Day 1 (9:30 - 5:30): Data Scanning and Penetration Testing Tools
- TECHNICAL SESSION
- Expert Talk-1 (Wireless Security by Prof. Vimal Bhatia, IIT Indore, India)
- HANDS-ON SESSION
(Speaker: Dr. Adarsh Kumar, UPES, Dehradun, India)
- Overview of Cybersecurity, its security architectures, and security implications and adoption of evolving technology.
- Wireshark: installation, data scanning, command based executions, data capturing, Python programming for captured data analysis, Tshark, running tcpdump, dumpcap, Monitoring cyber-attacks (DoS, DDoS, Port Scanning, Phising, web vulnerabilities, encrypted traffic, malware attack), I/O graphs, anomaly detection, traffic issues etc.
- NMAP: scanning smaller to larger networks, scanning servers, running existing scripts, privilege escalation and RDP scanning etc.
- Metasploit: port scanning, vulnerability scanning, exploitations (windows, website and network), meterpreter, meterpreter scripts, advanced exploitations (MSFencode attack, social engineering toolkits etc.), Bypassing UAC etc.
- OpenVAS: installation, configuration, host discovery, port scanning, application and os detection, report generation and analysis etc.
- Nessus: installation, configuration, host discovery, port scanning, application and os detection, report generation and analysis etc.
- Maltego: creating project, data mining with Maltego, scanning information, listing vulnerabilities, exploring modules, network statistics with graphical representation etc.
- Other Tools: Introduction and comparative analysis of following tools: IronWASP, Nikto, SQLMap, SQLNinja, Wapiti, AirCrack-ng, Reaver, Ettercap, Canvas etc.
Day 2 (9:30 - 5:30): Web Penetration Testing
- TECHNICAL SESSION
- Expert Talk-2 (Quantum Key Distribution by Professor Anil Prabhakar, Department of EE, Indian Institute of Technology Madras, Chennai, India)
- HANDS-ON SESSION
(Speaker: Dr. Adarsh Kumar, UPES, Dehradun, India)
- Burp suite: environment setup, Burp Suite Example, threat modelling, web intrusion tests etc.
- Linux web penetration testing: Web application brute forcing using OWASP DirBuster, OWASP Zed Attack Proxy (ZAP), spider a website, ZAP Spider, webscarab, hydra, manual vulnerability analysis using cookies, Damn vulnerable web app, shellshock, privilege escalation, and post exploitation etc.
- Attack Scenarios: Server-side attacks, client-side attacks, authentication based attacks, session management and hijacking, web-attacks, BURP, OWASP-ZAP, Fimap, Low Orbit Ion Cannon etc.
- Attack Defenses: Defense measurements, Environnment cloning, Protection against attacks (MiM, DoS, DDoS, Cookie, Clickjacking etc.
- Automated web penetration testing using python, SQL injection attack, cross-site scripting attack, cross-site forgery attack, denial of service (DoS) attack etc.
Day 3: (9:30 - 5:30): Network Penetration Testing
- TECHNICAL SESSION
- Expert Talk-3 (Certification of Crypto Products by Professor M R Muralidharan , Chief Research Scientist, Indian Institute of Science, Banglore, Karnataka, India)
- HANDS-ON SESSION
(Speaker: Dr. Adarsh Kumar, UPES, Dehradun, India and Mr. Saurabh Jain, UPES, Dehradun, India)
- Lua Programming: basics, value types, array, functions, tables, meta-tables, modules, file i/o, object oriented programming, debugging, error and exception handling etc.
- NSE Scripting: Data file handling (data discovery, brute force, web application auditing, DBMS auditing, jaba debug files etc.), advanced scripts (versioning, network sockets, binary data, vulnerability table etc).
- Threat and Vulnerability Assessment: OSINT cycle, information collection websites, service enumeration, MASSCAN, web frontend and backend information gathering, Zenmap, Tripwire SeureCheq scanner etc.
- Email tracing, mylast search, USB Device, Root-me challenges, wasitviewed, Burpsuite Scanner, Zenmap, Acunetix, SQL injection, Malicious SQL statements, Smart Script, SQL Injection(SQLI) Attack, Performing SQL Injection Attack (Hands On) through: Own Interface(Java based), MYSQL command Line client, Acunetix, Browser and SQL Injection Prevention Technology.
Day 4 (9:30 - 5:30): Mobile Penetration Testing, Blockchain and Cryptocurrency
- TECHNICAL SESSION
- Expert Talk-4 (Speaker: Prof. Neelu Jyoti Ahuja, UPES, Dehradun, India)
- Expert Talk-5 (Speaker: Prof. Alok Aggarwal, UPES, Dehradun, India)
- HANDS-ON SESSION
(Speaker: Dr. Adarsh Kumar, UPES, Dehradun, India)
- Blockchain: introduction, advantage over conventional distributed database, blockchain network, mining mechanism, distributed consensus, Merkle Patricia Tree, Gas Limit Transactions and Fee, Anonymity, Reward, Chain Policy, Life of Blockchain application, Soft and Hard Fork, Private and Public Blockchain.
- Cryptocurrency: history, distributed ledger, Bitcoin protocols-mining strategy and rewards, Ethereum- construction, DAOsmart contract, GHOST, vulnerability, attacks, sidechain, namecoin. Cryptocurrency Regulations: stakeholders, roots of bitcoin, legal aspects - cryptocurrency exchange, black market and global economy.
- Pen testing on Android platform: Installing android sdk, android application writing, application forensics, environment setup, rooting and jailbreaking etc.
- Pen testing on iOS platform:: installing Xcode and iOS simulator, writing iOS application, application forensics, environment setup, rooting and jailbreaking etc.
Day 5 (9:30 - 5:30): Data Forensics
- TECHNICAL SESSION
- Expert Talk-6 (Speaker: Prof. Mayank Dave, Department of Computer Engineering, National Institute of Technology, Kurukshetra, Haryana, India)
Tentative Title: Predictive Cyber Defence with Artificial Intelligence and Machine Learning
(Speaker: Dr. Adarsh Kumar, UPES, Dehradun, India)
- Malware Analysis: Malware types, Malware Sources, Static Analysis, Malware Fingerprinting, File obfuscation, Exeinfo PE, pestudio, PPEE(puppy), Resource Hacker, Yara, Yara Rule basics, Dynamic analysis, Noriben, INetSim, Analysing malicious binaries, code injection and hooking, obfuscation techniques, memory forensics, advanced malware detection, Cuckoo malware analysis etc.
- Python programming using pcapy and scapy, programming for listing directory, file, registry and application properties, capturing system logs, analysing window and linux memories etc.
- Forensics Algorithms, creating and analysing window and linux logs, window registry analysis, virtualization forensics, Cryptography with python, python paramiko, juniper networks, pygal, pysnmp, PyHook, Pywin,
- Data Science and Python Machine Learning for Time Series Analysis (cybersecurity datasets, designing packet sniffer, preparing datasets, training-validating-testing datasets, reading datasets for data frame analysis, applying data analytics, visualising network and attack statistics)