To protect against hackers, you need to understand their methods of vulnerability, which hackers can take advantage of. This course discusses ways to protect against attacks by attackers, providing knowledge that allows you to both prevent attacks and provide early protection against them.

The course is intended for professionals with experience in administering computer systems and with knowledge in software development.

Module 1: Fundamentals of Hacking

1) Course objectives and content.

2) Who is a hacker.

3) Classification of the hacker's goals.

4) Stages of the attack.

5) Means of counteraction.

6) Additional stages (optional, depending on the means).

7) Scope/approaches/costs.

8) Current list of attacks.

9) APT principles.

Module 2. Preparing for an attack on infrastructure

1) Information in social networks (LinkdIn, ...)

2) Registrar and operator databases (DNS,...)

3) Information in search engines.

4) Competitive intelligence.

5) Network scanning.

6) Standard port and application databases.

7) ARP – scanning.

8) ICMP scanning.

9) UDP-scanning.

10) IP ID – scanning.

11) Firewall and IPS bypass methods.

12) Identifying target resources.

13) Responses of OS and applications to outside interference.

14) Working with variables.

Module 3. Performing an Infrastructure Attack

1) System access.

2) Network and system vulnerabilities of infrastructure elements.

3) Using phishing and email to gain access.

4) The use of malware.

5) Network vulnerabilities.

6) Interception and analysis of LAN traffic, sniffers.

7) Features of interception of Wi-Fi traffic.

8) Traffic redirection methods in the WAN, Session Hijacking.

9) Using DoS/DDoS to intercept traffic.

10) System vulnerabilities of passwords.

11) Brute-force attacks.

12) Password cracking.

13) Using dictionaries and rainbow tables.

14) Attacks on secure data communication systems.

15) Attacks on IPsec IKEv1.

16) Attacks on IPsec IKEv2 (MITM).

17) Attacks on 802.1x systems.

18) Attacks on WEP/WPA/WPA2 systems.

19) Attacks on WPA/WPA2 Enterprise systems.

20) Exploitation of compromised systems.

21) Files/folders.

22) Browser and system history.

23) Password retri.

24) Registry.

25) Shellcodes.

26) Buffer overflow.

27) Stack overflow.

28) Heap overflow.

29) Windows Shellcode.

30) Mac OS X Shellcode's.

31) Linux Shellcode's.

32) Fuzzing.

33) Binary substitutions.

34) SPIKE.

Module 4. Preparing to attack a Windows infrastructure

1) Scanning Windows network.

2) NetBIOS.

3) System balloons.

4) Scanning a system of Microsoft records scientists.

5) Performing an attack on Windows infrastructure.

6) NTLM.

7) SAM/LAM.

8) Attacks on Kerberos systems.

9) Exploiting an attacked Windows system.

10) Registry.

11) File system.

12) Creating NTFS PD channels hidden.

13) Creating hidden DNS PD channels.

14) Windows vulnerability detection.

15) Debugging mechanisms.

16) Debugging Win32.

17) Debugging Win64.

18) Auditing stack binary sequences.

19) DLL audit.

20) Tracing Windows system functions/kernel-mode.

Module 5. Preparing to attack WEB infrastructure

1) WEB architecture.

2) WEB applications and architecture.

3) Mobile WEB.

4) WEB analysis and scanning.

5) Analyzing HTML/CSS/JS Source Code.

6) Fuzzing WEB scripts.

7) Scanning HTTP servers and applications.

Module 6. Attacking WEB infrastructure

1) Authenticating WEB applications.