Find online courses made by experts from around the world.
Take your courses with you and learn anywhere, anytime.
Learn and practice real-world skills and achieve your goals.
Ethical Hacking (EH) and Web Application Penetration Testing (WAPT) Course is IT Security (Offensive) Security Course that teaches you how to find vulnerabilities (bugs or loopholes, like coding mistakes, configuration mistakes or errors etc) in any applications and Network infrastructures including networking devices, mobiles etc- Web Application Penetration is specific to digging the same specific to web applications-
In this course you will learn how to find critical information that helps you to hack into computer / applications, later tool, techniques and technologies that help you to penetrate (hack) into your target- Ethical Hackers have high demand and have excellent job scope around the world- You can just dig information in job portals about the job scope and salaries paid- According to Nasscom (INDIA), India needs 188,000 security professionals by 2012, its 2014 now, you can expect the job scope around the world-
This course (EH & WAPT) is highly comprehensive made of 145 video lectures of 31 hours and PDF & text materials- Your doubts related to subject will clarified lifetime on our social networking based website w w w dot h a c h k o dot com / h a c h k o - Well, the speakers in the course are Mr- Srinivas and Mr- Nipun Jaswal and ofcourse myslef in couple of videos as guest lecture- Bio: Nipun Jaswal: Nipun Jaswal is well-known IT security Researcher, Well Known for his activities in the field of ethical hacking and cyber forensics - Mr- Nipun was an Independent security expert , who works on cyber crime cases and investigations , he was the Ex-C-T-O in Secugenius Security Solutions , Also He Worked As A Security Analyst in a Company - During His Career He has Pen-tested over 100+ Servers And Solved Many Cyber Crime Cases , He Has Trained Over 5000+ students in the field of ethical hacking and penetration testing , he is the currently the ambassador for EC-COUNCIL Programs In Lovely Professional University (First Indian University To Tie Up With EC-COUNCIL)- He is Currently Pursuing Masters In Technology (M-TECH) From LPU Itself - He Has Been The Speaker At Several National Level Confrences - His Security Research Papers Are Published Over Many Sites Like Packetstorm, SourceForge Etc- Achievements of His Careers: a- Certified Ethical Hacker (EC-COUNCIL C|EH) b- Certified Information Security Expert (CISE) c- Ankit Fadia's Certified Ethical Hacker (AFCEH 5-0) d- Winner Of Innobuzz Best Blog Competition (2010) e- Ambassador Of EC-COUNCIL @ Lovely Professional University f- Ex- Chief Technical Officer At Secugenius Security Solutions g- Ex- Security Analyst At Cyber Cure Solutions Delhi h- Founder/Admin Of Starthack i- Founder/Admin Of Indian Cyber Police (Among Most Active HAcker's group of india) j- Administrator of various forums k- Admin Of Hacker's Group Ap3x_nd_h4ck0 l- Respected V-I-P Member Of International Hacker's Forum (MADLEETS Pakistan) m- Presenter At HATCON LPU & HATCON KANPUR n- Presenter At DEFCON Groups (DC141001) 1-Defcon Rajasthan 2- Defcon Punjab o- Presently writing two books On Web application Hacking And Metasploit Framework p- Trained Over 5000 Students And Delivered Over 50+ Workshops q- Worked On Cyber Crime Cases- r- Secured Over 1000 Domains s- Regular Author At Packet Storm Security t- 3+ Years Of Experince Mr- Srinivas Mr- Srininvas is Security Analyst and Ethical Hacking Trainer Since 6 Years and addressed over 50 workshops and Seminars- He is Co-Author of the Book "Hacking S3crets", along with Sai Satish and Aditya Gupta- Srininvas is also moderator of famous Hacking Forum based website and contributed SQL Injection articles to World's leading hacking magazine "hackin9"- Srininvas was honoured with "PRATHIBHA" Award by Govt- of Andhra Pradesh in Year 2008-
Not for you? No problem.
30 day money back guarantee
Learn on the go.
Desktop, iOS and Android
Certificate of completion
|Section 1: Computer Basics & Introduction|
Hello Friends, Welcome to the course. Send your Email ID to firstname.lastname@example.org for Online Exam Information with subject as "Registered Student"
Course Introduction -Web Application Penetration TestingPreview
The term “hacker” has a dual usage in the computer industry today. Originally, the termwas defined as:HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
What do ethical hackers do?
The “get out of jail free card”
UNDERSTANDING HACKING TERMINOLOGIES
Threat: An Action or event that might compromise the security. It is violation the Security Policy.
Adware - Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least.
Back Door - A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation. Sometimes crackers will create their own back door to a system by using a virus or a Trojan to set it up, thereby allowing them future access at their leisure.
Black Hat - Just like in the old westerns, these are the bad guys. A black hat is a cracker. To add insult to injury, black hats may also share information about the “break in” with other black hat crackers so they can exploit the same vulnerabilities before the victim becomes aware and takes appropriate measures… like calling Global Digital Forensics!
Bot - A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan through all of your pages. In these cases bots are not meant to interfere with a user, but are employed in an effort to index sites for the purpose of ranking them accordingly for appropriate returns on search queries. But when black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets.
Botnet – A botnet is a network of zombie drones under the control of a black hat. When black hats are launching a Distributed Denial of Service attack for instance, they will use a botnet under their control to accomplish it. Most often, the users of the systems will not even know they are involved or that their system resources are being used to carry out DDOS attacks or for spamming. It not only helps cover the black hat’s tracks, but increases the ferocity of the attack by using the resources of many computer systems in a coordinated effort.
Cookies – A cookie is a small packet of information from a visited webserver stored on your system by your computer’s browser. It is designed to store personalized information in order to customize your next visit. For instance, if you visit a site with forms to fill out on each visit, that information can be stored on your system as a cookie so you don’t have to go through the process of filling out the forms each time you visit.
Cracker - When you hear the word hacker today, in reality it is normally referring to a cracker, but the two have become synonymous. With its origin derived from “safe-cracker” as a way to differentiate from the various uses of “hacker” in the cyber world, a cracker is someone who breaks into a computer system or network without authorization and with the intention of doing damage. A cracker may destroy files, steal personal information like credit card numbers or client data, infect the system with a virus, or undertake many others things that cause harm. This glossary will give you an idea of what they can do and some of the means they use to achieve their malicious objectives. These are the black hats.
Denial of Service Attack (DOS) – A Denial of Service attack is an attack designed to overwhelm a targeted website to the point of crashing it or making it inaccessible. Along with sheer numbers and frequency, sometimes the data packets that are sent are malformed to further stress the system trying to process the server requests. A successful Denial of Service attack can cripple any entity that relies on its online presence by rendering their website virtually useless.
Distributed Denial of Service Attack (DDOS) - A Distributed Denial of Service attack is done with the help of zombie drones (also known as a botnet) under the control of black hats using a master program to command them to send information and data packets to the targeted webserver from the multiple systems under their control. This obviously makes the Distributed Denial of Service attack even more devastating than a Denial of Service attack launched from a single system, flooding the target server with a speed and volume that is exponentially magnified. As is normally the case with zombie drones and botnets, this is often done without the user of the controlled system even knowing they were involved.
Dumpster Diving - The act of rummaging through the trash of an individual or business to gather information that could be useful for a cyber criminal to gain access to a system or attain personal information to aid them in identity theft or system intrusion. One person’s garbage can indeed be a cyber criminal’s treasure.
Easter Egg - A non-malicious surprise contained in a program or on a circuit board installed by the developer. It could be as simple as a text greeting, a signature, or an image embedded on a circuit board, or comprise a more complex routine, like a video or a small program. The criteria that must be met to be considered an Easter Egg are that it be undocumented, non-malicious, reproducible to anyone with the same device or software, not be obvious, and above all – it should be entertaining!
Firewall - A firewall is a security barrier designed to keep unwanted intruders “outside” a computer system or network while allowing safe communication between systems and users on the “inside” of the firewall. Firewalls can be physical devices or software-based, or a combination of the two. A well designed and implemented firewall is a must to ensure safe communications and network access and should be regularly checked and updated to ensure continued function. Black hats learn new tricks and exploit new techniques all the time, and what worked to keep them out yesterday may need to be adjusted or replaced over time.
Gray Hat – A gray hat, as you would imagine, is a bit of a white hat/black hat hybrid. Thankfully, like white hats, their mission is not to do damage to a system or network, but to expose flaws in system security. The black hat part of the mix is that they may very well use illegal means to gain access to the targeted system or network, but not for the purpose of damaging or destroying data: they want to expose the security weaknesses of a particular system and then notify the “victim” of their success. Often this is done with the intent of then selling their services to help correct the security failure so black hats can not gain entry and/or access for more devious and harmful purposes.
Hacker - This is the trickiest definition of the group and controversy has followed its use for decades. Originally, the term hacker had a positive connotation and it actually had nothing to do with computer systems. In 1946, the Tech Model Railroad Club of MIT coined the term to mean someone who applies ingenuity to achieve a clever result. Then, when computers came along, ”hacker” took on the meaning of someone who would “hack” away on a program through the night to make it better. But in the 80s everything changed, and Hollywood was the catalyst. When the personal computers onslaught started invading our daily lives, it didn’t take long for clever screen-writers to bring the black hat villains of the cyber world to the forefront of our collective consciousness, and they haven’t looked back since. They associated our deepest fears with the word hacker, making them the ones that unraveled our privacy, put our safety in jeopardy, and had the power to take everything from us, from our material possessions to our very identities. And they could do it all anonymously, by hacking away in a dark room by the dim light of a computer monitor’s glow. Needless to say, right or wrong, it stuck! Even many professionals in the computing field today have finally, albeit grudgingly, given in to the mainstream meaning of the word. “Hacker” has thus become the catch-all term used when in fact it should be “cracker.”
Keylogger – A keylogger is a non-destructive program that is designed to log every keystroke made on a computer. The information that is collected can then be saved as a file and/or sent to another machine on the network or over the Internet, making it possible for someone else to see every keystroke that was made on a particular system. By breaking down this information, it can be easy for a black hat cracker to recreate your user names and passwords, putting all kinds of information at risk and susceptible to misuse. Just imagine your online banking login information falling into the wrong hands! Finding out you have a keylogger installed, however, does not necessarily mean you were the victim of a black hat, as some companies install them on employee computers to track usage and ensure that systems are not being used for unintended purposes. Keyloggers are, for obvious reasons, often considered to be spyware.
Logic Bomb – A logic bomb is a malicious program designed to execute when a certain criterion is met. A time bomb could be considered a logic bomb because when the target time or date is reached, it executes. But logic bombs can be much more complex. They can be designed to execute when a certain file is accessed, or when a certain key combination is pressed, or through the passing of any other event or task that is possible to be tracked on a computer. Until the trigger event the logic bomb was designed for passes, it will simply remain dormant.
Malware – Simply put, malware is a malicious program that causes damage. It includes viruses, Trojans, worms, time bombs, logic bombs, or anything else intended to cause damage upon the execution of the payload.
Master Program - A master program is the program a black hat cracker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks.
Payload – The payload is the part of the malware program that actually executes its designed task.
Phishing – Phishing is a form of social engineering carried out by black hats in electronic form, usually by email, with the purpose of gathering sensitive information. Often these communications will look legitimate and sometimes they will even look like they come from a legitimate source like a social networking site, a well-known entity like Paypal or Ebay, or even your bank. They will have a link directing you to a site that looks very convincing and ask you to verify your account information. When you log in to verify your information on the bogus site, you have just given the black hat exactly what they need to make you the next victim of cyber crime. Phishing is done in many forms – sometimes it’s easy to spot, sometimes not.
Phreaker - Considered the original computer hackers, phreakers, or phone phreakers, hit the scene in the 60s and made their mark by circumventing telecommunications security systems to place calls, including long distance, for free. By using electronic recording devices, or even simply creating tones with a whistle, phreakers tricked the systems into thinking it was a valid call. One of the first to find prominence was “Captain Crunch,” a phreaker who realized the toy whistle that came as a prize in a box of Captain Crunch cereal could be used to mimic the tone frequencies used by telecommunications companies to validate and route calls.
Polymorphic Virus - A polymorphic virus is a virus that will change its digital footprint every time it replicates. Antivirus software relies on a constantly updated and evolving database of virus signatures to detect any virus that may have infected a system. By changing its signature upon replication, a polymorphic virus may elude antivirus software, making it very hard to eradicate.
Rootkit - Without a doubt, the biggest fear in IT security is an undetected intrusion. A rootkit is a tool that can give a black hat the means for just such a perfect heist. A rootkit is a malware program that is installed on a system through various means, including the same methods that allow viruses to be injected into a system, like email, websites designed to introduce malware, or downloading and/or copying to the system with an unsafe program. Once a rootkit is introduced, this will create a back door for a black hat that will allow remote, unauthorized entry whenever he or she chooses. What makes a rootkit particularly lethal: it is installed and functions at such low system levels that it can be designed to erase its own tracks and activity from the now vulnerable system, allowing the black hat to navigate through entire networks without being exposed. Often, black hats will use social engineering to gain physical access to particularly well protected system so the rootkit can be directly installed from CD or a tiny USB drive (it only takes a minute) in order either to circumvent a particularly troublesome firewall or gain access to a system that is not normally accessible from the outside. Once the rootkit is introduced, the black hat has free reign and even skilled IT security departments will have a lot of trouble even seeing the activity as it’s happening. Rootkits are a definite 10 on the scary scale of cyber intrusions.
Script Kiddie - An individual who does not possess, or just doesn’t use, their own skills and know-how to hack or crack a computer system or network, but uses a pre-written program or piece of code, a script, to do the dirty work. While they may not possess the computing talent, they can be just as dangerous!
Social Engineering – In the realm of the black hats, social engineering means to deceive someone for the purpose of acquiring sensitive and personal information, like credit card details or user names and passwords. For instance, when fictitious Mr. Smith calls from IT services to inform you of new user name and password guidelines being implemented by the company and asks you to reveal yours so he can make sure they meet the new guidelines, you have been a target of social engineering. They can be very clever and resourceful, and very, very convincing. The only way to make sure you are not a victim of social engineering is never to give your personal and sensitive information to anyone you are not absolutely sure about. There are very few occasions that anyone legitimate would ever ask you for a password, and you should always be the one contacting them, not the other way around.
Spam – Spam is simply unsolicited email, also known as junk email. Spammers gather lists of email addresses, which they use to bombard users with this unsolicited mail. Often, the emails sent are simply advertising for a product or a service, but sometimes they can be used for phishing and/or directing you to websites or products that will introduce malware to your system. When you receive spam, the best practice is to delete it immediately. Sometimes you will see a note in a spam email that gives you instructions on how to be removed from the list – never do it! This will only confirm to the spammer that they have a valid email address and the spam will just keep coming. They could also then sell your email address to another spammer as a confirmed email address and more spam will show up in your inbox. Most mail services have spam filters and these should be employed whenever possible.
Spoofing – Spoofing is the art of misdirection. Black hat crackers will often cover their tracks by spoofing (faking) an IP address or masking/changing the sender information on an email so as to deceive the recipient as to its origin. For example, they could send you an email containing a link to a page that will infect your system with malware and make it look like it came from a safe source, such as a trusted friend or well-known organization. Most of the true sources have security measures in place to avoid tampering with sender information on their own mail servers, but as many black hat spammers will launch attacks from their own SMTP (Simple Mail Transfer Protocol), they will be able to tamper with that information. When in doubt, check with the source yourself.
Spyware - Spyware is software designed to gather information about a user’s computer use without their knowledge. Sometimes spyware is simply used to track a user’s Internet surfing habits for advertising purposes in an effort to match your interests with relevant ads. On the other side of the coin, spyware can also scan computer files and keystrokes, create pop-up ads, change your homepage and/or direct you to pre-chosen websites. One common use is to generate a pop-up ad informing you that your system has been infected with a virus or some other form of malware and then force you to a pre-selected page that has the solution to fix the problem. Most often, spyware is bundled with free software like screen savers, emoticons and social networking programs.
Time Bomb – A time bomb is a malicious program designed to execute at a predetermined time and/or date. Time bombs are often set to trigger on special days like holidays, or sometimes they mark things like Hitler’s birthday or 9/11 to make some sort of political statement. What a time bomb does on execution could be something benign like showing a certain picture, or it could be much more damaging, like stealing, deleting, or corrupting system information. Until the trigger time is achieved, a time bomb will simply remain dormant.
Trojan – A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there. Once introduced, a Trojan can destroy files, alter information, steal passwords or other information, or fulfill any other sinister purpose it was designed to accomplish. Or it may stay dormant, waiting for a cracker to access it remotely and take control of the system. A Trojan is a lot like a virus, but without the ability to replicate.
Virus - A virus is a malicious program or code that attaches itself to another program file and can replicate itself and thereby infect other systems. Just like the flu virus, it can spread from one system to another when the infected program is used by another system. The more interconnected the host is, the better its chances to spread. The spread of a virus can easily occur on networked systems, or it could even be passed along on other media like a CD or memory stick when a user unwittingly copies an infected file and introduces it to a new system. A virus could even be emailed with an attachment. “Virus” is often incorrectly used as a catch-all phrase for other malicious programs that don’t have the ability to self-replicate, like spyware and adware.
Wardriving – Wardriving is the act of driving around in a vehicle with the purpose of finding an open, unsecured Wi-Fi wireless network. Many times, the range of a wireless network will exceed the perimeter of a building and create zones in public places that can be exploited to gain entry to the network. Black hats, and even gray hats, will often use a GPS system to make maps of exploitable zones so they can be used at a later time or passed on to others. Wardriving is not the only way this task is performed – there are Warbikers and Warwalkers too. As you can see, it is imperative that your WiFi network is secure because there are entities out there looking for any opening to ply their trade.
White Hat – While black hats use their skill for malicious purposes, white hats are ethical hackers. They use their knowledge and skill to thwart the black hats and secure the integrity of computer systems or networks. If a black hat decides to target you, it’s a great thing to have a white hat around. But if you don’t, you can always call on one of ours at Global Digital Forensics.
Worm – A worm is very similar to a virus in that it is a destructive self-contained program that can replicate itself. But unlike a virus, a worm does not need to be a part of another program or document. A worm can copy and transfer itself to other systems on a network, even without user intervention. A worm can become devastating if not isolated and removed. Even if it does not cause outright damage, a worm replicating out of control can exponentially consume system resources like memory and bandwidth until a system becomes unstable and unusable.
Zero Day Threat/Exploit - Every threat to your computer security has to start somewhere. Unfortunately, the way most of us protect ourselves from cyber threats and intrusions, is to use detection programs that are based on analyzing, comparing and matching the digital footprint of a possible threat to an internal database of threats that have been previously detected, reported and documented. That’s why we all have to go through those seemingly never-ending updates to our antivirus programs, that’s how the database is updated and the newest threats are added to the list of what the scanners look for. That inherent flaw in our scanners is what makes a Zero Day threat so dangerous. A Zero Day threat is pristine and undocumented. From the very first day a particular threat is ever deployed (zero day) until that threat is noticed, reported, documented and added to the index, it is an unknown. As far as standard protection goes, unknown means invisible – and when it comes to cyber threats, invisible can definitely mean trouble.
Zombie / Zombie Drone – A zombie is a malware program that can be used by a black hat cracker to remotely take control of a system so it can be used as a zombie drone for further attacks, like spam emails or Denial of Service attacks, without a user’s knowledge. This helps cover the black hat’s tracks and increases the magnitude of their activities by using your resources for their own devious purposes. Rarely will the user infected with a zombie even know it’s there, as zombies are normally benign and non-destructive in and of themselves. Zombies can be introduced to a system by simply opening an infected email attachment, but most often they are received through non-mainstream sites like file sharing sites, chat groups, adult websites and online casinos that force you to download their media player to have access to the content on their site, using the installed player itself as the delivery mechanism.
DOS COMMANDS(Compared with Linux Commands)
Unix (officially trademarked as UNIX, sometimes also written as Unix with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna. Today the term "Unix" is commonly used to describe any operating system that conforms to UNIX standards, meaning the core operating system operates similarly to the original UNIX operating system. Today's UNIX systems are split into various branches, developed over time by AT&T as well as various commercial vendors and non-profit organizations.
The Open Group, an industry standards consortium, owns the “Unix” trademark. Only systems fully compliant with and certified according to the Single UNIX Specification are qualified to use the trademark; others are called "Unix system-like" or "Unix-like" (though the Open Group disapproves of this term).
During the late 1970s and early 1980s, the influence of Unix in academic circles led to large-scale adoption of Unix (particularly of the BSD variant, originating from the University of California, Berkeley) by commercial startups, the most notable of which are Solaris, HP-UX and AIX. Today, in addition to certified UNIX systems such as those already mentioned, Unix-like operating systems such as Linux, BSD, and Mac OS X are commonly encountered. The term "traditional Unix" may be used to describe a UNIX or an operating system that has the characteristics of either Version 7 Unix or UNIX System V.
Linux is UNIX like Operating System, comes as free and open source.
Linux was originally developed as a free operating system for Intel86-based personal computers
Linux is a leading OS on servers such as Mainframes and Super Computers and as of June 2013, Worlds 95% servers have variants of Linux such as RedHat, CentOS, etc
date – Show the current date and time
Enter – Run the command
Ctrl + Z – Stops the current command, resume with fg in the foreground or bg in the background
command | less – Allows the scrolling of the bash command window using Shift + Up Arrow and Shift + Down Arrow
Ctrl + A – Return to the start of the command you're typing
Ctrl + D – Log out of current session, similar to exit
Learn the Commands
apropos subject – List manual pages for subject
whereis app – Show possible locations of app
grep pattern files – Search for pattern in files
chmod octal file – Change the permissions of file to octal, which can be found separately for user, group, and world by adding: 4 – read (r), 2 – write (w), 1 – execute (x)
ls – Directory listing
cd dir – Change directory to dir
rm name – Remove a file or directory called name
cp file1 file2 – Copy file1 to file2
mv file /home/dirname – Move the file called filename to the /home/dirname directory
ln -s file link – Create symbolic link link to file
more file – Display the file called file one page at a time, proceed to next page using the spacebar
tar cf file.tar files– Create a tar named file.tar containing files
tar czf file.tar.gz files – Create a tar with Gzip compression
tar cjf file.tar.bz2 – Create a tar with Bzip2 compression
gzip file – Compresses file and renames it to file.gz
/etc/rc.d/init.d/lpd start – Start the print daemon
ifconfig – List IP addresses for all devices on the local machine
ssh user@host – Connect to host as user
adduser accountname – Create a new user call accountname
ps – Display your currently active processes
Installation from source
Stopping & Starting
shutdown -h now – Shutdown the system now and do not reboot
Testing your Basic Skills
|Section 2: Setting your Lab|
Windows Server Installation
Backtrack OS Installation
Installing Backtrack Tools on Ubuntu
|Section 3: Ethical Hacking (Basics to Advance) - Information Gathering|
Google Hacking -Video1
Google Hacking -Video2
Scanning and Enumeration - Video1
Scanning and Enumeration - Video2 - APS
Scanning and Enumeration - Video3 - Nmap Tutorials
Scanning and Enumeration - Video4 - LBD
Scanning and Enumeration - Video5
Scanning and Enumeration - Video6
Ethical Hacking Basics Quiz
|Section 4: Ethical Hacking(Basics to Advance) - System Hacking|
System Hacking Video1
System Hacking Video2
System Hacking Video3
System Hacking Video4
System Hacking Video5
Proxy Servers - EPS Tutorial
Proxy Servers - TOR Proxy
Sniffing - Video1
Sniffing - Video2 - Wireshark Tutorials
Sniffing - Video3 - Cain n Able
Session Hijacking - Video1
Session Hijacking - Video2
Session Hijacking - Video3
|Section 5: Ethical Hacking (Basics to Advance)- Web Server(Site) Hacking|
Web Server Hacking
SQL Injection -Video1
SQL Injection -Video2
SQL Injections -Practical Demonstrations
Cross-site Scripting (XSS)- Video1
Cross-site Scripting (XSS)- Video2
Cross-site Scripting (XSS)- Video3
Remote File Inclusion Attacks
Buffer Overflows and Exploit Writing
Denial Of Service (DOS) Attacks - Video1
Denial Of Service (DOS) Attacks - Video2
Hacking Wireless Netrworks
Metasploit Framework - Video1
Metasploit Framework - Video2
Penetration Testing - Video1
Penetration Testing - Video2
Penetration Testing - Video3
Hacking Mobile Phones
Web Application Penetration Testing-Video1
Web Application Penetration Testing-Video2
Web Application Penetration Testing-Video3
Web Application Penetration Testing-Video4
Web Application Penetration Testing-Video5
Web Application Penetration Testing-Video6
|Section 6: Web Application Penetration Testing - ADVANCE (PART 2 Of this Course)|
Introduction to Web Applications - Video1
Introduction to Web Applications - Video2
Client Server Architecture
Working with Protocols -Video1
Working with Protocols -Video2
Web Application Technologies -Video1
Web Application Technologies -Video2
Protocol Status Codes -Video1
Protocol Status Codes -Video2
Web Server and Client -Video1
Web Server and Client -Video2
Web Server and Client -Video3
WEB SERVER AND CLIENT- Video4
Necessity of Web Application Security
Offensive and Defensive Mechanisms
|Section 7: OWASP TOP 10|
OWASP-Crosssite Scripting Attacks (XSS)
OWASP-Broken Authentication Mechanisms
OWASP-Indirect Object References
OWASP-Cross-site Request Forgery (CSRF)
OWASP -- Security Misconfigurations - Video8
OWASP - Failure to Restrict URL Access, Unvalidated Redirects & Objects
|Section 8: Web Application Penetration Testing - ADVANCE (PART 2 Of this Course)|
Mastering Web Dojo - Video1
Mastering Web Dojo - Video2
Code Defence Mechanisms
Mapping the Web Applications-Video1
Mapping the Web Applications-Video2
Mapping the Web Applications-Video3
InSEC-Techs (Information Security Technologies) www insectechs dot in is an integrated single-source IT training company providing classroom and distance courses like PHP, Ethical Hacking, Web Application Penetration Testing, Python, C language, Perl, CCNA and web development firm with uniquely competent, professional and creative website designing & internet marketing company providing full featured internet marketing solutions and web services including B2B & B2C e-commerce solutions which also acts as an offshore development center for overseas development firms to help them optimize their business significance in the global market- With one phone call you get a team of highly-skilled experts with a business-driven common-sense approach-
InSEC-Techs ensure that individual care is taken in classroom while conducting sessions- We will not have more than seven students per batch in a single session to shoot more concentration on each student-
Kiran Thirukovela, 31 years old Cyber-techie and Cheif Executive Officer (CEO) of InSEC-Techs (Information Security Technologies)
Dropped out B-Techs (ECE) by choice and B-SC (Computer Science)and stepped into the world of Computers and networking- Kiran holds IT certification like
MCSA: Microsoft Certified System Administrator
CCNA: Cisco Certified Network Administrator
IINS: Implementing IOS Network Security Expert
CCNP: Cisco Certified Network Professional
CCNP-Sec: Cisco Certified Network Professional Security
CCSP: Cisco Certified SecurityProfessional
AFCEH: Ankit Fadia Certified Ethical Hacker
CHFI: Computer Hacking Forensic Investigator
Kiran has authored book "Cyber Crimes Investigation" with co-author Mr- Benild Joseph- A Book written for law enforcement agencies in india- Kiran is Network Security professional with 5+ years of experience and 3+ years of as Ethical Hacking trainer-
He specializes in Web Application security, Penetration testing and Forensic investigation and solved cyber crime cases in India and kenya-
Nipun is well-known IT security Researcher, Well Known for his activities in the field of ethical hacking and cyber forensics - Mr- Nipun was an Independent security expert , who works on cyber crime cases and investigations , he was the Ex-C-T-O in Secugenius Security Solutions , Also He Worked As A Security Analyst in a Company - During His Career He has Pen-tested over 100+ Servers And Solved Many Cyber Crime Cases ,
He Has Trained Over 5000+ students in the field of ethical hacking and penetration testing , he is the currently the ambassador for EC-COUNCIL Programs In Lovely Professional University (First Indian University To Tie Up With EC-COUNCIL)- He is Currently Pursuing Masters In Technology (M-TECH) From LPU Itself - He Has Been The Speaker At Several National Level Confrences - His Security Research Papers Are Published Over Many Sites Like Packetstorm, SourceForge Etc-
Achievements of His Careers:
a- Certified Ethical Hacker (EC-COUNCIL C|EH)
b- Certified Information Security Expert (CISE)
c- Ankit Fadia's Certified Ethical Hacker (AFCEH 5-0)
d- Winner Of Innobuzz Best Blog Competition (2010)
e- Ambassador Of EC-COUNCIL @ Lovely Professional University
f- Ex- Chief Technical Officer At Secugenius Security Solutions
g- Ex- Security Analyst At Cyber Cure Solutions Delhi
h- Founder/Admin Of Starthack.
i- Founder/Admin Of Indian Cyber Police (Among Most Active HAcker's group of india)
j- Administrator of various Forum
k- Admin Of Hacker's Group Ap3x_nd_h4ck0
l- Respected V-I-P Member Of International Hacker's Forum (MADLEETS Pakistan)
m- Presenter At HATCON LPU & HATCON KANPUR
n- Presenter At DEFCON Groups (DC141001)
1-Defcon Rajasthan :
2- Defcon Punjab :
o- Presently writing two books On Web application Hacking And Metasploit Framework
p- Trained Over 5000 Students And Delivered Over 50+ Workshops
q- Worked On Cyber Crime Cases-
r- Secured Over 1000 Domains
s- Regular Author At Packet Storm Security.
Bio: Mr- Srinivas
Mr- Srininvas is Security Analyst and Ethical Hacking Trainer Since 6 Years and addressed over 50 workshops and Seminars- He is Co-Author of the Book "Hacking S3crets", along with Sai Satish and Aditya Gupta-
Srininvas is also moderator of famous Hacking Forum based website andhrahackers and contributed SQL Injection articles to World's leading hacking magazine "hackin9"-
Srininvas was honoured with "PRATHIBHA" Award by Govt- of Andhra Pradesh in Year 2008-
Hours of video content