Cyber Security Manual V1.0.Pdf
Total Page:16
File Type:pdf, Size:1020Kb
St. Angelo‘s Professional Education Lab Manual v1.0 Contributing Authors: Rajesh Vishwakarma Vinod Singh Satish Jha Lalit Jha 1 St. Angelo‘s Professional Education Lab Manual v1.0 Table of Contents Program Overview ............................................................................................................................ 5 What is penetration testing? ........................................................................................................ 5 Objectives ..................................................................................................................................... 5 Pre-requisites ............................................................................................................................... 5 Course Contents ........................................................................................................................... 6 Module One: Art of Hacking ..................................................................................................... 6 Module Two: Scenario of Enterprise security .......................................................................... 6 Module Three: Planning and gathering Information................................................................ 6 Module Four: Social Engineering .............................................................................................. 6 Module Five: Taking on the system .......................................................................................... 7 Module Six: Attacking passwords ............................................................................................. 7 Module Seven: Malwares, Rootkits and Trojans ...................................................................... 7 Module Eight: Getting Offensive .............................................................................................. 8 Module Nine: Exploiting ........................................................................................................... 8 Module Ten: Report writing & Supporting compliance ........................................................... 9 NSD Penetration Testing Training Schedule ...................................... Error! Bookmark not defined. Day 1 Schedule .............................................................................. Error! Bookmark not defined. Day 2 Schedule .............................................................................. Error! Bookmark not defined. Day 3 Schedule .............................................................................. Error! Bookmark not defined. Day 4 Schedule .............................................................................. Error! Bookmark not defined. Day 5 Schedule .............................................................................. Error! Bookmark not defined. Group Discussions ...................................................................................................................... 10 Team Activities ........................................................................................................................... 10 Case studies ................................................................................................................................ 10 Assignments ............................................................................................................................... 11 Module One: Art of Hacking ........................................................................................................... 12 Group Discussion - Hacker Culture, Ethics and Rise of Anonymous .......................................... 12 Hacker Culture - Discuss the following questions: ................................................................. 12 Ethics - Discuss the following questions: ................................................................................ 12 Rise of Anonymous ................................................................................................................. 13 Group Discussion: What is a System? .................................................................................... 13 Scenario: ................................................................................................................................. 13 Assignment ............................................................................................................................. 13 Module Two: Scenario of Enterprise Security ................................................................................ 14 Scenario ...................................................................................................................................... 14 Challenges .................................................................................................................................. 14 Group Discussions: ..................................................................................................................... 15 2 St. Angelo‘s Professional Education Lab Manual v1.0 Module Three: Planning and Gathering Information ..................................................................... 16 Getting Started With Backtrack: ................................................................................................. 16 Logging into backtrack: ........................................................................................................... 16 Changing default password .................................................................................................... 16 Starting the Graphical User Interface ..................................................................................... 16 Network configuration: .......................................................................................................... 16 Starting various services in Backtrack .................................................................................... 17 Navigating the System ............................................................................................................ 18 Pentest Directory .................................................................................................................... 21 Netcat overview ..................................................................................................................... 21 To Use netcat as a backdoor: ................................................................................................. 22 Exercises: ................................................................................................................................ 22 Foot-printing:.............................................................................................................................. 22 What is DNS: ........................................................................................................................... 23 Zone Transfer: ........................................................................................................................ 23 Dnsenum.pl ............................................................................................................................ 24 Using Dig ................................................................................................................................. 24 Using Whois ............................................................................................................................ 25 Exercises: ................................................................................................................................ 26 Using Maltego: ....................................................................................................................... 26 Scanning: .................................................................................................................................... 28 Tools – IP scanning: ................................................................................................................ 29 Nmap: ..................................................................................................................................... 29 Enumeration: .............................................................................................................................. 30 SNMP Enumeration: ............................................................................................................... 31 Steganography: Hiding Data within Data ....................................................................................... 33 Exercises ................................................................................................................................. 39 Module Four: Social Engineering .................................................................................................... 40 Social Engineering Concepts: ...................................................................................................... 40 Dumpster Diving ......................................................................................................................... 41 Module Five: Taking on the system ................................................................................................ 42 NTFS Alternate Streams: ........................................................................................................ 42 Physical Access Attacks: ........................................................................................................