Teamwork Assessment and Feedback
Continuous Improvement
Module 24: The Art of CV Writing
Introduction
CV vs resume
Considerations to write attractive CV
Contents of a good CV
Writing a Good CV Step by Step
Examples of good and bad CV
Assignment (writing own CV)
Module 25: Job Interview Preparation, Tips and Tricks
Introduction
Minimizing interview stress
What employer and you want to know about each other
Understanding question type
General interview tips
Common problems and ways to avoid them
Common interview mistakes to avoid
Dress code tips for interview
Sealing the deal
Section 5: Research Methodology
Module 26: Introduction to Research
What is research and its types
Research methodology
Research onion
Research report writing
Assignment (InfoSec research report writing)