Corsi SECO Institute Ethical Hacking Foundation

• Hack a WEP-protected Wi-Fi network;
• Use basic network sniffing and port scanning techniques;
• Use web application vulnerability scanners (Dirb, Nikto and Vega) to find potential vulnerabilities;
• Interpret the results of a basic vulnerability scan;
• Run an automated SQL injection attack using SQLmap;
• Crack a password hash with John the Ripper;
• Brute-force a web-based login form;
• Bypass client-side validation;
• Use basic local file inclusion and remote file inclusion techniques to gain shell access and be able to execute commands on the system;
• Perform a basic black-box penetration test

This course ideally suits those new to the field of ethical hacking. Managers who want to gain insight into the possibilities and dangers of hacking are also welcome.

Introduction to Ethical Hacking

• Definition of ethical hacking
• The hacking cycle
• Kali Linux

Network Hacking

• Wireless networking including BSSID and ESSID, open and closed networks and WPA/WEP security
• Find information about a wireless network adapter and configure it to be used in WiFi hacking
• Packet capturing using airodump and injection in order to capture and crack a WEP key
• Using nmap and the zenmap GUI for network discovery scanning

Penetration I

• Introduction to dirb and nikto and how to interpret the initial results of a dirb and nikto scan
• Launch a vulnerability scan with Vega and analyse / interpret results
• Basic SQL commands and know some more special SQL commands
• How to find a SQL Injection vulnerability
• How to execute an automated SQL Injection with SQLmap
• Crack a password hash with John The Ripper
• Using hydra to brute-force a web-based login form

Penetration II

• Manipulating parameters in web-pages including GET and POST parameters
• Students become familiar with client and server-side validation
• OWASP ZAP and Burpsuite ar
• Using ZAP/BURP to bypass client-side validation
• Using ZAP/BURP with cookies
• Understanding file inclusion
• Working of local file inclusion
• Working of remote file inclusion
• Using these techniques to gain shell access

Capture the Flag

Using the techniques learned in the previous 3 modules, you’ll break into the wireless network of Bicsma (the fictional company that Security Academy has created and uses in its trainings). You’ll discover interesting hosts and identify what services run on them. Lastly you will access and eventually exploit these services to gain access to the systems

There are no formal prerequisites for this SECO Institute Ethical Hacking Foundation exam

Distant course duration:

• 3 sessions of 4,5 hours