This 1 day course will introduce you to the basic technical concepts behind the various stages of a hacking attack, as well as some common tools used by hackers and security professionals alike. Examples are drawn from real-world breaches to show how lapses in security have resulted in high-profile damage to organisations and customers.
Assuming no prior information security knowledge, the course is ideally suited to anyone requiring a high-level understanding of techniques and current trends used in hacking without the need for practical know-how.
This is a multimedia theory-based course with group discussions. Should there be time and interest, there is also the opportunity to join a guided 'hack lab', in which you can try your hand at some simple web application attacks (Wi-Fi enabled device required).
Delegates interested in more hands-on technical content should look at other supplier's courses such as CSTA and CSTP.
- No prior information security knowledge
- Basic computer literacy
- It is recommended to read up on the concept of domain names and IP addresses, eg http://netforbeginners.about.com/od/i/f/ip_address.htm
- Wi-Fi enabled device to join the 'hack lab'
Delegates will learn how to
- A hacker's mindset and motivations
- The hacker methodology - insight into tools and tricks used
- How an organisation is at risk from hackers
- Various routes of attack eg Internet, employees, social engineering, emails, wireless
- Details of some high profile attacks that have led to real damage, both financial and reputational.
- Introduction - terminology, motivations, the lie of the land, methodology
- Information gathering - from harvesting open-source information to social engineering
- Target scanning, including port scanning
- Vulnerability assessment, including the threat from client-side software
- Exploitation, including attack pivoting
- Privilege escalation, including password attacks
- Retaining access, including botnets
- Covering tracks
- Team exercise - incident handling scenario
- Web application attacks - threats, OWASP Top Ten
- SQL injection
- Conclusion - trends
- Hack lab - practical attack scenarios