Improve their skill in the hacking

About the Program

This training program is perfect for those who want to improve their skill in the hacking. Many
certifications like OSCP, ECPPT v2 and even Hackthebox certification provides a good level of skills in hacking. So a working professional or students who want to grow their skills in hacking can choose this program.

During working in a company if an employee wants to achieve higher cyber security certifications to grow their skills and designation in the company then this becomes a very challenging task. And students who are currently completing their bachelor degree from a university or college and want to grow in the cyber security domain, they would also need some mentor to guide them & plan for their better future in cyber security. That’s the reason why GIS Consulting has designed this curriculum. We help these types of aspirants so that they can grow and gain their desired place in a company or organisation.

Why should you consider our training?

The purpose of this training is only to teach high and required level of hacking, so that a company employee who is taking training from us can think more to protect their organisation environment. Also, for both (student and an employee), this training will help them to target multiple high level certifications and using those certifications students and a working professional can grab a high level of job and their designation.

Topics that we will cover in our training program will upgrade your hacking skills. Upon completion of this training program, you can perform a high level penetration testing for a website and its subdomains and nearly all types of network based hacking, Web hacking, network hacking and also privilege escalation that is demanded in a high level of skill for a company and all this type of skill is provided by our training.

We are providing CTF lab machines for a real hacking environment as well as for a certification exam(Hackthebox level machines). First we will train you and enable you to hack those CTF on your own then we will provide multiple challenges as a certification exam for 24 hours to confirm that you are able to target a high level certifications or not. We will give you multiple challenges to the end of training for better performance from your side.

Table of Contents

Before we Begin …………………………………………………………………………………………...

i. Legal Stuff ………………………………………………………………………………………………..

iii. Reporting  ………………………………………………………………………………………………..

1. Module 1 – Kali Linux Basics ……………………………………………………………………..

1.1 Working with kali linux ……………………………………………………………………………...

1.2 Updating system and packages ………………………………………………………………...

1.3 Apache …………………………………………………………………………………………………..

1.4 Other HTTP services ………………………………………………………………………………..

1.5 FTP ……………………………………………………………………………………………………….

1.6 SSH ……………………………………………………………………………………………………….

2. Module 2- Information Gathering Techniques………………………………………………

 2.1  Google Hacking ……………………………………………………………………………………...

2.2  Netcraft and Whois Reconnaissance ………………………………………………………...

2.3  Open Source and third party  websites for information gathering…………………...

3. Module 3- Open Services Information Gathering …………………………………………

   3.1 DNS Reconnaissance ……………………………………………………………………………...

 3.2 SNMP reconnaissance ……………………………………………………………………………..

 3.3 SMTP reconnaissance ……………………………………………………………………………..

 3.4 Microsoft Netbios Information Gathering ……………………………………………………..

4. Module 4- Port Scanning ……………………………………………………………………………

 4.1 TCP Port Scanning  ………………………………………………………………………………...

 4.2  UDP Port Scanning  ………………………………………………………………………………..

 4.3 Working with tools …………………………………………………………………………………...

4.3.1  Nmap ……………………………………………………………………………………………...

4.3.2  Sparta ……………………………………………………………………………………………..

4.3.3  Netcat ……………………………………………………………………………………………..

5. Module 5- Transferring Files ………………………………………………………………………

 5.1 Transferring files using netcat ………………………………………………………………….

5.2  Using FTP …………………………………………………………………………………………….

5.3  Using SSH …………………………………………………………………………………………...

5.4  Using Python HTTP server ……………………………………………………………………..

6. Module 6 – Exploit frameworks ………………………………………………………………….

 6.1  Metasploit …………………………………………………………………………………………….

 6.2 Core Impact …………………………………………………………………………………………..

7. Module 7- Password Attacks ……………………………………………………………………..

 7.1 Online Password Attacks ………………………………………………………………………..

 7.2 Hydra …………………………………………………………………………………………………...

 7.3 FTP Bruteforce ……………………………………………………………………………………...

 7.4 POP3 Bruteforce …………………………………………………………………………………...

7.5 SNMP Bruteforce …………………………………………………………………………………..

7.6 VPN Bruteforce ……………………………………………………………………………………...

7.7  Offline Password Attacks ………………………………………………………………………..

8. Module 8 – Web Application Attack vectors ………………………………………………..

 8.1  Cross Site Scripting ………………………………………………………………………………..

 8.2  Local and Remote File Inclusion……………………………………………………………….

 8.3  SQL Injection in MSSql / MySQL ……………………………………………………………..

 8.4  Web Proxies ………………………………………………………………………………………….

 8.5 Modern web attacks and their exploitation ………………………………………….

9. Module 9- Buffer Overflow Exploitation ………………………………………………………

 9.1 Fuzzing ………………………………………………………………………………………………...

9.2 Analyzing the Crash ……………………………………………………………………………….

9.3 Controlling EIP ……………………………………………………………………………………...

9.4 Buffer creation for our Payload………………………………………………………………...

9.5 Redirecting the execution flow ………………………………………………………………...

9.6 Finding return address …………………………………………………………………………..

9.7 Shellcode creation  according to OS ………………………………………………………..

9.8  Gaining  shell ……………………………………………………………………………………...

10. Module 10- Working With Exploits ……………………………………………………………

 10.1 Checking an exploit in kali linux …………………….……………………………...

 10.2 Looking for exploits on the web ……………………………………………………………….

 10.3 Changing exploits according to target ……………………………………………..