0% found this document useful (0 votes)
26 views16 pages

Ethical Hacking and Bug Hunting

Uploaded by

hosurmapla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
26 views16 pages

Ethical Hacking and Bug Hunting

Uploaded by

hosurmapla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

ETHICAL HACKING

BUG HUNTING

BROCHURE

+919342537812

[email protected]

https://cyfotok.com
COURSE
INTRODUCTION
Introducing the Bug Hunting and Ethical Hacking
Course by Cyfotok Infosec, meticulously crafted
for aspiring cybersecurity professionals. This
comprehensive program offers a solid foundation
in bug hunting and ethical hacking, making it an
ideal starting point for newcomers to the field.
Our carefully curated curriculum covers
essential topics and practical lessons, providing
students with the fundamental knowledge needed
to excel in this dynamic industry. With regular
updates to reflect the latest advancements and
real-world scenarios, our course ensures
relevance and practicality.
Rest assured that all attack demonstrations are
conducted exclusively within our secure network
and authorized machines, adhering to the highest
standards of security and ethics. It's important to
note that the techniques and concepts taught in
our lessons are strictly for educational
purposes, emphasizing responsible and ethical bug
hunting practices.
SYLLABUS
STARTING POINT

WHO IS HACKER?
WHAT IS HACKING?
WHAT HACKERS DO?
HOW HACKERS HACK
CYBER SECURITY VS ETHICAL HACKING
WHAT SHOULD YOU KNOW BEFORE
STARTING?
NOtHING
WHAT’S NEXT? THE BASICS
DIVE IN BASICS
BUILD YOU BASE

WHAT IS VIRTUALIZATION?
VIRTUALBOX VS VMWARE
WHAT IS OPERATING SYSTEM?
BOOTING UP THE ATTACKER MACHINE
SETTING UP THE VICTIM MACHINE

LINUX - THE HACKER HOUSE

THE DIFFERENT TYPE OF OPERATING


SYSTEM
GUI VS CLI
EXPLORING PARROT
PLAYING WITH FILES AND FOLDERS
USER PERMISSIONS
DIFFERNT KIND OF SHELLS
LINUX PACKAGE MANAGEMENT
NETWORK - THE
COMMUNICATION

WHAT IS NETWORKING
TYPES OF NETWORKS
HOW INTERNET WORKS?
NETWORK TOPOLOGY
OSI LAYERS
TCP & UDP
FOCUSING ON IP ADDRESS
DEVICE IDENTITY (MAC ADDRESS)
NETWORK DEVICES AND HOW IT WORKS?
PORT AND PROTOCOLS
SUBNETTING
NETWORK INTERFACES
ARP / REVERSE ARP
DNS / REVERSE DNS
Ping Vs Traceroute
WPA & WPS
Listening with Netcat
WEB - BEHIND THE SCENES

BROWSER / SEARCH ENGINE


WEB PAGE / WEB SERVER / WEB APPLICATION
CLIENT / SERVER
REQUEST / RESPONSE
URL STRUCURE
DIFFERENT STATUS CODE
SSL / TLS
VPN / PROXY
WHAT IS HOSTING AND HOW?
BROWSER EXTENSIONS
COOKIES / CAHCE
TOKENS / SESSIONS
INTRODUCTION TO API
AUTHENTICATION / AUTHORIZATION
Gryptography- The siphaea saiks Web
Application Firewall
CRYPTOGRAPHY - THE CIPHER
SUITE

WHAT IS CRYPTOGRAPHY
ENCRYPTION / DECRYPTION
TYPES OF CRYPTOGRAPHY
PUBLIC KEY / PRIVATE KEY
SYMMETRIC / ASYMMETRIC
CONCEPTS OF CRYPTO

RoadMap for Hacking:

INFORMATION GATHERING / RECCONISENCE


SCANNING / ENUMURATION
EXPLOITATION AND GAINING ACCESS
PRIVILLAGE ESCALATION
CYBER TERMINOLOGIES

CIA TRAID
PHISHING
PAYLOAD
VULNERABLITY / EXPLOIT
DOS / DDOS
ATTACK SURFACE MONITORING
THREAT MODELING
BUG BOUNTY
SPOOFING / SNIFFING
PROGRAM / SCRIPT
PLUGINS
HASHING
DATA BREACH
PHASE- 1 INFORMATION
GATHERING / RECONNISENCE

WHAT IS RECCONICENSE
DOMAIN INFORMATION GATHERING
SUBDOMAIN RECONNAISSANCE
EMAIL ADDRESS RECONNAISSANCE
HUNTING BREACHED CREDENTIALS
IDENTIFYING WEB TECHNOLOGIES
INFORMATION GATHERING WITH BURPSUITE
GOOGLE DORKING / GOOGLE HACKING DATABASE
UTILIZING SOCIAL-MEDIA FOR INFORMATION
GATHERING
PHYSICAL INFORMATION GATHERING
RECONNAISSANCE WITH AMASS
RECONNAISSANCE WITH SHODAN
RECONNAISSANCE WITH NIKTO
PHASE-2 SCANNING /
ENUMURATION

WHAT IS ENUMURATION?
WHY ENUMURATION IMPORTANT?
PORT SCANNING
UDP SCANNING
SYN-ACK SCANNING
PORT SCANNING USING NMAP
ENUMURATING HTTP/HTTPS
ENUMURATING SMB
ENUMURATING FTP
ENUMURATING TELNET
ENUMURATING DNS
ENUMURATING SMTP
FURTHER ENUMURATION WITH RUSTSCAN
FURTHER ENUMURATION WITH MASSCAN
enumerating sensitive directories
PHASE-3 EXPLOITATION /
GAINING ACCESS

WHAT IS EXPLOITATION?
REVERSE SHELL / BIND SHELL
STAGED / SATGELESS PAYLOAD
CRAFTING PAYLOAD WITH MSFVENOM
EXPLOITING WINDOWS 7 WITH METESPLOIT
EXPLOITING WINDOWS 10 WITH METESPLOIT
EXPLOITING LINUX WITH METESPLOIT
EXPLOITING ANDROID WITH ANDRORAT
EXPLOITATION WITH ARMITAGE
EXPLOIT WINDOWS WITH MS EXCEL DOCUMENT
EXPLOIT WEAK PORTS WITH METESPLOIT
EXPLOITING WINDOWS WITH A PNG IMAGE
EXPLOITING WINDOWS WITH A PDF FILE
PHASE- 4 PRIVILLAGE
ESCALATION

WHAT IS PRIVILLAGE ESCALATION


PRIVILLAGE ESCALATION WITH METESPLOIT
PRIVILLAGE ESCALATION WITH MANUPULATING
USER PERMISSION
PRIVILLAGE ESCALATION WITH WINPEAS
PRIVILLAGE ESCALATION WITH LINPEAS

WORKING WITH AUTOMATED


TOOLS

AUTOMATE WITH SN1PER


AUTOMATE WITH NESSUS(PROFESSIONAL VERSION)
AUTOMATE WITH SPIDERFOOT
PLAYING WITH GRABBED
SKILLS

ATTACKING THE MACHINE LAME


ATTACKING THE MACHINE BLUE
ATTACKING THE MACHINE RIPPER
ATTACKING THE MACHINE SENSE
ATTACKING MORE COMPLICATED MACHINES

SOCIAL EMGINEERING
ATTACKS

WHAT IS SOCIAL ENGINEERING?


WORKING WITH SOCIAL ENGINEERING TOOLKIT
PHISHING WITH ZPHISHER / KINGPHISHER AND
OTHER TOOLS
BROWSER EXPLOITATION FRAMEWORK (BEEF
FRAMEWORK)
GAINING CAMERA ACCESS WITH SCRIPTS
WIFI BASED ATTACKS

WHAT IS DEAUTHENTICATION ATTACK?


WHAT IS MONITOR MODE?
HOW TO PERFORM DEAUTHENTICATION ATTACK?
CRACKING WEP USING AIRCRACK-NG
CRACKING WEP USING AIRGEDDON
CRACKING WPA USING AIRCRACK-NG
CRACKING WPA USING AIRGEDDON
CRACKING WPA2 USING AIRCRACK-NG
CRACKING WPA2 USING AIRGEDDON

DOCUMENTATION AND
REPORTING

COMMON LEAGAL DOCUMENTS


HOW TO WRITE A REPORT?
CRAFTING A REAL PENTESTING REPORT
FINDING SQL INJECTION
(FREE)

WHAT IS SQL INJECTION


WHAT IS A DATABASE?
TYPES OF SQL INJECTION
PERFORMING MANUAL SQL INJECTION
PERFORMING AUTOMATED SQL INJECTION

CROSS-SITE-SCRIPTING-XSS
(FREE)

WHAT IS XSS?
TYPES OF XSS?
PERFORMING MANUAL XSS
PERFORMING AUTOMATED XSS

FILE UPLOAD VULNERABILITY


(FREE)

WHAT IS FILE INJECT VULNERABILITY?


CREATE A EXPLOITATION FILE WITH
DIFFERENT LANGUAGES?
HOW TO HUNT THE VULNERABILITY?
CONTACT US FOR
OTHER QUERIES AND FEES
STRUCTURE

+919342537812

[email protected]

https://cyfotok.com

You might also like