Department of Information Security (IS),

Military College of Signals (MCS), NUST

Course : Security Assessment & Evaluation
Course Code : IS-433
Contact Hours : 2+1

Instructor : Major Ammar Hassan

ammar.hassan@mcs.edu.pk

https://ammarhassan.me/

1
2
 About Me (Ammar Hassan)
 MS Information Security - 2021 to 2023 (Gold Medallist)
 MCS (Masters in Computer Science) - 2017 to 2019 (Distinction)
 BETE (Telecommunication Engr) – 2008 to 2012
 Certified Ethical Hacking (CEH) Master
 Certified App Sec Practioner (CAP)
 Cisco Certified Networking Technician (CCENT)
 Microsoft Azure Administrator
 Certified Secure Computer User (CSCU)
Hassan 3
 About Me (Ammar Hassan)
 MS Information Security - 2021 to 2023 (Gold Medallist)
 MCS (Masters in Computer Science) - 2017 to 2019 (Distinction)
 BETE (Telecommunication Engr) – 2008 to 2012
 Certified Ethical Hacking (CEH) Master
 Certified App Sec Practioner (CAP)
 Cisco Certified Networking Technician (CCENT)
 Microsoft Azure Administrator
 Certified Secure Computer User (CSCU)
Hassan 4
 Objectives of the Course

Explain the basic principles and techniques of how attackers can

enter computer systems

Analyses of data breaches and audits of information technology

security

Evaluate the strengths and weaknesses of various information

technology solutions in terms of data security

Put acquired knowledge into practice by performing ethical

penetration tests and hide the intrusion
Hassan 5
 Brief Outline of Course

 Fundamentals of Security Assessment  Staying Anonymous (Mac and IP

Spoofing), VPNs, Proxies
 Reconnaissance and foot printing
 Sniffing and MITM attacks
 Scanning & Enumeration
 Linux Priv Escalation
 Vulnerability Assessment
 Hacking Web Applications -1
 System Hacking
 Buffer Overflow
 Password Cracking
 Active Directory Pentesting
 Mobile Security

Hassan 6
 Grading Criteria

ASSIGNMENTS QUIZ’S PROJECT MID TERM FINAL EXAM

10% 10% 10% 30% 40%

Note: Subject to change, students will be notified

Hassan 7
 Information Security Purpose

“Security to identify the threats against, the risks and the associated
potential damage to, and the safeguarding of Information Assets..”

Hassan 8
 Assets

 People, property, and information. People may include employees and

customers along with other invited persons such as contractors or guests.
 Property assets consist of both tangible and intangible items that can be
assigned a value. Intangible assets include reputation and proprietary
information.
 Information may include databases, software code, critical company records,
and many other intangible items.

Hassan 9
 Vulnerability

 Weaknesses or gaps in a security program that can be exploited by threats to gain

unauthorized access to an asset

Hassan 10
 Threat

 Threat – Anything that can exploit a vulnerability, intentionally or accidentally,

and obtain, damage, or destroy an asset.
 A threat is what we’re trying to protect against.

Hassan 11
 Risk

 Risk – The potential for loss, damage or

destruction of an asset as a result of a threat

exploiting a vulnerability.

or

 Probability of a threat becoming real, and the

corresponding potential damages

Hassan 12
What is Ethical Hacking

Hassan 13
Phases of Ethical Hacking

Hassan 14
FOOTPRINTING

15
 FOOTPRINTING

Identify Target
Identify IP Network topology
DNS, Subdomains, whois, web
Identify ASN (https://ipinfo.io/)
Network/ Website Information technologies
Identify Servers if possible Identify Admins (whois)
https://lookup.icann.org/en/lookup
Gather Org Information
Gather Passwords
Gather Employees Emails, phone nos
Haveibeenpawned
(harverster) (hunter.io),Linkedin
breadcheddirectory
Gather documents
(google dorks)
army secret site:*.gov.in filetype:pdf

Scanning &
Enumeration
16
SCANNING AND ENUMERATION

17
 SCANNING AND ENUMERATION
Identify Live hosts
Ping sweep –sn TCP Ports
netdiscover Udp Ports
Identify Open Ports Scan for all ports

Identify services
System Enumerate
Detect service Version -sV
Collect usernames, system names,
Emails etc
Web Enumeration
Subdomains
Vhosts
DNS

Hack it
18
 GAINING ACCESS
Vulnerability Research

19
 GAINING ACCESS
Vulnerability Exploitation

20
 MAINTAINING ACCESS

Keyloggers
Spyware
Backdoors
Rootkits
NTFS Streams
Steganography
Steganography

21
COVERING TRACKS

22
 Hacking Mindset

Hopefully, you will learn to think like a criminal

mastermind but behave like a gentleman/woman!

Hassan 23
 TO DO

Project (Individual)
Choose a bug bounty target from the following websites. You will be analyzing the target over the
complete semester. Make a complete report of your attempts on the site, whatever you learnt even
for failed attacks
 Bug crowd
 Hackerone
 Intigriti
Tips: Choose a program that do has a broader scope(google me)
Note
• I will share an excel sheet, you do have to fill in the target details before next class
• No two students can work on a single target
Hassan 24
 TO DO

Course Essentials
You should sign up for accounts on following platforms. As labs and assignments will
require these
 Hack the Box
 Try Hack Me
You also need account on Microsoft azure. You can sign up for free (without credit
card) with student email ID. If you do not have a student ID, you can sign up with 1
dollar for a year. Use a virtual credit card from Sadapay or Nayapay

Hassan 25
Thanks

Hassan 26