Inspiring Growth Driving Impact

CURRCICULUM AND DESCIPTION – ETHICAL HACKING

# Topics Subtopics Description
1 Introduction to • Overview • Understanding the
Ethical Hacking • Ethical Hacking fundamentals of ethical
Concepts hacking
• Legal Issues • Its importance in
• Types of Hackers cybersecurity
legal implications
• The role of an ethical
hacker in protecting digital
assets
2 Foot printing and • Techniques • Techniques for gathering
Reconnaissance (Passive, Active) information about targets
• Tools (WHOIS, tools used for passive and
Nmap, Recon-ng) active reconnaissance
• Countermeasures • Methodologies for foot
printing in various
scenarios.
3 Scanning • Network Scanning • Methods for scanning
Networks • Vulnerability networks to identify live
Scanning hosts
• Tools (Nmap, • Open ports, and services,
Nessus, OpenVAS) using tools to discover
• Countermeasures vulnerabilities,
• Analysing scan results for
actionable insights.
4 Enumeration • Techniques • Processes for extracting
(SNMP, LDAP, detailed information from
NTP) systems
Tools • Enumeration techniques for
• Countermeasures different protocols,
implementing
countermeasures to protect
against enumeration
attacks.
5 System Hacking • Password Cracking • Techniques for system
(Rainbow Tables, hacking including password
Hashcat) cracking
• Privilege • Methods for escalating
Escalation privileges
• Covering Tracks • Strategies for covering
(Log Tampering, tracks to avoid detection.
Rootkits)
6 Malware Threats • Types (Virus, • Types of malware,
Worms, Trojans, Static analysis (Signature
Ransomware) based detection,
• Analysis (Static, • File hashing, disassembly),
Dynamic) Dynamic analysis
• Countermeasures (Sandboxing, behavioral),
• Antivirus and Anti-malware,
firewall, regular updates

Private & confidential

 Inspiring Growth Driving Impact

and patches, backup and

recovery

7 Sniffing • Techniques (MITM, • Lab session where

ARP Spoofing), participants set up a
• Tools (Wireshark, controlled MITM attack
Tcpdump), using tools like Ettercap to
• Countermeasures understand how attackers
intercept and manipulate
communications.
• Demonstrate an SSL
stripping attack in a safe
environment, showing how
HTTPS connections can be
downgraded to HTTP.
• Hands-on experience in
hijacking a session using
tools like Wireshark to
capture session tokens and
then use those tokens to
gain unauthorized access.
• Create a scenario where
participants use tools like
arpspoof to conduct an
ARP spoofing attack and
redirect traffic
• Analyze the effects of ARP
spoofing on network traffic
using Wireshark. Identify
spoofed packets and
understand how ARP
poisoning can be detected.
Practice configuring static
ARP entries and using
dynamic ARP inspection
(DAI) on network devices
to prevent ARP spoofing
attacks.
• Capture live network traffic
with Wireshark, filter
specific types of packets,
and analyze packet details
Introduce participants to
basic Tcpdump commands
and filters, capturing traffic
on specific ports or from
specific IP addresses
8 Social • Techniques • Phishing simulation
Engineering (Phishing, • Lab session based on
Pretexting) analyse email phishing.
• Tools

Private & confidential

 Inspiring Growth Driving Impact

• Countermeasures • Identify common tactics

used in phishing attacks
such as spoofed sender
addresses and misleading
URLs
9 Denial-of-Service • Attack Techniques • Demonstration of various
(SYN Flood, attack techniques,
DDoS) frameworks and open-
• Botnets source network stress
• Tools (LOIC, HOIC) testing and DoS attack
• Countermeasures tools.
10 Session Hijacking • Techniques • Understanding types of
(Session Fixation, session hijacking
Session • Hand on practice to
Sidejacking) demonstrate the use of
• Tools tools to analyse session
• Countermeasures hijacking
11 Hacking Web • Attacks (Directory • Lab session to
Servers Traversal, demonstrate directory
Misconfiguration) traversal
• Tools
• Countermeasures
12 Hacking Web • Attacks (SQL • Practical details on SQL
Applications Injection, XSS, Injection
CSRF), XSS (Cross-Site Scripting)
• Tools (Burp Suite, • CSRF (Cross-Site Request
OWASP ZAP), Forgery) attacks, along
• Countermeasures with Burp Suite, OWASP
ZAP tools, and
countermeasures
• Modifying a SQL query to
retrieve unauthorized data
or bypass authentication
Injecting a script that
captures users' login
credentials and sends them
to an attacker-controlled
server
• Forcing a logged-in user to
unknowingly submit a form
that transfers money from
their account.
13 SQL Injection • Techniques (Union, • Injecting UNION SELECT
Error-Based, statements to retrieve
Blind), sensitive data alongside
• Tools, legitimate query results
• Countermeasures Injecting payloads that
trigger database errors
revealing database version,
table names, or column
details

Private & confidential

 Inspiring Growth Driving Impact

• Injecting payloads that

cause delays or change
application behaviour
based on query results.
14 Hacking Wireless • Techniques • Techniques used to crack
Networks (WEP/WPA WiFi encryption protocols
Cracking, Evil like WEP (Wired Equivalent
Twin), Privacy) and WPA (WiFi
• Tools (Aircrack-ng), Protected Access)
• Countermeasures • Enables attackers to
intercept and manipulate
network traffic, steal login
credentials, or deploy
malware
• Cracking WEP and
WPA/WPA2 passwords,
performing WiFi sniffing
and packet injection for
testing and security
assessments
15 Project Work • Practical • Capstone project
Application of
Concepts
• Real-world
Scenarios

Private & confidential