Ethical Hacking Short Course

If you know the enemy and know yourself, you need not fear the result of hundred battles” – Sun Tzu, Art of War

Course Title: Ethical Hacking: The new Approach to Security

Who can attend: Software engineers, System administrators, Programmers, and anyone interested in the field of Security and Hacking.

Requirements: Basic knowledge of programming, Basic knowledge of networking, Basic english.

Duration: 4 days (Weekend)

Dates*: September 11-14, 2013

Location: Information and Computer Science Department, KFUPM, Al-Dhahran, Saudi Arabia.

Instructor: Dr. Sami Zhioua

Course Fees: 3000SAR (Special fees available for KFUPM students and staff)

Registration: Department of Continuing Education, Building 54, Room 107.

For Course details: zhioua@kfupm.edu.sa 

 

* If you are a group and you are interested to take the course in a  different date, you can contact the instructor for arrangement.

Poster

Ethical Hacking:

The explosive growth of the Internet has brought many good things: electronic commerce, easy access to vast stores of reference material, collaborative computing, e-mail, and new avenues for advertising and information distribution, to name a few. As with most technological advances, there is also a dark side: criminal hackers.
Governments, companies, and private citizens around the world are anxious to be a part of this revolution, but they are afraid that some hacker will break into their Web server and replace their logo with adult images, read their e-mail, steal their credit card number from an on-line shopping site, or implant software that will secretly transmit their organization’s secrets to the open Internet.

In their search for a way to approach the problem, organizations came to realize that one of the best ways to evaluate the intruder threat to their interests would be to have independent computer security professionals attempt to break into their computer systems. This scheme is similar to having independent auditors come into an organization to verify its bookkeeping records. In the case of computer security, these “tiger teams” or “ethical hackers” would employ the same tools and techniques as the intruders, but they would neither damage the target systems nor steal information. Instead, they would evaluate the target systems’ security and report back to the owners with the vulnerabilities they found and instructions for how to remedy them.

If a hacker wants to get inside your system, he/she will, and there is nothing you can do about it

 The only thing you can do is make it harder for him to get in.

 

Interesting facts about Hacking and Security:

  • The majority of computer systems aren’t managed properly
  • Most network and security administrators simply can’t keep up with the deluge of new vulnerabilities and attack methods
  • Information systems grow more complex every year
  • The law of averages works against security
  • With the increased number of hackers and their expanding knowledge and the growing complexity of IT systems, eventually, all computer systems and applications will be hacked or compromised in some way.
  • Hacking preys on weak security practices and undisclosed vulnerabilities.
  • Firewalls, encryption, and passwords can create a false feeling of safety.
  • These security mechanisms often focus on high-level vulnerabilities without affecting how the bad guys work.
  • Attacking your own systems to discover vulnerabilities helps make them more secure.
  • Ethical hacking is the only proven method of greatly hardening your systems from attacks.
  • If you don’t identify weaknesses, it’s only a matter of time before the vulnerabilities are exploited.
  • It’s one thing to know generally that your systems are under fire from hackers around the world and malicious users around the office;
  • It’s another to understand and to see specific attacks against your systems that are possible.
  • As hackers expand their knowledge, so should you.
  • You must think like them and work like them to protect your systems from them.
  • As an ethical hacker, you must know the activities that hackers carry out and how to stop their efforts.
  • An ethical hacker possesses the skills, mindset, and tools of hacker but is also trustworthy.
  • Ethical hacking involves the same tools, tricks, and techniques that hackers use, but with one major difference: Ethical hacking is performed with the victim’s permission.
  • The intent of ethical hacking is to discover vulnerabilities from a malicious attacker’s viewpoint to better secure systems.
Short Course Topics     

0. Background

     Introduction to Networking
     Introduction to Linux
     Introduction to Python language

1. Initial Hacking steps

      Scanning
      Enumeration
      Google Hacking

2. Hacking and infiltrating Operating Systems

      Creating back-doors
      Transferring and executing files in the victim
      Opening sessions

3. Detecting Vulnerabilities

      Vulnerability Scanners
      Vulnerability databases

4. Using Exploitation tools

      Writing exploits
      Meta-Exploitation Tools
     

5. Password Cracking

      Password cracking tools
      Using dictionaries
      Using rainbow tables

6. Network Hacking

      Network Sniffing to observe traffic
      ARP Poisoning attacks
      Man-In-The-Middle attacks
      Session Hijacking
     

7. Web Application Hacking

      Top 10 Web Application Attacks
      SQL Injection Attacks
      XSS Scripting Attacks
      Etc.     

8. Hacking with Malwares and Rootkits

      Different Types of malwares
      Malware coding
      Malware binders and packers
      Bypassing Antivirus Tools
      Social Engineering Toolkits

9. Other Topics

      Software Cracking
      Anonymous Group Denial of Service Attacks
      Etc.

 

A Seminar on Hacking by Dr. Sami Zhioua (November 2011):

 

 

 

Sami Zhioua, April 2013