Sharad Kumar

Tutor for Hacking/Ethical Hacking, Android Penetration Testing, Web App Penetration Testing, Digital Forensics and Python : A Hacker's Approach

English

Available for : Online Teaching | Tuition at my place | Tuition at your place

Hacking/Ethical HackingAndroid Penetration Testing Web App Penetration Testing Digital Forensics Python : A Hacker's Approach

About

Having 2+ years of real-time and teaching experience in Hacking/Ethical Hacking, Android Penetration Testing, Web App Penetration Testing, Digital Forensics and Python : A Hacker's Approach. Currently working as Cyber security engineer. Attended world's top cyber security conferences like Black Hat, CoCon and HakOn. Completed Bachelors in Computer Science Engineering and Information Security Expert.

Expertise

Hacking/Ethical Hacking - 3 years experience 15 USD / Hour

Information Gathering Windows Hacking Virus Writing Google DataBase Hacking Facebook Hacking Website Attacks

A non-exhaustive list of topics to be taught includes:

  • Virtualization and System Cloning
  • Information Gathering and Foot-Printing
  • Windows Hacking and Security
  • Data Hiding Techniques- Stegnography and Cryptography
  • Hacking By Batch-Programming
  • Hacking By Trojans,RAT (Remote Access Tool),Key-Loggers and security implementations
  • Malware Analysis
  • Proxy Servers and Virtual Private Networks
  • Google Database Hacking
  • Email Security and other SMTP Protocol Services
  • Facebook hacking and Security
  • Click-Jacking and Tabnabbing Attacks
  • Website hacking by -- (SQLi Injections ,XSS Attack, CSRF attack etc ..)
  • Web Server Hacking and Security
  • VAPT Tools
  • Wireless Hacking and Security
  • Android Hacking and Security
  • DOS(Denial Of Service Attack)
  • Forensics

Android Penetration Testing - 3 years experience 20 USD / Hour

This course is for people who want to get started in Android Security and Penetration testing .

  • Introduction to Android
  • Android Security Architecture
  • Android Permissions
  • Android Application Internals
  • Setting up Genymotion
  • Android Application Components
  • DEX File Analysis
  • Introduction to Android Debug Bridge
  • Logging Based Vulnerabilities
  • Reversing Android Applications
  • Analyzing Android Malwares
  • Analyzing Android Traffic
  • Bypassing SSL Pinning
  • Leaking Content Providers
  • Introduction to Drozer
  • Read based Content Provider vulnerability
  • Advanced Drozer Usage
  • Drozer Scripting
  • Dropbox Content Provider Vulnerability
  • Backup Based Vulnerability
  • Client Side Injection
  • Hooking Introduction and Setting up Insecure Bank
  • Android Debugging with Andbug
  • Debugging with JDB
  • Automated Hooking with Introspy
  • Cydia Substrate and Hooking
  • Xposed Framework and Hooking
  • Analysis and Scripting using AndroGuard
  • Webview Based vulnerabilities
  • Exploiting Webview with Metasploit

Web App Penetration Testing - 3 years experience 20 USD / Hour

This course is for people who want to get started in Website Security and Penetration Testing . This course will be fully practical based course with 24x7 lab access.

  • HTTP Basics
  • Netcat Lab for HTTP 1.1 and 1.0
  • HTTP Methods and Verb Tampering
  • HTTP Basic Authentication
  • Attacking HTTP Basic Authentication
  • HTTP Statelessness and Cookies
  • File Extraction from HTTP Traffic
  • HTML Injection Basics
  • HTML Injection in Tag Parameters
  • HTML Injection - Bypass Filters Cgi.Escape
  • Command Injection
  • XSS: Cross Site Scripting
  • XSS via Event Handler Attributes
  • File Upload Vulnerability
  • Bypassing Blacklists in File Upload
  • Remote File Inclusion Vulnerability
  • LFI Basics
  • Unvalidated Redirects
  • Cross Site Request Forgery
  • Insecure Direct Object Reference
  • SQL-I Injections

Digital Forensics - 2 years experience 30 USD / Hour

This course tends to focus on How to investigate cyber crime How to analyze infected systems ?

  • Live response
    • First talk to the humans
      • What do they think happened
      • Details on victim system(s)
    • Mount response kit with known good tools
      • cdrom preferred as it was not likely part of compromise
      • USB MS can be used if no CDROM
    • Using netcat to minimize contamination
    • Collecting volatile data
      • date and time
      • network interfaces 
        • funny networks
        • promiscuous mode?
      • network connections
      • open ports
      • programs associated with ports
      • running processes
      • open files
      • routing tables
      • mounted filesystems
      • loaded kernel modules
    • Collecting data to determine if dead analysis is justified
      • kernel version
      • uptime
      • filesystem datetime stamps
      • hash values for system files
      • current user logins
      • login history
      • system logs
      • user accounts
      • user history files
      • hidden files and directories
      • sending off suspicious files for further study
    • Dumping RAM
      • Making the decision to dump RAM
      • Using fmem
      • Using LiME
      • Using /proc/kcore
  • Acquiring filesystem images
    • Using dd
    • Using dcfldd
    • Write blocking options
      • Forensic Linux distros
      • Udev rules based blocker
  • Analyzing filesystem images
    • Mounting images
      • Files with basic system info
      • Files with suspicious user info
      • Examining logs
      • Process-related files
      • Authentication-related files 
      • Using standard Linux tools to find information
      • Strange files
        • Regular files in /dev
        • User history files
        • Hidden files
        • SUID/SGID files
        • Detecting backdated files
      • Recovering deleted files
        • Finding deleted files
        • Attempting recovery
    • Leveraging The Sleuth Kit (TSK) and Autopsy
      • mmls
      • fsstat
      • dstat
      • istat
      • fls & mactime
  • Timeline Analysis
    • When was system installed, upgraded, booted, etc.
    • Newly created files (malware)
    • Changed files (trojans)
    • Files in the wrong place (exfiltration)
  • Digging deeper into Linux filesystems
    • Disk editors
      • Active@ Disk Editor
      • Autopsy
    • ExtX
      • Basics
        • Superblocks
        • Directory entries
        • Inodes
        • Data blocks
      • Compatible, incompatible, and read-only compatible features
      • Experimental features may be installed
      • Boot code
      • Using sigfind to find important blocks
      • Understanding indirect block levels
      • istat, ils, ifind, icat
      • Links and mounts
      • Hash trees
      • Journaling
        • jls
        • jcat
      • Finding data with blkstat, blkls, blkfind, blkid, and blkcalc
      • Relating data found with grep to a file/application
        • Finding block size, etc.
        • Using grep with a keyword file
        • Seeing data in context
        • Associating a file with the data
      • Undeleting files
      • Searching unallocated space
  • Network forensics
    • Using snort on packet captures
    • Using tcpstat
    • Seperating conversations with tcpflow
    • Tracing backdoors with tcpflow
  • File forensics
    • Using file signatures
    • Searching through swap space
    • Web browsing reconstruction
      • Cookies
      • Search history
      • Browser caches
    • Unknown files
      • Comparing hashes to know values
      • File command
      • Strings command
      • Viewing symbols with nm
      • Reading ELF files 
      • objdump
      • Bringing out big guns - gdb
  • Memory Forensics 
    • Volatility Profiles
    • Retrieving process information
    • Recovering command line arguments
    • Rebuilding environment variables
    • Listing open files
    • Retrieving bash information
    • Reconstructing network artifacts
    • Kernel information
    • Volatile file system information
    • Detecting user mode rootkits
    • Detecting kernel rootkits
  • Reversing Linux Malware
    • Digging deeper into ELF
      • Headers
      • Sections
      • Strings
      • Symbol tables
      • Program headers
      • Program loading
      • Dynamic linking
    • Command line analysis tools
      • strings
      • strace
      • ltrace
    • Running malware (carefully)
      • Virtual machine setup
      • Capturing network traffic
      • Leveraging gdb
  • Writing the reports
    • Autopsy
    • Dradis
    • OpenOffice

Python : A Hacker's Approach - 3 years experience 15 USD / Hour

This course will teach you basics of python scripting and then will take you to the next level of python where we can use python for making hacking and security tools.

  • Python Scripting – Language Essentials
  • System Programming and Security
  • Network Security Programming – Sniffers and Packet Injectors
  • Attacking Web Applications
  • Exploitation Techniques
  • Malware Analysis and Reverse Engineering
  • Attack Task Automation

Reviews

Thank you very much for the greatest teaching style, I am really happy to rate you because your teaching style is very clearly and contains multi informations. Just I would like to say you've done it very well dear.
-  yasir shah
Excellent class, well explained all the topics.
-  akhil nagath
Advertisements