Ethical Hacking

Definition of ethical hacking; Difference between ethical hacking and malicious hacking; Types of hackers (White Hat, Black Hat, Gray Hat); Legal and ethical issues in hacking; Ethical hacking methodologies and standards (e.g. CEH, OSCP).

OSI Model and TCP/IP; Basic networking protocols (HTTP, FTP, TCP, UDP, etc.); Subnetting and IP addressing; Network devices (routers, switches, firewalls); VPN and remote access.

Types of footprinting (active vs. passive); Tools for information gathering (Nmap, WHOIS, etc.); Google hacking (Advanced Google searches); DNS interrogation (DNS zone transfer, reverse lookups).

Network scanning (Nmap, Netcat, etc.); Port scanning techniques; OS fingerprinting; Service enumeration; Identifying vulnerabilities (open ports, weak services).

Understanding operating systems (Windows, Linux, etc.); User account management and privileges; Password cracking (Brute-force, Dictionary attacks, Hashing, Rainbow tables); Exploiting vulnerabilities (buffer overflow, privilege escalation); Post-exploitation techniques (maintaining access, pivoting)

Types of malware (viruses, worms, Trojans, ransomware); How malware spreads and infects systems; Analyzing malicious code (static and dynamic analysis); Malware detection and prevention; Reverse engineering basics

OWASP Top 10 vulnerabilities (SQL Injection, XSS, CSRF, etc.); Web application penetration testing; Web server and CMS (Content Management System) security; Common web application attacks (Directory traversal, Session hijacking); Secure coding practices and defensive measures

Basics of Wi-Fi networks (WEP, WPA, WPA2, WPA3); Cracking WEP and WPA passwords (tools like Aircrack-ng); Evil twin attacks, Man-in-the-Middle (MITM) attacks; Sniffing wireless traffic (Wireshark, Kismet); Securing wireless networks

Types of DoS (Denial of Service) and DDoS (Distributed Denial of Service) attacks; Tools used for DoS attacks (LOIC, HOIC); Mitigation strategies against DoS and DDoS; Protection measures (rate-limiting, firewall configurations)

Types of social engineering attacks (Phishing, Spear Phishing, Pretexting); Techniques and tools for social engineering; Psychological principles behind social engineering; Social engineering prevention techniques (training, awareness)

Basics of cryptography (symmetric vs. asymmetric encryption); Public Key Infrastructure (PKI), certificates, and key management; Cryptographic protocols (SSL/TLS, IPsec); Common cryptographic attacks (Man-in-the-Middle, Replay attacks); Hash functions and digital signatures

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS); Firewalls and VPNs; Security Information and Event Management (SIEM); Hardening network devices and systems; Monitoring and analyzing security logs

Security risks in cloud computing; Cloud service models (IaaS, PaaS, SaaS);; Cloud penetration testing techniques; Cloud security best practices; Security frameworks (CSA CCM, NIST)

Mobile device security (Android, iOS); Mobile application vulnerabilities (Insecure data storage, improper permissions); Jailbreaking and rooting risks; Mobile penetration testing tools (MobSF, Burp Suite); Mobile security frameworks

Penetration testing tools (Kali Linux, Metasploit, Burp Suite); Password cracking tools (John the Ripper, Hashcat); Sniffing and interception tools (Wireshark, Tcpdump); Exploitation frameworks (Metasploit); Vulnerability scanning tools (Nessus, OpenVAS)

Steps in incident response (Identification, Containment, Eradication, Recovery); Digital forensics basics (evidence collection, chain of custody); Forensic tools (Autopsy, FTK Imager); Log analysis and timeline creation; Case studies of real-world incidents

Cybersecurity laws and regulations (GDPR, HIPAA, etc.); Ethical hacking codes of conduct; Penetration testing contracts and agreements; Reporting and documentation in ethical hacking

Artificial Intelligence (AI) and Machine Learning in cybersecurity Blockchain and cryptocurrency security IoT (Internet of Things) security Threat intelligence and attack vectors of the future