 |
|
Course Duration : 60 Hours |
Part 1: The Business and Legal Issues of Ethical Hacking |
Chapter 1: Introduction to Ethical Hacking
• Terminology
• Hackers, Crackers, and Other Related Terms
• Hactivism
• Threats
• Hacking History
• Ethical Hacking Objectives and Motivations
• Steps in Malicious Hacking
• Reconnaissance
• Scanning
• Acquiring Access
• Maintaining Access
• Covering, Clearing Tracks, and Installing Back Doors
• Hacker and Ethical Hacker Characteristics and Operations
• Skills Needed by an Ethical Hacker
• Steps in an Infosec Evaluation
• Types of Information System Security Testing
• Ethical Hacking Outputs
• Protections and Obligations for the Ethical Hacker
• Related Types of Computer Crime |
| |
Chapter 2: Legality and Ethics
• Law and Legal Systems
• Administrative Law
• Common Law Organization
• Statutory Law
• U.S. Common Law System Categories
• Computer Security Crime Laws
• Privacy Principles and Laws
• Computer Crime Penalties
• Ethics
• Assessment Questions |
| |
Chapter 3: Penetration Testing for Business
• Penetration Testing from a Business Perspective
• Penetration Test Approach and Results
• Valuating Assets
• Penetration Testing Steps Summarized
• Selecting a Penetration Testing Consulting Organization
• Justification of Penetration Testing through Risk Analysis
• Risk Analysis Process
• Typical Threats and Attacks
• Impact Determination
• Management Responsibilities in Risk Analysis Relating to Penetration Testing |
| |
| Part 2: The Pre-Attack Phases |
Chapter 4: Footprinting
• Gathering Information
• Whois
• Nslookup
• Open Source Searching
• Locating the Network Range
• Determining the Network Range with ARIN
• Traceroute and TTL
• Email Tracking Programs |
| |
Chapter 5: Scanning
• Identifying Active Machines
• Ping:
• Ping Sweeps
• Ping Tools
• Identifying Open Ports and Available Services
• Port Scanning:
• TCP/UDP Scanning Types
• Determining the Operating System
• Scanning Tools
• Vulnerable Ports
• Port Scanning Issues
• Banner Grabbing
• War Dialing
• War Driving and War Walking:
• Wireless Scanners
• Wireless Packet Sniffers
• Fingerprinting
• Passive Fingerprinting
• Mapping the Network |
| |
Chapter 6: Enumerating
• Protection Rings
• Windows Architecture
• Windows Security Elements
• SAM Database
• Local Security Authority Subsystem Service
• NetBIOS
• Active Directory (AD)
• Enumerating Techniques for Windows
• NetBIOS Enumerating
• Net View
• NBTSTAT
• Nbtscan
• User2sid and Sid2user
• Other Tools
• SNMP Enumeration
• SNMPutil
• Other SNMP Enumeration Tools
• DNS Zone Transfer
• Active Directory Enumeration
• Countermeasures
• NetBIOS Null Sessions
• SNMP Enumeration Countermeasures
• DNS Zone Transfer Countermeasures |
| |
| Part 3: Attack Techniques and Tools |
Chapter 7: System Hacking Techniques
• Password Guessing
• Automated Password Guessing
• Password Sniffing
• L0phtcrack
• KerbCrack
• Alternate Means
• Keystroke Loggers
• Hardware Keyloggers
• Software Keyloggers
• Keylogging Tools
• Redirecting SMB
• Privilege Escalation
• Password Cracking
• Password Cracking Techniques
• Dictionary Attack
• Brute Force Attack
• Hybrid Attack
• Rainbow Attack
• Stealing SAM
• Cracking Tools
• Covering Tracks
• Disabling Auditing
• Clearing the Event Log
• Planting Rootkits
• File Hiding
• Countermeasures |
| |
Chapter 8: Trojans, Backdoors, and Sniffers
• Trojans and Backdoors
• Trojan Types
• Remote Access Trojans (RATs)
• Trojan Attack Vectors
• Wrappers
• Covert Communication
• Trusted Computer System Evaluation Criteria (TCSEC)
• Covert Storage Channel
• Covert Timing Channel
• Covert Communication Tools
• Port Redirection
• NetCat
• Reverse Telnet
• Datapipe
• Fpipe
• Rinetd
• Trojan Tools and Creation Kits
• Tini
• QAZ
• Donald Dick
• NetBus
• Back Orifice 2000
• SubSeven
• Other Notables
• Anti-Trojan Software and Countermeasures
• Windows File Protection (WFP)
• Tripwire
• Fport
• TCPView
• Process Viewer
• Inzider
• Sniffers
• Sniffing Exploits
• ARP Spoofing
• MAC Flooding
• DNS Spoofing or Poisoning
• Sniffing Tools
• Snort
• Dsniff
• Ethereal
• MAC Flooding Tools
• ARP Poisoning Tools
• Other Sniffing Tools |
| |
Chapter 9: Denial of Service Attacks and Session Hijacking
• Denial of Service/Distributed Denial of Service (DoS/DDoS)
• DOS Attacks
• DDoS Attacks
• Prevention of DoS Attacks
• Prevention of DDoS Attacks
• Session Hijacking
• The TCP/IP Protocol Stack
• Layered Protocol Roles
• Sequence Numbers
• Session Hijacking Steps
• Tools for Session Hijacking
• Protecting Against Session Hijacking |
| |
Chapter 10: Penetration Testing Steps
• Penetration Testing Overview
• Legal and Ethical Implications
• The Three Pretest Phases
• Footprinting
• Scanning
• Enumerating
• Penetration Testing Tools and Techniques
• Port Scanners
• Vulnerability Scanners
• Password Crackers
• Trojan Horses
• Buffer Overflows
• SQL Injection Attack
• Cross Site Scripting (XSS)
• Wireless Network Penetration Testing
• WLAN Vulnerabilities
• SSID Issues
• WEP Weaknesses
• MAC Address Vulnerabilities
• Wireless Scanning Tools
• Social Engineering
• Intrusion Detection System (IDS) |
| |
Chapter 11: Linux Hacking Tools
• Linux History
• Scanning Networks with Linux Tools
• NMap
• Nessus
• Cheops and Cheops-ng
• Linux Hacking Tools
• John the Ripper
• SARA
• Sniffit
• HPing
• Linux Rootkits
• Linux Security Tools
• Linux Firewalls
• IPChains
• IPTables
• Linux Application Security Tools
• Linux Intrusion Detection Systems (IDS)
• Linux Encryption Tools
• Linux Log and Traffic Monitors
• Port Scan Detection Tools |
| |
Chapter 12: Social Engineering and Physical Security
• Social Engineering
• Human-Based (Person-to-Person) Social Engineering
• Computer-Based Social Engineering
• Example Social Engineering Attacks
• Motivations for Individuals to Respond to Social Engineers
• Reverse Social Engineering
• Phishing
• Hidden Frames
• URL Obfuscation
• HTML Image Mapping
• Identity Theft
• Defending Against Social Engineering Attacks
• Physical Security
• Physical Security Implementation
• Company Facility Controls and Issues
• Company Personnel Controls
• Environmental Controls
• Heating, Ventilation, and Air Conditioning (HVAC)
• Fire Safety Controls
• Access Controls
• Fax Machines
• Physical Facility Controls |
| |
| Part 4: Web Server and Database Attacks |
Chapter 13: Web Server Hacking and Web Application Vulnerabilities
• Web Server Hacking
• Client to Server Data Exchange
• Web Servers
• Web Server Security Issues
• ISAPI and DLL
• IIS Attacks
• Apache Attacks
• Hacking Tools
• Patch Management
• Web Application Vulnerabilities
• Related Hacking Tools
• Netcat
• Black Widow
• Instant Source
• Wget
• Websleuth
• Nikto
• Wikto
• Nessus
• Network Utilities
• Countermeasures |
| |
Chapter 14: SQL Injection Vulnerabilities
• SQL Injection Testing and Attacks
• Preparing for an Attack
• Conducting an Attack
• Lack of Strong Typing
• Union Select Statements
• Acquiring Table Column Names
• Stored Procedures
• Extended Stored Procedures
• Server System Tables
• SQL Injection Prevention and Remediation
• Automated SQL Injection Tools |
| |
Chapter 15: Cryptography
• Symmetric Key Cryptography
• Symmetric Key Encipherment
• Substitution Cipher
• Vernam Cipher (One-Time Pad)
• Transposition (Permutation) Cipher
• The Exclusive Or (XOR) Function
• Symmetric Key Cryptography Characteristics
• Data Encryption Standard (DES)
• Triple DES
• The Advanced Encryption Standard (AES)
• The Blowfish Algorithm
• The Twofish Algorithm
• The IDEA Cipher
• RC5/RC6
• Public Key Cryptosystems
• One-Way Functions
• Public Key Algorithms
• RSA
• El Gamal
• Elliptic Curve (EC)
• Summaries of Public Key Cryptosystem Approaches
• Digital Signatures
• Hash Function
• Developing the Digital Signature
• The U.S. Digital Signature Standard (DSS)
• MD5
• Public Key Certificates
• Digital Certificates
• Public Key Infrastructure (PKI)
• Cryptanalysis
• Managing Encryption Keys
• Email Security
• Electronic Transaction Security
• Wireless Security
• Disk Encryption
• Hacking Tools |
| |
Chapter 16: Cracking Web Passwords
• Authentication
• Authentication Methods
• Basic Authentication
• Digest Authentication
• NTLM (NT LAN Manager) Authentication
• Negotiate Authentication
• Certificate Based Authentication
• Forms-Based Authentication
• RSA Secure Token
• Biometrics
• Password Considerations and Issues
• Selecting Passwords
• Protecting Passwords
• Password Cracking
• Computer Password Cracking and Support Tools
• Web Password Cracking Tools
• Countermeasures |
| |
| Part 5: Advanced Topics |
Chapter 17: Wireless Network Attacks and Countermeasures
• Wireless Technology
• The Cellular Phone Network
• Worldwide Cellular via LEO Satellites
• Cellular Network Elements
• Global Wireless Transmission Systems
• AMPS
• TDMA
• CDMA
• GSM
• CDPD
• NMT
• TACS
• PDC
• General Packet Radio Service (GPRS)
• Enhanced Data Rates for Global Evolution (EDGE)
• Wireless Networking
• Direct Sequence Spread Spectrum (DSSS)
• Frequency Hopping Spread Spectrum (FHSS)
• The IEEE 802.11 Family
• WLAN Operational Modes
• Ad Hoc Mode
• Infrastructure Mode
• Association Frames
• Service Set Identifier (SSID)
• Bluetooth
• BT Security
• BT Attacks
• The Wireless Application Protocol (WAP)
• Wired Equivalent Privacy (WEP)
• WEP Encryption
• WEP Decryption
• RC4
• WEP Authentication Methods
• Open System Authentication
• Shared Key Authentication
• Media Access Control Authentication
• WEP Key Management
• WEP Cracking
• WPA and WPA2
• 802.1x and EAP
• Extensible Authentication Protocol (EAP)
• EAP Transport Level Security (EAP-TLS)
• Lightweight Extensible Authentication Protocol (LEAP)
• WLAN Threats
• Denial of Service Attacks
• SSID Problems
• The Broadcast Bubble
• War Driving
• Rogue Access Points
• MAC Spoofing
• Wireless Hacking Tools
• NetStumbler
• AiroPeek
• AirSnort
• Kismet
• WEPCrack
• Other WLAN Tools
• Securing WLANs
• Standards and Policy Solutions
• MAC Address Filtering
• SSID Solutions
• Antenna Placement
• VLANS
• Wireless VPNs
• Wireless RADIUS
• Dynamic WEP Keys
• Enable WEP, WPA2, EAP, and 802.1x
• Site Surveys and IDS |
| |
Chapter 18: Firewalls, Intrusion Detection Systems, and Honeypots
• Firewalls
• Firewall Types
• Proxy Firewall
• Packet Level Filtering Firewall
• Stateful Inspection Firewalls
• Hardware and Software Firewalls
• Firewall Architectures
• Packet-Filtering Routers
• Dual-Homed Hosts
• Screened Host
• Screened-Subnet Firewalls
• Firewall Identification
• Banner Grabbing
• Port Scanning
• Firewall Ports
• Scanning with TCP
• Scanning with UDP
• Firewalking
• Breaching and Bypassing Firewalls
• Hping
• Traceroute
• Covert Channeling
• ACK Tunneling
• HTTP Tunneling
• Firewall Backdoors
• Firewall Informer
• Intrusion Detection and Response
• Host-Based ID Systems
• Network-Based ID systems
• IDS Detection Methods
• Statistical Anomaly Detection
• Pattern Matching Detection
• Protocol Detection
• IDS Responses
• Using an IDS in a Switched Environment
• Evading IDSs
• Tools for Evading and Testing IDSs
• Intrusion Prevention Systems
• SNORT 2.x
• Cisco Security Agent
• Incident Handling
• Computer Incident Response Team
• Incident Notification
• Honeypots
• Honeypot Applications
• Discovering Honeypots |
| |
Chapter 19: Viruses, Worms, and Buffer Overflows
• Viruses
• The Virus Lifecycle
• Macro Viruses
• Polymorphic Viruses
• Stealth Viruses
• Spyware
• Web Bugs
• Spambots
• Pop-Up Downloads
• Drive-By Downloads
• Bogus Spyware Removal Programs
• Multistage and Blended Threats
• Worms
• Virus and Worm Examples
• Chernobyl
• Explore.Zip
• LoveLetter
• Melissa Virus
• Nimda Virus
• Pretty Park
• BugBear
• Klez
• SirCam Worm
• Code Red Worm
• Other Worms of Interest
• Buffer Overflows |
