Website Penetration Testing

Chapter 1: Introduction to Hacking

• Introduction of Hacking
• Phases Of Hacking
• Types Of Hackers
• CIA Triad
• Vulnerability Assessment
• Phases Of Vulnerability Assessment
• Penetration Testing
• Phases Of Penetration Testing

Chapter 3: Foot Printing

• What is Footprinting
• Phases Of Footprinting
• Footprinting Through Search Engines
• Footprinting Through Archives
• Email Footprinting
• Footprinting Through Whois
• Footprinting Through TraceRoute
• Footprinting IP Address
• Footprinting Through Social Engineering

Chapter 4: Virtualization

• Gathering Information Using Websites and Applications
• IP Mapping and Tracing IP address
• Active and Passive Methods
• Detecting Web Server
• Find weaknesses using Google
• Hacking Using Google and other Search Engines

Chapter 5: Scanning

• What is Scanning
• TCP Communication Flags
• TCP Three Way Handshake
• TCP Connect/Full Open Scanning
• Stealth/Half Open Scanning
• Inverse TCP Flag Probe Scanning
• XMAS Scanning
• ACK Scanning
• UDP Scanning

Chapter 6: Windows Hacking

• OS Authentication Architecture
• OS Hash BruteForcing
• OS Password Cracking
• Windows Login Bypass
• OSX Login Bypass
• Data Stealing Techniques

Chapter 7: Linux Hacking

• Kali Linux Vs Other Pen Testing OS
• Installation and setup of Kali Linux
• System Architecture of Kali Linux
• Network Configuration of Kali Linux
• Essential Commands of Kali Linux

Chapter 8: Virus and Worms

• Malware
• Types Of Malware
• Worms
• Type Of Worms
• Protecting Yourself From Worms
• Symptoms of Worms
• Removal of Worms
• Virus
• Types of Virus
• Damage Caused By Virus
• Cause of Virus
• Symptoms Of Virus
• Removal of Virus

Chapter 9: Trojans and RATS

• Different Type of Trojans
• Making of Trojan(RAT)
• Right Way to Configure Trojan
• Online Trojan propagation
• Analysis and Removal of Trojan

Chapter 10: Sniffing

• Introduction to Network Sniffing
• Man in the Middle Attacks
• MAC spoofing & Flooding
• ARP Poisoning
• Rogue DHCP
• SSL Stripping
• Session Hijacking

Chapter 11: Email Hacking

• Social Engineering
• Fake Emails
• Identify Fake Emails
• KeyLoggers
• Email Encryption
• Counter Measures

Chapter 12: Phishing

• Phishing Attacks
• Desktop Phishing
• Spear Phishing
• Deceptive Phishing

Chapter 13: SQL Injection

• Introduction to SQL Database
• Types of SQL Injections
• Authentication Bypass Injection
• Blind Injections
• Error Based Injection
• Union Based Injection
• Stacked Query Injection
• Time Based Injection

Chapter 14: Wi-Fi Hacking

• Wi-Fi Technical Details
• Types of Encryptions
• MAC Spoofing
• Attacks on WEP, WPA, WPA2
• Forged Authentication Attack
• Replay Attack
• De-Synchronization Attack
• Evil Twin and Fake AP Attack

Chapter 15: Steganography

• Types of Steganography
• Techniques of Steganography
• How Steganography Works
• Image Steganography
• Working with Tools

Chapter 16: (XSS) Cross Site Scripting

• How XSS Attacks Work
• XSS Attack via Email
• Stealing Cookies via XSS
• XSS Attack in Comment Field
• Blog Post via XSS Attack
• CSRF Attacks

Chapter 17: iFrame Attacks

• Understanding an iFrame Attack
• New iFrame Injection Method
• Ads in hidden iFrame and pop-ups
• Redirecting to a malicious server
• Malicious script execution

Chapter 18: DoS and DDoS Attacks

• How DoS Attack Works
• Indications of DoS Attacks
• DoS Attack Techniques
• Tools for DDoS Attacks
• Detection of DoS Attacks

Chapter 19: Penetration Testing

• Need of Penetration Testing?
• Types of Pen Testing
• Pen Testing Techniques
• Security Audit
• Vulnerability Assessments
• Black Box Pen Testing
• Gray Box Pen Testing

Chapter 20: Reverse Engineering

• Monitoring Events and Exceptions
• Inspecting Processes and Modules
• Introduction to Reverse Engineering
• Tools and Commands

Chapter 21: Firewall & Honeypots

• Introduction to Firewalls
• Network Firewalls
• Web Application Firewalls
• Weakness in Firewalls
• Honey Pots and Security Misconfiguration

Chapter 22: IDS / IPS

• Configure Rule sets
• Setup Network IDS/IPS
• Writing Custom Rules
• Setup Network IDS or IPS
• Logs Analysis
• DMZ Configuration
• Intrusion Detection Systems and weakness
• Intrusion Prevention Systems and weakness

Chapter 23: Cyber Laws

Chapter 24: Cryptography

• Introduction To Cryptography
• History of Ciphers
• Symmetric And Asymmetric Ciphers
• Block Ciphers
• Data Encryption Standard
• DES-X
• Advanced Encryption Standards
• Block Cipher Modes
• Stream Ciphers - RC4
• Asymmetric-Key Algorithms
• RSA
• ELGAMAL
• HASH Functions
• Digital Signature
• Hybrid Schemes
• Public Key Infrastructure
• Implementing Public Key Infrastructure
• What Will PKI Allow You?
• EXERCISE: Certificates
• Certificate life cycle
• Planning the PKI
• PKI Administration
• Threat Modelling and Classification

Chapter 25: Social Engineering

• Eavesdropping
• Shoulder Surfing
• Dumpster Diving
• Spear Phishing
• Whaling
• Baiting
• Ptexting