Buying for a Team? Gift This Course
Wishlisted Wishlist

Please confirm that you want to add Ethical Hacking & Web Application Penetration Testing to your Wishlist.

Add to Wishlist

Ethical Hacking & Web Application Penetration Testing

Ethical Hacking & WAPT is Offensive Security course that primarly focus on finding out bugs in Applications or Networks.
3.7 (34 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
519 students enrolled
Created by InSEC- Techs
Last updated 2/2014
$10 $20 50% off
4 days left at this price!
30-Day Money-Back Guarantee
  • 32.5 hours on-demand video
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
Have a coupon?
Learn Ethical Hacking & Advanced Mobile and Web Application Penetration Testing courses with course completion certificate @ $10. Contact us for details.

Ethical Hacking (EH) and Web Application Penetration Testing (WAPT) Course is IT Security (Offensive) Security Course that teaches you how to find vulnerabilities (bugs or loopholes, like coding mistakes, configuration mistakes or errors etc) in any applications and Network infrastructures including networking devices, mobiles etc- Web Application Penetration is specific to digging the same specific to web applications-

In this course you will learn how to find critical information that helps you to hack into computer / applications, later tool, techniques and technologies that help you to penetrate (hack) into your target- Ethical Hackers have high demand and have excellent job scope around the world- You can just dig information in job portals about the job scope and salaries paid- According to Nasscom (INDIA), India needs 188,000 security professionals by 2012, its 2014 now, you can expect the job scope around the world-

This course (EH & WAPT) is highly comprehensive made of 145 video lectures of 31 hours and PDF & text materials- Your doubts related to subject will clarified lifetime on our social networking based website w w w dot h a c h k o dot com / h a c h k o - Well, the speakers in the course are Mr- Srinivas and Mr- Nipun Jaswal and ofcourse myslef in couple of videos as guest lecture- Bio: Nipun Jaswal: Nipun Jaswal is well-known IT security Researcher, Well Known for his activities in the field of ethical hacking and cyber forensics - Mr- Nipun was an Independent security expert , who works on cyber crime cases and investigations , he was the Ex-C-T-O in Secugenius Security Solutions , Also He Worked As A Security Analyst in a Company - During His Career He has Pen-tested over 100+ Servers And Solved Many Cyber Crime Cases , He Has Trained Over 5000+ students in the field of ethical hacking and penetration testing , he is the currently the ambassador for EC-COUNCIL Programs In Lovely Professional University (First Indian University To Tie Up With EC-COUNCIL)- He is Currently Pursuing Masters In Technology (M-TECH) From LPU Itself - He Has Been The Speaker At Several National Level Confrences - His Security Research Papers Are Published Over Many Sites Like Packetstorm, SourceForge Etc- Achievements of His Careers: a- Certified Ethical Hacker (EC-COUNCIL C|EH) b- Certified Information Security Expert (CISE) c- Ankit Fadia's Certified Ethical Hacker (AFCEH 5-0) d- Winner Of Innobuzz Best Blog Competition (2010) e- Ambassador Of EC-COUNCIL @ Lovely Professional University f- Ex- Chief Technical Officer At Secugenius Security Solutions g- Ex- Security Analyst At Cyber Cure Solutions Delhi h- Founder/Admin Of Starthack i- Founder/Admin Of Indian Cyber Police (Among Most Active HAcker's group of india) j- Administrator of various forums k- Admin Of Hacker's Group Ap3x_nd_h4ck0 l- Respected V-I-P Member Of International Hacker's Forum (MADLEETS Pakistan) m- Presenter At HATCON LPU & HATCON KANPUR n- Presenter At DEFCON Groups (DC141001) 1-Defcon Rajasthan 2- Defcon Punjab o- Presently writing two books On Web application Hacking And Metasploit Framework p- Trained Over 5000 Students And Delivered Over 50+ Workshops q- Worked On Cyber Crime Cases- r- Secured Over 1000 Domains s- Regular Author At Packet Storm Security t- 3+ Years Of Experince Mr- Srinivas Mr- Srininvas is Security Analyst and Ethical Hacking Trainer Since 6 Years and addressed over 50 workshops and Seminars- He is Co-Author of the Book "Hacking S3crets", along with Sai Satish and Aditya Gupta- Srininvas is also moderator of famous Hacking Forum based website and contributed SQL Injection articles to World's leading hacking magazine "hackin9"- Srininvas was honoured with "PRATHIBHA" Award by Govt- of Andhra Pradesh in Year 2008-

Who is the target audience?
  • Law Enforcement personell
  • Security Auditors
  • PHP, .NET, Java Developers, Netwoking Professionals, Firewall/IDS Specialists
  • CEO's
  • Law Firm Agents
  • Cyber Crime Investigators
  • Security Analysts
  • Anyone with basic Computer knowledge
  • Computer Geeks
Students Who Viewed This Course Also Viewed
What Will I Learn?
You will learn the ART of Hacking.
You will learn Windows and Linux
You will learn how to dig information about your target system/server/website or Human(Social Engineering)
You will learn Tricks , Methods and Technologies to Hack into any target.
You will learn Hacking Mobile Phone.
You will learn what're the bugs in Web Applications and How websites and servers are Hacked.
You will learn how to Hack Networks and Routers.
You will master Testing Web Application Security
Overall You will become INFORMATION SECURITY EXPERT or in other words, You will become POTENTIAL HACKER.
Get Certified as InSEC-Techs Certified Ethical Hacker [ I | CEH ] InSEC-Techs Certified Web Application Penetration Tester [ I | CWAPT ]
View Curriculum
  • Basic Networking Knowledge would be preferable (Not Necessary)
Curriculum For This Course
Expand All 148 Lectures Collapse All 148 Lectures 32:32:54
Computer Basics & Introduction
7 Lectures 02:33:48

Hello Friends, Welcome to the course. Send your Email ID to for Online Exam Information with subject as "Registered Student"

Preview 30:56

The term “hacker” has a dual usage in the computer industry today. Originally, the termwas defined as:HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities—as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.
This complimentary description was often extended to the verb form “hacking,” which was used to describe the rapid crafting of a new program or the making of changes to existing, usually complicated software. As computers became increasingly available at universities, user communities began to extend beyond researchers in engineering or computer science to other individuals who viewed the computer as a curiously flexible tool. Whether they programmed the computers to play games, draw pictures, or to help them with the more mundane aspects of their daily work, once computers were available for use, there was never a lack of individuals wanting to use them.
Because of this increasing popularity of computers and their continued high cost, access to them was usually restricted. When refused access to the computers, some users would challenge the access controls that had been put in place. They would steal passwords or account numbers by looking over someone's shoulder, explore the system for bugs that might get them past the rules, or even take control of the whole system.
They would do these things in order to be able to run the programs of their choice, or just to change the limitations under which their programs were running. Initially these computer intrusions were fairly benign, with the most damage being the theft of computer time. Other times, these recreations would take the form of practical jokes. However, these intrusions did not stay benign for long. Occasionally the less talented, or less careful, intruders would accidentally bring down a system or damage its files, and the system administrators would have to restart it or make repairs. Other times, when these intruders were again denied access once their activities were discovered, they would react with purposefully destructive actions. When the number of these destructive computer intrusions became noticeable, due to the visibility of the system or the extent of the damage inflicted, it became “news” and the news media picked up on the story. Instead of using the more accurate term of “computer criminal,” the media began using the term “hacker” to describe individuals who break into computers for fun, revenge, or profit. Since calling someone a “hacker” was originally meant as a compliment, computer security professionals prefer to use the term “cracker” or “intruder” for those hackers who turn to the dark side of hacking. For clarity, we will use the explicit terms “ethical hacker” and “criminal hacker” for the rest of this paper.

What is ethical hacking?
With the growth of the Internet, computer security has become a major concern for businesses and governments. They want to be able to take advantage of the Internet for electronic commerce, advertising, information distribution and access, and other pursuits, but they are worried about the possibility of being “hacked.” At the same time, the potential customers of these services are worried about maintaining control of
personal information that varies from credit card numbers to social security numbers and home addresses.2
In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers”3 would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems' security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them. This method of evaluating the security of a system has been in use from the early days of computers. In one early ethical hack, the United States Air Force conducted a “security evaluation” of the Multics operating systems for “potential use as a two-level (secret/top secret) system.”4 Their evaluation found that while Multics was “significantly better than other conventional systems,” it also had “ … vulnerabilities in hardware security, software security, and procedural security” that could be uncovered with “a relatively low level of effort.” The authors performed their tests under a guideline of realism, so that their results would accurately represent the kinds of access that an intruder could potentially achieve. They performed tests that were simple information-gathering exercises, as well as other tests that were outright attacks upon the system that might damage its integrity. Clearly, their audience wanted to know both results. There are several other now unclassified reports that describe ethical hacking activities within the U.S. military.5-7 With the growth of computer networking, and of the Internet in particular, computer and network vulnerability studies began to appear outside of the military establishment.
Most notable of these was the work by Farmer and Venema,89 in December of 1993. They discussed publicly, perhaps for the first time,10 this idea of using the techniques of the hacker to assess the security of a system. With the goal of raising the overall level of security on the Internet and intranets, they proceeded to describe how they were able to gather enough information about their targets to have been able to compromise security if they had chosen to do so. They provided several specific examples of how this information could be gathered and exploited to gain control of the target, and how such an attack could be prevented. which was originally posted to
Usenet Farmer and Venema elected to share their report freely on the Internet in order that everyone could read and learn from it. However, they realized that the testing at which they had become so adept might be too complex, time-consuming, or just too boring for the typical system administrator to perform on a regular basis. For this reason, they gathered up all the tools that they had used during their work, packaged them in a single, easy-to-use application, and gave it away to anyone who chose to download it.11 Their program, called Security Analysis Tool for Auditing Networks, or SATAN, was met with a great amount of media attention around the world. Most of this early attention was negative, because the tool's capabilities were misunderstood. The tool was not an automated hacker program that would bore into systems and steal their secrets. Rather, the tool performed an audit that both identified the vulnerabilities of a system and provided advice on how to eliminate them. Just as banks have regular audits of their accounts and procedures, computer systems also need regular checking. The SATAN tool provided that auditing capability, but it went one step further: it also advised the user on how to correct the problems it discovered. The tool did not tell the user how the vulnerability might be exploited, because there would be no useful point in doing so.

Who are ethical hackers?
These early efforts provide good examples of ethical hackers. Successful ethical hackers possess a variety of skills. First and foremost, they must be completely trustworthy. While testing the security of a client's systems, the ethical hacker may discover information about the client that should remain secret. In many cases, this information, if publicized, could lead to real intruders breaking into the systems, possibly leading to financial losses. During an evaluation, the ethical hacker often holds the “keys to the company,” and therefore must be trusted to exercise tight control over any information about a target that could be misused. The sensitivity of the information gathered during an evaluation requires that strong measures be taken to ensure the security of the
systems being employed by the ethical hackers themselves: limited-access labs with physical security protection and full ceiling-to-floor walls, multiple secure Internet connections, a safe to hold paper documentation from clients, strong cryptography to protect electronic results, and isolated networks for testing. Ethical hackers typically have very strong programming and computer networking skills and have been in the computer and networking business for several years. They are also adept at installing and maintaining systems that use the more popular operating systems (e.g., UNIX** or Windows NT**) used on target systems. These base skills are
augmented with detailed knowledge of the hardware and software provided by the more popular computer and networking hardware vendors. It should be noted that an additional specialization in security is not always necessary, as strong skills in the other areas imply a very good understanding of how the security on various systems is maintained. These systems management skills are necessary for the actual vulnerability testing, but are equally important when preparing the report for the client after the test. Finally, good candidates for ethical hacking have more drive and patience than most people. Unlike the way someone breaks into a computer in the movies, the work that ethical hackers do demands a lot of time and persistence. This is a critical trait, since
criminal hackers are known to be extremely patient and willing to monitor systems for days or weeks while waiting for an opportunity. A typical evaluation may require several days of tedious work that is difficult to automate. Some portions of the evaluations must be done outside of normal working hours to avoid interfering with production at “live” targets or to simulate the timing of a real attack. When they encounter a system with
which they are unfamiliar, ethical hackers will spend the time to learn about the system and try to find its weaknesses. Finally, keeping up with the ever-changing world of computer and network security requires continuous education and review. One might observe that the skills we have described could just as easily belong to a criminal hacker as to an ethical hacker. Just as in sports or warfare, knowledge of the skills and techniques of your opponent is vital to your success. In the computer security realm, the ethical hacker's task is the harder one. With traditional crime anyone can become a shoplifter, graffiti artist, or a mugger. Their potential targets are usually easy to identify and tend to be localized. The local law enforcement agents must know how
the criminals ply their trade and how to stop them. On the Internet anyone can download criminal hacker tools and use them to attempt to break into computers anywhere in the world. Ethical hackers have to know the techniques of the criminal hackers, how their activities might be detected, and how to stop them. Given these qualifications, how does one go about finding such individuals? The best ethical hacker candidates will have successfully published research papers or released popular open-source security software the computer security community is strongly self-policing, given the importance of its work. Most ethical hackers, and many of the better computer and network security experts, did not set out to focus on these issues. Most of them were computer users from various disciplines, such as astronomy and physics, mathematics, computer science, philosophy, or liberal arts, who took it personally when someone disrupted their work with a hack. One rule that IBM's ethical hacking effort had from the very beginning was that we would not hire ex-hackers. While some will argue that only a “real hacker” would have the skill to actually do the work, we feel that the requirement for absolute trust eliminated such candidates. We likened the decision to that of hiring a fire marshal for a school district: while a gifted ex-arsonist might indeed know everything about setting and putting out fires, would the parents of the students really feel comfortable with such a choice? This decision was further justified when the service was initially offered: the customers themselves asked that such a restriction be observed. Since IBM's ethical hacking group was formed, there have been numerous ex-hackers who have become
security consultants and spokespersons for the news media. While they may very wellhave turned away from the “dark side,” there will always be a doubt.

What do ethical hackers do?
An ethical hacker's evaluation of a system's security seeks answers to three basic
* What can an intruder see on the target systems?
* What can an intruder do with that information?
* Does anyone at the target notice the intruder's attempts or successes?
While the first and second of these are clearly important, the third is even more
important: If the owners or operators of the target systems do not notice when someone
is trying to break in, the intruders can, and will, spend weeks or months trying and will
usually eventually succeed.
When the client requests an evaluation, there is quite a bit of discussion and paperwork
that must be done up front. The discussion begins with the client's answers to questions
similar to those posed by Garfinkel and Spafford:13
1. What are you trying to protect?
2. What are you trying to protect against?
3. How much time, effort, and money are you willing to expend to obtain adequate
A surprising number of clients have difficulty precisely answering the first question: a medical center might say “our patient information,” an engineering firm might answer“our new product designs,” and a Web retailer might answer “our customer database.”All of these answers fall short, since they only describe targets in a general way. The client usually has to be guided to succinctly describe all of the critical information assets for which loss could adversely affect the organization or its clients. These assets should also include secondary information sources, such as employee names and addresses(which are privacy and safety risks), computer and network information (which could provide assistance to an intruder), and other organizations with which this organization
collaborates (which provide alternate paths into the target systems through a possibly less secure partner's system).A complete answer to (2) specifies more than just the loss of the things listed in answer to (1). There are also the issues of system availability, wherein a denial-of-service attack could cost the client actual revenue and customer loss because systems were unavailable. The world became quite familiar with denial-of-service attacks in February of 2000 when attacks were launched against eBay**, Yahoo!**, E*TRADE**, CNN**, and
other popular Web sites. During the attacks, customers were unable to reach these Websites, resulting in loss of revenue and “mind share.” The answers to (1) should contain more than just a list of information assets on the organization's computer. The level of damage to an organization's good image resulting from a successful criminal hack can range from merely embarrassing to a serious threat to revenue. As an example of a hack affecting an organization's image, on January 17, 2000, a U.S. Library of Congress Web site was attacked. The original initial screen is shown in Figure 1, whereas the hacked screen is shown in Figure 2. As is often done, the criminal hacker left his or her nick name, or handle, near the top of the page in order to guarantee credit for the
Some clients are under the mistaken impression that their Web site would nt be a target. They cite numerous reasons, such as “it has nothing interesting on it” or“hackers have never heard of my company.” What these clients do not realize is that every Web site is a target. The goal of many criminal hackers is simple: Do something spectacular and then make sure that all of your pals know that you did it. Another rebuttal is that many hackers simply do not care who your company or organization is;they hack your Web site because they can. For example, Web administrators at UNICEF(United Nations Children's Fund) might very well have thought that no hacker would attack them. However, in January of 1998, their page was defaced as shown in Figures 3
and 4. Many other examples of hacked Web pages can be found at archival sites around the Web.14Answers to the third question are complicated by the fact that computer and networksecurity costs come in three forms. First there are the real monetary costs incurred when obtaining security consulting, hiring personnel, and deploying hardware and software to support security needs. Second, there is the cost of usability: the more
secure a system is, the more difficult it can be to make it easy to use. The difficulty can take the form of obscure password selection rules, strict system configuration rules, and limited remote access. Third, there is the cost of computer and network performance.The more time a computer or network spends on security needs, such as strong cryptography and detailed system activity logging, the less time it has to work on user problems. Because of Moore's Law,15 this may be less of an issue for mainframe,desktop, and laptop machines. Yet, it still remains a concern for mobile computing.

The “get out of jail free card”
Once answers to these three questions have been determined, a security evaluationplan is drawn up that identifies the systems to be tested, how they should be tested,and any limitations on that testing. Commonly referred to as a “get out of jail freecard,” this is the contractual agreement between the client and the ethical hackers, whotypically write it together. This agreement also protects the ethical hackers againstprosecution, since much of what they do during the course of an evaluation would beillegal in most countries. The agreement provides a precise description, usually in theform of network addresses or modem telephone numbers, of the systems to beevaluated. Precision on this point is of the utmost importance, since a minor mistakecould lead to the evaluation of the wrong system at the client's installation or, in theworst case, the evaluation of some other organization's system.Once the target systems are identified, the agreement must describe how they should
be tested. The best evaluation is done under a “no-holds-barred” approach. This meansthat the ethical hacker can try anything he or she can think of to attempt to gain accessto or disrupt the target system. While this is the most realistic and useful, some clientsbalk at this level of testing. Clients have several reasons for tis, the most common ofwhich is that the target systems are “in production” and interference with theiroperation could be damaging to the organization's interests. However, it should bepointed out to such clients that these very reasons are precisely why a “no-holdsbarred”approach should be employed. An intruder will not be playing by the client'srules. If the systems are that important to the organization's well-being, they should betested as thoroughly as possible. In either case, the client should be made fully aware ofthe risks inherent to ethical hacker evaluations. These risks include alarmed staff andunintentional system crashes, degraded network or system performance, denial ofservice, and log-file size explosions.Some clients insist that as soon as the ethical hackers gain access to their network or toone of their systems, the evaluation should halt and the client be notified. This sort ofruling should be discouraged, because it prevents the client from learning all that theethical hackers might discover about their systems. It can also lead to the client'shaving a false sense of security by thinking that the first security hole found is the onlyone present. The evaluation should be allowed to proceed, since where there is oneexposure there are probably others.The timing of the evaluations may also be important to the client. The client may wishto avoid affecting systems and networks during regular working hours. While thisrestriction is not recommended, it reduces the accuracy of the evaluation onlysomewhat, since most intruders do their work outside of the local regular workinghours. However, attacks done during regular working hours may be more easily hidden.Alerts from intrusion detection systems may even be disabled or less carefully
monitored during the day. Whatever timing is agreed to, the client should providecontacts within the organization who can respond to calls from the ethical hackers if asystem or network appears to have been adversely affected by the evaluation or if anextremely dangerous vulnerability is found that should be immediately corrected.It is common for potential clients to delay the evaluation of their systems until only afew weeks or days before the systems need to go on-line. Such last-minute evaluationsare of little use, since implementations of corrections for discovered security problemsmight take more time than is available and may introduce new system problems.In order for the client to receive a valid evaluation, the client must be cautioned to limitprior knowledge of the test as much as possible. Otherwise, the ethical hackers mightencounter the electronic equivalent of the client's employees running ahead of them,locking doors and windows. By limiting the number of people at the target organizationwho know of the impending evaluation, the likelihood that the evaluation will reflect theorganization's actual security posture is increased. A related issue that the client mustbe prepared to address is the relationship of the ethical hackers to the targetorganization's employees. Employees may view this “surprise inspection” as a threat totheir jobs, so the organization's management team must be prepared to take steps toreassure them.

The ethical hack itself
Once the contractual agreement is in place, the testing may begin as defined in the agreement. It should be noted that the testing itself poses some risk to the client, since a criminal hacker monitoring the transmissions of the ethical hackers could learn the same information. If the ethical hackers identify a weakness in the client's security, the criminal hacker could potentially attempt to exploit that vulnerability. This is especially vexing since the activities of the ethical hackers might mask those of the criminal hackers. The best approach to this dilemma is to maintain several addresses around the Internet from which the ethical hacker's transmissions will emanate, and to switch origin addresses often. Complete logs of the tests performed by the ethical hackers are always maintained, both for the final report and in the event that something unusual occurs. In extreme cases, additional intrusion monitoring software can be deployed at the target to ensure that all the tests are coming from the ethical hacker's machines. However, this is difficult to do without tipping off the client's staff and may require the cooperation of the client's Internet service provider. The line between criminal hacking and computer virus writing is becoming increasingly blurred. When requested by the client, the ethical hacker can perform testing to determine the client's vulnerability to e-mail or Web-based virus vectors. However, it is far better for the client to deploy strong antivirus software, keep it up to date, and have a clear and simple policy in place for the reporting of incidents. IBM's Immune System for Cyberspace16,17 is another approach that provides the additional capability of recognizing new viruses and reporting them to a central lab that automatically analyzes
the virus and provides an immediate vaccine.
As dramatized in Figure 5, there are several kinds of testing. Any combination of the following may be called for:
* Remote network. This test simulates the intruder launching an attack across the Internet. The primary defenses that must be defeated here are border firewalls, filtering routers, and Web servers.
* Remote dial-up network. This test simulates the intruder launching an attack against the client's modem pools. The primary defenses that must be defeated here are user authentication schemes. These kinds of tests should be coordinated with the local telephone company.
* Local network. This test simulates an employee or other authorized person who has a legal connection to the organization's network. The primary defenses that must be defeated here are intranet firewalls, internal Web servers, server security measures,and e-mail systems.
* Stolen laptop computer. In this test, the laptop computer of a key employee, such as an upper-level manager or strategist, is taken by the client without warning and given to the ethical hackers. They examine the computer for passwords stored in dial-up software, corporate information assets, personnel information, and the like. Since many busy users will store their passwords on their machine, it is common for the ethical hackers to be able to use this laptop computer to dial into the corporate intranet with the owner's full privileges.
* Social engineering. This test evaluates the target organization's staff as to whether it would leak information to someone. A typical example of this would be an intruder calling the organization's computer help line and asking for the external telephone numbers of the modem pool. Defending against this kind of attack is the hardest, because people and personalities are involved. Most people are basically helpful, so it seems harmless to tell someone who appears to be lost where the computer room is located, or to let someone into the building who “forgot” his or her badge. The only defense against this is to raise security awareness.
* Physical entry. This test acts out a physical penetration of the organization's building.Special arrangements must be made for this, since security guards or police could become involved if the ethical hackers fail to avoid detection. Once inside the building,it is important that the tester not be detected. One technique is for the tester to carry a document with the target company's logo on it. Such a document could be found by digging through trash cans before the ethical hack or by casually picking up a document from a trash can or desk once the tester is inside. The primary defenses here are a strong security policy, security guards, access controls and monitoring, and security awareness.
Each of these kinds of testing can be performed from three perspectives: as a totaloutsider, a “semi-outsider,” or a valid user. A total outsider has very limited knowledge about the target systems. The only information used is available through public sources on the Internet. This test represents the most commonly perceived threat. A well-defended system should not allow this kind of intruder to do anything.
A semi-outsider has limited access to one or more of the organization's computers or networks. This tests scenarios such as a bank allowing its depositors to use special software and a modem to access information about their accounts. A well-defended system should only allow this kind of intruder to access his or her own account information.
A valid user has valid access to at least some of the organization's computers and networks. This tests whether or not insiders with some access can extend that access beyond what has been prescribed. A well-defended system should allow an insider to access only the areas and resources that the system administrator has assigned to the insider.
The actual evaluation of the client's systems proceeds through several phases, as described previously by Boulanger.18

The final report
The final report is a collection of all of the ethical hacker's discoveries made during the evaluation. Vulnerabilities that were found to exist are explained and avoidance procedures specified. If the ethical hacker's activities were noticed at all, the response of the client's staff is described and suggestions for improvements are made. If social engineering testing exposed problems, advice is offered on how to raise awareness. This is the main point of the whole exercise: it does clients no good just to tell them that they have problems. The report must include specific advice on how to close the vulnerabilities and keep them closed. The actual techniques employed by the testers are never revealed. This is because the person delivering the report can never be sure
just who will have access to that report once it is in the client's hands. For example, an employee might want to try out some of the techniques for himself or herself. He or she might choose to test the company's systems, possibly annoying system administrators or even inadvertently hiding a real attack. The employee might also choose to test the systems of another organization, which is a felony in the United States when done without permission. The actual delivery of the report is also a sensitive issue. If vulnerabilities were found, the report could be extremely dangerous if it fell into the wrong hands. A competitor might use it for corporate espionage, a hacker might use it to break into the client's computers, or a prankster might just post the report's contents on the Web as a joke. The final report is typically delivered directly to an officer of the client organization in hard-copy form. The ethical hackers would have an ongoing responsibility to ensure the safety of any information they retain, so in most cases all information related to the work is destroyed at the end of the contract.
Once the ethical hack is done and the report delivered, the client might ask “So, if I fix these things I'll have perfect security, right?” Unfortunately, this is not the case. People operate the client's computers and networks, and people make mistakes. The longer it has been since the testing was performed, the less can be reliably said about the state of a client's security. A portion of the final report includes recommendations for steps the client should continue to follow in order to reduce the impact of these mistakes in the future.

The idea of testing the security of a system by trying to break into it is not new. Whether an automobile company is crash-testing cars, or an individual is testing his or her skill at martial arts by sparring with a partner, evaluation by testing under attack from a real adversary is widely accepted as prudent. It is, however, not sufficient by itself. As Roger Schell observed nearly 30 years ago:
From a practical standpoint the security problem will remain as long as manufacturers remain committed to current system architectures, produced without a firm requirement for security. As long as there is support for ad hoc fixes and security packages for these inadequate designs and as long as the illusory results of penetration teams are accepted as demonstrations of a computer system security, proper security
will not be a reality.19
Regular auditing, vigilant intrusion detection, good system administration practice, and computer security awareness are all essential parts of an organization's security efforts. A single failure in any of these areas could very well expose an organization to cybervandalism, embarrassment, loss of revenue or mind share, or worse. Any new technology has its benefits and its risks. While ethical hackers can help clients better understand their security needs, it is up to the clients to keep their guards in place.


Threat: An Action or event that might compromise the security. It is violation the Security Policy.
Vulnerability: In computer security, the term vulnerability is a weakness which allows an attacker to reduce a system's Information Assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To be vulnerable, an attacker must have at least one applicable tool or technique that can connect to a system weakness. In this frame, vulnerability is also known as the attack surface.
Target of Evolution: An IT system, Product or Component that is identified subjected to require security evolution.
Attack: An assault against a computer system or network as a result of deliberate, intelligent action; for example, denial of service attacks, penetration and sabotage.
Exploit: An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended orunanticipated behavior to occur on computer software, hardware, or something electronic (usually computerised). This frequently includes such things as gaining control of a computer system or allowing privilege escalation or a denial of service attack.
Security: A state of well being of Information and infrastructure in which possible of successful yet.

Adware - Adware is software designed to force pre-chosen ads to display on your system. Some adware is designed to be malicious and will pop up ads with such speed and frequency that they seem to be taking over everything, slowing down your system and tying up all of your system resources. When adware is coupled with spyware, it can be a frustrating ride, to say the least.

Back Door - A back door is a point of entry that circumvents normal security and can be used by a cracker to access a network or computer system. Usually back doors are created by system developers as shortcuts to speed access through security during the development stage and then are overlooked and never properly removed during final implementation. Sometimes crackers will create their own back door to a system by using a virus or a Trojan to set it up, thereby allowing them future access at their leisure.

Black Hat - Just like in the old westerns, these are the bad guys. A black hat is a cracker. To add insult to injury, black hats may also share information about the “break in” with other black hat crackers so they can exploit the same vulnerabilities before the victim becomes aware and takes appropriate measures… like calling Global Digital Forensics!

Bot - A bot is a software “robot” that performs an extensive set of automated tasks on its own. Search engines like Google use bots, also known as spiders, to crawl through websites in order to scan through all of your pages. In these cases bots are not meant to interfere with a user, but are employed in an effort to index sites for the purpose of ranking them accordingly for appropriate returns on search queries. But when black hats use a bot, they can perform an extensive set of destructive tasks, as well as introduce many forms of malware to your system or network. They can also be used by black hats to coordinate attacks by controlling botnets.

Botnet – A botnet is a network of zombie drones under the control of a black hat. When black hats are launching a Distributed Denial of Service attack for instance, they will use a botnet under their control to accomplish it. Most often, the users of the systems will not even know they are involved or that their system resources are being used to carry out DDOS attacks or for spamming. It not only helps cover the black hat’s tracks, but increases the ferocity of the attack by using the resources of many computer systems in a coordinated effort.

Cookies – A cookie is a small packet of information from a visited webserver stored on your system by your computer’s browser. It is designed to store personalized information in order to customize your next visit. For instance, if you visit a site with forms to fill out on each visit, that information can be stored on your system as a cookie so you don’t have to go through the process of filling out the forms each time you visit.

Cracker - When you hear the word hacker today, in reality it is normally referring to a cracker, but the two have become synonymous. With its origin derived from “safe-cracker” as a way to differentiate from the various uses of “hacker” in the cyber world, a cracker is someone who breaks into a computer system or network without authorization and with the intention of doing damage. A cracker may destroy files, steal personal information like credit card numbers or client data, infect the system with a virus, or undertake many others things that cause harm. This glossary will give you an idea of what they can do and some of the means they use to achieve their malicious objectives. These are the black hats.

Denial of Service Attack (DOS) – A Denial of Service attack is an attack designed to overwhelm a targeted website to the point of crashing it or making it inaccessible. Along with sheer numbers and frequency, sometimes the data packets that are sent are malformed to further stress the system trying to process the server requests. A successful Denial of Service attack can cripple any entity that relies on its online presence by rendering their website virtually useless.

Distributed Denial of Service Attack (DDOS) - A Distributed Denial of Service attack is done with the help of zombie drones (also known as a botnet) under the control of black hats using a master program to command them to send information and data packets to the targeted webserver from the multiple systems under their control. This obviously makes the Distributed Denial of Service attack even more devastating than a Denial of Service attack launched from a single system, flooding the target server with a speed and volume that is exponentially magnified. As is normally the case with zombie drones and botnets, this is often done without the user of the controlled system even knowing they were involved.

Dumpster Diving - The act of rummaging through the trash of an individual or business to gather information that could be useful for a cyber criminal to gain access to a system or attain personal information to aid them in identity theft or system intrusion. One person’s garbage can indeed be a cyber criminal’s treasure.

Easter Egg - A non-malicious surprise contained in a program or on a circuit board installed by the developer. It could be as simple as a text greeting, a signature, or an image embedded on a circuit board, or comprise a more complex routine, like a video or a small program. The criteria that must be met to be considered an Easter Egg are that it be undocumented, non-malicious, reproducible to anyone with the same device or software, not be obvious, and above all – it should be entertaining!

Firewall - A firewall is a security barrier designed to keep unwanted intruders “outside” a computer system or network while allowing safe communication between systems and users on the “inside” of the firewall. Firewalls can be physical devices or software-based, or a combination of the two. A well designed and implemented firewall is a must to ensure safe communications and network access and should be regularly checked and updated to ensure continued function. Black hats learn new tricks and exploit new techniques all the time, and what worked to keep them out yesterday may need to be adjusted or replaced over time.

Gray Hat – A gray hat, as you would imagine, is a bit of a white hat/black hat hybrid. Thankfully, like white hats, their mission is not to do damage to a system or network, but to expose flaws in system security. The black hat part of the mix is that they may very well use illegal means to gain access to the targeted system or network, but not for the purpose of damaging or destroying data: they want to expose the security weaknesses of a particular system and then notify the “victim” of their success. Often this is done with the intent of then selling their services to help correct the security failure so black hats can not gain entry and/or access for more devious and harmful purposes.

Hacker - This is the trickiest definition of the group and controversy has followed its use for decades. Originally, the term hacker had a positive connotation and it actually had nothing to do with computer systems. In 1946, the Tech Model Railroad Club of MIT coined the term to mean someone who applies ingenuity to achieve a clever result. Then, when computers came along, ”hacker” took on the meaning of someone who would “hack” away on a program through the night to make it better. But in the 80s everything changed, and Hollywood was the catalyst. When the personal computers onslaught started invading our daily lives, it didn’t take long for clever screen-writers to bring the black hat villains of the cyber world to the forefront of our collective consciousness, and they haven’t looked back since. They associated our deepest fears with the word hacker, making them the ones that unraveled our privacy, put our safety in jeopardy, and had the power to take everything from us, from our material possessions to our very identities. And they could do it all anonymously, by hacking away in a dark room by the dim light of a computer monitor’s glow. Needless to say, right or wrong, it stuck! Even many professionals in the computing field today have finally, albeit grudgingly, given in to the mainstream meaning of the word. “Hacker” has thus become the catch-all term used when in fact it should be “cracker.”

Keylogger – A keylogger is a non-destructive program that is designed to log every keystroke made on a computer. The information that is collected can then be saved as a file and/or sent to another machine on the network or over the Internet, making it possible for someone else to see every keystroke that was made on a particular system. By breaking down this information, it can be easy for a black hat cracker to recreate your user names and passwords, putting all kinds of information at risk and susceptible to misuse. Just imagine your online banking login information falling into the wrong hands! Finding out you have a keylogger installed, however, does not necessarily mean you were the victim of a black hat, as some companies install them on employee computers to track usage and ensure that systems are not being used for unintended purposes. Keyloggers are, for obvious reasons, often considered to be spyware.

Logic Bomb – A logic bomb is a malicious program designed to execute when a certain criterion is met. A time bomb could be considered a logic bomb because when the target time or date is reached, it executes. But logic bombs can be much more complex. They can be designed to execute when a certain file is accessed, or when a certain key combination is pressed, or through the passing of any other event or task that is possible to be tracked on a computer. Until the trigger event the logic bomb was designed for passes, it will simply remain dormant.

Malware – Simply put, malware is a malicious program that causes damage. It includes viruses, Trojans, worms, time bombs, logic bombs, or anything else intended to cause damage upon the execution of the payload.

Master Program - A master program is the program a black hat cracker uses to remotely transmit commands to infected zombie drones, normally to carry out Denial of Service attacks or spam attacks.

Payload – The payload is the part of the malware program that actually executes its designed task.

Phishing – Phishing is a form of social engineering carried out by black hats in electronic form, usually by email, with the purpose of gathering sensitive information. Often these communications will look legitimate and sometimes they will even look like they come from a legitimate source like a social networking site, a well-known entity like Paypal or Ebay, or even your bank. They will have a link directing you to a site that looks very convincing and ask you to verify your account information. When you log in to verify your information on the bogus site, you have just given the black hat exactly what they need to make you the next victim of cyber crime. Phishing is done in many forms – sometimes it’s easy to spot, sometimes not.

Phreaker - Considered the original computer hackers, phreakers, or phone phreakers, hit the scene in the 60s and made their mark by circumventing telecommunications security systems to place calls, including long distance, for free. By using electronic recording devices, or even simply creating tones with a whistle, phreakers tricked the systems into thinking it was a valid call. One of the first to find prominence was “Captain Crunch,” a phreaker who realized the toy whistle that came as a prize in a box of Captain Crunch cereal could be used to mimic the tone frequencies used by telecommunications companies to validate and route calls.

Polymorphic Virus - A polymorphic virus is a virus that will change its digital footprint every time it replicates. Antivirus software relies on a constantly updated and evolving database of virus signatures to detect any virus that may have infected a system. By changing its signature upon replication, a polymorphic virus may elude antivirus software, making it very hard to eradicate.

Rootkit - Without a doubt, the biggest fear in IT security is an undetected intrusion. A rootkit is a tool that can give a black hat the means for just such a perfect heist. A rootkit is a malware program that is installed on a system through various means, including the same methods that allow viruses to be injected into a system, like email, websites designed to introduce malware, or downloading and/or copying to the system with an unsafe program. Once a rootkit is introduced, this will create a back door for a black hat that will allow remote, unauthorized entry whenever he or she chooses. What makes a rootkit particularly lethal: it is installed and functions at such low system levels that it can be designed to erase its own tracks and activity from the now vulnerable system, allowing the black hat to navigate through entire networks without being exposed. Often, black hats will use social engineering to gain physical access to particularly well protected system so the rootkit can be directly installed from CD or a tiny USB drive (it only takes a minute) in order either to circumvent a particularly troublesome firewall or gain access to a system that is not normally accessible from the outside. Once the rootkit is introduced, the black hat has free reign and even skilled IT security departments will have a lot of trouble even seeing the activity as it’s happening. Rootkits are a definite 10 on the scary scale of cyber intrusions.

Script Kiddie - An individual who does not possess, or just doesn’t use, their own skills and know-how to hack or crack a computer system or network, but uses a pre-written program or piece of code, a script, to do the dirty work. While they may not possess the computing talent, they can be just as dangerous!

Social Engineering – In the realm of the black hats, social engineering means to deceive someone for the purpose of acquiring sensitive and personal information, like credit card details or user names and passwords. For instance, when fictitious Mr. Smith calls from IT services to inform you of new user name and password guidelines being implemented by the company and asks you to reveal yours so he can make sure they meet the new guidelines, you have been a target of social engineering. They can be very clever and resourceful, and very, very convincing. The only way to make sure you are not a victim of social engineering is never to give your personal and sensitive information to anyone you are not absolutely sure about. There are very few occasions that anyone legitimate would ever ask you for a password, and you should always be the one contacting them, not the other way around.

Spam – Spam is simply unsolicited email, also known as junk email. Spammers gather lists of email addresses, which they use to bombard users with this unsolicited mail. Often, the emails sent are simply advertising for a product or a service, but sometimes they can be used for phishing and/or directing you to websites or products that will introduce malware to your system. When you receive spam, the best practice is to delete it immediately. Sometimes you will see a note in a spam email that gives you instructions on how to be removed from the list – never do it! This will only confirm to the spammer that they have a valid email address and the spam will just keep coming. They could also then sell your email address to another spammer as a confirmed email address and more spam will show up in your inbox. Most mail services have spam filters and these should be employed whenever possible.

Spoofing – Spoofing is the art of misdirection. Black hat crackers will often cover their tracks by spoofing (faking) an IP address or masking/changing the sender information on an email so as to deceive the recipient as to its origin. For example, they could send you an email containing a link to a page that will infect your system with malware and make it look like it came from a safe source, such as a trusted friend or well-known organization. Most of the true sources have security measures in place to avoid tampering with sender information on their own mail servers, but as many black hat spammers will launch attacks from their own SMTP (Simple Mail Transfer Protocol), they will be able to tamper with that information. When in doubt, check with the source yourself.

Spyware - Spyware is software designed to gather information about a user’s computer use without their knowledge. Sometimes spyware is simply used to track a user’s Internet surfing habits for advertising purposes in an effort to match your interests with relevant ads. On the other side of the coin, spyware can also scan computer files and keystrokes, create pop-up ads, change your homepage and/or direct you to pre-chosen websites. One common use is to generate a pop-up ad informing you that your system has been infected with a virus or some other form of malware and then force you to a pre-selected page that has the solution to fix the problem. Most often, spyware is bundled with free software like screen savers, emoticons and social networking programs.

Time Bomb – A time bomb is a malicious program designed to execute at a predetermined time and/or date. Time bombs are often set to trigger on special days like holidays, or sometimes they mark things like Hitler’s birthday or 9/11 to make some sort of political statement. What a time bomb does on execution could be something benign like showing a certain picture, or it could be much more damaging, like stealing, deleting, or corrupting system information. Until the trigger time is achieved, a time bomb will simply remain dormant.

Trojan – A Trojan, or Trojan Horse, is a malicious program disguised to look like a valid program, making it difficult to distinguish from programs that are supposed to be there. Once introduced, a Trojan can destroy files, alter information, steal passwords or other information, or fulfill any other sinister purpose it was designed to accomplish. Or it may stay dormant, waiting for a cracker to access it remotely and take control of the system. A Trojan is a lot like a virus, but without the ability to replicate.

Virus - A virus is a malicious program or code that attaches itself to another program file and can replicate itself and thereby infect other systems. Just like the flu virus, it can spread from one system to another when the infected program is used by another system. The more interconnected the host is, the better its chances to spread. The spread of a virus can easily occur on networked systems, or it could even be passed along on other media like a CD or memory stick when a user unwittingly copies an infected file and introduces it to a new system. A virus could even be emailed with an attachment. “Virus” is often incorrectly used as a catch-all phrase for other malicious programs that don’t have the ability to self-replicate, like spyware and adware.

Wardriving – Wardriving is the act of driving around in a vehicle with the purpose of finding an open, unsecured Wi-Fi wireless network. Many times, the range of a wireless network will exceed the perimeter of a building and create zones in public places that can be exploited to gain entry to the network. Black hats, and even gray hats, will often use a GPS system to make maps of exploitable zones so they can be used at a later time or passed on to others. Wardriving is not the only way this task is performed – there are Warbikers and Warwalkers too. As you can see, it is imperative that your WiFi network is secure because there are entities out there looking for any opening to ply their trade.

White Hat – While black hats use their skill for malicious purposes, white hats are ethical hackers. They use their knowledge and skill to thwart the black hats and secure the integrity of computer systems or networks. If a black hat decides to target you, it’s a great thing to have a white hat around. But if you don’t, you can always call on one of ours at Global Digital Forensics.

Worm – A worm is very similar to a virus in that it is a destructive self-contained program that can replicate itself. But unlike a virus, a worm does not need to be a part of another program or document. A worm can copy and transfer itself to other systems on a network, even without user intervention. A worm can become devastating if not isolated and removed. Even if it does not cause outright damage, a worm replicating out of control can exponentially consume system resources like memory and bandwidth until a system becomes unstable and unusable.

Zero Day Threat/Exploit - Every threat to your computer security has to start somewhere. Unfortunately, the way most of us protect ourselves from cyber threats and intrusions, is to use detection programs that are based on analyzing, comparing and matching the digital footprint of a possible threat to an internal database of threats that have been previously detected, reported and documented. That’s why we all have to go through those seemingly never-ending updates to our antivirus programs, that’s how the database is updated and the newest threats are added to the list of what the scanners look for. That inherent flaw in our scanners is what makes a Zero Day threat so dangerous. A Zero Day threat is pristine and undocumented. From the very first day a particular threat is ever deployed (zero day) until that threat is noticed, reported, documented and added to the index, it is an unknown. As far as standard protection goes, unknown means invisible – and when it comes to cyber threats, invisible can definitely mean trouble.

Zombie / Zombie Drone – A zombie is a malware program that can be used by a black hat cracker to remotely take control of a system so it can be used as a zombie drone for further attacks, like spam emails or Denial of Service attacks, without a user’s knowledge. This helps cover the black hat’s tracks and increases the magnitude of their activities by using your resources for their own devious purposes. Rarely will the user infected with a zombie even know it’s there, as zombies are normally benign and non-destructive in and of themselves. Zombies can be introduced to a system by simply opening an infected email attachment, but most often they are received through non-mainstream sites like file sharing sites, chat groups, adult websites and online casinos that force you to download their media player to have access to the content on their site, using the installed player itself as the delivery mechanism.

Preview 44:33

DOS COMMANDS(Compared with Linux Commands)

DOS Command

UNIX or Bash Command



ls -l (or use ls -lF)(-a all files)
(df -k Space remaining on filesystem)

List directory contents

DIR *.* /o-d
DIR *.* /v /os
DIR /s
DIR /aa

ls -tr
ls -ls
ls -R
ls -a

List directory contents by reverse time of modification/creation.
List files and size
List directory/sub-directory contents recursively.
List hidden files.


ls -R

List directory recursively



Change directory



Make a new directory



Create a file or directory link



Remove a directory



Display directory location


rm -iv

Remove a file

DELTREE (Win 95...)

rm -R

Remove all directories and files below given directory


cp -piv

Copy a file


cp -R

Copy all file of directory recursively


mv -iv

Rename/move a file



Dump contents of a file to users screen



Pipe output a single page at a time



Online manuals



Clear screen


exit 0

Exit a shell



Look for a word in files given in command line



Compare two files and show differences. Also see comm, cmp, mgdiff and tkdiff.



Compare two files and show differences. Also see comm, cmp, mgdiff and tkdiff.


set and env

List all environment variables

SET variable=value
echo %variable%


export variable=value
echo $variable

Set environment variables
Show environment variables

ECHO text

echo text

Echo text to screen

SET variable

setenv (for C shell) or export VAR=val (for Korn shell. Also VAR=val)

Set environment variables


echo $PATH

Display search path for executables.
Set PATH environment variable.


export PS1='\h(\u)\W> '

Set user command prompt.



Show date. (also set date - DOS only)



List command history


alias NAME=command

Set command alias



Trap ctrl-break / Trap signals.



Sort data alphabetically/numerically



Line mode editor

EDIT filename.txt

pico, gnp, vi, xedit, xemacs,dtpad

Edit a file. The Linux editor which looks most like DOS edit is probably Pico. (Not a recomendation!)

BACKUP files A:\

tar -cvf /dev/fd0 files
mdir, mcopy
doswrite -a file (AIX only)

Save files to floppy.
See Using DOS floppies

RESTORE A:\ files

tar -xvf /dev/fd0 files
mdir, mcopy
dosread -a file (AIX only)

Read files from floppy.
See Using DOS floppies

ATTRIB [+r|-r] [+a|-a] [+s|-s] [path\file] /s


Change file permissions. DOS: +:set to -:remove r:Read only a:Archive s:System /s:recursively

ATTRIB +h or -h

mv file .file

Change file to a hidden file - rename file with prefix "."



Print a file


source script (cshrc)
. script (bash)
sh script

Execute script from within batch shell.



Show free memory on system


ps -aux

List executable name, process ID number and memory usage of active processes



Show system info (Command borrowed from AIX)



Check and repair hard drive file system


du -s

Disk usage.



Tool to partition a hard drive.

SUBST V: C:\directory\path


Mount a drive letter to a folder/directory on your hard drive.


See: fdformat and mformat for floppies

Format drive file system.
For floppy drive use see YoLinux Tutorial Using DOS Floppies with Linux


uname -a
echo $SHELL
cat /etc/issue

Operating system/shell version


tar and zip

Compress and uncompress files/directories. Use tar to create compilation of a directory before compressing. Linux also has compress, gzip



Print host name of computer



Send packets to a network host



Show routes and router hops to given network destination.

WINIPCFG (Win 95...)


Display/configure network interface

NBTSTAT (Netbios info: -n, -c)
NBTSTAT -A IP-address

host host-name

Print DNS info for host.

NBTSTAT -a hostname

nmblookup -A hostname

lookup NetBIOS names.


route -n

Print routing table.


chkconfig --list |grep on

List services.

NET STARTservice-name
NET STOPservice-name

serviceservice-name start
serviceservice-name stop

Start/stop service/daemon.



Show mounted shares/filesystems.

NET SEND <node-name> <message> (NT)

smbclient -M MS-Windows-host-name

Send pop-up to a MS/Windows PC
Send message to another Unix/Linux user. See YoLinux tutorial



Start X-Windows.


shutdown -r now

Reboot system.

Shell Descriptor/Operators:

DOS Descriptor/Operator

UNIX or Bash Descriptor/Operator




Directory path delimiter



Current directory



Parent directory



End of file/close shell



Interrupt/process break



file name wild card



Single character wild card



Variable prefix

%1 %2 %3

$1 $2 $3

First, second and third shell command line arguments.



Command line option flag prefix






stdout redirection



stdout redirection overwrite



stdin redirection

Shell Script Operators:

DOS Operator

UNIX or Bash Operator



set +v

Set verbose mode off. -v: Echo each line of shell script as it is executed.



command line argument prefix. DOS: %1 Bash: $1 for firs argument.



Comment. (Not processed.)



string "equal to" comparison



string "not equal to" comparison



negative of test expression



case/switch statement


IF EXIST C:\filename

IF NOT EXIST C:\filename

if [[ test-resulting-in-bool ]];
elif ...;

if [ -e /dir/filename ];

if [ ! -e /dir/filename ];


If file exists

If file does not exist.


goto ABC


FOR ... IN ... DO

FOR %%fff IN (C:\dir\*.*)
DO echo %%fff

for ffiillee in lliisstt;
do ...;

for (( expr1; expr2; expr3; ))
do ...;

For loop



exit status/return code



sleep for specified interval


DOS Device

Linux Device




Send into nothingness



stdin from console



First printer device



Firsst serial port

Equivalent Linux and MS/Windows GUI Applications:

MS/Windows Command

Linux Command




Command Text Terminal


nautilus --no-desktop

File browser

c:\Program Files\Internet Explorer\iexplore


Web browser

C:\Program Files\Windows NT\Accessories\wordpad


Text editor

C:\Program Files\Microsoft Office\Office10\winword


MS/Office and Open Office suites (ooffice)

C:\Program Files\Adobe\Acrobat 7.0\Reader\acrord32


Adobe PDF viewer



Graphics and painting program

C:\Program Files\WinZip\winzip32


File compress / decompress / pack / unpack



Process and system load monitor

Preview 20:51

Unix (officially trademarked as UNIX, sometimes also written as Unix with small caps) is a computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna. Today the term "Unix" is commonly used to describe any operating system that conforms to UNIX standards, meaning the core operating system operates similarly to the original UNIX operating system. Today's UNIX systems are split into various branches, developed over time by AT&T as well as various commercial vendors and non-profit organizations.

The Open Group, an industry standards consortium, owns the “Unix” trademark. Only systems fully compliant with and certified according to the Single UNIX Specification are qualified to use the trademark; others are called "Unix system-like" or "Unix-like" (though the Open Group disapproves of this term).

During the late 1970s and early 1980s, the influence of Unix in academic circles led to large-scale adoption of Unix (particularly of the BSD variant, originating from the University of California, Berkeley) by commercial startups, the most notable of which are Solaris, HP-UX and AIX. Today, in addition to certified UNIX systems such as those already mentioned, Unix-like operating systems such as Linux, BSD, and Mac OS X are commonly encountered. The term "traditional Unix" may be used to describe a UNIX or an operating system that has the characteristics of either Version 7 Unix or UNIX System V.

Linux is UNIX like Operating System, comes as free and open source.

Linux was originally developed as a free operating system for Intel86-based personal computers

Linux is a leading OS on servers such as Mainframes and Super Computers and as of June 2013, Worlds 95% servers have variants of Linux such as RedHat, CentOS, etc

Unix Architecture

 Typical computer system consists of:
 Hardware
 Operating system
 Applications and utilities
 Typical OS includes a user interface or command interpreter
 Unix is somewhat unique in that the command interpreter is not integrated with the OS but is a separate program.

Levels of Unix Software.
 Unix uses a layer approach of defining software

 At the lowest level, the level closest to the hardware, are the basic hardware interface modules
 Process scheduling
 Memory management
 Interrupt handling
 Low level device control
 Disk system management and data buffering
 Process synchronization and inter-process communication (IPC)

Kernel Services Layer
 The next level provides all the kernel services
 Mapping between user requests and device driver actions
 The user system call is converted to a kernel service call that actually performs the requested service
 Process creation and termination
 I/O services
 File/disk access services
 Terminal handling services
System Call Interface Layer
 The system call interface layer converts a process running in user mode to a protected kernel mode process
 This allows the program to invoke protected kernel routines to perform system functions
User Process Layer
 The uppermost layer consists of user processes running:
 Shells
 Unix commands
 Utility programs
 User application programs
 User processes:
 Protected from from other users
 Have no access to Unix kernel routines except through the system call interface
 Cannot directly access kernel memory space

Kernel vs User Space

 In addition to the software levels, Unix also features two "rings of protection" from inadvertent programming errors or malicious attacks that might damage other user's processes or the kernel's processes and data structures
 The inner protected ring is known as kernel space
 The outer ring is called user space
User Space
 User space is the area in memory where user processes are run
 This consists of memory starting above the kernel and includes the rest of available memory
 This memory is protected; the system prevents one user from interfering with another
 Only kernel process can access a user process
 A process operating in this memory region is said to be operating in user mode
Kernel Space
 Kernel space is the region of memory where all kernel services are provided via kernel processes
 Any process executing in kernel space is said to be executing in kernel mode
 Kernel space is a privileged area; the user has access to it only through the system call interface
 A user does not have direct access to either all machine instructions or devices
 A kernel process does have direct access to both

 Also, a kernel process can modify the memory map, an operation frequently required to perform process scheduling
 A user process becomes a kernel process when it executes a system call and starts executing kernel code
Data Flow between Kernel and User Space
 Since users and the kernel do not share memory address space, the mechanism for moving data between them is important
 When a system call is executed, the arguments to the call and the corresponding kernel routine identification are passed from user space to kernel space
 Kernel routine ID is usually passed either via a hardware machine register or via the stack
 System call arguments are passed in the u area (user area) of the calling process

 u area of a process (user structure and kernel stack) contains information about the process the kernel needs while the process is running
 Open files, root, current directory, arguments to current system call, and process text, stack, and data segment sizes
 A pointer to the process table entry containing information for scheduling such as priority
 User file descriptor table and information about open files
 Kernel stack for the process (empty when executing in user mode)
 Remember, user cannot access kernel space but kernel space can access user space
UNIX Command Interface and Commands
 Unix command interface is a separate program referred to as the shell
 The shell provides the user interface between the user and the kernel
 Unix commands and utilities, like the shell, are also separate programs
 They are part of a Unix distribution, and are considered part of Unix but not part of the kernel

UNIX System Services
 Unix provides a number of system services such as systems administration, system reconfiguration, and file system maintenance
 Other services include
 Customization of system parameters
 Rebuilding of kernel with user drivers
 Creation and definition of user accounts
 Set up and maintenance of access control parameters for files and peripherals
 Most services are built into the kernel as system calls

UNIX System Calls
 System calls provide a programming interface that allows user programs to access kernel functions
 There are a large number of system calls that perform functions to manage system resources such as memory, disk storage, and peripherals
 System calls are defined in a run-time library that provides a mapping of the system call interface to the kernel routine(s) that perform the system functions
 The shell also provides functionality equivalent to many of the system calls

System Usage Accounting Services
 Unix provides some general accounting services
 As each process terminates, an accounting record is made available describing the resources used by the process
 Name of the process
 Amount of user and system CPU time used
 Elapsed (wall clock) time
 Average amount of memory used
 Number of disk I/O operations done
 UID and GID of the process
 Terminal from which the process was started

Shell, which is the ‘command interpreter’ for UNIX systems, resides at the base of most of the user level Unix programs. All the commands invoked by us are interpreted by shell and it loads the necessary programs into memory. Thus being a default command interpreter on UNIX makes shell a preferred choice to interact with programs and write glue code for test scripts.

System Info

date – Show the current date and time
cal – Show this month's calendar
uptime – Show current uptime
w – Display who is online
whoami – Who you are logged in as
finger user – Display information about user
uname -a – Show kernel information
cat /proc/cpuinfo – CPU information
cat /proc/meminfo – Memory information
df – Show disk usage
du – Show directory space usage
free – Show memory and swap usage

Keyboard Shortcuts

Enter – Run the command
Up Arrow – Show the previous command
Ctrl + R – Allows you to type a part of the command you're looking for and finds it

Ctrl + Z – Stops the current command, resume with fg in the foreground or bg in the background
Ctrl + C – Halts the current command, cancel the current operation and/or start with a fresh new line
Ctrl + L – Clear the screen

command | less – Allows the scrolling of the bash command window using Shift + Up Arrow and Shift + Down Arrow
!! – Repeats the last command
command !$ – Repeats the last argument of the previous command
Esc + . (a period) – Insert the last argument of the previous command on the fly, which enables you to edit it before executing the command

Ctrl + A – Return to the start of the command you're typing
Ctrl + E – Go to the end of the command you're typing
Ctrl + U – Cut everything before the cursor to a special clipboard, erases the whole line
Ctrl + K – Cut everything after the cursor to a special clipboard
Ctrl + Y – Paste from the special clipboard that Ctrl + U and Ctrl + K save their data to
Ctrl + T – Swap the two characters before the cursor (you can actually use this to transport a character from the left to the right, try it!)
Ctrl + W – Delete the word / argument left of the cursor in the current line

Ctrl + D – Log out of current session, similar to exit

Learn the Commands

apropos subject – List manual pages for subject
man -k keyword – Display man pages containing keyword
man command – Show the manual for command
man -t man | ps2pdf - > man.pdf – Make a pdf of a manual page
which command – Show full path name of command
time command – See how long a command takes

whereis app – Show possible locations of app
which app – Show which app will be run by default; it shows the full path


grep pattern files – Search for pattern in files
grep -r pattern dir – Search recursively for pattern in dir
command | grep pattern – Search for pattern in the output of command
locate file – Find all instances of file
find / -name filename – Starting with the root directory, look for the file called filename
find / -name ”*filename*” – Starting with the root directory, look for the file containing the string filename
locate filename – Find a file called filename using the locate command; this assumes you have already used the command updatedb (see next)
updatedb – Create or update the database of files on all file systems attached to the Linux root directory
which filename – Show the subdirectory containing the executable file called filename
grep TextStringToFind /dir – Starting with the directory called dir, look for and list all files containing TextStringToFind

File Permissions

chmod octal file – Change the permissions of file to octal, which can be found separately for user, group, and world by adding: 4 – read (r), 2 – write (w), 1 – execute (x)
chmod 777 – read, write, execute for all
chmod 755 – rwx for owner, rx for group and world
For more options, see man chmod.

File Commands

ls – Directory listing
ls -l – List files in current directory using long format
ls -laC – List all files in current directory in long format and display in columns
ls -F – List files in current directory and indicate the file type
ls -al – Formatted listing with hidden files

cd dir – Change directory to dir
cd – Change to home
mkdir dir – Create a directory dir
pwd – Show current directory

rm name – Remove a file or directory called name
rm -r dir – Delete directory dir
rm -f file – Force remove file
rm -rf dir – Force remove an entire directory dir and all it’s included files and subdirectories (use with extreme caution)

cp file1 file2 – Copy file1 to file2
cp -r dir1 dir2 – Copy dir1 to dir2; create dir2 if it doesn't exist
cp file /home/dirname – Copy the file called filename to the /home/dirname directory

mv file /home/dirname – Move the file called filename to the /home/dirname directory
mv file1 file2 – Rename or move file1 to file2; if file2 is an existing directory, moves file1 into directory file2

ln -s file link – Create symbolic link link to file
touch file – Create or update file
cat > file – Places standard input into file
cat file – Display the file called file

more file – Display the file called file one page at a time, proceed to next page using the spacebar
head file – Output the first 10 lines of file
head -20 file – Display the first 20 lines of the file called file
tail file – Output the last 10 lines of file
tail -20 file – Display the last 20 lines of the file called file
tail -f file – Output the contents of file as it grows, starting with the last 10 lines


tar cf file.tar files– Create a tar named file.tar containing files
tar xf file.tar – Extract the files from file.tar

tar czf file.tar.gz files – Create a tar with Gzip compression
tar xzf file.tar.gz – Extract a tar using Gzip

tar cjf file.tar.bz2 – Create a tar with Bzip2 compression
tar xjf file.tar.bz2 – Extract a tar using Bzip2

gzip file – Compresses file and renames it to file.gz
gzip -d file.gz – Decompresses file.gz back to file


/etc/rc.d/init.d/lpd start – Start the print daemon
/etc/rc.d/init.d/lpd stop – Stop the print daemon
/etc/rc.d/init.d/lpd status – Display status of the print daemon
lpq – Display jobs in print queue
lprm – Remove jobs from queue
lpr – Print a file
lpc – Printer control tool
man subject | lpr – Print the manual page called subject as plain text
man -t subject | lpr – Print the manual page called subject as Postscript output
printtool – Start X printer setup interface


ifconfig – List IP addresses for all devices on the local machine
ping host – Ping host and output results
whois domain – Get whois information for domain
dig domain – Get DNS information for domain
dig -x host – Reverse lookup host
wget file – Download file
wget -c file – Continue a stopped download


ssh user@host – Connect to host as user
ssh -p port user@host – Connect to host on port port as user
ssh-copy-id user@host – Add your key to host for user to enable a keyed or passwordless login

User Administration

adduser accountname – Create a new user call accountname
passwd accountname – Give accountname a new password
su – Log in as superuser from current login
exit – Stop being superuser and revert to normal user

Process Management

ps – Display your currently active processes
top – Display all running processes
kill pid – Kill process id pid
killall proc – Kill all processes named proc (use with extreme caution)
bg – Lists stopped or background jobs; resume a stopped job in the background
fg – Brings the most recent job to foreground
fg n – Brings job n to the foreground

Installation from source

make install
dpkg -i pkg.deb – install a DEB package (Debian / Ubuntu / Linux Mint)
rpm -Uvh pkg.rpm – install a RPM package (Red Hat / Fedora)

Stopping & Starting

shutdown -h now – Shutdown the system now and do not reboot
halt – Stop all processes - same as above
shutdown -r 5 – Shutdown the system in 5 minutes and reboot
shutdown -r now – Shutdown the system now and reboot
reboot – Stop all processes and then reboot - same as above
startx – Start the X system

Preview 19:46


Internet Governance

This quiz aims to est your basic skills. Don't Cheat... :)

Testing your Basic Skills
20 questions
Setting your Lab
6 Lectures 01:20:09
Lab Setup

Windows Server Installation

Ubuntu Installation

Backtrack OS Installation

Installing Backtrack Tools on Ubuntu

XAMPP Installation
Ethical Hacking (Basics to Advance) - Information Gathering
9 Lectures 01:37:16

Google Hacking -Video1

Google Hacking -Video2

Scanning and Enumeration - Video1

Scanning and Enumeration - Video2 - APS

Scanning and Enumeration - Video3 - Nmap Tutorials

Scanning and Enumeration - Video4 - LBD

Scanning and Enumeration - Video5

Scanning and Enumeration - Video6

All the Best Guys, This quiz is just to know weather you have understood basics of Ethical Hacking.

Ethical Hacking Basics Quiz
14 questions
Ethical Hacking(Basics to Advance) - System Hacking
19 Lectures 03:27:58
System Hacking Video1

System Hacking Video2

System Hacking Video3

System Hacking Video4

System Hacking Video5

Proxy Servers

Proxy Servers - EPS Tutorial

Proxy Servers - TOR Proxy




Social Engineering

Email Hacking

Sniffing - Video1

Sniffing - Video2 - Wireshark Tutorials

Sniffing - Video3 - Cain n Able

Session Hijacking - Video1

Session Hijacking - Video2

Session Hijacking - Video3
Ethical Hacking (Basics to Advance)- Web Server(Site) Hacking
29 Lectures 06:49:46
Web Server Hacking

SQL Injection -Video1

SQL Injection -Video2

SQL Injections -Practical Demonstrations

Cross-site Scripting (XSS)- Video1

Cross-site Scripting (XSS)- Video2

Cross-site Scripting (XSS)- Video3

Remote File Inclusion Attacks

Buffer Overflows and Exploit Writing

Reverse Engineering



Denial Of Service (DOS) Attacks - Video1

Denial Of Service (DOS) Attacks - Video2

Physical Security

Hacking Wireless Netrworks

Metasploit Framework - Video1

Metasploit Framework - Video2

Penetration Testing - Video1

Penetration Testing - Video2

Penetration Testing - Video3

Router Hacking

Hacking Mobile Phones

Web Application Penetration Testing-Video1

Web Application Penetration Testing-Video2

Web Application Penetration Testing-Video3

Web Application Penetration Testing-Video4

Web Application Penetration Testing-Video5

Web Application Penetration Testing-Video6
Web Application Penetration Testing - ADVANCE (PART 2 Of this Course)
15 Lectures 03:14:30
Introduction to Web Applications - Video1

Introduction to Web Applications - Video2

Client Server Architecture

Working with Protocols -Video1

Working with Protocols -Video2

Web Application Technologies -Video1

Web Application Technologies -Video2

Protocol Status Codes -Video1

Protocol Status Codes -Video2

Web Server and Client -Video1

Web Server and Client -Video2

Web Server and Client -Video3


Necessity of Web Application Security

Offensive and Defensive Mechanisms
9 Lectures 01:31:33
OWASP -Video1

OWASP -Video2

OWASP-SQL Injections

OWASP-Crosssite Scripting Attacks (XSS)

OWASP-Broken Authentication Mechanisms

OWASP-Indirect Object References

OWASP-Cross-site Request Forgery (CSRF)

OWASP -- Security Misconfigurations - Video8

OWASP - Failure to Restrict URL Access, Unvalidated Redirects & Objects
Web Application Penetration Testing - ADVANCE (PART 2 Of this Course)
53 Lectures 11:37:13
Mastering Web Dojo - Video1

Mastering Web Dojo - Video2

Code Defence Mechanisms

Mapping the Web Applications-Video1

Mapping the Web Applications-Video2

Mapping the Web Applications-Video3

Bypassing the Client-Side Controls -Video1

Bypassing the Client-Side Controls -Video2

Bypassing the Client-Side Controls -Video3

Bypassing the Client-Side Controls -Video4

Bypassing the Client-Side Controls -Video5

Bypassing the Client-Side Controls -Video6

Attacking Authentications -Video1

Attacking Authentications -Video2

Attacking Authentications -Video3

Attacking Session Management -Video1

Attacking Session Management -Video2

Attacking Session Management -Video3

Attacking Session Management -Video4

Attacking Session Management -Video5

Attacking Access Controls -Video1

Attacking Access Controls -Video2

Attacking Data Stores -Video1

Attacking Data Stores -Video2

Attacking Data Stores -Video3

Attacking Data Stores -Video4

Attacking Data Stores -Video5

Attacking Data Stores -Video6

Attacking Data Stores -Video7

Attacking BackEnd Components -Video1

Attacking BackEnd Components -Video2

Attacking BackEnd Components -Video3

Attacking BackEnd Components -Video3

Attacking BackEnd Components -Video4

Attacking BackEnd Components -Video5

Attacking Application Logic -Video1

Attacking Application Logic- Video2

Attacking Users -Video1

Attacking Users -Video2

Attacking Users (Other Techniques)- Video1

Attacking Users (Other Techniques)- Video2

Attacking Users (Other Techniques)- Video3

Automated Customised Attacks -Video1

Automated Customised Attacks -Video2

Automated Customised Attacks -Video3

Exploiting Information Disclosure -Video1

Exploiting Information Disclosure -Video2

Attacking Native Compiled Applications

Attacking Application Architecture-Video1

Attacking Application Architecture-Video2

Attacking Application Server -Video1

Attacking Application Server -Video2

Finding Vulnerabilities in Source Code
Web Application Penetration Testing
1 Lecture 20:41
Ethical Hackers Reporting and Methodology
About the Instructor
3.4 Average rating
46 Reviews
983 Students
6 Courses
Information Security Technologies

InSEC-Techs (Information Security Technologies) www insectechs dot in is an integrated single-source IT training company providing classroom and distance courses like PHP, Ethical Hacking, Web Application Penetration Testing, Python, C language, Perl, CCNA and web development firm with uniquely competent, professional and creative website designing & internet marketing company providing full featured internet marketing solutions and web services including B2B & B2C e-commerce solutions which also acts as an offshore development center for overseas development firms to help them optimize their business significance in the global market- With one phone call you get a team of highly-skilled experts with a business-driven common-sense approach-

InSEC-Techs ensure that individual care is taken in classroom while conducting sessions- We will not have more than seven students per batch in a single session to shoot more concentration on each student-

Kiran Thirukovela, 31 years old Cyber-techie and Cheif Executive Officer (CEO) of InSEC-Techs (Information Security Technologies)

Dropped out B-Techs (ECE) by choice and B-SC (Computer Science)and stepped into the world of Computers and networking- Kiran holds IT certification like
MCSA: Microsoft Certified System Administrator
CCNA: Cisco Certified Network Administrator
IINS: Implementing IOS Network Security Expert
CCNP: Cisco Certified Network Professional
CCNP-Sec: Cisco Certified Network Professional Security
CCSP: Cisco Certified SecurityProfessional
AFCEH: Ankit Fadia Certified Ethical Hacker
CHFI: Computer Hacking Forensic Investigator

Kiran has authored book "Cyber Crimes Investigation" with co-author Mr- Benild Joseph- A Book written for law enforcement agencies in india- Kiran is Network Security professional with 5+ years of experience and 3+ years of as Ethical Hacking trainer-
He specializes in Web Application security, Penetration testing and Forensic investigation and solved cyber crime cases in India and kenya-


Nipun is well-known IT security Researcher, Well Known for his activities in the field of ethical hacking and cyber forensics - Mr- Nipun was an Independent security expert , who works on cyber crime cases and investigations , he was the Ex-C-T-O in Secugenius Security Solutions , Also He Worked As A Security Analyst in a Company - During His Career He has Pen-tested over 100+ Servers And Solved Many Cyber Crime Cases ,
He Has Trained Over 5000+ students in the field of ethical hacking and penetration testing , he is the currently the ambassador for EC-COUNCIL Programs In Lovely Professional University (First Indian University To Tie Up With EC-COUNCIL)- He is Currently Pursuing Masters In Technology (M-TECH) From LPU Itself - He Has Been The Speaker At Several National Level Confrences - His Security Research Papers Are Published Over Many Sites Like Packetstorm, SourceForge Etc-

Achievements of His Careers:

a- Certified Ethical Hacker (EC-COUNCIL C|EH)
b- Certified Information Security Expert (CISE)
c- Ankit Fadia's Certified Ethical Hacker (AFCEH 5-0)
d- Winner Of Innobuzz Best Blog Competition (2010)
e- Ambassador Of EC-COUNCIL @ Lovely Professional University
f- Ex- Chief Technical Officer At Secugenius Security Solutions
g- Ex- Security Analyst At Cyber Cure Solutions Delhi
h- Founder/Admin Of Starthack.
i- Founder/Admin Of Indian Cyber Police (Among Most Active HAcker's group of india)
j- Administrator of various Forum
k- Admin Of Hacker's Group Ap3x_nd_h4ck0
l- Respected V-I-P Member Of International Hacker's Forum (MADLEETS Pakistan)


n- Presenter At DEFCON Groups (DC141001)

1-Defcon Rajasthan :
2- Defcon Punjab :

o- Presently writing two books On Web application Hacking And Metasploit Framework

p- Trained Over 5000 Students And Delivered Over 50+ Workshops

q- Worked On Cyber Crime Cases-

r- Secured Over 1000 Domains

s- Regular Author At Packet Storm Security.

Bio: Mr- Srinivas

Mr- Srininvas is Security Analyst and Ethical Hacking Trainer Since 6 Years and addressed over 50 workshops and Seminars- He is Co-Author of the Book "Hacking S3crets", along with Sai Satish and Aditya Gupta-

Srininvas is also moderator of famous Hacking Forum based website andhrahackers and contributed SQL Injection articles to World's leading hacking magazine "hackin9"-

Srininvas was honoured with "PRATHIBHA" Award by Govt- of Andhra Pradesh in Year 2008-

Report Abuse