Security and privacy of information has become a crucial aspect of our digital world. Smooth functioning of organizations, governments, nations and the global economy hinges on security of underlying digital infrastructure. A practitioner of security not only needs to know the theory and science of security but also needs to be equally
fluent in security engineering. Practice of security engineering has been impeded due to 3 main reasons: knowledge of tools, access to core infrastructure of Internet (like DNS, Mail server, routers), and potential retribution from authorities if usage of tools goesawry. In order to address these shortcomings, this laboratory course will introduce
the participants to security tools in 3 broad categories: offensive tools, defensive mechanisms, forensic tools.
To reproduce the experiments in laboratories, attendees will be taught to deploy a safe virtualized environment
This course aims at exposing the participants to principles of information security, and a set of tools that is necessary to understand those principles. The course will consist of hands -on sessions on the use of prominent open-source
security tools. Participants will be guided through these tools’ usage and utility.
Towards the end of this course, design and architecture of “Virtual Laboratory for Security Experimentation” framework will be presented to the audience. This framework will allow a student of security engineering to setup a
virtual, private laboratory in which real world security concepts/scenarios could be easily simulated. The workshop will conclude with a round-table in which feedback from participants is expected on the VLSE framework and how VLSE
could further be extended across institutes as a national VLSE (nVLSE).
Wireshark, OpenVAS, Metasploit-framework, Armitage, metagoofil, ZAP, hydra, nikto, ostinato, ettercap, W3AF, ngrep, Haka, BeEF, tcpxtract, Sleuth Kit, volatility, tinyhoneypot, mitmproxy, sslstrip, binwalk, doona, vusb-analyzer, xplico, vega, skipfish, fnotifystat, portsentry, p0f, truecrypt, rkhunter, iptables, snort, nmap, arp, lynis, etc. This is a representative list of tools. Actual set of tools will be avail able on course web -site in due time