No Image

CO-ISS CyberOps InfoSec Specialist

Duration:80 Hrs

Course Level:Advance

Modules to be covered:

  • 1. Introduction to InfoSec World

    The Module is designed to give an introduction to the fundamentals of internet and its primary concepts from origin to the current trending concepts of information security world.
    For beginners course offers a complete knowledge of basic security concepts, principles, and the key terms associated with information security and cyber World.
    Intend of the module is to clear misbelieves and myths of cyber world and also to study recent trends as well as threats and modus operandi of cyber criminals and testers.

  • 2. Networking Fundamentals

    Networks are defined as medium for communication between two or multiple systems, i.e. it constitutes a mechanism of information that travels across multiple devices using various mediums, concepts of Domain name system, Servers, Connection mechanism.
    The module will cover in depth knowledge of OSI model and TCP/IP model and how data is transmitted through network, along with various Protocols used at each layer with focus on Networking Layers, Network design and implementation and what devices are used for the data transmission i.e. hardware associated with networking like switches, router, hub etc along with types of network, internet protocol v4 & v6, ports & protocols, sub netting concepts, domain name system and its working, Network architecture and standards.

  • 3. Virtualization

    The module at beginning will define the terminologies, introduction of operating systems and technical aspects will follow in the later part of module that includes how multiple operating systems are installed and configured in virtual box and working with Linux.
    working of Linux along with basic commands that are required to perform various other tasks like working with text editors, directories, installing software in Linux etc.
    Course aims to implement understanding of how virtual machines are separated inside the same physical host and how they communicate with lower hardware levels, working of virtualization technology and components involved and the essentials to setup a lab for further modules in this course like web application hacking, malware analysis, VA/PT reverse engineering etc.

  • 4. Open Source Intelligence

    Information gathering is focused on collecting as much information as possible about a target application which can be organization, a person, website or a specific system.
    The module is designed to give insight of information gathering i.e. various ways to gather information from publically available resources for IP tracing, e-Mail Tracing, Fake mail Tracing etc using various methods and operators.
    The module will provide in-depth knowledge of working of search engine – crawling, indexing and retrieval along with email harvesting technique and how replication of an already existing site is done using various tools and techniques. Introduction to social engineering technique like phishing, desktop phishing, remote phishing and how it is essential in information gathering.

  • 5. Cryptography

    For Information protection data security is essential and thus it need to be encrypted. The module begins with introduction of cryptography from its origin to traditional methods and modern techniques. Cryptography has important applications in information security and data protection techniques.
    The second half of the module Explore and describe basic concepts of cryptography including secret key and public key systems, encoding and decoding. Difference between encryption and encoding along with techniques and methods of decryption also demonstrate how Hash Values are created using cryptographic hash function by studying hash techniques and also how to crack hash. Introduction to data hiding techniques like steganography. Understanding of how cryptography applies complex mathematics and logic to design strong encryption methods.

  • 6. Network Attacks

    The module will begin with an introduction of loopholes in protected wi-fi networks and its testing. Students will be able to learn, how to test security of a protected wifi network.
    In the later phase module will include hands on demonstration of internal network attacks like sniffing, MITM, DNS cache poisoning. Introduction of misconfigurations and loopholes in router security.
    Module will also incorporate various internal security concepts like firewalls, IDS, IDPS.
    Advanced knowledge with hands on training to Bypassing MAC Authentication,Roughe Access point attack, Defending against WPA/WPS2 Security, Bump users from any Wifi Network (jamming) Getting Hidden SSID.
    Module will cover scanning networks for live systems and their open ports further it will include operating system finger printing and grabbing banners of running services on remote system.
    It will also give insight on scanning of known vulnerabilities.

  • 7. Malware : Attacks and detection

    The course will cover basic terminologies and concept of Malware - definition, why and how it is affecting the network and the system, key tools and techniques of malware attacks.
    Students will be briefed about creating Malware and various types of malware (virus, worms, Trojans, key loggers etc. )
    Concepts of antivirus and their working along with it techniques to identify Malwares which are not detected by AVs will be taught. Insights of how to change application configuration using reverse engineering. How to debug windows applications and malware and uses of debuggers/ disassembles. Hands on demonstration of botnet.
    Some latest malwares will be discussed like ransomware, rootkits with pratical exposure.

  • 8. Web Application Attacks

    Introductory knowledge of database and working with database using SQL queries along with installation and working for local servers. Basic working of HTTP with request and host examples. Basic html, javascript, php, sql are included in this module to make students better understand the loopholes. By the end of this module, students will be able to test for different type of loopholes in web application security.
    The module includes the basic fundamentals of web application including some client side and server side scripting and possible web application attacks like SQL Injection, cross site scripting, local file inclusions and remote file inclusions and also medium level attacks like click jacking etc. They will also be able to patch those loopholes in web application.

    Some advanced web request interceptor tools will be discussed like burpsuit, zap proxy which will help to detect advance vulnerabilities.

    Google hacking database,waf bypasiing, some advance web application vulnerabilities like PHP code execution LDAP/xpath injection

  • 9. Android Phone Attacks

    Advancement in technology has brought us to a phase where mostly operations are performed using mobile devices. In this module we will be discussing about security issues related to android and its application.
    By the end of this module students will be able to perform reverse engineering on android applications. The will be able to root android devices and test for the securities and permissions.

  • 10. Metasploit

    Metasploit is a framework which allows a security tester to arrange their exploits and launch them easily and how metasploit cover different types of pre build exploits. The scope of exploitation after compromising a particular system and its effect on network and user.
    The module cover exploitation techniques for different types of systems like windows, android, MAC, MSFvenom, using MSF as rat, generating payloads and hacking :windows machine/linux machine/android/OSX devices, Armitage SET

  • 11. Digital Forensics

    Almost every case of cyber crime involves a very strong element of system based evidence i.e phone, smart phones and computer etc.
    The module will cover basics of forensics and Introduction to basic concept of data recovery from different types of storage devices and image creation for any storage device for data recovery.
    Clarity on concepts of data like data deletion possibilities of recovery and dependencies for the same. Module will give insight of methods for anti forensics techniques.

  • 12. Exploit Development (Buffer overflow)

    In this module basic C and Python language will be discussed with students. This module will also cover the techniques used by testers to create exploits.
    Participants will be able to create their own exploits using Buffer Overflow vulnerabilities

  • 13. Cyber Crime & Cyber Law

    This session will include various cyber crime cases and criminal modus operands. Also will be discussed various cyber crime cases handled by cyberops along with investigation procedure.
    Methods to handle cyber crime cases and Dos and Don’ts of handling cyber crime cases will be discussed. Indian IT act with reference to case studies from cyberops will be discussed.

Who should attend?

Course is designed to address the needs of:

  • Anyone from Computer engineering background, Students pursuing BCA/MCA.
  • Professionals working in information security domain and web development domain.
  • Chartered accountants dealing in information security.
  • Individuals who aim to work with law enforcement and learn how to design an incident response strategy.
  • Government officials of IT sector, officials from law enforcement agencies (police / intelligence agency like intelligence bureau, military intelligence, national investigating agency etc.

Recommendation:

Course is suitable for those who are looking to get a foothold in information security and join field of Web Penetration Testing as a profession or aim to explore new career opportunities. It is the most intensive course offered by Cyberops training which will provide a unique prospective into the intricate world of information and Cyber security. Thus the Course it highly recommended to:

  • Corporate and government/ investigators and network security personnel.
  • Individuals working in a data audit, policy enforcement, or network intrusion investigation role.
  • Professionals who are looking for prospective career opportunities in cyber security field.
  • Law enforcement officers, computer forensic examiners, corporate and private investigators, and network security personnel.

Pre-Requisite:

Technical Participitants Should have basic knowledge of programming languages like C /C++ and web development, programming language like PHP/ASP, HTML.

Course Package includes:

  • Cyberops Welcome Kit.
  • Advanced Software Toolkit.
  • Remote access to test beds for practice till the exam.
  • Challenges of penetration testing.

At the end of the course you will be able to:

The Course is designed to make participants able to design, implement, and support networked devices to take advantage of the growing demand for network security professional with networking fundamentals and advanced concepts and design strong encryptions with various cryptography methods. Recognize and be able to discuss various security technologies, including anti-malware, firewalls, and intrusion detection systems.

Techniques and methods to detect malicious program and understand the ground lying principle of reverse engineering malicious software using network and system utilities, Frame methods and strategies to assess the security posture of multiple web applications. Conduct an in-depth analysis of android file system for security assessment with reverse engineering tools for android applications. Perform regulatory or compliance requirements that mandate regular penetration testing and vulnerability assessments.

Discover essential computer / digital forensic tools and techniques for investigation and incident response and use forensic skills to handle real world incidents. Understand the process of exploit development along with C and python language and also create and customize exploits for penetration testing and vulnerabilities. Cyber crime investigation will give an insight on various cyber crime cases and criminal modus operandi and live cases handling for real time experiencing

Certification

The entire program covers basic outline of cyber security as well as methods and techniques of how attacks are performed and possible outcomes of attacks along with the detection and prevention methods for the same.

Thus the practical exam after the course is entitled for certification aiming at how participants use skills, expertise and knowledge gained throughout course to detect possible attacks and methods to penetrate, hence to be specialized for the modules covered candidates are required to clear the set performance criteria for certification.

Requirements:

We use Simulation test method to provide real time challenge which will help participants to use skills , expertise and knowledge acquired during the entire course.

Passing Criteria: 80% and above

Duration of test: 5 hrs

Excellence Award

Participant with highest score in batch will be awarded with Cyberops award of performance Excellency – CAPE Medal and certification of Merit.

Terms & Conditions:

  • No. of attempts : Two
  • Verification method for certification: The certificate will incorporate a unique ID for every participant and the same can be used for verification from Our Website.