Every course I go through, I find myself not only taking in the curriculum but evaluating the course itself. I can’t help but critic the teaching methods, animation, Learning Management System (LMS) and the overall experience the course provides.
The course is by an Indian company which started in 2010 called Infy Sec. From their Wiki – infySEC is a company that provides cyber security services to medium-sized enterprises and governments across the world. The company is located in Chennai, India, and focuses on security technology services, security consulting, security training, and research and development.
Here’s my review of the Fundamentals of Computer Hacking by Infy Sec.
The sales page for Fundamentals of Computer Hacking is a bit bare using a basic post template. The title is clear and provides an easy to use Call To Action, the FREE is really the draw here. The sales video is a good addition but the actual content it provides is a bit confusing.
The course overview shows all modules but does not provide video previews which is a shame. And the reviews are just crammed into the side-bar along with the author details. The presentation does not build a lot of confidence in the course.
Once in the course the user experience is average, giving a ‘good enough’ navigation to go between lessons. The LMS they use is Teachable if you’re wondering. The information was good even if it felt lacking on the actual ‘Hacking’ side of things. It covered more basics of computers and networking.
I found the microphone is a bit low in quality which resulted in the audio being slightly distracting from time to time. Also, some videos cut between Udemy watermarks and cut to a woman voice over which was a bit jarring. It felt like two courses we’re put together or they have ripped off someone. I noticed their we’re duplicate videos even some missing videos for certain lessons. Then their we’re missing topics, like they didn’t even cover some areas, just skipped and moved on. After all of those jarring elements, it felt actually bootlegged or ripped off from another course entirely.
Data is stored text, numbers, credit cards, passwords etc.
Information is organised data
Information Security is defending data physically or digitally from attacks
Threats are environmental naturally or man-made from hackers
Hackers are White, Grey or Black (Crackers)
Hacking is the act of Information Gathering, Gaining Access & Anti-forensics
Malware is Malicious Software classified by User Mode & Kernel Mode
Kernel Mode attacks Ring 0 by infecting between App & OS
User Mode attacks Ring 3 which effects individual files
Categorized by Virus, Worm, Trojan & Backdoor
Virus Vital Information Resource Under Siege is a piece of code affecting a system
Concealer helps it look like a normal file/code i.e. evades antivirus
Payload holds the executable instructions
Replicator creates duplicates of itself
It’s Life Cycle begins with it’s Origination which is building via a Programming Language
Worm is a self-propagating virus effecting multiple devices via a network
Scanner looks for vulnerabilities
Penetration looks to exploit vulnerabilities
Installer bypasses security to inject code
Discovery then looks for other devices/machines to infect
Trojan is a destructive piece of code disguised as a game of app
Payload which does the destructive work
Concealer prevents dedication
Renaming which renames itself as non-malicious
Corruption corrupts security software
Polymorphic code which changes itself each time it runs
Wrapper helps to run in the background and hides itself
Backdoor bypasses security when run and creates a Covert Link
Overt Link is the connection between machines
Cover Link is a hidden connection between machines
Antivirus is virus protection software
Interactive Mode runs in a computers background
Scan Mode monitors OS files, Registry files etc. on demand
Information Gathering is the preparatory phase aka reconnaissance
Passive involves gathering in-directly via web, social media etc.
SSH Tunnelling, HTTP Tunnelling, TOR
Active involves direct intrusion physically or on-site
Proxy Chains, Proxy Trojans
Masking Identity is hiding your machines IP Address via re-routing traffic
Proxy Server can act as an in-between node
Tunnelling is a secure channel over the net via SSH, HTTPS, L2TP
SSH Tunnelling is the process of creating an encrypted channel
SSH Secure Socket Shell, a protocol which connects securely via Port 22
Email Harvesting involves gathering mass amounts of emails via databases
OSI Model Open System Interconnection is the travel of data between devices
Web Interface (1,2,3) & Network Interface (5,6,7)
1. Application – Browsers, Messengers etc. via protocols HTTPS, FTP, SMTP
2. Presentation – OS Compatibility, Encryption, Compression
3. Session – Active time of user, SID (Session ID)
4. Transport – Mediator to send/receive data via TLH Segments (Transport Layer Header) based on TCP/UDP
TCP Transmission Control Protocol a connection probe
Source Port an Ephemeral Port on Client >1024 to;
Destination Port on Server 0-1023 Port
Uses 3 Way Handshake
Physical Attacks include real-world interaction
Inserting a HUB
Datalink Attacks targets MAC addresses
MAC Spoofing, MAC flooding
DNS Spoofing, DNS Poisoning
DHCP Starvation, Rouge DHCP Attack
MAC Media Access Control is the unique physical address on the NIC
MAC Spoofing is changing the NIC digits to trick the Server
Network Attacks target IP Addresses
IP Spoofing, Sniffing
Ping of Death
Transmission Attacks include TCP & UDP Flooding
Process Management Attacks – Game Attacks
Reverse Engineering Attacks
Privilege Escalation Attacks
C.O.M.P.U.T.E.R Common Operating Machine Purposely Used for Technological and Educational Research
Password Cracking is an act either online or offline of gaining ones password
Active involves Keylogging, Password Guessing, Man in the Middle
Passive involves Password Sniffing
Steganography is the act of hiding data within data
Types: Image, Audio, Document, Whitespace, Text & Email
For a free course, it’s okay. I can’t complain as there was zero commitment to access it, but still it felt very lacking in the one area the whole course revolved around… hacking. It spent so much time on computer basics by the time it went into hacking topics it was over.
I still got value from it, some of those computer basic lessons we actually great refreshers even if I didn’t want them. I still would recommend this course as a place to start for computer basics, not cyber security. I’m on the hunt for a better course already.