Ethical Hacking Course

Ethical Hacking Course

DISCLAIMER: We believe that information must be free for all.

Why Learn Ethical Hacking?

Because it's fun

  • Searching for vulnerabilities, detecting them, and suggesting fixes. You get to be the modern-day Sherlock Holmes!

Be in demand

  • With the entire world and its data coming online, the demand for cybersecurity experts is skyrocketing.

Lucrative salary

  • The average salary of a Cybersecurity Analyst is 6.8 LPA+ according to Indeed.

Ethical Hacking Training Syllabus

Basics of Information Security and Computer Networking

  • Introduction to Information Security
  • Hacking Methodologies and Security Auditing
  • Computer Networking
  • IP addressing and NAT
  • The Google Maps of the Internet
  • Ports and Services
  • Protocols, TCP/IP and OSI Model
  • Proxy and VPN

Information Gathering and Basics of Web Development

  • Digital Footprints and Information Gathering
  • Advanced Information Gathering about People and Websites
  • Google Dorking- Hacking using Google
  • Introduction to Web Architecture and Understanding Common Security Misconceptions
  • HTML Basics
  • HTML and Introduction to Javascript
  • Introduction to PHP and Setting up XAMPP
  • Putting Brains into Beauty- Working with PHP
  • Handling User Input and Building Basic Applications using PHP

Introduction to Web VAPT, OWASP, and SQL Injections

  • Introduction to VAPT and OWASP
  • Basics of Databases and SQL
  • Authentication Bypass using SQL Injection
  • GET based SQL Injection- Part 1
  • GET based SQL Injection- Part 2
  • POST based SQL Injection- Part 1
  • POST based SQL Injection- Part 2
  • Advanced SQL Injections
  • Automating SQL Injections- SQL Map

Advanced Web Application Attacks

  • Bypassing Client Side Filters using Burp Suite
  • IDOR and Rate-limiting issues
  • Arbitrary File Upload Vulnerabilities
Client Side Attacks
  • Understanding Important Response Headers, DOM, and Event Listeners
  • Fundamentals of Cross Site Scripting (XSS)
  • Understanding Forced Browsing and Session-Cookie Flaws
  • Cross Site Request Forgery (CSRF) and Open Redirections
  • Dictionary Based Brute Force Attacks
  • Logical Brute Force Attacks
  • Personally Identifiable Information (PII) Leakage and Sensitive Information Disclosure

Identifying Security Misconfigurations and Exploiting Outdated Web Applications

  • Common Security Misconfigurations
  • Default/Weak Password Vulnerabilities
  • Fingerprinting Components with Known Vulnerabilities
  • Scanning for Bugs in WordPress and Drupal
  • Using Public Exploits

Automating VAPT and Secure Code Development

  • Information Gathering for Endpoints
  • Application Assessment using Nmap
  • Automating VAPT with Nikto and Burp Suite Pro

Documenting and Reporting Vulnerabilities

  • Documenting Stages of Vulnerabilities Using Tools
  • VAPT Reports: Developer Report v/s Higher Management Report
  • Concepts of Code Security and Patching
  • Parts of a VAPT Report
  • Common Good Practices and Bad Practices