Course Outline Version 6.1
CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.
Module 1: Introduction to Ethical Hacking
* Problem Definition -Why Security?
* Essential Terminologies
* Elements of Security
* The Security, Functionality and Ease of Use Triangle
* Effect on Business
* Case Study
* What does a Malicious Hacker do?
o Phase1-Reconnaissaance
+ Reconnaissance Types
o Phase2-Scanning
o Phase3-Gaining Access
o Phase4-Maintaining Access
o Phase5-Covering Tracks
* Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
* Hacktivism
* Hacker Classes
* Security News: Suicide Hacker
* Ethical Hacker Classes
* What do Ethical Hackers do
* Can Hacking be Ethical
* How to become an Ethical Hacker
* Skill Profile of an Ethical Hacker
* What is Vulnerability Research
o Why Hackers Need Vulnerability Research
o Vulnerability Research Tools
o Vulnerability Research Websites
+ National Vulnerability Database (nvd.nist.gov)
+ Securitytracker (www.securitytracker.com)
+ Securiteam (www.securiteam.com)
+ Secunia (www.secunia.com)
+ Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)
+ HackerWatch (www.hackerwatch.org)
+ SecurityFocus (www.securityfocus.com)
+ SecurityMagazine (www.securitymagazine.com)
+ SC Magazine (www.scmagazine.com)
+ MILWORM
* How to Conduct Ethical Hacking
* How Do They Go About It
* Approaches to Ethical Hacking
* Ethical Hacking Testing
* Ethical Hacking Deliverables
* Computer Crimes and Implications
Module 2: Hacking Laws
* U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
* Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029
+ Penalties
o 18 U.S.C. § 1030
+ Penalties
o 18 U.S.C. § 1362
o 18 U.S.C. § 2318
o 18 U.S.C. § 2320
o 18 U.S.C. § 1831
o 47 U.S.C. § 605, unauthorized publication or use of communications
o Washington:
+ RCW 9A.52.110
o Florida:
+ § 815.01 to 815.07
o Indiana:
+ IC 35-43
* United Kingdom’s Cyber Laws
* United Kingdom: Police and Justice Act 2006
* European Laws
* Japan’s Cyber Laws
* Australia : The Cybercrime Act 2001
* Indian Law: THE INFORMTION TECHNOLOGY ACT
* Argentina Laws
* Germany’s Cyber Laws
* Singapore’s Cyber Laws
* Belgium Law
* Brazilian Laws
* Canadian Laws
* France Laws
* German Laws
* Italian Laws
* MALAYSIA: THE COMPUTER CRIMES ACT 1997
* HONGKONG: TELECOMMUNICATIONS
* Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.
* Greece Laws
* Denmark Laws
* Netherlands Laws
* Norway
* ORDINANCE
* Mexico
* SWITZERLAND
Module 3: Footprinting
* Revisiting Reconnaissance
* Defining Footprinting
* Why is Footprinting Necessary
* Areas and Information which Attackers Seek
* Information Gathering Methodology
o Unearthing Initial Information
+ Finding Company’s URL
+ Internal URL
+ Extracting Archive of a Website
# www.archive.org
+ Google Search for Company’s Info
# People Search
# Yahoo People Search
# Satellite Picture of a Residence
# Best PeopleSearch
# People-Search-America.com
# Switchboard
# Anacubis
# Google Finance
# Yahoo Finance
+ Footprinting through Job Sites
+ Passive Information Gathering
+ Competitive Intelligence Gathering
# Why Do You Need Competitive Intelligence?
# Competitive Intelligence Resource
# Companies Providing Competitive Intelligence Services
# Carratu International
# CI Center
# Competitive Intelligence - When Did This Company Begin? How Did It Develop?
# Competitive Intelligence - Who Leads This Company
# Competitive Intelligence - What Are This Company's Plans
# Competitive Intelligence - What Does Expert Opinion Say About The Company
# Competitive Intelligence - Who Are The Leading Competitors?
# Competitive Intelligence Tool: Trellian
# Competitive Intelligence Tool: Web Investigator
+ Public and Private Websites
* Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
o Alchemy Network Tool
o Advanced Administrative Tool
o My IP Suite
o Wikto Footprinting Tool
o Whois Lookup
o Whois
o SmartWhois
o ActiveWhois
o LanWhois
o CountryWhois
o WhereIsIP
o Ip2country
o CallerIP
o Web Data Extractor Tool
o Online Whois Tools
o What is MyIP
o DNS Enumerator
o SpiderFoot
o Nslookup
o Extract DNS Information
+ Types of DNS Records
+ Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
o Reggie
o Locate the Network Range
+ ARIN
+ Traceroute
# Traceroute Analysis
+ 3D Traceroute
+ NeoTrace
+ VisualRoute Trace
+ Path Analyzer Pro
+ Maltego
+ Layer Four Traceroute
+ Prefix WhoIs widget
+ Touchgraph
+ VisualRoute Mail Tracker
+ eMailTrackerPro
+ Read Notify
* E-Mail Spiders
o 1st E-mail Address Spider
o Power E-mail Collector Tool
o GEOSpider
o Geowhere Footprinting Tool
o Google Earth
o Kartoo Search Engine
o Dogpile (Meta Search Engine)
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o HTTrack Web Site Copier
o Website Watcher
* How to Create Fake Website
* Real and Fake Website
* Tool: Reamweaver
* Mirrored Fake Website
* Faking Websites using Man-in-the-Middle Phishing Kit
* Benefits to Fraudster
* Steps to Perform Footprinting
Module 4: Google Hacking
* What is Google hacking
* What a hacker can do with vulnerable site
* Anonymity with Caches
* Using Google as a Proxy Server
* Directory Listings
o Locating Directory Listings
o Finding Specific Directories
o Finding Specific Files
o Server Versioning
* Going Out on a Limb: Traversal Techniques
o Directory Traversal
o Incremental Substitution
* Extension Walking
* Site Operator
* intitle:index.of
* error | warning
* login | logon
* username | userid | employee.ID | “your username is”
* password | passcode | “your password is”
* admin | administrator
o admin login
* –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
* inurl:temp | inurl:tmp | inurl:backup | inurl:bak
* intranet | help.desk
* Locating Public Exploit Sites
o Locating Exploits Via Common Code Strings
+ Searching for Exploit Code with Nonstandard Extensions
+ Locating Source Code with Common Strings
* Locating Vulnerable Targets
o Locating Targets Via Demonstration Pages
+ “Powered by” Tags Are Common Query Fodder for Finding Web Applications
o Locating Targets Via Source Code
+ Vulnerable Web Application Examples
o Locating Targets Via CGI Scanning
+ A Single CGI Scan-Style Query
* Directory Listings
o Finding IIS 5.0 Servers
* Web Server Software Error Messages
o IIS HTTP/1.1 Error Page Titles
o “Object Not Found” Error Message Used to Find IIS 5.0
o Apache Web Server
+ Apache 2.0 Error Pages
* Application Software Error Messages
o ASP Dumps Provide Dangerous Details
o Many Errors Reveal Pathnames and Filenames
o CGI Environment Listings Reveal Lots of Information
* Default Pages
o A Typical Apache Default Web Page
o Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP
o Default Pages Query for Web Server
o Outlook Web Access Default Portal
* Searching for Passwords
o Windows Registry Entries Can Reveal Passwords
o Usernames, Cleartext Passwords, and Hostnames!
* Google Hacking Database (GHDB)
* SiteDigger Tool
* Gooscan
* Goolink Scanner
* Goolag Scanner
* Tool: Google Hacks
* Google Hack Honeypot
* Google Protocol
* Google Cartography
Module 5: Scanning
* Scanning: Definition
* Types of Scanning
* Objectives of Scanning
* CEH Scanning Methodology
o Checking for live systems - ICMP Scanning
+ Angry IP
+ Ping Sweep
+ Firewalk Tool
+ Firewalk Commands
+ Firewalk Output
+ Three Way Handshake
+ TCP Communication Flags
+ Nmap
+ Nmap: Scan Methods
+ NMAP Scan Options
+ NMAP Output Format
+ HPing2
+ Syn Stealth/Half Open Scan
+ Stealth Scan
+ Xmas Scan
+ Fin Scan
+ Null Scan
+ Idle Scan
+ ICMP Echo Scanning/List Scan
+ TCP Connect/Full Open Scan
+ SYN/FIN Scanning Using IP Fragments
+ UDP Scanning
+ Reverse Ident Scanning
+ Window Scan
+ Blaster Scan
+ Portscan Plus, Strobe
+ IPSec Scan
+ Netscan Tools Pro
+ WUPS – UDP Scanner
+ Superscan
+ IPScanner
+ Global Network Inventory Scanner
+ Net Tools Suite Pack
+ Floppy Scan
+ FloppyScan Steps
+ E-mail Results of FloppyScan
+ Atelier Web Ports Traffic Analyzer (AWPTA)
+ Atelier Web Security Port Scanner (AWSPS)
+ IPEye
+ ike-scan
+ Infiltrator Network Security Scanner
+ YAPS: Yet Another Port Scanner
+ Advanced Port Scanner
+ NetworkActiv Scanner
+ NetGadgets
+ P-Ping Tools
+ MegaPing
+ LanSpy
+ HoverIP
+ LANView
+ NetBruteScanner
+ SolarWinds Engineer’s Toolset
+ AUTAPF
+ OstroSoft Internet Tools
+ Advanced IP Scanner
+ Active Network Monitor
+ Advanced Serial Data Logger
+ Advanced Serial Port Monitor
+ WotWeb
+ Antiy Ports
+ Port Detective
+ Roadkil’s Detector
+ Portable Storage Explorer
* War Dialer Technique
o Why War Dialing
o Wardialing
o Phonesweep – War Dialing Tool
o THC Scan
o ToneLoc
o ModemScan
o War Dialing Countermeasures: Sandtrap Tool
* Banner Grabbing
o OS Fingerprinting
+ Active Stack Fingerprinting
+ Passive Fingerprinting
o Active Banner Grabbing Using Telnet
o GET REQUESTS
o P0f – Banner Grabbing Tool
o p0f for Windows
o Httprint Banner Grabbing Tool
o Tool: Miart HTTP Header
o Tools for Active Stack Fingerprinting
+ Xprobe2
+ Ringv2
+ Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger
* Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
o Nessus
o GFI Languard
o Security Administrator’s Tool for Analyzing Networks (SATAN)
o Retina
o Nagios
o PacketTrap's pt360 Tool Suite
o NIKTO
o SAFEsuite Internet Scanner, IdentTCPScan
* Draw Network Diagrams of Vulnerable Hosts
o Friendly Pinger
o LANsurveyor
o Ipsonar
o LANState
o Insightix Visibility
o IPCheck Server Monitor
o PRTG Traffic Grapher
* Preparing Proxies
o Proxy Servers
o Use of Proxies for Attack
o Free Proxy Servers
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
o Anonymizers
+ Surfing Anonymously
+ Primedius Anonymizer
+ StealthSurfer
+ Anonymous Surfing: Browzar
+ Torpark Browser
+ GetAnonymous
+ IP Privacy
+ Anonymity 4 Proxy (A4Proxy)
+ Psiphon
+ Connectivity Using Psiphon
+ Bloggers Write Text Backwards to Bypass Web Filters in China
+ Vertical Text Converter
+ How to Check If Your Website Is Blocked In China or Not
+ Mowser and Phonifier
+ AnalogX Proxy
+ NetProxy
+ Proxy+
+ ProxySwitcher Lite
+ JAP
+ Proxomitron
o Google Cookies
+ G-Zapper
o SSL Proxy Tool
o How to Run SSL Proxy
o HTTP Tunneling Techniques
+ Why Do I Need HTTP Tunneling
+ Httptunnel for Windows
+ How to Run Httptunnel
+ HTTP-Tunnel
+ HTTPort
o Spoofing IP Address
+ Spoofing IP Address Using Source Routing
+ Detection of IP Spoofing
+ Despoof Tool
* Scanning Countermeasures
* Tool: SentryPC
Module 6: Enumeration
* Overview of System Hacking Cycle
* What is Enumeration?
* Techniques for Enumeration
* NetBIOS Null Sessions
o So What's the Big Deal
o DumpSec Tool
o NetBIOS Enumeration Using Netview
+ Nbtstat Enumeration Tool
+ SuperScan
+ Enum Tool
o Enumerating User Accounts
+ GetAcct
o Null Session Countermeasure
* PS Tools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLogged On
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
* Simple Network Management Protocol (SNMP) Enumeration
o Management Information Base (MIB)
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
* LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
* NTP enumeration
* SMTP enumeration
o Smtpscan
* Web enumeration
o Asnumber
o Lynx
* Winfingerprint
o Windows Active Directory Attack Tool
* How To Enumerate Web Application Directories in IIS Using DirectoryServices
* IP Tools Scanner
* Enumerate Systems Using Default Password
* Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
o Terminal Service Agent
o TXNDS
o Unicornscan
o Amap
o Netenum
* Steps to Perform Enumeration
Module 7: System Hacking
* Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
+ Passive Online Attack: Wire Sniffing
+ Passive Online Attack: Man-in-the-middle and replay attacks
+ Active Online Attack: Password Guessing
+ Offline Attacks
# Brute force Attack
# Pre-computed Hashes
# Syllable Attack/Rule-based Attack/ Hybrid attacks
# Distributed network Attack
# Rainbow Attack
+ Non-Technical Attacks
o Default Password Database
+ http://www.defaultpassword.com/
+ http://www.cirt.net/cgi-bin/passwd.pl
+ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
o Permanent Account Lockout-Employee Privilege Abuse
o Administrator Password Guessing
+ Manual Password cracking Algorithm
+ Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
+ Tool: NAT
+ Smbbf (SMB Passive Brute Force Tool)
+ SmbCrack Tool: Legion
+ Hacking Tool: LOphtcrack
o Microsoft Authentication
+ LM, NTLMv1, and NTLMv2
+ NTLM And LM Authentication On The Wire
+ Kerberos Authentication
+ What is LAN Manager Hash?
# LM “Hash” Generation
# LM Hash
+ Salting
+ PWdump2 and Pwdump3
+ Tool: Rainbowcrack
+ Hacking Tool: KerbCrack
+ Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Signing
o Tool: LCP
o Tool: SID&User
o Tool: Ophcrack 2
o Tool: Crack
o Tool: Access PassView
o Tool: Asterisk Logger
o Tool: CHAOS Generator
o Tool: Asterisk Key
o Password Recovery Tool: MS Access Database Password Decoder
o Password Cracking Countermeasures
o Do Not Store LAN Manager Hash in SAM Database
o LM Hash Backward Compatibility
o How to Disable LM HASH
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit
* Part2-Escalating Privileges
o CEH Hacking Cycle
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
o Change Recovery Console Password - Method 1
o Change Recovery Console Password - Method 2
o Privilege Escalation Tool: x.exe
o Login Hack: Example
* Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o Ras N Map
o Tool: Alchemy Remote Executor
o Emsa FlexInfo Pro
o Keystroke Loggers
o E-mail Keylogger
o Revealer Keylogger Pro
o Handy Keylogger
o Ardamax Keylogger
o Powered Keylogger
o Quick Keylogger
o Spy-Keylogger
o Perfect Keylogger
o Invisible Keylogger
o Actual Spy
o SpyToctor FTP Keylogger
o IKS Software Keylogger
o Ghost Keylogger
o Hacking Tool: Hardware Key Logger
o What is Spyware?
o Spyware: Spector
o Remote Spy
o Spy Tech Spy Agent
o 007 Spy Software
o Spy Buddy
o Ace Spy
o Keystroke Spy
o Activity Monitor
o Hacking Tool: eBlaster
o Stealth Voice Recorder
o Stealth Keylogger
o Stealth Website Logger
o Digi Watcher Video Surveillance
o Desktop Spy Screen Capture Program
o Telephone Spy
o Print Monitor Spy Tool
o Stealth E-Mail Redirector
o Spy Software: Wiretap Professional
o Spy Software: FlexiSpy
o PC PhoneHome
o Keylogger Countermeasures
o Anti Keylogger
o Advanced Anti Keylogger
o Privacy Keyboard
o Spy Hunter - Spyware Remover
o Spy Sweeper
o Spyware Terminator
o WinCleaner AntiSpyware
* Part4-Hiding files
o CEH Hacking Cycle
o Hiding Files
o RootKits
+ Why rootkits
+ Hacking Tool: NT/2000 Rootkit
+ Planting the NT/2000 Rootkit
+ Rootkits in Linux
+ Detecting Rootkits
+ Steps for Detecting Rootkits
+ Rootkit Detection Tools
+ Sony Rootkit Case Study
+ Rootkit: Fu
+ AFX Rootkit
+ Rootkit: Nuclear
+ Rootkit: Vanquish
+ Rootkit Countermeasures
+ Patchfinder
+ RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
+ NTFS Stream Manipulation
+ NTFS Streams Countermeasures
+ NTFS Stream Detectors (ADS Spy and ADS Tools)
+ Hacking Tool: USB Dumper
o What is Steganography?
+ Steganography Techniques
# Least Significant Bit Insertion in Image files
# Process of Hiding Information in Image Files
# Masking and Filtering in Image files
# Algorithms and transformation
+ Tool: Merge Streams
+ Invisible Folders
+ Tool: Invisible Secrets
+ Tool : Image Hide
+ Tool: Stealth Files
+ Tool: Steganography
+ Masker Steganography Tool
+ Hermetic Stego
+ DCPP – Hide an Operating System
+ Tool: Camera/Shy
+ www.spammimic.com
+ Tool: Mp3Stego
+ Tool: Snow.exe
+ Steganography Tool: Fort Knox
+ Steganography Tool: Blindside
+ Steganography Tool: S- Tools
+ Steganography Tool: Steghide
+ Tool: Steganos
+ Steganography Tool: Pretty Good Envelop
+ Tool: Gifshuffle
+ Tool: JPHIDE and JPSEEK
+ Tool: wbStego
+ Tool: OutGuess
+ Tool: Data Stash
+ Tool: Hydan
+ Tool: Cloak
+ Tool: StegoNote
+ Tool: Stegomagic
+ Steganos Security Suite
+ C Steganography
+ Isosteg
+ FoxHole
+ Sams Big Playmaker
+ Video Steganography
+ Case Study: Al-Qaida members Distributing Propaganda to Volunteers using Steganography
+ Steganalysis
+ Steganalysis Methods/Attacks on Steganography
+ Stegdetect
+ SIDS
+ High-Level View
+ Tool: dskprobe.exe
+ Stego Watch- Stego Detection Tool
+ StegSpy
* Part5-Covering Tracks
o CEH Hacking Cycle
o Covering Tracks
o Disabling Auditing
o Clearing the Event Log
o Tool: elsave.exe
o Hacking Tool: Winzapper
o Evidence Eliminator
o Tool: Traceless
o Tool: Tracks Eraser Pro
o Armor Tools
o Tool: ZeroTracks
Module 8: Trojans and Backdoors
* What is a Trojan?
o Overt and Covert Channels
o Working of Trojans
o Different Types of Trojans
+ Remote Access Trojans
+ Data-Sending Trojans
+ Destructive Trojans
+ Denial-of-Service (DoS) Attack Trojans
+ Proxy Trojans
+ FTP Trojans
+ Security Software Disablers
o What do Trojan Creators Look for?
o Different Ways a Trojan can Get into a System
* Indications of a Trojan Attack
* Ports Used by Trojans
o How to Determine which Ports are Listening
* Classic Trojans
o Trojan: Tini
o Trojan: iCmd
o Trojan: NetBus
o Trojan: Netcat
o Netcat Client/Server
o Trojan: Beast
o MoSucker Trojan
o SARS Trojan Notification
o Proxy Server Trojan
o FTP Trojan - TinyFTPD
o VNC Trojan
o Wrappers
o Wrapper Covert Program
o Wrapping Tools
o One Exe Maker / YAB / Pretator Wrappers
o Packaging Tool: WordPad
o RemoteByMail
o Tool: Icon Plus
o Defacing Application: Restorator
o Tetris
* Stealth Trojans
o HTTP Trojans
o Trojan Attack through Http
o HTTP Trojan (HTTP RAT)
o Shttpd Trojan - HTTP Server
o Tool: BadLuck Destructive Trojan
o Loki
o Loki Countermeasures
o Atelier Web Remote Commander
o Trojan Horse Construction Kit
o ICMP Tunneling
o ICMP Backdoor Trojan
* Reverse Connecting Trojans
o Reverse Connecting Trojans
o Nuclear RAT Trojan (Reverse Connecting)
o Reverse Tunnel
o Covert Channel Tunneling Tool (cctt)
o Windows Reverse Shell
o perl-reverse-shell
o php-reverse-shell
o XSS Shell Tunnel
o winarp_mim
* Miscellaneous Trojans
o Backdoor.Theef (AVP)
o T2W (TrojanToWorm)
o Biorante RAT
o DownTroj
o Turkojan
o Trojan.Satellite-RAT
o Yakoza
o DarkLabel B4
o Trojan.Hav-Rat
o Poison Ivy
o Rapid Hacker
o SharK
o HackerzRat
o TYO
o 1337 Fun Trojan
o Criminal Rat Beta
o VicSpy
o Optix PRO
o ProAgent
o OD Client
o AceRat
o Mhacker-PS
o RubyRAT Public
o SINner
o ConsoleDevil
o ZombieRat
o Webcam Trojan
o DJI RAT
o Skiddie Rat
o Biohazard RAT
o Troya
o ProRat
o Dark Girl
o DaCryptic
o Net-Devil
o PokerStealer.A
o Hovdy.a
* How to Detect Trojans?
o Netstat
o fPort
o TCPView
o CurrPorts Tool
o Process Viewer
o Delete Suspicious Device Drivers
o Check for Running Processes: What’s on My Computer
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Autoruns
o Hijack This (System Checker)
o Startup List
* Anti-Trojan Software
o TrojanHunter
o Comodo BOClean
o Trojan Remover: XoftspySE
o Trojan Remover: Spyware Doctor
o SPYWAREfighter
* Evading Anti-Virus Techniques
* Sample Code for Trojan Client/Server
* Evading Anti-Trojan/Anti-Virus using Stealth Tools
* Backdoor Countermeasures
* Tripwire
* System File Verification
* MD5 Checksum.exe
* Microsoft Windows Defender
* How to Avoid a Trojan Infection
Module 9: Viruses and Worms
* Virus History
* Characteristics of Virus
* Working of Virus
o Infection Phase
o Attack Phase
* Why people create Computer Viruses
* Symptoms of a Virus-like Attack
* Virus Hoaxes
* Chain Letters
* Worms
* How is a Worm Different from a Virus
* Indications of a Virus Attack
* Virus Damage
o Mode of Virus Infection
* Stages of Virus Life
* Types of Virus
o Virus Classification
o How Does a Virus Infect?
o Storage Patterns of Virus
+ System Sector virus
+ Stealth Virus
+ Bootable CD-Rom Virus
# Self -Modification
# Encryption with a Variable Key
+ Polymorphic Code
+ Metamorphic Virus
+ Cavity Virus
+ Sparse Infector Virus
+ Companion Virus
+ File Extension Virus
* Famous Viruses and Worms
o Famous Virus/Worms – I Love You Virus
o Famous Virus/Worms – Melissa
o Famous Virus/Worms – JS/Spth
o Klez Virus Analysis
o Slammer Worm
o Spread of Slammer Worm – 30 min
o MyDoom.B
o SCO Against MyDoom Worm
* Latest Viruses
o Latest Viruses
o Top 10 Viruses- 2008
+ Virus: Win32.AutoRun.ah
+ Virus:W32/Virut
+ Virus:W32/Divvi
+ Worm.SymbOS.Lasco.a
+ Disk Killer
+ Bad Boy
+ HappyBox
+ Java.StrangeBrew
+ MonteCarlo Family
+ PHP.Neworld
+ W32/WBoy.a
+ ExeBug.d
+ W32/Voterai.worm.e
+ W32/Lecivio.worm
+ W32/Lurka.a
+ W32/Vora.worm!p2p
* Writing Virus Program
o Writing a Simple Virus Program
o Virus Construction Kits
* Virus Detection Methods
o Virus Detection Methods
o Virus Incident Response
o What is Sheep Dip?
o Virus Analysis – IDA Pro Tool
o Online Virus Testing: http://www.virustotal.com/
o Prevention is better than Cure
* Anti-Virus Software
o Anti-Virus Software
o AVG Antivirus
o Norton Antivirus
o McAfee
o Socketsheild
o BitDefender
o ESET Nod32
o CA Anti-Virus
o F-Secure Anti-Virus
o Kaspersky Anti-Virus
o F-Prot Antivirus
o Panda Antivirus Platinum
o avast! Virus Cleaner
o ClamWin
o Norman Virus Control
* Popular Anti-Virus Packages
* Virus Databases
* Snopes.com
Module 10: Sniffers
* Definition: Sniffing
* Types of Sniffing
* Protocols Vulnerable to Sniffing
* Passive Sniffing
* Active Sniffing
* Switched Port Analyzer (SPAN)
* SPAN Port
* Lawful Intercept
* Benefits of Lawful Intercept
* Network Components Used for Lawful Intercept
* Ready to Sniff?
* Tool: Network View – Scans the Network for Devices
* The Dude Sniffer
* Look@LAN
* Wireshark
* Display Filters in Wireshark
* Following the TCP Stream in Wireshark
* Pilot
* Tcpdump
* Tcpdump Commands
* Features of Sniffing Tools
* What is Address Resolution Protocol (ARP)
* ARP Spoofing Attack
* How Does ARP Spoofing Work
* ARP Poisoning
* Threats of ARP Poisoning
* MAC Flooding
* Mac Duplicating
* Mac Duplicating Attack
* Tools for ARP Spoofing
o Ettercap
o ArpSpyX
o Cain and Abel
+ Steps to Perform ARP Poisoning using Cain and Abel
o IRS – ARP Attack Tool
o ARPWorks Tool
* DHCP Starvation Attack
* DNS Poisoning Techniques
o 1. Intranet DNS Spoofing (Local Network)
o 2. Internet DNS Spoofing (Remote Network)
o 3. Proxy Server DNS Poisoning
o 4. DNS Cache Poisoning
* Tools for MAC Flooding
o Linux Tool: Macof
o Windows Tool: EtherFlood
* Sniffing Tools
o Interactive TCP Relay
o Interactive Replay Attacks
o Tool: Nemesis
o HTTP Sniffer: EffeTech
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o Win Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Packet Crafter Craft Custom TCP/IP Packets
o Engage Packet Builder
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o EtherApe Features
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
o Tool: Windump
o Tool: Etherpeek
o NetIntercept
o Colasoft EtherLook
o AW Ports Traffic Analyzer
o Colasoft Capsa Network Analyzer
o CommView
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
o URL Snooper
o EtherDetect Packet Sniffer
o EffeTech HTTP Sniffer
o AnalogX Packetmon
o Colasoft MSN Monitor
o IPgrab
o EtherScan Analyzer
o InfoWatch Traffic Monitor
* Linux Sniffing Tools (dsniff package)
o Linux Tool: Arpspoof
o Linux Tool: Dnsspoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o Linux Tool: Sshmitm
o Linux Tool: Tcpkill
o Linux Tool: Tcpnice
o Linux Tool: Urlsnarf
o Linux Tool: Webspy
o Linux Tool: Webmitm
* Hardware Protocol Analyzers
o Hardware Protocol Analyzers Vendors List
o Agilent Hardware Protocol Analyzers http://www.home.agilent.com/
o RADCOM Hardware Protocol Analyzers http://www.radcom.com/
o FLUKE Networks Hardware Protocol Analyzers http://www.flukenetworks.com/
o NETWORK INSTRUMENTS Hardware Protocol Analyzer http://www.netinst.com/
* How to Detect Sniffing
o Countermeasures
o AntiSniff Tool
o ArpWatch Tool
o PromiScan
o proDETECT
o Network Packet Analyzer CAPSA
Module 11: Social Engineering
* What is Social Engineering?
* Human Weakness
* “Rebecca” and “Jessica”
* Office Workers
* Types of Social Engineering
o Human-Based Social Engineering
+ Technical Support Example
+ More Social Engineering Examples
+ Human-Based Social Engineering: Eavesdropping
+ Human-Based Social Engineering: Shoulder Surfing
+ Human-Based Social Engineering: Dumpster Diving
+ Dumpster Diving Example
+ Oracle Snoops Microsoft’s Trash Bins
+ Movies to Watch for Reverse Engineering
o Computer Based Social Engineering
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threat
o Common Targets of Social Engineering
* Social Engineering Threats and Defenses
o Online Threats
o Telephone-Based Threats
o Personal approaches
o Defenses Against Social Engineering Threats
* Factors that make Companies Vulnerable to Attacks
* Why is Social Engineering Effective
* Warning Signs of an Attack
* Tool : Netcraft Anti-Phishing Toolbar
* Phases in a Social Engineering Attack
* Behaviors Vulnerable to Attacks
* Impact on the Organization
* Countermeasures
* Policies and Procedures
* Security Policies - Checklist
* Impersonating Orkut, Facebook, MySpace
* Orkut
* Impersonating on Orkut
* MW.Orc worm
* Facebook
* Impersonating on Facebook
* MySpace
* Impersonating on MySpace
* How to Steal Identity
* Comparison
* Original
* Identity Theft
* http://www.consumer.gov/idtheft/
Module 12: Phishing
* Phishing
* Introduction
* Reasons for Successful Phishing
* Phishing Methods
* Process of Phishing
* Types of Phishing Attacks
o Man-in-the-Middle Attacks
o URL Obfuscation Attacks
o Cross-site Scripting Attacks
o Hidden Attacks
o Client-side Vulnerabilities
o Deceptive Phishing
o Malware-Based Phishing
o DNS-Based Phishing
o Content-Injection Phishing
o Search Engine Phishing
* Phishing Statistics: March 2008
* Anti-Phishing
* Anti-Phishing Tools
o PhishTank SiteChecker
o NetCraft
o GFI MailEssentials
o SpoofGuard
o Phishing Sweeper Enterprise
o TrustWatch Toolbar
o ThreatFire
o GralicWrap
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
o Email-Tag.com
Module 13: Hacking Email Accounts
* Introduction
o Ways for Getting Email Account Information
o Stealing Cookies
o Social Engineering
o Password Phishing
o Fraudulent e-mail Messages
* Vulnerabilities
o Web Email
o Reaper Exploit
* Email Hacking Tools
o Tool: Advanced Stealth Email Redirector
o Tool: Mail PassView
o Tool: Email Password Recovery Master
o Tool: Mail Password
o Email Finder Pro
o Email Spider Easy
o Kernel Hotmail MSN Password Recovery
o Retrieve Forgotten Yahoo Password
o MegaHackerZ
o Hack Passwords
* Securing Email Accounts
o Creating Strong Passwords
o Creating Strong Passwords: Change Password
o Creating Strong Passwords: Trouble Signing In
o Sign-in Seal
o Alternate Email Address
o Keep Me Signed In/ Remember Me
o Tool: Email Protector
o Tool: Email Security
o Tool: EmailSanitizer
o Tool: Email Protector
o Tool: SuperSecret
Module 14: Denial-of-Service
* Real World Scenario of DoS Attacks
* What are Denial-of-Service Attacks
* Goal of DoS
* Impact and the Modes of Attack
* Types of Attacks
* DoS Attack Classification
o Smurf Attack
o Buffer Overflow Attack
o Ping of Death Attack
o Teardrop Attack
o SYN Attack
o SYN Flooding
o DoS Attack Tools
o DoS Tool: Jolt2
o DoS Tool: Bubonic.c
o DoS Tool: Land and LaTierra
o DoS Tool: Targa
o DoS Tool: Blast
o DoS Tool: Nemesy
o DoS Tool: Panther2
o DoS Tool: Crazy Pinger
o DoS Tool: SomeTrouble
o DoS Tool: UDP Flood
o DoS Tool: FSMax
* Bot (Derived from the Word RoBOT)
* Botnets
* Uses of Botnets
* Types of Bots
* How Do They Infect? Analysis Of Agabot
* How Do They Infect
* Tool: Nuclear Bot
* What is DDoS Attack
* Characteristics of DDoS Attacks
* Is DDOS Unstoppable?
* Agent Handler Model
* DDoS IRC based Model
* DDoS Attack Taxonomy
* Amplification Attack
* Reflective DNS Attacks
* Reflective DNS Attacks Tool: ihateperl.pl
* DDoS Tools
o DDoS Tool: Tribal Flood Network
o DDoS Tool: TFN2K
o DDoS Tool: Shaft
o DDoS Tool: Trinity
o DDoS Tool: Knight and Kaiten
o DDoS Tool: Mstream
* How to Conduct a DDoS Attack
* The Reflected DoS Attacks
* Reflection of the Exploit
* Countermeasures for Reflected DoS
* DDoS Countermeasures
* Taxonomy of DDoS Countermeasures
* Preventing Secondary Victims
* Detect and Neutralize Handlers
* Detect Potential Attacks
* DoSHTTP Tool
* Mitigate or Stop the Effects of DDoS Attacks
* Deflect Attacks
* Post-attack Forensics
* Packet Traceback
Module 15: Session Hijacking
* What is Session Hijacking?
* Understanding Session Hijacking
* Spoofing v Hijacking
* Steps in Session Hijacking
* Types of Session Hijacking
* Session Hijacking Levels
* Network Level Hijacking
* The 3-Way Handshake
* TCP Concepts 3-Way Handshake
* Sequence Numbers
* Sequence Number Prediction
* TCP/IP hijacking
* IP Spoofing: Source Routed Packets
* RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
* Blind Hijacking
* Man in the Middle Attack using Packet Sniffer
* UDP Hijacking
* Application Level Hijacking
* Programs that Performs Session Hacking
o TTY-Watcher
o IP watcher
o Remote TCP Session Reset Utility (SOLARWINDS)
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
* Dangers Posed by Hijacking
* Protecting against Session Hijacking
* Countermeasure: IPSec
Module 16: Hacking Web Servers
* How Web Servers Work
* How are Web Servers Compromised
* Web Server Defacement
o How are Servers Defaced
* Apache Vulnerability
* Attacks against IIS
o IIS7 Components
* Unicode
o Unicode Directory Traversal Vulnerability
o IIS Directory Traversal (Unicode) Attack
* Hacking Tool
o Hacking Tool: IISxploit.exe
o Msw3prt IPP Vulnerability
o RPC DCOM Vulnerability
o ASP Trojan
o IIS Logs
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o ServerMask ip100
o Tool: CacheRight
o Tool: CustomError
o Tool: HttpZip
o Tool: LinkDeny
o Tool: ServerDefender AI
o Tool: ZipEnable
o Tool: w3compiler
o Yersinia
* Tool: Metasploit Framework
* KARMA
o Karmetasploit
o Prerequisites for Karmetasploit
o Running Karmetasploit
* Tool: Immunity CANVAS Professional
* Tool: Core Impact
* Tool: MPack
* Tool: Neosploit
* Patch Management
o Hotfixes and Patches
o What is Patch Management
+ Solution: UpdateExpert
+ Patch Management Tool: qfecheck
+ Patch Management Tool: HFNetChk
+ cacls.exe utility
* Vulnerability Scanners
o Online Vulnerability Search Engine
o Network Tool: Whisker
o Network Tool: N-Stealth HTTP Vulnerability Scanner
o Hacking Tool: WebInspect
o Network Tool: Shadow Security Scanner
o Secure IIS
+ ServersCheck Monitoring
+ GFI Network Server Monitor
+ Servers Alive
+ Webserver Stress Tool
+ Monitoring Tool: Secunia PSI
* Countermeasures
* Increasing Web Server Security
* Web Server Protection Checklist
Module 17: Web Application Vulnerabilities
* Web Application
* Web application Hacking
* Anatomy of an Attack
* Web Application Threats
* Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
* SQL Injection
* Command Injection Flaws
o Countermeasures
* Cookie/Session Poisoning
o Countermeasures
* Parameter/Form Tampering
* Hidden Field at
* Buffer Overflow
o Countermeasures
* Directory Traversal/Forceful Browsing
o Countermeasures
* Cryptographic Interception
* Cookie Snooping
* Authentication Hijacking
o Countermeasures
* Log Tampering
* Error Message Interception
* Attack Obfuscation
* Platform Exploits
* DMZ Protocol Attacks
o Countermeasures
* Security Management Exploits
o Web Services Attacks
o Zero-Day Attacks
o Network Access Attacks
* TCP Fragmentation
* Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o WSDigger Tool – Web Services Testing Tool
o CookieDigger Tool
o SSLDigger Tool
o SiteDigger Tool
o WindowBomb
o Burp: Positioning Payloads
o Burp: Configuring Payloads and Content Enumeration
o Burp: Password Guessing
o Burp Proxy
o Burpsuite
o Hacking Tool: cURL
o dotDefender
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Ratproxy
o Tool: Mapper
Module 18: Web-Based Password Cracking Techniques
* Authentication
o Authentication - Definition
o Authentication Mechanisms
+ HTTP Authentication
# Basic Authentication
# Digest Authentication
+ Integrated Windows (NTLM) Authentication
+ Negotiate Authentication
+ Certificate-based Authentication
+ Forms-based Authentication
+ RSA SecurID Token
+ Biometrics Authentication
# Types of Biometrics Authentication
* Fingerprint-based Identification
* Hand Geometry- based Identification
* Retina Scanning
* Afghan Woman Recognized After 17 Years
* Face Recognition
* Face Code: WebCam Based Biometrics Authentication System
o Bill Gates at the RSA Conference 2006
* Password Cracking
o How to Select a Good Password
o Things to Avoid in Passwords
o Changing Your Password
o Protecting Your Password
o Examples of Bad Passwords
o The “Mary Had A Little Lamb” Formula
o How Hackers Get Hold of Passwords
o Windows XP: Remove Saved Passwords
o What is a Password Cracker
o Modus Operandi of an Attacker Using a Password Cracker
o How Does a Password Cracker Work
o Attacks - Classification
+ Password Guessing
+ Query String
+ Cookies
+ Dictionary Maker
* Password Cracking Tools
o Password Crackers Available
+ L0phtCrack (LC4)
+ John the Ripper
+ Brutus
+ ObiWaN
+ Authforce
+ Hydra
+ Cain & Abel
+ RAR
+ Gammaprog
+ WebCracker
+ Munga Bunga
+ PassList
+ SnadBoy
+ MessenPass
+ Wireless WEP Key Password Spy
+ RockXP
+ Password Spectator Pro
+ Passwordstate
+ Atomic Mailbox Password Cracker
+ Advanced Mailbox Password Recovery (AMBPR)
+ Tool: Network Password Recovery
+ Tool: Mail PassView
+ Tool: Messenger Key
+ Tool: SniffPass
o Security Tools
+ WebPassword
+ Password Administrator
+ Password Safe
+ Easy Web Password
+ PassReminder
+ My Password Manager
* Countermeasures
Module 19: SQL Injection
* SQL Injection: Introduction
o What is SQL Injection
o Exploiting Web Applications
o Steps for performing SQL injection
o What You Should Look For
o What If It Doesn’t Take Input
o OLE DB Errors
o Input Validation Attack
o SQL injection Techniques
o How to Test for SQL Injection Vulnerability
o How Does It Work
o BadLogin.aspx.cs
o BadProductList.aspx.cs
o Executing Operating System Commands
o Getting Output of SQL Query
o Getting Data from the Database Using ODBC Error Message
o How to Mine all Column Names of a Table
o How to Retrieve any Data
o How to Update/Insert Data into Database
o SQL Injection in Oracle
o SQL Injection in MySql Database
o Attacking Against SQL Servers
o SQL Server Resolution Service (SSRS)
o Osql -L Probing
* SQL Injection Tools
o SQL Injection Automated Tools
o Automated SQL Injection Tool: AutoMagic SQL
o Absinthe Automated SQL Injection Tool
+ Hacking Tool: SQLDict
+ Hacking Tool: SQLExec
+ SQL Server Password Auditing Tool: sqlbf
+ Hacking Tool: SQLSmack
+ Hacking Tool: SQL2.exe
+ sqlmap
+ sqlninja
+ SQLIer
+ Automagic SQL Injector
+ Absinthe
* Blind SQL Injection
o Blind SQL Injection: Countermeasure
* SQL Injection Countermeasures
o Preventing SQL Injection Attacks
o GoodLogin.aspx.cs
* SQL Injection Blocking Tool: SQL Block
* Acunetix Web Vulnerability Scanner
Module 20: Hacking Wireless Networks
* Introduction to Wireless Networking
o Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
o Advantages and Disadvantages of a Wireless Network
* Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
o Wireless Standard:802.15 (Bluetooth)
o Wireless Standard:802.16 (WiMax)
+ WiMax Featured Companies
+ WiMax Equipment Vendors
* Wireless Concepts
o Related Technology and Carrier Networks
o SSID
o Is the SSID a Secret
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
o 802.11 Specific Vulnerabilities
o Authentication and (Dis) Association Attacks
o MAC Sniffing and AP Spoofing
o Defeating MAC Address Filtering in Windows
* Wireless Devices
o Antennas
o Cantenna – www.cantenna.com
o Wireless Access Points
o Beacon Frames
o Phone Jammers
+ Phone Jamming Devices
* WEP
o Wired Equivalent Privacy (WEP)
o WEP Issues
o WEP - Authentication Phase
o WEP - Shared Key Authentication
o WEP - Association Phase
o WEP Flaws
* WPA
o What is WPA
o WPA Vulnerabilities
o WEP, WPA, and WPA2
o Wi-Fi Protected Access 2 (WPA2)
o Attacking WPA Encrypted Networks
o Evil Twin: Attack
* TKIP and LEAP
o Temporal Key Integrity Protocol (TKIP)
+ Working of TKIP
+ Changes from WEP to TKIP
o LEAP: The Lightweight Extensible Authentication Protocol
o LEAP Attacks
o LEAP Attack Tool: ASLEAP
+ Working of ASLEAP
* Hacking Methods
o Techniques to Detect Open Wireless Networks
o Steps for Hacking Wireless Networks
+ Step 1: Find Networks to Attack
+ Step 2: Choose the Network to Attack
+ Step 3: Analyzing the Network
+ Step 4: Cracking the WEP Key
+ Step 5: Sniffing the Network
o Bluejacking
o Super Bluetooth Hack
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o Hijacking and Modifying a Wireless Network
* Cracking WEP
o Cracking WEP
o Weak Keys (a.k.a. Weak IVs)
o Problems with WEP’s Key Stream and Reuse
o Automated WEP Crackers
o Pad-Collection Attacks
o XOR Encryption
o Stream Cipher
o WEP Tool: Aircrack
o Tool: AirPcap
o Tool: Cain & Abel
o Scanning Tool: Kismet
* Rogue Access Point
o Rogue Access Points
o Tools to Generate Rogue Access Points: Fake AP
o Tools to Detect Rogue Access Points: Netstumbler
o Tools to Detect Rogue Access Points: MiniStumbler
o Airsnarf: A Rogue AP Setup Utility
o Cloaked Access Point
* Scanning Tools
o Scanning Tool: Prismstumbler
o Scanning Tool: MacStumbler
o Scanning Tool: Mognet
o Scanning Tool: WaveStumbler
o Scanning Tool: Netchaser for Palm Tops
o Scanning Tool: AP Scanner
o Scanning Tool: Wavemon
o Scanning Tool: Wireless Security Auditor (WSA)
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Scanning Tool: WifiScanner
o eEye Retina WiFI
o Simple Wireless Scanner
o wlanScanner
* Sniffing Tools
o Sniffing Tool: AiroPeek
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o Sniffing Tool: vxSniffer
o Sniffing Tool: Etherpeg
o Sniffing Tool: Drifnet
o Sniffing Tool: AirMagnet
o Sniffing Tool: WinDump
o Multiuse Tool: THC-RUT
o Microsoft Network Monitor
* Wireless Security Tools
o WLAN Diagnostic Tool: CommView for WiFi PPC
o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer
o AirDefense Guard (www.AirDefense.com)
o Google Secure Access
o Tool: RogueScanner
Module 21: Physical Security
* Security Facts
* Understanding Physical Security
* Physical Security
* What Is the Need for Physical Security
* Who Is Accountable for Physical Security
* Factors Affecting Physical Security
* Physical Security Checklist
o Physical Security Checklist -Company surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
+ Biometric Devices
+ Biometric Identification Techniques
# Biometric Hacking: Biologger
+ Authentication Mechanisms
+ Authentication Mechanism Challenges: Biometrics
+ Faking Fingerprints
+ Smart cards
+ Security Token
+ Computer Equipment Maintenance
+ Wiretapping
+ Remote Access
+ Lapse of Physical Security
+ Locks
# Lock Picking
# Lock Picking Tools
* Information Security
* EPS (Electronic Physical Security)
* Wireless Security
* Laptop Theft Statistics for 2007
* Statistics for Stolen and Recovered Laptops
* Laptop Theft
* Laptop theft: Data Under Loss
* Laptop Security Tools
* Laptop Tracker - XTool Computer Tracker
* Tools to Locate Stolen Laptops
* Stop's Unique, Tamper-proof Patented Plate
* Tool: TrueCrypt
* Laptop Security Countermeasures
* Mantrap
* TEMPEST
* Challenges in Ensuring Physical Security
* Spyware Technologies
* Spying Devices
* Physical Security: Lock Down USB Ports
* Tool: DeviceLock
* Blocking the Use of USB Storage Devices
* Track Stick GPS Tracking Device
Module 22: Linux Hacking
* Why Linux
* Linux Distributions
* Linux Live CD-ROMs
* Basic Commands of Linux: Files & Directories
* Linux Basic
o Linux File Structure
o Linux Networking Commands
* Directories in Linux
* Installing, Configuring, and Compiling Linux Kernel
* How to Install a Kernel Patch
* Compiling Programs in Linux
* GCC Commands
* Make Files
* Make Install Command
* Linux Vulnerabilities
* Chrooting
* Why is Linux Hacked
* How to Apply Patches to Vulnerable Programs
* Scanning Networks
* Nmap in Linux
* Scanning Tool: Nessus
* Port Scan Detection Tools
* Password Cracking in Linux: John the Ripper
* Firewall in Linux: IPTables
* IPTables Command
* Basic Linux Operating System Defense
* SARA (Security Auditor's Research Assistant)
* Linux Tool: Netcat
* Linux Tool: tcpdump
* Linux Tool: Snort
* Linux Tool: SAINT
* Linux Tool: Wireshark
* Linux Tool: Abacus Port Sentry
* Linux Tool: DSniff Collection
* Linux Tool: Hping2
* Linux Tool: Sniffit
* Linux Tool: Nemesis
* Linux Tool: LSOF
* Linux Tool: IPTraf
* Linux Tool: LIDS
* Hacking Tool: Hunt
* Tool: TCP Wrappers
* Linux Loadable Kernel Modules
* Hacking Tool: Linux Rootkits
* Rootkits: Knark & Torn
* Rootkits: Tuxit, Adore, Ramen
* Rootkit: Beastkit
* Rootkit Countermeasures
* ‘chkrootkit’ detects the following Rootkits
* Linux Tools: Application Security
* Advanced Intrusion Detection Environment (AIDE)
* Linux Tools: Security Testing Tools
* Linux Tools: Encryption
* Linux Tools: Log and Traffic Monitors
* Linux Security Auditing Tool (LSAT)
* Linux Security Countermeasures
* Steps for Hardening Linux
Module 23: Evading IDS, Firewalls and Detecting Honey Pots
* Introduction to Intrusion Detection System
* Terminologies
* Intrusion Detection System (IDS)
o IDS Placement
o Ways to Detect an Intrusion
o Types of Instruction Detection Systems
o System Integrity Verifiers (SIVS)
o Tripwire
o Cisco Security Agent (CSA)
o True/False, Positive/Negative
o Signature Analysis
o General Indications of System Intrusions
o General Indications of File System Intrusions
o General Indication of Network Intrusions
o Intrusion Detection Tools
+ Snort
+ Running Snort on Windows 2003
+ Snort Console
+ Testing Snort
+ Configuring Snort (snort.conf)
+ Snort Rules
+ Set up Snort to Log to the Event Logs and to Run as a Service
+ Using EventTriggers.exe for Eventlog Notifications
+ SnortSam
o Steps to Perform after an IDS detects an attack
o Evading IDS Systems
+ Ways to Evade IDS
+ Tools to Evade IDS
# IDS Evading Tool: ADMutate
# Packet Generators
* Intrusion Prevention System
o Intrusion Prevention Strategies
o IPS Deployment Risks
o Types of IPS
o Host Based IPS (HIPS)
o Network Based IPS (NIPS)
+ Content Based IPS (CIPS)
+ Rate Based IPS (RIPS)
o Information Flow in IDS and IPS
o IDS vs. IPS
o IPS Vendors and Products
* What is a Firewall?
o What Does a Firewall Do
o Packet Filtering
o What can’t a firewall do
o How does a Firewall work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewall
+ Packet Filtering Firewall
+ IP Packet Filtering Firewall
+ Circuit-Level Gateway
+ TCP Packet Filtering Firewall
+ Application Level Firewall
+ Application Packet Filtering Firewall
+ Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Tool: NCovert
o ACK Tunneling
o Tools to breach firewalls
* Common Tool for Testing Firewall and IDS
o IDS Testing Tool: Traffic IQ Professional
o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
o IDS Tool: SecureHost
o IDS Tool: Snare
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer
o Atelier Web Firewall Tester
* What is Honeypot?
o The Honeynet Project
o Types of Honeypots
+ Low-interaction honeypot
+ Medium-interaction honeypot
+ High-interaction honeypot
o Advantages and Disadvantages of a Honeypot
o Where to place Honeypots
o Honeypots
+ Honeypot-SPECTER
+ Honeypot - honeyd
+ Honeypot – KFSensor
+ Sebek
o Physical and Virtual Honeypots
* Tools to Detect Honeypots
* What to do when hacked
Module 24: Buffer Overflows
* Buffer Overflow Concepts
o Why are Programs/Applications Vulnerable
o Buffer Overflows
o Reasons for Buffer Overflow Attacks
o Knowledge Required to Program Buffer Overflow Exploits
o Understanding Stacks
o Understanding Heaps
o Types of Buffer Overflows: Stack-based Buffer Overflow
o Types of Buffer Overflows: Heap-Based Buffer Overflow
o Understanding Assembly Language
o Shellcode
* Attacking a Real Program
* NOPs
* How to Mutate a Buffer Overflow Exploit
* Once the Stack is Smashed
* Examples of Buffer Overflow
o Simple Uncontrolled Overflow of the Stack
o Heap Memory Buffer Overflow Bug
o Simple Buffer Overflow in C
+ Code Analysis
* Tools
o Tool to Defend Buffer Overflow: Return Address Defender (RAD)
o Tool to Defend Buffer Overflow: StackGuard
o Insure++
o Comodo Memory Firewall
o DefencePlus
o BufferShield
o Hardware Level Prevention Of Buffer Overflow
* How to Detect Buffer Overflows in a Program
* Defense Against Buffer Overflows
Module 25: Cryptography
* Public-key Cryptography
* Working of Encryption
* Digital Signature
* RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
* RC4, RC5, RC6, Blowfish
* Algorithms and Security
* Brute-Force Attack
* RSA Attacks
* Message Digest Functions
o One-way Bash Functions
o MD5
* SHA (Secure Hash Algorithm)
* SSL (Secure Sockets Layer)
o RC5
* What is SSH
* Government Access to Keys (GAK)
* RSA Challenge
* distributed.net
* Code Breaking: Methodologies
* Cryptography Attacks
* Disk Encryption
* Magic Lantern
* WEPCrack
* Cracking S/MIME Encryption Using Idle CPU Time
* Cryptography Tools
o Cleversafe Grid Builder
o PGP (Pretty Good Privacy)
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
o Microsoft Cryptography Tools
Module 26: Penetration Testing
* Introduction to Penetration Testing (PT)
* Categories of security assessments
* Vulnerability Assessment
* Limitations of Vulnerability Assessment
* Testing
o Penetration Testing
o Types of Penetration Testing
o Risk Management
o Do-It-Yourself Testing
o Outsourcing Penetration Testing Services
o Terms of Engagement
o Project Scope
o Pentest Service Level Agreements
o Testing points
o Testing Locations
o Automated Testing
o Manual Testing
o Using DNS Domain Name and IP Address Information
o Enumerating Information about Hosts on Publicly Available Networks
o Testing Network-filtering Devices
o Enumerating Devices
o Denial-of-Service Emulation
* Penetration Testing Tools
o Pentest using Appscan
o HackerShield
o Pen-Test Using Cerberus Internet Scanner
o Pen-Test Using Cybercop Scanner
o Pen-Test Using FoundScan Hardware Appliances
o Pen-Test Using Nessus
o Pen-Test Using NetRecon
o Pen-Test Using SAINT
o Pen-Test Using SecureNet Pro
o Pen-Test Using SecureScan
o Pen-Test Using SATAN, SARA and Security Analyzer
o Pen-Test Using STAT Analyzer
o Pentest Using VigilENT
o Pentest Using WebInspect
o Pentest Using CredDigger
o Pentest Using Nsauditor
o Evaluating Different Types of Pen-Test Tools
o Asset Audit
o Fault Tree and Attack Trees
o GAP Analysis
* Threat
o Business Impact of Threat
o Internal Metrics Threat
o External Metrics Threat
o Calculating Relative Criticality
o Test Dependencies
* Other Tools Useful in Pen-Test
o Defect Tracking Tools: Bug Tracker Server
o Disk Replication Tools
o DNS Zone Transfer Testing Tools
o Network Auditing Tools
o Trace Route Tools and Services
o Network Sniffing Tools
o Denial of Service Emulation Tools
o Traditional Load Testing Tools
o System Software Assessment Tools
o Operating System Protection Tools
o Fingerprinting Tools
o Port Scanning Tools
o Directory and File Access Control Tools
o File Share Scanning Tools
o Password Directories
o Password Guessing Tools
o Link Checking Tools
o Web-Testing Based Scripting tools
o Buffer Overflow protection Tools
o File Encryption Tools
o Database Assessment Tools
o Keyboard Logging and Screen Reordering Tools
o System Event Logging and Reviewing Tools
o Tripwire and Checksum Tools
o Mobile-code Scanning Tools
o Centralized Security Monitoring Tools
o Web Log Analysis Tools
o Forensic Data and Collection Tools
o Security Assessment Tools
o Multiple OS Management Tools
* Phases of Penetration Testing
* Pre-attack Phase
* Best Practices
* Results that can be Expected
* Passive Reconnaissance
* Active Reconnaissance
* Attack Phase
o Activity: Perimeter Testing
o Activity: Web Application Testing
o Activity: Wireless Testing
o Activity: Acquiring Target
o Activity: Escalating Privileges
o Activity: Execute, Implant and Retract
* Post Attack Phase and Activities
* Penetration Testing Deliverables Templates
Module 27: Covert Hacking
* Insider Attacks
* What is Covert Channel?
* Security Breach
* Why Do You Want to Use Covert Channel?
* Motivation of a Firewall Bypass
* Covert Channels Scope
* Covert Channel: Attack Techniques
* Simple Covert Attacks
* Advanced Covert Attacks
* Standard Direct Connection
* Reverse Shell (Reverse Telnet)
* Direct Attack Example
* In-Direct Attack Example
* Reverse Connecting Agents
* Covert Channel Attack Tools
o Netcat
o DNS Tunneling
o Covert Channel Using DNS Tunneling
o DNS Tunnel Client
o DNS Tunneling Countermeasures
o Covert Channel Using SSH
o Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
* Covert Channel Hacking Tool: Active Port Forwarder
* Covert Channel Hacking Tool: CCTT
* Covert Channel Hacking Tool: Firepass
* Covert Channel Hacking Tool: MsnShell
* Covert Channel Hacking Tool: Web Shell
* Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
* Covert Channel Hacking via Spam E-mail Messages
* Hydan
Module 28: Writing Virus Codes
* Introduction of Virus
* Types of Viruses
* Symptoms of a Virus Attack
* Prerequisites for Writing Viruses
* Required Tools and Utilities
* Virus Infection Flow Chart
o Virus Infection: Step I
+ Directory Traversal Method
+ Example Directory Traversal Function
+ “dot dot” Method
+ Example Code for a “dot dot” Method
o Virus Infection: Step II
o Virus Infection: Step III
+ Marking a File for Infection
o Virus Infection: Step IV
o Virus Infection: Step V
* Components of Viruses
o Functioning of Replicator part
o Writing Replicator
o Writing Concealer
o Dispatcher
o Writing Bomb/Payload
+ Trigger Mechanism
+ Bombs/Payloads
+ Brute Force Logic Bombs
* Testing Virus Codes
* Tips for Better Virus Writing
Module 29: Assembly Language Tutorial
* Base 10 System
* Base 2 System
* Decimal 0 to 15 in Binary
* Binary Addition (C stands for Canary)
* Hexadecimal Number
* Hex Example
* Hex Conversion
* nibble
* Computer memory
* Characters Coding
* ASCII and UNICODE
* CPU
* Machine Language
* Compilers
* Clock Cycle
* Original Registers
* Instruction Pointer
* Pentium Processor
* Interrupts
* Interrupt handler
* External interrupts and Internal interrupts
* Handlers
* Machine Language
* Assembly Language
* Assembler
* Assembly Language Vs High-level Language
* Assembly Language Compilers
* Instruction operands
* MOV instruction
* ADD instruction
* SUB instruction
* INC and DEC instructions
* Directive
* preprocessor
* equ directive
* %define directive
* Data directives
* Labels
* Input and output
* C Interface
* Call
* Creating a Program
* Why should anyone learn assembly at all?
o First.asm
* Assembling the code
* Compiling the C code
* Linking the object files
* Understanding an assembly listing file
* Big and Little Endian Representation
* Skeleton File
* Working with Integers
* Signed integers
* Signed Magnitude
* Two’s Compliment
* If statements
* Do while loops
* Indirect addressing
* Subprogram
* The Stack
* The SS segment
* ESP
* The Stack Usage
* The CALL and RET Instructions
* General subprogram form
* Local variables on the stack
* General subprogram form with local variables
* Multi-module program
* Saving registers
* Labels of functions
* Calculating addresses of local variables
Module 30: Exploit Writing
* Exploits Overview
* Prerequisites for Writing Exploits and Shellcodes
* Purpose of Exploit Writing
* Types of Exploits
* Stack Overflow
* Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
* The Proof-of-Concept and Commercial Grade Exploit
* Converting a Proof of Concept Exploit to Commercial Grade Exploit
* Attack Methodologies
* Socket Binding Exploits
* Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
* Steps for Writing an Exploit
* Differences Between Windows and Linux Exploits
* Shellcodes
* NULL Byte
* Types of Shellcodes
* Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
* Steps for Writing a Shellcode
* Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Module 31: Smashing the Stack for Fun and Profit
* What is a Buffer?
* Static Vs Dynamic Variables
* Stack Buffers
* Data Region
* Memory Process Regions
* What Is A Stack?
* Why Do We Use A Stack?
* The Stack Region
* Stack frame
* Stack pointer
* Procedure Call (Procedure Prolog)
* Compiling the code to assembly
* Call Statement
* Return Address (RET)
* Word Size
* Stack
* Buffer Overflows
* Error
* Why do we get a segmentation violation?
* Segmentation Error
* Instruction Jump
* Guess Key Parameters
* Calculation
* Shell Code
o The code to spawn a shell in C
* Lets try to understand what is going on here. We'll start by studying main:
* execve()
o execve() system call
* exit.c
o List of steps with exit call
* The code in Assembly
* JMP
* Code using indexed addressing
* Offset calculation
* shellcodeasm.c
* testsc.c
* Compile the code
* NULL byte
* shellcodeasm2.c
* testsc2.c
* Writing an Exploit
* overflow1.c
* Compiling the code
* sp.c
* vulnerable.c
* NOPs
o Using NOPs
o Estimating the Location
Module 32: Windows Based Buffer Overflow Exploit Writing
* Buffer Overflow
* Stack overflow
* Writing Windows Based Exploits
* Exploiting stack based buffer overflow
* OpenDataSource Buffer Overflow Vulnerability Details
* Simple Proof of Concept
* Windbg.exe
* Analysis
* EIP Register
o Location of EIP
o EIP
* Execution Flow
* But where can we jump to?
* Offset Address
* The Query
* Finding jmp esp
* Debug.exe
* listdlls.exe
* Msvcrt.dll
* Out.sql
* The payload
* ESP
* Limited Space
* Getting Windows API/function absolute address
* Memory Address
* Other Addresses
* Compile the program
* Final Code
Module 33: Reverse Engineering
* Positive Applications of Reverse Engineering
* Ethical Reverse Engineering
* World War Case Study
* DMCA Act
* What is Disassembler?
* Why do you need to decompile?
* Professional Disassembler Tools
* Tool: IDA Pro
* Convert Machine Code to Assembly Code
* Decompilers
* Program Obfuscation
* Convert Assembly Code to C++ code
* Machine Decompilers
* Tool: dcc
* Machine Code of compute.exe Prorgam
* Assembly Code of compute.exe Program
* Code Produced by the dcc Decompiler in C
* Tool: Boomerang
* What Boomerang Can Do?
* Andromeda Decompiler
* Tool: REC Decompiler
* Tool: EXE To C Decompiler
* Delphi Decompilers
* Tools for Decompiling .NET Applications
* Salamander .NET Decompiler
* Tool: LSW DotNet-Reflection-Browser
* Tool: Reflector
* Tool: Spices NET.Decompiler
* Tool: Decompilers.NET
* .NET Obfuscator and .NET Obfuscation
* Java Bytecode Decompilers
* Tool: JODE Java Decompiler
* Tool: JREVERSEPRO
* Tool: SourceAgain
* Tool: ClassCracker
* Python Decompilers
* Reverse Engineering Tutorial
* OllyDbg Debugger
* How Does OllyDbg Work?
* Debugging a Simple Console Application
Module 34: Macintosh Hacking
* Introduction to MAC OS
* Vulnerabilities in MAC
o Buffer Overflow Vulnerability
o Local Privilege Escalation Vulnerabilities
o DiskManagement BOM Local Privilege Escalation Vulnerability
o HFS+ do_hfs_truncate() Denial of Service Vulnerability
o ATPsndrsp() Heap Buffer Overflow Vulnerability
o UFS ufs_lookup() Denial of Service Vulnerability
o Other Vulnerabilities in MAC
* How a Malformed Installer Package Can Crack Mac OS X
* Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses
* MAC OS X Trojans
o Termite
o Sub7ME
o WinJack
o Xover
o Hell Raiser 2.5b
* Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Sophos Endpoint Security and Control
o Norton Internet Security
* Mac Security Tools
o MacScan
o ClamXav
o IPNetsentryx
o FileGuard
* Countermeasures
Module 35: Hacking Routers, cable Modems and Firewalls
* Network Devices
* Identifying a Router
o SING: Tool for Identifying the Router
* HTTP Configuration Arbitrary Administrative Access Vulnerability
* ADMsnmp
* Solarwinds MIB Browser
* Brute-Forcing Login Services
* Hydra
* Analyzing the Router Config
* Cracking the Enable Password
* Tool: Cain and Abel
* Implications of a Router Attack
* Types of Router Attacks
* Router Attack Topology
* Denial of Service (DoS) Attacks
* Packet “Mistreating” Attacks
* Routing Table Poisoning
* Hit-and-run Attacks vs. Persistent Attacks
* Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Covering Tracks
o Looking Around
* Eigrp-tool
* Tool: Zebra
* Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
* Tool: Cisco Torch
* Monitoring SMTP(port25) Using SLcheck
* Monitoring HTTP(port 80)
* Cable Modem Hacking
o OneStep: ZUP
* www.bypassfirewalls.net
* Waldo Beta 0.7 (b)
Module 36: Hacking Mobile Phones, PDA and Handheld Devices
* Different OS in Mobile Phone
* Different OS Structure in Mobile Phone
* Evolution of Mobile Threat
* Threats
* What Can A Hacker Do
* Vulnerabilities in Different Mobile Phones
* Malware
* Spyware
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware
* Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures
* PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs
* iPod
o Misuse of iPod
o Jailbreaking
+ Tool for Jailbreaking: iDemocracy
+ Tool for Jailbreaking: iActivator
+ Tool for Jailbreaking: iNdependence
+ Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Step by step iPhone Hacking
o AppSnapp
+ Steps for AppSnapp
o Tool to Unlock iPhone: iPhoneSimFree
o Tool to Unlock iPhone: anySIM
o Steps for Unlocking your iPhone using AnySIM
o Activate the Voicemail Button on your Unlocked iPhone
o Podloso Virus
o Security tool: Icon Lock-iT XP
* Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations
* Viruses
o Skulls
o Duts
o Doomboot.A: Trojan
* Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus
* Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile
* Defending Cell Phones and PDAs Against Attack
* Mobile Phone Security Tips
Module 37: Bluetooth Hacking
* Bluetooth Introduction
* Security Issues in Bluetooth
* Security Attacks in Bluetooth Devices
o Bluejacking
o Tools for Bluejacking
o BlueSpam
o Blue snarfing
o BlueBug Attack
o Short Pairing Code Attacks
o Man-In-Middle Attacks
o OnLine PIN Cracking Attack
o BTKeylogging attack
o BTVoiceBugging attack
o Blueprinting
o Bluesmacking - The Ping of Death
o Denial-of-Service Attack
o BlueDump Attack
* Bluetooth hacking tools
o BTScanner
o Bluesnarfer
o Bluediving
o Transient Bluetooth Environment Auditor
o BTcrack
o Blooover
o Hidattack
* Bluetooth Viruses and Worms
o Cabir
o Mabir
o Lasco
* Bluetooth Security tools
o BlueWatch
o BlueSweep
o Bluekey
o BlueFire Mobile Security Enterprise Edition
o BlueAuditor
o Bluetooth Network Scanner
* Countermeasures
Module 38: VoIP Hacking
* What is VoIP
* VoIP Hacking Steps
* Footprinting
o Information Sources
o Unearthing Information
o Organizational Structure and Corporate Locations
o Help Desk
o Job Listings
o Phone Numbers and Extensions
o VoIP Vendors
o Resumes
o WHOIS and DNS Analysis
o Steps to Perform Footprinting
* Scanning
o Host/Device Discovery
o ICMP Ping Sweeps
o ARP Pings
o TCP Ping Scans
o SNMP Sweeps
o Port Scanning and Service Discovery
o TCP SYN Scan
o UDP Scan
o Host/Device Identification
* Enumeration
o Steps to Perform Enumeration
o Banner Grabbing with Netcat
o SIP User/Extension Enumeration
+ REGISTER Username Enumeration
+ INVITE Username Enumeration
+ OPTIONS Username Enumeration
+ Automated OPTIONS Scanning with sipsak
+ Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server
+ Automated OPTIONS Scanning Using SIPSCAN against SIP Phones
o Enumerating TFTP Servers
o SNMP Enumeration
o Enumerating VxWorks VoIP Devices
* Steps to Exploit the Network
o Denial-of-Service (DoS)
o Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
o Flooding Attacks
o DNS Cache Poisoning
o Sniffing TFTP Configuration File Transfers
o Performing Number Harvesting and Call Pattern Tracking
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques
+ How to Insert Rogue Application
+ SIP Rogue Application
+ Listening to/Recording Calls
+ Replacing/Mixing Audio
+ Dropping Calls with a Rogue SIP Proxy
+ Randomly Redirect Calls with a Rogue SIP Proxy
+ Additional Attacks with a Rogue SIP Proxy
o What is Fuzzing
+ Why Fuzzing
+ Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation
+ Registration Removal with erase_registrations Tool
+ Registration Addition with add_registrations Tool
o VoIP Phishing
* Covering Tracks
Module 39: RFID Hacking
* RFID- Definition
* Components of RFID Systems
* RFID Collisions
* RFID Risks
o Business Process Risk
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
+ Hazards of Electromagnetic Radiation
+ Computer Network Attacks
* RFID and Privacy Issues
* Countermeasures
* RFID Security and Privacy Threats
o Sniffing
o Tracking
o Spoofing
o Replay attacks
o Denial-of-service
* Protection Against RFID Attacks
* RFID Guardian
* RFID Malware
o How to Write an RFID Virus
o How to Write an RFID Worm
o Defending Against RFID Malware
* RFID Exploits
* Vulnerabilities in RFID-enabled Credit Cards
o Skimming Attack
o Replay Attack
o Eavesdropping Attack
* RFID Hacking Tool: RFDump
* RFID Security Controls
o Management Controls
o Operational Controls
o Technical Controls
* RFID Security
Module 40: Spamming
* Introduction
* Techniques used by Spammers
* How Spamming is performed
* Ways of Spamming
* Spammer: Statistics
* Worsen ISP: Statistics
* Top Spam Effected Countries: Statistics
* Types of Spam Attacks
* Spamming Tools
o Farelogic Worldcast
o 123 Hidden Sender
o YL Mail Man
o Sendblaster
o Direct Sender
o Hotmailer
o PackPal Bulk Email Server
o IEmailer
* Anti-Spam Techniques
* Anti- Spamming Tools
o AEVITA Stop SPAM Email
o SpamExperts Desktop
o SpamEater Pro
o SpamWeasel
o Spytech SpamAgent
o AntispamSniper
o Spam Reader
o Spam Assassin Proxy (SA) Proxy
o MailWasher Free
o Spam Bully
* Countermeasures
Module 41: Hacking USB Devices
* Introduction to USB Devices
* Electrical Attack
* Software Attack
* USB Attack on Windows
* Viruses and Worms
o W32/Madang-Fam
o W32/Hasnot-A
o W32/Fujacks-AK
o W32/Fujacks-E
o W32/Dzan-C
o W32/SillyFD-AA
o W32/SillyFDC-BK
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
* Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
* USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
o USB CopyNotify
o Remora USB File Guard
o Advanced USB Pro Monitor
o Folder Password Expert USB
o USBlyzer
o USB PC Lock Pro
o Torpark
o Virus Chaser USB
* Countermeasures
Module 42: Hacking Database Servers
* Hacking Database server: Introduction
* Hacking Oracle Database Server
o Attacking Oracle
o Security Issues in Oracle
o Types of Database Attacks
o How to Break into an Oracle Database and Gain DBA Privileges
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems
* Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer
* Security Tools
* SQL Server Security Best Practices: Administrator Checklist
* SQL Server Security Best Practices: Developer Checklist
Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism
* Cyber Terrorism Over Internet
* Cyber-Warfare Attacks
* 45 Muslim Doctors Planned US Terror Raids
* Net Attack
* Al-Qaeda
* Why Terrorists Use Cyber Techniques
* Cyber Support to Terrorist Operations
* Planning
* Recruitment
* Research
* Propaganda
* Propaganda: Hizballah Website
* Cyber Threat to the Military
* Russia ‘hired botnets’ for Estonia Cyber-War
* NATO Threatens War with Russia
* Bush on Cyber War: ‘a subject I can learn a lot about’
* E.U. Urged to Launch Coordinated Effort Against Cybercrime
* Budget: Eye on Cyber-Terrorism Attacks
* Cyber Terror Threat is Growing, Says Reid
* Terror Web 2.0
* Table 1: How Websites Support Objectives of terrorist/Extremist Groups
* Electronic Jihad
* Electronic Jihad' App Offers Cyber Terrorism for the Masses
* Cyber Jihad – Cyber Firesale
* http://internet-haganah.com/haganah/
Module 44: Internet Content Filtering Techniques
* Introduction to Internet Filter
* Key Features of Internet Filters
* Pros and Cons of Internet Filters
* Internet Content Filtering Tools
o iProtectYou
o Tool: Block Porn
o Tool: FilterGate
o Tool: Adblock
o Tool: AdSubtract
o Tool: GalaxySpy
o Tool: AdsGone Pop Up Killer
o Tool: AntiPopUp
o Tool: Pop Up Police
o Tool: Super Ad Blocker
o Tool: Anti-AD Guard
o Net Nanny
o CyberSieve
o BSafe Internet Filter
o Tool: Stop-the-Pop-Up Lite
o Tool: WebCleaner
o Tool: AdCleaner
o Tool: Adult Photo Blanker
o Tool: LiveMark Family
o Tool: KDT Site Blocker
o Internet Safety Guidelines for Children
Module 45: Privacy on the Internet
* Internet privacy
* Proxy privacy
* Spyware privacy
* Email privacy
* Cookies
* Examining Information in Cookies
* How Internet Cookies Work
* How Google Stores Personal Information
* Google Privacy Policy
* Web Browsers
* Web Bugs
* Downloading Freeware
* Internet Relay Chat
* Pros and Cons of Internet Relay Chat
* Electronic Commerce
* Internet Privacy Tools: Anonymizers
o Anonymizer Anonymous Surfing
o Anonymizer Total Net Shield
o Anonymizer Nyms
o Anonymizer Anti-Spyware
o Anonymizer Digital Shredder Lite
o Steganos Internet Anonym
o Invisible IP Map
o NetConceal Anonymity Shield
o Anonymous Guest
o ViewShield
o IP Hider
o Mask Surf Standard
o VIP Anonymity
o SmartHide
o Anonymity Gateway
o Hide My IP
o Claros Anonymity
o Max Internet Optimizer
o Hotspot Shield
o Anonymous Browsing Toolbar
o Invisible Browsing
o Real Time Cleaner
o Anonymous Web Surfing
o Anonymous Friend
o Easy Hide IP
* Internet Privacy Tools: Firewall Tools
o Agnitum firewall
o Firestarter
o Sunbelt Personal Firewall
o Netdefender
* Internet Privacy Tools: Others
o Privacy Eraser
o CookieCop
o Cookiepal
o Historykill
o Tracks eraser
* Best Practices
o Protecting Search Privacy
o Tips for Internet Privacy
* Counter measures
Module 46: Securing Laptop Computers
* Statistics for Stolen and Recovered Laptops
* Statistics on Security
* Percentage of Organizations Following the Security Measures
* Laptop threats
* Laptop Theft
* Fingerprint Reader
* Protecting Laptops Through Face Recognition
* Bluetooth in Laptops
* Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
* Securing from Physical Laptop Thefts
* Hardware Security for Laptops
* Protecting the Sensitive Data
* Preventing Laptop Communications from Wireless Threats
* Protecting the Stolen Laptops from Being Used
* Security Tips
Module 47: Spying Technologies
* Spying
* Motives of Spying
* Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
* Vendors Hosting Spy Devices
o Spy Gadgets
o Spy Tools Directory
o Amazon.com
o Spy Associates
o Paramountzone
o Surveillance Protection
* Spying Tools
o Net Spy Pro-Computer Network Monitoring and Protection
o SpyBoss Pro
o CyberSpy
o Spytech SpyAgent
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o O&K Work Spy
o WebCam Spy
o Golden Eye
* Anti-Spying Tools
o Internet Spy Filter
o Spybot - S&D
o SpyCop
o Spyware Terminator
o XoftSpySE
Module 48: Corporate Espionage- Hacking Using Insiders
* Introduction To Corporate Espionage
* Information Corporate Spies Seek
* Insider Threat
* Different Categories of Insider Threat
* Privileged Access
* Driving Force behind Insider Attack
* Common Attacks carried out by Insiders
* Techniques Used for Corporate Espionage
* Process of Hacking
* Former Forbes Employee Pleads Guilty
* Former Employees Abet Stealing Trade Secrets
* California Man Sentenced For Hacking
* Federal Employee Sentenced for Hacking
* Facts
* Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
* Tools
o NetVizor
o Privatefirewall w/Pest Patrol
* Countermeasures
o Best Practices against Insider Threat
o Countermeasures
Module 49: Creating Security Policies
* Security policies
* Key Elements of Security Policy
* Defining the Purpose and Goals of Security Policy
* Role of Security Policy
* Classification of Security Policy
* Design of Security Policy
* Contents of Security Policy
* Configurations of Security Policy
* Implementing Security Policies
* Types of Security Policies
o Promiscuous Policy
o Permissive Policy
o Prudent Policy
o Paranoid Policy
o Acceptable-Use Policy
o User-Account Policy
o Remote-Access Policy
o Information-Protection Policy
o Firewall-Management Policy
o Special-Access Policy
o Network-Connection Policy
o Business-Partner Policy
o Other Important Policies
* Policy Statements
* Basic Document Set of Information Security Policies
* E-mail Security Policy
o Best Practices for Creating E-mail Security Policies
o User Identification and Passwords Policy
* Software Security Policy
* Software License Policy
* Points to Remember While Writing a Security Policy
* Sample Policies
o Remote Access Policy
o Wireless Security Policy
o E-mail Security Policy
o E-mail and Internet Usage Policies
o Personal Computer Acceptable Use Policy
o Firewall Management policy
o Internet Acceptable Use Policy
o User Identification and Password Policy
o Software License Policy
Module 50: Software Piracy and Warez
* Software Activation: Introduction
o Process of Software Activation
* Piracy
o Piracy Over Internet
o Abusive Copies
o Pirated Copies
o Cracked Copies
o Impacts of piracy
o Software Piracy Rate in 2006
o Piracy Blocking
* Software Copy Protection Backgrounders
o CD Key Numbers
o Dongles
o Media Limited Installations
o Protected Media
o Hidden Serial Numbers
o Digital Right Management (DRM)
o Copy protection for DVD
* Warez
o Warez
o Types of Warez
o Warez Distribution
o Distribution Methods
* Tool: Crypkey
* Tool: EnTrial
* EnTrial Tool: Distribution File
* EnTrial Tool: Product & Package Initialization Dialog
* EnTrial Tool: Add Package GUI
* Tool: DF_ProtectionKit
* Tool: Crack Killer
* Tool: Logic Protect
* Tool: Software License Manager
* Tool: Quick License Manager
* Tool: WTM CD Protect
Module 51: Hacking and Cheating Online Games
* Online Games
* Basics of Game Hacking
* Online Gaming Exploits
* Types of Exploits
* Online Gaming Risks
* Threats in Online Gaming
* Online Gaming Theft
* How Passwords for Online Games are Stolen
* Social Engineering and Phishing
* An Example of a Phishing Email
* Exploiting Game Server Vulnerabilities
* Vulnerability in-game chat in Lineage 2
* Using Malware
* Malicious Programs and Malware
* Email-Worm.Win32.Lewor.a
* Part of a file infected by Virus.Win32.Alman.a
* Online Gaming Malware from 1997-2007
* How Modern Attacks are Conducted
* Geographical Considerations
* Statistics
* Best Practices for Secure Online Gaming
Module 52: Hacking RSS and Atom
* Introduction
* Areas Where RSS and Atom is Used
* Building a Feed Aggregator
* Routing Feeds to the Email Inbox
* Monitoring the Server with Feeds
* Tracking Changes in Open Source Projects
* Risks by Zone
o Remote Zone risk
o Local Zone Risk
* Reader Specific Risks
* Utilizing the Web Feeds Vulnerabilities
* Example for Attacker to Attack the Feeds
* Tools
o Perseptio FeedAgent
o RssFeedEater
o Thingamablog
o RSS Builder
o RSS Submit
o FeedDemon
o FeedForAll
o FeedExpress
o RSS and Atom Security
Module 53: Hacking Web Browsers
* Introduction
* How Web Browsers Work
* How Web Browsers Access HTML Documents
* Protocols for an URL
* Hacking Firefox
o Firefox Proof of Concept Information Leak Vulnerability
o Firefox Spoofing Vulnerability
o Password Vulnerability
o Concerns With Saving Form Or Login Data
o Cleaning Up Browsing History
o Cookies
o Internet History Viewer: Cookie Viewer
* Firefox Security
o Blocking Cookies Options
o Tools For Cleaning Unwanted Cookies
o Tool: CookieCuller
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Mozilla Firefox Security Features
* Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
* Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
* Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
* Security Features of Opera
o Security and Privacy Features
* Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion Remote Dos Vulnerability
* Securing Safari
o Getting started
o Preferences
o AutoFill
o Security Features
* Hacking Netscape
o Netscape Navigator Improperly Validates SSL Sessions
o Netscape Navigator Security Vulnerability
* Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
Module 54: Proxy Server Technologies
* Introduction: Proxy Server
* Working of Proxy Server
* Types of Proxy Server
* Socks Proxy
* Free Proxy Servers
* Use of Proxies for Attack
* Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
o Proxy Workbench
o ProxyManager Tool
o Super Proxy Helper Tool
o MultiProxy
* How Does MultiProxy Work
* TOR Proxy Chaining Software
* TOR Proxy Chaining Software
* AnalogX Proxy
* NetProxy
* Proxy+
* ProxySwitcher Lite
* Tool: JAP
* Proxomitron
* SSL Proxy Tool
* How to Run SSL Proxy
Module 55: Data Loss Prevention
* Introduction: Data Loss
* Causes of Data Loss
* How to Prevent Data Loss
* Impact Assessment for Data Loss Prevention
* Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
o Imperva: SecureSphere
o MailMarshal
o WebMarshal
o Marshal EndPoint
o Novell ZENworks Endpoint Security Management
o Prism EventTracker
o Proofpoint Messaging Security Gateway
o Proofpoint Platform Architecture
o Summary Dashboard
o End-user Safe/Block List
o Defiance Data Protection System
o Sentrigo: Hedgehog
o Symantec Database Security
o Varonis: DataPrivilege
o Verdasys: Digital Guardian
o VolumeShield AntiCopy
o Websense Content Protection Suite
Module 56: Hacking Global Positioning System (GPS)
* Global Positioning System (GPS)
* Terminologies
* GPS Devices Manufacturers
* Gpsd-GPS Service Daemon
* Sharing Waypoints
* Wardriving
* Areas of Concern
* Sources of GPS Signal Errors
* Methods to Mitigate Signal Loss
* GPS Secrets
o GPS Hidden Secrets
o Secret Startup Commands in Garmin
o Hard Reset/ Soft Reset
* Firmware Hacking
o Firmware
o Hacking GPS Firmware: Bypassing the Garmin eTrex Vista Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Legend Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Venture Startup Screen
* GPS Tools
o Tool: GPS NMEA LOG
o Tool: GPS Diagnostic
o Tool: RECSIM III
o Tool: G7toWin
o Tool: G7toCE
o Tool: GPS Security Guard
o GPS Security Guard Functions
o UberTracker
Module 57: Computer Forensics and Incident Handling
* Computer Forensics
o What is Computer Forensics
o Need for Computer Forensics
o Objectives of Computer Forensics
o Stages of Forensic Investigation in Tracking Cyber Criminals
o Key Steps in Forensic Investigations
o List of Computer Forensics Tools
* Incident Handling
o Present Networking Scenario
o What is an Incident
o Category of Incidents: Low Level
o Category of Incidents: Mid Level
o Category of Incidents: High Level
o How to Identify an Incident
o How to Prevent an Incident
o Defining the Relationship between Incident Response, Incident Handling, and Incident Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
+ Stage 1: Preparation
+ Stage 2: Identification
+ Stage 3: Containment
+ Stage 4: Eradication
+ Stage 5: Recovery
+ Stage 6: Follow-up
* Incident Management
* Why don’t Organizations Report Computer Crimes
* Estimating Cost of an Incident
* Whom to Report an Incident
* Incident Reporting
* Vulnerability Resources
* What is CSIRT
o CSIRT: Goals and Strategy
o Why an Organization needs an Incident Response Team
o CSIRT Case Classification
o Types of Incidents and Level of Support
o Incident Specific Procedures-I (Virus and Worm Incidents)
o Incident Specific Procedures-II (Hacker Incidents)
o Incident Specific Procedures-III (Social Incidents, Physical Incidents)
o How CSIRT Handles Case: Steps
o Example of CSIRT
o Best Practices for Creating a CSIRT
+ Step 1: Obtain Management Support and Buy-in
+ Step 2: Determine the CSIRT Development Strategic Plan
+ Step 3: Gather Relevant Information
+ Step 4: Design your CSIRT Vision
+ Step 5: Communicate the CSIRT Vision
+ Step 6: Begin CSIRT Implementation
+ Step 7: Announce the CSIRT
* World CERTs http://www.trusted-introducer.nl/teams/country.html
* http://www.first.org/about/organization/teams/
* IRTs Around the World
Module 58: Credit Card Frauds
* E-Crime
* Statistics
* Credit Card
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
* Credit Card Generators
o Credit Card Generator
o RockLegend’s !Credit Card Generator
* Credit Card Fraud Detection
o Credit Card Fraud Detection Technique: Pattern Detection
o Credit Card Fraud Detection Technique: Fraud Screening
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
* Best Practices: Ways to Protect Your Credit Cards
Module 59: How to Steal Passwords
* Password Stealing
* How to Steal Passwords
* Password Stealing Techniques
* Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
o Kesk
o MTM Recorded pwd Stealer
o Password Devil
* Password Stealing Tools
o Password Thief
o Remote Password Stealer
o POP3 Email Password Finder
o Instant Password Finder
o MessenPass
o PstPassword
o Remote Desktop PassView
o IE PassView
o Yahoo Messenger Password
* Recommendations for Improving Password Security
* Best Practices
Module 60: Firewall Technologies
* Firewalls: Introduction
* Hardware Firewalls
o Hardware Firewall
o Netgear Firewall
o Personal Firewall Hardware: Linksys
o Personal Firewall Hardware: Cisco’s PIX
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
o CISCO PIX 525 Firewall
o CISCO PIX 535 Firewall
o Check Point Firewall
o Nortel Switched Firewall
* Software Firewalls
o Software Firewall
* Windows Firewalls
o Norton Personal Firewall
o McAfee Personal Firewall
o Symantec Enterprise Firewall
o Kerio WinRoute Firewall
o Sunbelt Personal Firewall
o Xeon Firewall
o InJoy Firewall
o PC Tools Firewall Plus
o Comodo Personal Firewall
o ZoneAlarm
o Linux Firewalls
o KMyFirewall
o Firestarter
o Guarddog
o Firewall Builder
* Mac OS X Firewalls
o Flying Buttress
o DoorStop X Firewall
o Intego NetBarrier X5
o Little Snitch
Module 61: Threats and Countermeasures
Module 62: Case Studies
Module 63: Botnets
* What Is a Botnet?
* The Botnet Life Cycle
* Uses of Botnets
* How to Identify Whether Your Computer is a Botnet
* Common Botnets
o SDBot
o RBot
o Agobot
o Spybot
o Mytob
* Botnet Detection: Tools and Techniques
o Abuse E-mail
o Network Infrastructure: Tools and Techniques
o Intrusion Detection
o Darknets, Honeypots, and Other Snares
o Forensics Techniques and Tools for Botnet Detection
* Tool: Ourmon
o How Ourmon Works
* Anomaly Detection
o TCP Anomaly Detection by Ourmon
o UDP Anomaly Detection by Ourmon
o Detecting E-mail Anomalies using Ourmon
* IRC Protocol
o Ourmon’s RRDTOOL Statistics and IRC Reports
* Detecting an IRC Client Botnet
* Detecting an IRC Botnet Server
* Automated Packet Capture
* Ourmon Event Log
o DNS and C&C Technology
o Tricks for Searching the Ourmon Logs
* Sniffing IRC Messages
* Sandboxes
* CWSandbox
o Operations Revealed by CWSandbox
* Automated Analysis Suite (AAS)
* Responding to Botnets
Module 64: Economic Espionage
* Economic Espionage
* Who are Behind This?
* Motives
* Economic Intelligence
* Trade Secrets
* How Foreign Competitors Get the Information
* Methods of Acquiring Trade Secrets
* How Economic Espionage Increases
* Difference Between Industrial Espionage and Economic Espionage
* Competitive Intelligence
o Competitive Intelligence Is Not Corporate Espionage
* The Economic Espionage Act of 1996, 18 U.S.C. §§ 1831-1839
* Methods for Economic Espionage Protection
Module 65: Patch Management
* Hotfixes and Patches
* What is Patch Management
* Patch Testing
* Understanding Patch Monitoring and Management
* Types of Patches Defined by Microsoft
* Opsware Server Automation System (SAS)
o Tool: UpdateExpert
o Tool: Qfecheck
o Tool: HFNetChk
o cacls.exe Utility
o Tool: Shavlik NetChk Protect
o Tool: Kaseya Patch Management
o Tool: IBM Tivoli Configuration Manager
o Tool: LANDesk Patch Manager
o Tool: ConfigureSoft Enterprise Configuration Manager (ECM)
o Tool: BladeLogic Configuration Manager
o Tool: Microsoft Baseline Security Analyzer (MBSA)
+ MBSA: Scanning Updates in GUI Mode
+ MBSA: Scanning Updates in Command-line Version
o Tool: QChain
o Tool: BigFix Enterprise Suite (BFS)
o Tool: Shavlik NetChk Protect
o Tool: PatchLink Update
o Tool: SecureCentral PatchQuest
o Tool: Patch Authority Ultimate
o Tool: ZENworks Patch Management
o Tool: Ecora Patch Manager
o Tool: Service Pack Manager
o Tool: Altiris Patch Management Solution
o Tool: BMC Patch Manager
o Tool: Hotfix Reporter
o Tool: Numara Patch Manager
o Tool: TrueUpdate
o Tool: FlashUpdate
o Tool: Microsoft Software Update Services (SUS)
o Tool: Prism Patch Manager
o Tool: Patch-Magic
* Patch Management Checklist
* Best Practices for Patch Management
Module 66: Security Convergence
* Security Convergence
* Challenges Confronting an Effective Security Convergence Policy
* Benefits of Using Risk Management in Planning IT Security Administration
* RAMCAP
* Open Security Exchange (OSE)
* CISO (Chief Information Security Officer)
* Elements of Building Secure Operations
* Enterprise Security Management (ESM)
o ESM Deployment Strategies
* Convergence of Network Operations and Security Operations
* Log Collection
* Log Normalization
* Log Severity
* Log Time Correction
* Log Categorization
* Event Storage
* Discovering and Interacting with Patterns
o Discovering and Interacting with Patterns: Data Sources
* Intelligent Platform Management Interface (IPMI) Standard
Appendix
* Trojan: Phatbot
* Trojan: Amitis
* Trojan: Senna Spy
* Trojan: QAZ
* Trojan: Back Orifice
* Trojan: Back Oriffice 2000
* Back Oriffice Plug-ins
* Trojan: SubSeven
* Trojan: CyberSpy Telnet Trojan
* Trojan: Subroot Telnet Trojan
* Trojan: Let Me Rule! 2.0 BETA 9
* Trojan: Donald Dick
* Trojan: RECUB
from ec-council site
jai mAta di
CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.
Module 1: Introduction to Ethical Hacking
* Problem Definition -Why Security?
* Essential Terminologies
* Elements of Security
* The Security, Functionality and Ease of Use Triangle
* Effect on Business
* Case Study
* What does a Malicious Hacker do?
o Phase1-Reconnaissaance
+ Reconnaissance Types
o Phase2-Scanning
o Phase3-Gaining Access
o Phase4-Maintaining Access
o Phase5-Covering Tracks
* Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
* Hacktivism
* Hacker Classes
* Security News: Suicide Hacker
* Ethical Hacker Classes
* What do Ethical Hackers do
* Can Hacking be Ethical
* How to become an Ethical Hacker
* Skill Profile of an Ethical Hacker
* What is Vulnerability Research
o Why Hackers Need Vulnerability Research
o Vulnerability Research Tools
o Vulnerability Research Websites
+ National Vulnerability Database (nvd.nist.gov)
+ Securitytracker (www.securitytracker.com)
+ Securiteam (www.securiteam.com)
+ Secunia (www.secunia.com)
+ Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)
+ HackerWatch (www.hackerwatch.org)
+ SecurityFocus (www.securityfocus.com)
+ SecurityMagazine (www.securitymagazine.com)
+ SC Magazine (www.scmagazine.com)
+ MILWORM
* How to Conduct Ethical Hacking
* How Do They Go About It
* Approaches to Ethical Hacking
* Ethical Hacking Testing
* Ethical Hacking Deliverables
* Computer Crimes and Implications
Module 2: Hacking Laws
* U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
* Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029
+ Penalties
o 18 U.S.C. § 1030
+ Penalties
o 18 U.S.C. § 1362
o 18 U.S.C. § 2318
o 18 U.S.C. § 2320
o 18 U.S.C. § 1831
o 47 U.S.C. § 605, unauthorized publication or use of communications
o Washington:
+ RCW 9A.52.110
o Florida:
+ § 815.01 to 815.07
o Indiana:
+ IC 35-43
* United Kingdom’s Cyber Laws
* United Kingdom: Police and Justice Act 2006
* European Laws
* Japan’s Cyber Laws
* Australia : The Cybercrime Act 2001
* Indian Law: THE INFORMTION TECHNOLOGY ACT
* Argentina Laws
* Germany’s Cyber Laws
* Singapore’s Cyber Laws
* Belgium Law
* Brazilian Laws
* Canadian Laws
* France Laws
* German Laws
* Italian Laws
* MALAYSIA: THE COMPUTER CRIMES ACT 1997
* HONGKONG: TELECOMMUNICATIONS
* Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.
* Greece Laws
* Denmark Laws
* Netherlands Laws
* Norway
* ORDINANCE
* Mexico
* SWITZERLAND
Module 3: Footprinting
* Revisiting Reconnaissance
* Defining Footprinting
* Why is Footprinting Necessary
* Areas and Information which Attackers Seek
* Information Gathering Methodology
o Unearthing Initial Information
+ Finding Company’s URL
+ Internal URL
+ Extracting Archive of a Website
# www.archive.org
+ Google Search for Company’s Info
# People Search
# Yahoo People Search
# Satellite Picture of a Residence
# Best PeopleSearch
# People-Search-America.com
# Switchboard
# Anacubis
# Google Finance
# Yahoo Finance
+ Footprinting through Job Sites
+ Passive Information Gathering
+ Competitive Intelligence Gathering
# Why Do You Need Competitive Intelligence?
# Competitive Intelligence Resource
# Companies Providing Competitive Intelligence Services
# Carratu International
# CI Center
# Competitive Intelligence - When Did This Company Begin? How Did It Develop?
# Competitive Intelligence - Who Leads This Company
# Competitive Intelligence - What Are This Company's Plans
# Competitive Intelligence - What Does Expert Opinion Say About The Company
# Competitive Intelligence - Who Are The Leading Competitors?
# Competitive Intelligence Tool: Trellian
# Competitive Intelligence Tool: Web Investigator
+ Public and Private Websites
* Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
o Alchemy Network Tool
o Advanced Administrative Tool
o My IP Suite
o Wikto Footprinting Tool
o Whois Lookup
o Whois
o SmartWhois
o ActiveWhois
o LanWhois
o CountryWhois
o WhereIsIP
o Ip2country
o CallerIP
o Web Data Extractor Tool
o Online Whois Tools
o What is MyIP
o DNS Enumerator
o SpiderFoot
o Nslookup
o Extract DNS Information
+ Types of DNS Records
+ Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
o Reggie
o Locate the Network Range
+ ARIN
+ Traceroute
# Traceroute Analysis
+ 3D Traceroute
+ NeoTrace
+ VisualRoute Trace
+ Path Analyzer Pro
+ Maltego
+ Layer Four Traceroute
+ Prefix WhoIs widget
+ Touchgraph
+ VisualRoute Mail Tracker
+ eMailTrackerPro
+ Read Notify
* E-Mail Spiders
o 1st E-mail Address Spider
o Power E-mail Collector Tool
o GEOSpider
o Geowhere Footprinting Tool
o Google Earth
o Kartoo Search Engine
o Dogpile (Meta Search Engine)
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o HTTrack Web Site Copier
o Website Watcher
* How to Create Fake Website
* Real and Fake Website
* Tool: Reamweaver
* Mirrored Fake Website
* Faking Websites using Man-in-the-Middle Phishing Kit
* Benefits to Fraudster
* Steps to Perform Footprinting
Module 4: Google Hacking
* What is Google hacking
* What a hacker can do with vulnerable site
* Anonymity with Caches
* Using Google as a Proxy Server
* Directory Listings
o Locating Directory Listings
o Finding Specific Directories
o Finding Specific Files
o Server Versioning
* Going Out on a Limb: Traversal Techniques
o Directory Traversal
o Incremental Substitution
* Extension Walking
* Site Operator
* intitle:index.of
* error | warning
* login | logon
* username | userid | employee.ID | “your username is”
* password | passcode | “your password is”
* admin | administrator
o admin login
* –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
* inurl:temp | inurl:tmp | inurl:backup | inurl:bak
* intranet | help.desk
* Locating Public Exploit Sites
o Locating Exploits Via Common Code Strings
+ Searching for Exploit Code with Nonstandard Extensions
+ Locating Source Code with Common Strings
* Locating Vulnerable Targets
o Locating Targets Via Demonstration Pages
+ “Powered by” Tags Are Common Query Fodder for Finding Web Applications
o Locating Targets Via Source Code
+ Vulnerable Web Application Examples
o Locating Targets Via CGI Scanning
+ A Single CGI Scan-Style Query
* Directory Listings
o Finding IIS 5.0 Servers
* Web Server Software Error Messages
o IIS HTTP/1.1 Error Page Titles
o “Object Not Found” Error Message Used to Find IIS 5.0
o Apache Web Server
+ Apache 2.0 Error Pages
* Application Software Error Messages
o ASP Dumps Provide Dangerous Details
o Many Errors Reveal Pathnames and Filenames
o CGI Environment Listings Reveal Lots of Information
* Default Pages
o A Typical Apache Default Web Page
o Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP
o Default Pages Query for Web Server
o Outlook Web Access Default Portal
* Searching for Passwords
o Windows Registry Entries Can Reveal Passwords
o Usernames, Cleartext Passwords, and Hostnames!
* Google Hacking Database (GHDB)
* SiteDigger Tool
* Gooscan
* Goolink Scanner
* Goolag Scanner
* Tool: Google Hacks
* Google Hack Honeypot
* Google Protocol
* Google Cartography
Module 5: Scanning
* Scanning: Definition
* Types of Scanning
* Objectives of Scanning
* CEH Scanning Methodology
o Checking for live systems - ICMP Scanning
+ Angry IP
+ Ping Sweep
+ Firewalk Tool
+ Firewalk Commands
+ Firewalk Output
+ Three Way Handshake
+ TCP Communication Flags
+ Nmap
+ Nmap: Scan Methods
+ NMAP Scan Options
+ NMAP Output Format
+ HPing2
+ Syn Stealth/Half Open Scan
+ Stealth Scan
+ Xmas Scan
+ Fin Scan
+ Null Scan
+ Idle Scan
+ ICMP Echo Scanning/List Scan
+ TCP Connect/Full Open Scan
+ SYN/FIN Scanning Using IP Fragments
+ UDP Scanning
+ Reverse Ident Scanning
+ Window Scan
+ Blaster Scan
+ Portscan Plus, Strobe
+ IPSec Scan
+ Netscan Tools Pro
+ WUPS – UDP Scanner
+ Superscan
+ IPScanner
+ Global Network Inventory Scanner
+ Net Tools Suite Pack
+ Floppy Scan
+ FloppyScan Steps
+ E-mail Results of FloppyScan
+ Atelier Web Ports Traffic Analyzer (AWPTA)
+ Atelier Web Security Port Scanner (AWSPS)
+ IPEye
+ ike-scan
+ Infiltrator Network Security Scanner
+ YAPS: Yet Another Port Scanner
+ Advanced Port Scanner
+ NetworkActiv Scanner
+ NetGadgets
+ P-Ping Tools
+ MegaPing
+ LanSpy
+ HoverIP
+ LANView
+ NetBruteScanner
+ SolarWinds Engineer’s Toolset
+ AUTAPF
+ OstroSoft Internet Tools
+ Advanced IP Scanner
+ Active Network Monitor
+ Advanced Serial Data Logger
+ Advanced Serial Port Monitor
+ WotWeb
+ Antiy Ports
+ Port Detective
+ Roadkil’s Detector
+ Portable Storage Explorer
* War Dialer Technique
o Why War Dialing
o Wardialing
o Phonesweep – War Dialing Tool
o THC Scan
o ToneLoc
o ModemScan
o War Dialing Countermeasures: Sandtrap Tool
* Banner Grabbing
o OS Fingerprinting
+ Active Stack Fingerprinting
+ Passive Fingerprinting
o Active Banner Grabbing Using Telnet
o GET REQUESTS
o P0f – Banner Grabbing Tool
o p0f for Windows
o Httprint Banner Grabbing Tool
o Tool: Miart HTTP Header
o Tools for Active Stack Fingerprinting
+ Xprobe2
+ Ringv2
+ Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger
* Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
o Nessus
o GFI Languard
o Security Administrator’s Tool for Analyzing Networks (SATAN)
o Retina
o Nagios
o PacketTrap's pt360 Tool Suite
o NIKTO
o SAFEsuite Internet Scanner, IdentTCPScan
* Draw Network Diagrams of Vulnerable Hosts
o Friendly Pinger
o LANsurveyor
o Ipsonar
o LANState
o Insightix Visibility
o IPCheck Server Monitor
o PRTG Traffic Grapher
* Preparing Proxies
o Proxy Servers
o Use of Proxies for Attack
o Free Proxy Servers
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
o Anonymizers
+ Surfing Anonymously
+ Primedius Anonymizer
+ StealthSurfer
+ Anonymous Surfing: Browzar
+ Torpark Browser
+ GetAnonymous
+ IP Privacy
+ Anonymity 4 Proxy (A4Proxy)
+ Psiphon
+ Connectivity Using Psiphon
+ Bloggers Write Text Backwards to Bypass Web Filters in China
+ Vertical Text Converter
+ How to Check If Your Website Is Blocked In China or Not
+ Mowser and Phonifier
+ AnalogX Proxy
+ NetProxy
+ Proxy+
+ ProxySwitcher Lite
+ JAP
+ Proxomitron
o Google Cookies
+ G-Zapper
o SSL Proxy Tool
o How to Run SSL Proxy
o HTTP Tunneling Techniques
+ Why Do I Need HTTP Tunneling
+ Httptunnel for Windows
+ How to Run Httptunnel
+ HTTP-Tunnel
+ HTTPort
o Spoofing IP Address
+ Spoofing IP Address Using Source Routing
+ Detection of IP Spoofing
+ Despoof Tool
* Scanning Countermeasures
* Tool: SentryPC
Module 6: Enumeration
* Overview of System Hacking Cycle
* What is Enumeration?
* Techniques for Enumeration
* NetBIOS Null Sessions
o So What's the Big Deal
o DumpSec Tool
o NetBIOS Enumeration Using Netview
+ Nbtstat Enumeration Tool
+ SuperScan
+ Enum Tool
o Enumerating User Accounts
+ GetAcct
o Null Session Countermeasure
* PS Tools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLogged On
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
* Simple Network Management Protocol (SNMP) Enumeration
o Management Information Base (MIB)
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
* LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
* NTP enumeration
* SMTP enumeration
o Smtpscan
* Web enumeration
o Asnumber
o Lynx
* Winfingerprint
o Windows Active Directory Attack Tool
* How To Enumerate Web Application Directories in IIS Using DirectoryServices
* IP Tools Scanner
* Enumerate Systems Using Default Password
* Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
o Terminal Service Agent
o TXNDS
o Unicornscan
o Amap
o Netenum
* Steps to Perform Enumeration
Module 7: System Hacking
* Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
+ Passive Online Attack: Wire Sniffing
+ Passive Online Attack: Man-in-the-middle and replay attacks
+ Active Online Attack: Password Guessing
+ Offline Attacks
# Brute force Attack
# Pre-computed Hashes
# Syllable Attack/Rule-based Attack/ Hybrid attacks
# Distributed network Attack
# Rainbow Attack
+ Non-Technical Attacks
o Default Password Database
+ http://www.defaultpassword.com/
+ http://www.cirt.net/cgi-bin/passwd.pl
+ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
o Permanent Account Lockout-Employee Privilege Abuse
o Administrator Password Guessing
+ Manual Password cracking Algorithm
+ Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
+ Tool: NAT
+ Smbbf (SMB Passive Brute Force Tool)
+ SmbCrack Tool: Legion
+ Hacking Tool: LOphtcrack
o Microsoft Authentication
+ LM, NTLMv1, and NTLMv2
+ NTLM And LM Authentication On The Wire
+ Kerberos Authentication
+ What is LAN Manager Hash?
# LM “Hash” Generation
# LM Hash
+ Salting
+ PWdump2 and Pwdump3
+ Tool: Rainbowcrack
+ Hacking Tool: KerbCrack
+ Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Signing
o Tool: LCP
o Tool: SID&User
o Tool: Ophcrack 2
o Tool: Crack
o Tool: Access PassView
o Tool: Asterisk Logger
o Tool: CHAOS Generator
o Tool: Asterisk Key
o Password Recovery Tool: MS Access Database Password Decoder
o Password Cracking Countermeasures
o Do Not Store LAN Manager Hash in SAM Database
o LM Hash Backward Compatibility
o How to Disable LM HASH
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit
* Part2-Escalating Privileges
o CEH Hacking Cycle
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
o Change Recovery Console Password - Method 1
o Change Recovery Console Password - Method 2
o Privilege Escalation Tool: x.exe
o Login Hack: Example
* Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o Ras N Map
o Tool: Alchemy Remote Executor
o Emsa FlexInfo Pro
o Keystroke Loggers
o E-mail Keylogger
o Revealer Keylogger Pro
o Handy Keylogger
o Ardamax Keylogger
o Powered Keylogger
o Quick Keylogger
o Spy-Keylogger
o Perfect Keylogger
o Invisible Keylogger
o Actual Spy
o SpyToctor FTP Keylogger
o IKS Software Keylogger
o Ghost Keylogger
o Hacking Tool: Hardware Key Logger
o What is Spyware?
o Spyware: Spector
o Remote Spy
o Spy Tech Spy Agent
o 007 Spy Software
o Spy Buddy
o Ace Spy
o Keystroke Spy
o Activity Monitor
o Hacking Tool: eBlaster
o Stealth Voice Recorder
o Stealth Keylogger
o Stealth Website Logger
o Digi Watcher Video Surveillance
o Desktop Spy Screen Capture Program
o Telephone Spy
o Print Monitor Spy Tool
o Stealth E-Mail Redirector
o Spy Software: Wiretap Professional
o Spy Software: FlexiSpy
o PC PhoneHome
o Keylogger Countermeasures
o Anti Keylogger
o Advanced Anti Keylogger
o Privacy Keyboard
o Spy Hunter - Spyware Remover
o Spy Sweeper
o Spyware Terminator
o WinCleaner AntiSpyware
* Part4-Hiding files
o CEH Hacking Cycle
o Hiding Files
o RootKits
+ Why rootkits
+ Hacking Tool: NT/2000 Rootkit
+ Planting the NT/2000 Rootkit
+ Rootkits in Linux
+ Detecting Rootkits
+ Steps for Detecting Rootkits
+ Rootkit Detection Tools
+ Sony Rootkit Case Study
+ Rootkit: Fu
+ AFX Rootkit
+ Rootkit: Nuclear
+ Rootkit: Vanquish
+ Rootkit Countermeasures
+ Patchfinder
+ RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
+ NTFS Stream Manipulation
+ NTFS Streams Countermeasures
+ NTFS Stream Detectors (ADS Spy and ADS Tools)
+ Hacking Tool: USB Dumper
o What is Steganography?
+ Steganography Techniques
# Least Significant Bit Insertion in Image files
# Process of Hiding Information in Image Files
# Masking and Filtering in Image files
# Algorithms and transformation
+ Tool: Merge Streams
+ Invisible Folders
+ Tool: Invisible Secrets
+ Tool : Image Hide
+ Tool: Stealth Files
+ Tool: Steganography
+ Masker Steganography Tool
+ Hermetic Stego
+ DCPP – Hide an Operating System
+ Tool: Camera/Shy
+ www.spammimic.com
+ Tool: Mp3Stego
+ Tool: Snow.exe
+ Steganography Tool: Fort Knox
+ Steganography Tool: Blindside
+ Steganography Tool: S- Tools
+ Steganography Tool: Steghide
+ Tool: Steganos
+ Steganography Tool: Pretty Good Envelop
+ Tool: Gifshuffle
+ Tool: JPHIDE and JPSEEK
+ Tool: wbStego
+ Tool: OutGuess
+ Tool: Data Stash
+ Tool: Hydan
+ Tool: Cloak
+ Tool: StegoNote
+ Tool: Stegomagic
+ Steganos Security Suite
+ C Steganography
+ Isosteg
+ FoxHole
+ Sams Big Playmaker
+ Video Steganography
+ Case Study: Al-Qaida members Distributing Propaganda to Volunteers using Steganography
+ Steganalysis
+ Steganalysis Methods/Attacks on Steganography
+ Stegdetect
+ SIDS
+ High-Level View
+ Tool: dskprobe.exe
+ Stego Watch- Stego Detection Tool
+ StegSpy
* Part5-Covering Tracks
o CEH Hacking Cycle
o Covering Tracks
o Disabling Auditing
o Clearing the Event Log
o Tool: elsave.exe
o Hacking Tool: Winzapper
o Evidence Eliminator
o Tool: Traceless
o Tool: Tracks Eraser Pro
o Armor Tools
o Tool: ZeroTracks
Module 8: Trojans and Backdoors
* What is a Trojan?
o Overt and Covert Channels
o Working of Trojans
o Different Types of Trojans
+ Remote Access Trojans
+ Data-Sending Trojans
+ Destructive Trojans
+ Denial-of-Service (DoS) Attack Trojans
+ Proxy Trojans
+ FTP Trojans
+ Security Software Disablers
o What do Trojan Creators Look for?
o Different Ways a Trojan can Get into a System
* Indications of a Trojan Attack
* Ports Used by Trojans
o How to Determine which Ports are Listening
* Classic Trojans
o Trojan: Tini
o Trojan: iCmd
o Trojan: NetBus
o Trojan: Netcat
o Netcat Client/Server
o Trojan: Beast
o MoSucker Trojan
o SARS Trojan Notification
o Proxy Server Trojan
o FTP Trojan - TinyFTPD
o VNC Trojan
o Wrappers
o Wrapper Covert Program
o Wrapping Tools
o One Exe Maker / YAB / Pretator Wrappers
o Packaging Tool: WordPad
o RemoteByMail
o Tool: Icon Plus
o Defacing Application: Restorator
o Tetris
* Stealth Trojans
o HTTP Trojans
o Trojan Attack through Http
o HTTP Trojan (HTTP RAT)
o Shttpd Trojan - HTTP Server
o Tool: BadLuck Destructive Trojan
o Loki
o Loki Countermeasures
o Atelier Web Remote Commander
o Trojan Horse Construction Kit
o ICMP Tunneling
o ICMP Backdoor Trojan
* Reverse Connecting Trojans
o Reverse Connecting Trojans
o Nuclear RAT Trojan (Reverse Connecting)
o Reverse Tunnel
o Covert Channel Tunneling Tool (cctt)
o Windows Reverse Shell
o perl-reverse-shell
o php-reverse-shell
o XSS Shell Tunnel
o winarp_mim
* Miscellaneous Trojans
o Backdoor.Theef (AVP)
o T2W (TrojanToWorm)
o Biorante RAT
o DownTroj
o Turkojan
o Trojan.Satellite-RAT
o Yakoza
o DarkLabel B4
o Trojan.Hav-Rat
o Poison Ivy
o Rapid Hacker
o SharK
o HackerzRat
o TYO
o 1337 Fun Trojan
o Criminal Rat Beta
o VicSpy
o Optix PRO
o ProAgent
o OD Client
o AceRat
o Mhacker-PS
o RubyRAT Public
o SINner
o ConsoleDevil
o ZombieRat
o Webcam Trojan
o DJI RAT
o Skiddie Rat
o Biohazard RAT
o Troya
o ProRat
o Dark Girl
o DaCryptic
o Net-Devil
o PokerStealer.A
o Hovdy.a
* How to Detect Trojans?
o Netstat
o fPort
o TCPView
o CurrPorts Tool
o Process Viewer
o Delete Suspicious Device Drivers
o Check for Running Processes: What’s on My Computer
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Autoruns
o Hijack This (System Checker)
o Startup List
* Anti-Trojan Software
o TrojanHunter
o Comodo BOClean
o Trojan Remover: XoftspySE
o Trojan Remover: Spyware Doctor
o SPYWAREfighter
* Evading Anti-Virus Techniques
* Sample Code for Trojan Client/Server
* Evading Anti-Trojan/Anti-Virus using Stealth Tools
* Backdoor Countermeasures
* Tripwire
* System File Verification
* MD5 Checksum.exe
* Microsoft Windows Defender
* How to Avoid a Trojan Infection
Module 9: Viruses and Worms
* Virus History
* Characteristics of Virus
* Working of Virus
o Infection Phase
o Attack Phase
* Why people create Computer Viruses
* Symptoms of a Virus-like Attack
* Virus Hoaxes
* Chain Letters
* Worms
* How is a Worm Different from a Virus
* Indications of a Virus Attack
* Virus Damage
o Mode of Virus Infection
* Stages of Virus Life
* Types of Virus
o Virus Classification
o How Does a Virus Infect?
o Storage Patterns of Virus
+ System Sector virus
+ Stealth Virus
+ Bootable CD-Rom Virus
# Self -Modification
# Encryption with a Variable Key
+ Polymorphic Code
+ Metamorphic Virus
+ Cavity Virus
+ Sparse Infector Virus
+ Companion Virus
+ File Extension Virus
* Famous Viruses and Worms
o Famous Virus/Worms – I Love You Virus
o Famous Virus/Worms – Melissa
o Famous Virus/Worms – JS/Spth
o Klez Virus Analysis
o Slammer Worm
o Spread of Slammer Worm – 30 min
o MyDoom.B
o SCO Against MyDoom Worm
* Latest Viruses
o Latest Viruses
o Top 10 Viruses- 2008
+ Virus: Win32.AutoRun.ah
+ Virus:W32/Virut
+ Virus:W32/Divvi
+ Worm.SymbOS.Lasco.a
+ Disk Killer
+ Bad Boy
+ HappyBox
+ Java.StrangeBrew
+ MonteCarlo Family
+ PHP.Neworld
+ W32/WBoy.a
+ ExeBug.d
+ W32/Voterai.worm.e
+ W32/Lecivio.worm
+ W32/Lurka.a
+ W32/Vora.worm!p2p
* Writing Virus Program
o Writing a Simple Virus Program
o Virus Construction Kits
* Virus Detection Methods
o Virus Detection Methods
o Virus Incident Response
o What is Sheep Dip?
o Virus Analysis – IDA Pro Tool
o Online Virus Testing: http://www.virustotal.com/
o Prevention is better than Cure
* Anti-Virus Software
o Anti-Virus Software
o AVG Antivirus
o Norton Antivirus
o McAfee
o Socketsheild
o BitDefender
o ESET Nod32
o CA Anti-Virus
o F-Secure Anti-Virus
o Kaspersky Anti-Virus
o F-Prot Antivirus
o Panda Antivirus Platinum
o avast! Virus Cleaner
o ClamWin
o Norman Virus Control
* Popular Anti-Virus Packages
* Virus Databases
* Snopes.com
Module 10: Sniffers
* Definition: Sniffing
* Types of Sniffing
* Protocols Vulnerable to Sniffing
* Passive Sniffing
* Active Sniffing
* Switched Port Analyzer (SPAN)
* SPAN Port
* Lawful Intercept
* Benefits of Lawful Intercept
* Network Components Used for Lawful Intercept
* Ready to Sniff?
* Tool: Network View – Scans the Network for Devices
* The Dude Sniffer
* Look@LAN
* Wireshark
* Display Filters in Wireshark
* Following the TCP Stream in Wireshark
* Pilot
* Tcpdump
* Tcpdump Commands
* Features of Sniffing Tools
* What is Address Resolution Protocol (ARP)
* ARP Spoofing Attack
* How Does ARP Spoofing Work
* ARP Poisoning
* Threats of ARP Poisoning
* MAC Flooding
* Mac Duplicating
* Mac Duplicating Attack
* Tools for ARP Spoofing
o Ettercap
o ArpSpyX
o Cain and Abel
+ Steps to Perform ARP Poisoning using Cain and Abel
o IRS – ARP Attack Tool
o ARPWorks Tool
* DHCP Starvation Attack
* DNS Poisoning Techniques
o 1. Intranet DNS Spoofing (Local Network)
o 2. Internet DNS Spoofing (Remote Network)
o 3. Proxy Server DNS Poisoning
o 4. DNS Cache Poisoning
* Tools for MAC Flooding
o Linux Tool: Macof
o Windows Tool: EtherFlood
* Sniffing Tools
o Interactive TCP Relay
o Interactive Replay Attacks
o Tool: Nemesis
o HTTP Sniffer: EffeTech
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o Win Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Packet Crafter Craft Custom TCP/IP Packets
o Engage Packet Builder
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o EtherApe Features
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
o Tool: Windump
o Tool: Etherpeek
o NetIntercept
o Colasoft EtherLook
o AW Ports Traffic Analyzer
o Colasoft Capsa Network Analyzer
o CommView
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
o URL Snooper
o EtherDetect Packet Sniffer
o EffeTech HTTP Sniffer
o AnalogX Packetmon
o Colasoft MSN Monitor
o IPgrab
o EtherScan Analyzer
o InfoWatch Traffic Monitor
* Linux Sniffing Tools (dsniff package)
o Linux Tool: Arpspoof
o Linux Tool: Dnsspoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o Linux Tool: Sshmitm
o Linux Tool: Tcpkill
o Linux Tool: Tcpnice
o Linux Tool: Urlsnarf
o Linux Tool: Webspy
o Linux Tool: Webmitm
* Hardware Protocol Analyzers
o Hardware Protocol Analyzers Vendors List
o Agilent Hardware Protocol Analyzers http://www.home.agilent.com/
o RADCOM Hardware Protocol Analyzers http://www.radcom.com/
o FLUKE Networks Hardware Protocol Analyzers http://www.flukenetworks.com/
o NETWORK INSTRUMENTS Hardware Protocol Analyzer http://www.netinst.com/
* How to Detect Sniffing
o Countermeasures
o AntiSniff Tool
o ArpWatch Tool
o PromiScan
o proDETECT
o Network Packet Analyzer CAPSA
Module 11: Social Engineering
* What is Social Engineering?
* Human Weakness
* “Rebecca” and “Jessica”
* Office Workers
* Types of Social Engineering
o Human-Based Social Engineering
+ Technical Support Example
+ More Social Engineering Examples
+ Human-Based Social Engineering: Eavesdropping
+ Human-Based Social Engineering: Shoulder Surfing
+ Human-Based Social Engineering: Dumpster Diving
+ Dumpster Diving Example
+ Oracle Snoops Microsoft’s Trash Bins
+ Movies to Watch for Reverse Engineering
o Computer Based Social Engineering
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threat
o Common Targets of Social Engineering
* Social Engineering Threats and Defenses
o Online Threats
o Telephone-Based Threats
o Personal approaches
o Defenses Against Social Engineering Threats
* Factors that make Companies Vulnerable to Attacks
* Why is Social Engineering Effective
* Warning Signs of an Attack
* Tool : Netcraft Anti-Phishing Toolbar
* Phases in a Social Engineering Attack
* Behaviors Vulnerable to Attacks
* Impact on the Organization
* Countermeasures
* Policies and Procedures
* Security Policies - Checklist
* Impersonating Orkut, Facebook, MySpace
* Orkut
* Impersonating on Orkut
* MW.Orc worm
* Impersonating on Facebook
* MySpace
* Impersonating on MySpace
* How to Steal Identity
* Comparison
* Original
* Identity Theft
* http://www.consumer.gov/idtheft/
Module 12: Phishing
* Phishing
* Introduction
* Reasons for Successful Phishing
* Phishing Methods
* Process of Phishing
* Types of Phishing Attacks
o Man-in-the-Middle Attacks
o URL Obfuscation Attacks
o Cross-site Scripting Attacks
o Hidden Attacks
o Client-side Vulnerabilities
o Deceptive Phishing
o Malware-Based Phishing
o DNS-Based Phishing
o Content-Injection Phishing
o Search Engine Phishing
* Phishing Statistics: March 2008
* Anti-Phishing
* Anti-Phishing Tools
o PhishTank SiteChecker
o NetCraft
o GFI MailEssentials
o SpoofGuard
o Phishing Sweeper Enterprise
o TrustWatch Toolbar
o ThreatFire
o GralicWrap
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
o Email-Tag.com
Module 13: Hacking Email Accounts
* Introduction
o Ways for Getting Email Account Information
o Stealing Cookies
o Social Engineering
o Password Phishing
o Fraudulent e-mail Messages
* Vulnerabilities
o Web Email
o Reaper Exploit
* Email Hacking Tools
o Tool: Advanced Stealth Email Redirector
o Tool: Mail PassView
o Tool: Email Password Recovery Master
o Tool: Mail Password
o Email Finder Pro
o Email Spider Easy
o Kernel Hotmail MSN Password Recovery
o Retrieve Forgotten Yahoo Password
o MegaHackerZ
o Hack Passwords
* Securing Email Accounts
o Creating Strong Passwords
o Creating Strong Passwords: Change Password
o Creating Strong Passwords: Trouble Signing In
o Sign-in Seal
o Alternate Email Address
o Keep Me Signed In/ Remember Me
o Tool: Email Protector
o Tool: Email Security
o Tool: EmailSanitizer
o Tool: Email Protector
o Tool: SuperSecret
Module 14: Denial-of-Service
* Real World Scenario of DoS Attacks
* What are Denial-of-Service Attacks
* Goal of DoS
* Impact and the Modes of Attack
* Types of Attacks
* DoS Attack Classification
o Smurf Attack
o Buffer Overflow Attack
o Ping of Death Attack
o Teardrop Attack
o SYN Attack
o SYN Flooding
o DoS Attack Tools
o DoS Tool: Jolt2
o DoS Tool: Bubonic.c
o DoS Tool: Land and LaTierra
o DoS Tool: Targa
o DoS Tool: Blast
o DoS Tool: Nemesy
o DoS Tool: Panther2
o DoS Tool: Crazy Pinger
o DoS Tool: SomeTrouble
o DoS Tool: UDP Flood
o DoS Tool: FSMax
* Bot (Derived from the Word RoBOT)
* Botnets
* Uses of Botnets
* Types of Bots
* How Do They Infect? Analysis Of Agabot
* How Do They Infect
* Tool: Nuclear Bot
* What is DDoS Attack
* Characteristics of DDoS Attacks
* Is DDOS Unstoppable?
* Agent Handler Model
* DDoS IRC based Model
* DDoS Attack Taxonomy
* Amplification Attack
* Reflective DNS Attacks
* Reflective DNS Attacks Tool: ihateperl.pl
* DDoS Tools
o DDoS Tool: Tribal Flood Network
o DDoS Tool: TFN2K
o DDoS Tool: Shaft
o DDoS Tool: Trinity
o DDoS Tool: Knight and Kaiten
o DDoS Tool: Mstream
* How to Conduct a DDoS Attack
* The Reflected DoS Attacks
* Reflection of the Exploit
* Countermeasures for Reflected DoS
* DDoS Countermeasures
* Taxonomy of DDoS Countermeasures
* Preventing Secondary Victims
* Detect and Neutralize Handlers
* Detect Potential Attacks
* DoSHTTP Tool
* Mitigate or Stop the Effects of DDoS Attacks
* Deflect Attacks
* Post-attack Forensics
* Packet Traceback
Module 15: Session Hijacking
* What is Session Hijacking?
* Understanding Session Hijacking
* Spoofing v Hijacking
* Steps in Session Hijacking
* Types of Session Hijacking
* Session Hijacking Levels
* Network Level Hijacking
* The 3-Way Handshake
* TCP Concepts 3-Way Handshake
* Sequence Numbers
* Sequence Number Prediction
* TCP/IP hijacking
* IP Spoofing: Source Routed Packets
* RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
* Blind Hijacking
* Man in the Middle Attack using Packet Sniffer
* UDP Hijacking
* Application Level Hijacking
* Programs that Performs Session Hacking
o TTY-Watcher
o IP watcher
o Remote TCP Session Reset Utility (SOLARWINDS)
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
* Dangers Posed by Hijacking
* Protecting against Session Hijacking
* Countermeasure: IPSec
Module 16: Hacking Web Servers
* How Web Servers Work
* How are Web Servers Compromised
* Web Server Defacement
o How are Servers Defaced
* Apache Vulnerability
* Attacks against IIS
o IIS7 Components
* Unicode
o Unicode Directory Traversal Vulnerability
o IIS Directory Traversal (Unicode) Attack
* Hacking Tool
o Hacking Tool: IISxploit.exe
o Msw3prt IPP Vulnerability
o RPC DCOM Vulnerability
o ASP Trojan
o IIS Logs
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o ServerMask ip100
o Tool: CacheRight
o Tool: CustomError
o Tool: HttpZip
o Tool: LinkDeny
o Tool: ServerDefender AI
o Tool: ZipEnable
o Tool: w3compiler
o Yersinia
* Tool: Metasploit Framework
* KARMA
o Karmetasploit
o Prerequisites for Karmetasploit
o Running Karmetasploit
* Tool: Immunity CANVAS Professional
* Tool: Core Impact
* Tool: MPack
* Tool: Neosploit
* Patch Management
o Hotfixes and Patches
o What is Patch Management
+ Solution: UpdateExpert
+ Patch Management Tool: qfecheck
+ Patch Management Tool: HFNetChk
+ cacls.exe utility
* Vulnerability Scanners
o Online Vulnerability Search Engine
o Network Tool: Whisker
o Network Tool: N-Stealth HTTP Vulnerability Scanner
o Hacking Tool: WebInspect
o Network Tool: Shadow Security Scanner
o Secure IIS
+ ServersCheck Monitoring
+ GFI Network Server Monitor
+ Servers Alive
+ Webserver Stress Tool
+ Monitoring Tool: Secunia PSI
* Countermeasures
* Increasing Web Server Security
* Web Server Protection Checklist
Module 17: Web Application Vulnerabilities
* Web Application
* Web application Hacking
* Anatomy of an Attack
* Web Application Threats
* Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
* SQL Injection
* Command Injection Flaws
o Countermeasures
* Cookie/Session Poisoning
o Countermeasures
* Parameter/Form Tampering
* Hidden Field at
* Buffer Overflow
o Countermeasures
* Directory Traversal/Forceful Browsing
o Countermeasures
* Cryptographic Interception
* Cookie Snooping
* Authentication Hijacking
o Countermeasures
* Log Tampering
* Error Message Interception
* Attack Obfuscation
* Platform Exploits
* DMZ Protocol Attacks
o Countermeasures
* Security Management Exploits
o Web Services Attacks
o Zero-Day Attacks
o Network Access Attacks
* TCP Fragmentation
* Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o WSDigger Tool – Web Services Testing Tool
o CookieDigger Tool
o SSLDigger Tool
o SiteDigger Tool
o WindowBomb
o Burp: Positioning Payloads
o Burp: Configuring Payloads and Content Enumeration
o Burp: Password Guessing
o Burp Proxy
o Burpsuite
o Hacking Tool: cURL
o dotDefender
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Ratproxy
o Tool: Mapper
Module 18: Web-Based Password Cracking Techniques
* Authentication
o Authentication - Definition
o Authentication Mechanisms
+ HTTP Authentication
# Basic Authentication
# Digest Authentication
+ Integrated Windows (NTLM) Authentication
+ Negotiate Authentication
+ Certificate-based Authentication
+ Forms-based Authentication
+ RSA SecurID Token
+ Biometrics Authentication
# Types of Biometrics Authentication
* Fingerprint-based Identification
* Hand Geometry- based Identification
* Retina Scanning
* Afghan Woman Recognized After 17 Years
* Face Recognition
* Face Code: WebCam Based Biometrics Authentication System
o Bill Gates at the RSA Conference 2006
* Password Cracking
o How to Select a Good Password
o Things to Avoid in Passwords
o Changing Your Password
o Protecting Your Password
o Examples of Bad Passwords
o The “Mary Had A Little Lamb” Formula
o How Hackers Get Hold of Passwords
o Windows XP: Remove Saved Passwords
o What is a Password Cracker
o Modus Operandi of an Attacker Using a Password Cracker
o How Does a Password Cracker Work
o Attacks - Classification
+ Password Guessing
+ Query String
+ Cookies
+ Dictionary Maker
* Password Cracking Tools
o Password Crackers Available
+ L0phtCrack (LC4)
+ John the Ripper
+ Brutus
+ ObiWaN
+ Authforce
+ Hydra
+ Cain & Abel
+ RAR
+ Gammaprog
+ WebCracker
+ Munga Bunga
+ PassList
+ SnadBoy
+ MessenPass
+ Wireless WEP Key Password Spy
+ RockXP
+ Password Spectator Pro
+ Passwordstate
+ Atomic Mailbox Password Cracker
+ Advanced Mailbox Password Recovery (AMBPR)
+ Tool: Network Password Recovery
+ Tool: Mail PassView
+ Tool: Messenger Key
+ Tool: SniffPass
o Security Tools
+ WebPassword
+ Password Administrator
+ Password Safe
+ Easy Web Password
+ PassReminder
+ My Password Manager
* Countermeasures
Module 19: SQL Injection
* SQL Injection: Introduction
o What is SQL Injection
o Exploiting Web Applications
o Steps for performing SQL injection
o What You Should Look For
o What If It Doesn’t Take Input
o OLE DB Errors
o Input Validation Attack
o SQL injection Techniques
o How to Test for SQL Injection Vulnerability
o How Does It Work
o BadLogin.aspx.cs
o BadProductList.aspx.cs
o Executing Operating System Commands
o Getting Output of SQL Query
o Getting Data from the Database Using ODBC Error Message
o How to Mine all Column Names of a Table
o How to Retrieve any Data
o How to Update/Insert Data into Database
o SQL Injection in Oracle
o SQL Injection in MySql Database
o Attacking Against SQL Servers
o SQL Server Resolution Service (SSRS)
o Osql -L Probing
* SQL Injection Tools
o SQL Injection Automated Tools
o Automated SQL Injection Tool: AutoMagic SQL
o Absinthe Automated SQL Injection Tool
+ Hacking Tool: SQLDict
+ Hacking Tool: SQLExec
+ SQL Server Password Auditing Tool: sqlbf
+ Hacking Tool: SQLSmack
+ Hacking Tool: SQL2.exe
+ sqlmap
+ sqlninja
+ SQLIer
+ Automagic SQL Injector
+ Absinthe
* Blind SQL Injection
o Blind SQL Injection: Countermeasure
* SQL Injection Countermeasures
o Preventing SQL Injection Attacks
o GoodLogin.aspx.cs
* SQL Injection Blocking Tool: SQL Block
* Acunetix Web Vulnerability Scanner
Module 20: Hacking Wireless Networks
* Introduction to Wireless Networking
o Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
o Advantages and Disadvantages of a Wireless Network
* Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
o Wireless Standard:802.15 (Bluetooth)
o Wireless Standard:802.16 (WiMax)
+ WiMax Featured Companies
+ WiMax Equipment Vendors
* Wireless Concepts
o Related Technology and Carrier Networks
o SSID
o Is the SSID a Secret
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
o 802.11 Specific Vulnerabilities
o Authentication and (Dis) Association Attacks
o MAC Sniffing and AP Spoofing
o Defeating MAC Address Filtering in Windows
* Wireless Devices
o Antennas
o Cantenna – www.cantenna.com
o Wireless Access Points
o Beacon Frames
o Phone Jammers
+ Phone Jamming Devices
* WEP
o Wired Equivalent Privacy (WEP)
o WEP Issues
o WEP - Authentication Phase
o WEP - Shared Key Authentication
o WEP - Association Phase
o WEP Flaws
* WPA
o What is WPA
o WPA Vulnerabilities
o WEP, WPA, and WPA2
o Wi-Fi Protected Access 2 (WPA2)
o Attacking WPA Encrypted Networks
o Evil Twin: Attack
* TKIP and LEAP
o Temporal Key Integrity Protocol (TKIP)
+ Working of TKIP
+ Changes from WEP to TKIP
o LEAP: The Lightweight Extensible Authentication Protocol
o LEAP Attacks
o LEAP Attack Tool: ASLEAP
+ Working of ASLEAP
* Hacking Methods
o Techniques to Detect Open Wireless Networks
o Steps for Hacking Wireless Networks
+ Step 1: Find Networks to Attack
+ Step 2: Choose the Network to Attack
+ Step 3: Analyzing the Network
+ Step 4: Cracking the WEP Key
+ Step 5: Sniffing the Network
o Bluejacking
o Super Bluetooth Hack
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o Hijacking and Modifying a Wireless Network
* Cracking WEP
o Cracking WEP
o Weak Keys (a.k.a. Weak IVs)
o Problems with WEP’s Key Stream and Reuse
o Automated WEP Crackers
o Pad-Collection Attacks
o XOR Encryption
o Stream Cipher
o WEP Tool: Aircrack
o Tool: AirPcap
o Tool: Cain & Abel
o Scanning Tool: Kismet
* Rogue Access Point
o Rogue Access Points
o Tools to Generate Rogue Access Points: Fake AP
o Tools to Detect Rogue Access Points: Netstumbler
o Tools to Detect Rogue Access Points: MiniStumbler
o Airsnarf: A Rogue AP Setup Utility
o Cloaked Access Point
* Scanning Tools
o Scanning Tool: Prismstumbler
o Scanning Tool: MacStumbler
o Scanning Tool: Mognet
o Scanning Tool: WaveStumbler
o Scanning Tool: Netchaser for Palm Tops
o Scanning Tool: AP Scanner
o Scanning Tool: Wavemon
o Scanning Tool: Wireless Security Auditor (WSA)
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Scanning Tool: WifiScanner
o eEye Retina WiFI
o Simple Wireless Scanner
o wlanScanner
* Sniffing Tools
o Sniffing Tool: AiroPeek
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o Sniffing Tool: vxSniffer
o Sniffing Tool: Etherpeg
o Sniffing Tool: Drifnet
o Sniffing Tool: AirMagnet
o Sniffing Tool: WinDump
o Multiuse Tool: THC-RUT
o Microsoft Network Monitor
* Wireless Security Tools
o WLAN Diagnostic Tool: CommView for WiFi PPC
o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer
o AirDefense Guard (www.AirDefense.com)
o Google Secure Access
o Tool: RogueScanner
Module 21: Physical Security
* Security Facts
* Understanding Physical Security
* Physical Security
* What Is the Need for Physical Security
* Who Is Accountable for Physical Security
* Factors Affecting Physical Security
* Physical Security Checklist
o Physical Security Checklist -Company surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
+ Biometric Devices
+ Biometric Identification Techniques
# Biometric Hacking: Biologger
+ Authentication Mechanisms
+ Authentication Mechanism Challenges: Biometrics
+ Faking Fingerprints
+ Smart cards
+ Security Token
+ Computer Equipment Maintenance
+ Wiretapping
+ Remote Access
+ Lapse of Physical Security
+ Locks
# Lock Picking
# Lock Picking Tools
* Information Security
* EPS (Electronic Physical Security)
* Wireless Security
* Laptop Theft Statistics for 2007
* Statistics for Stolen and Recovered Laptops
* Laptop Theft
* Laptop theft: Data Under Loss
* Laptop Security Tools
* Laptop Tracker - XTool Computer Tracker
* Tools to Locate Stolen Laptops
* Stop's Unique, Tamper-proof Patented Plate
* Tool: TrueCrypt
* Laptop Security Countermeasures
* Mantrap
* TEMPEST
* Challenges in Ensuring Physical Security
* Spyware Technologies
* Spying Devices
* Physical Security: Lock Down USB Ports
* Tool: DeviceLock
* Blocking the Use of USB Storage Devices
* Track Stick GPS Tracking Device
Module 22: Linux Hacking
* Why Linux
* Linux Distributions
* Linux Live CD-ROMs
* Basic Commands of Linux: Files & Directories
* Linux Basic
o Linux File Structure
o Linux Networking Commands
* Directories in Linux
* Installing, Configuring, and Compiling Linux Kernel
* How to Install a Kernel Patch
* Compiling Programs in Linux
* GCC Commands
* Make Files
* Make Install Command
* Linux Vulnerabilities
* Chrooting
* Why is Linux Hacked
* How to Apply Patches to Vulnerable Programs
* Scanning Networks
* Nmap in Linux
* Scanning Tool: Nessus
* Port Scan Detection Tools
* Password Cracking in Linux: John the Ripper
* Firewall in Linux: IPTables
* IPTables Command
* Basic Linux Operating System Defense
* SARA (Security Auditor's Research Assistant)
* Linux Tool: Netcat
* Linux Tool: tcpdump
* Linux Tool: Snort
* Linux Tool: SAINT
* Linux Tool: Wireshark
* Linux Tool: Abacus Port Sentry
* Linux Tool: DSniff Collection
* Linux Tool: Hping2
* Linux Tool: Sniffit
* Linux Tool: Nemesis
* Linux Tool: LSOF
* Linux Tool: IPTraf
* Linux Tool: LIDS
* Hacking Tool: Hunt
* Tool: TCP Wrappers
* Linux Loadable Kernel Modules
* Hacking Tool: Linux Rootkits
* Rootkits: Knark & Torn
* Rootkits: Tuxit, Adore, Ramen
* Rootkit: Beastkit
* Rootkit Countermeasures
* ‘chkrootkit’ detects the following Rootkits
* Linux Tools: Application Security
* Advanced Intrusion Detection Environment (AIDE)
* Linux Tools: Security Testing Tools
* Linux Tools: Encryption
* Linux Tools: Log and Traffic Monitors
* Linux Security Auditing Tool (LSAT)
* Linux Security Countermeasures
* Steps for Hardening Linux
Module 23: Evading IDS, Firewalls and Detecting Honey Pots
* Introduction to Intrusion Detection System
* Terminologies
* Intrusion Detection System (IDS)
o IDS Placement
o Ways to Detect an Intrusion
o Types of Instruction Detection Systems
o System Integrity Verifiers (SIVS)
o Tripwire
o Cisco Security Agent (CSA)
o True/False, Positive/Negative
o Signature Analysis
o General Indications of System Intrusions
o General Indications of File System Intrusions
o General Indication of Network Intrusions
o Intrusion Detection Tools
+ Snort
+ Running Snort on Windows 2003
+ Snort Console
+ Testing Snort
+ Configuring Snort (snort.conf)
+ Snort Rules
+ Set up Snort to Log to the Event Logs and to Run as a Service
+ Using EventTriggers.exe for Eventlog Notifications
+ SnortSam
o Steps to Perform after an IDS detects an attack
o Evading IDS Systems
+ Ways to Evade IDS
+ Tools to Evade IDS
# IDS Evading Tool: ADMutate
# Packet Generators
* Intrusion Prevention System
o Intrusion Prevention Strategies
o IPS Deployment Risks
o Types of IPS
o Host Based IPS (HIPS)
o Network Based IPS (NIPS)
+ Content Based IPS (CIPS)
+ Rate Based IPS (RIPS)
o Information Flow in IDS and IPS
o IDS vs. IPS
o IPS Vendors and Products
* What is a Firewall?
o What Does a Firewall Do
o Packet Filtering
o What can’t a firewall do
o How does a Firewall work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewall
+ Packet Filtering Firewall
+ IP Packet Filtering Firewall
+ Circuit-Level Gateway
+ TCP Packet Filtering Firewall
+ Application Level Firewall
+ Application Packet Filtering Firewall
+ Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Tool: NCovert
o ACK Tunneling
o Tools to breach firewalls
* Common Tool for Testing Firewall and IDS
o IDS Testing Tool: Traffic IQ Professional
o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
o IDS Tool: SecureHost
o IDS Tool: Snare
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer
o Atelier Web Firewall Tester
* What is Honeypot?
o The Honeynet Project
o Types of Honeypots
+ Low-interaction honeypot
+ Medium-interaction honeypot
+ High-interaction honeypot
o Advantages and Disadvantages of a Honeypot
o Where to place Honeypots
o Honeypots
+ Honeypot-SPECTER
+ Honeypot - honeyd
+ Honeypot – KFSensor
+ Sebek
o Physical and Virtual Honeypots
* Tools to Detect Honeypots
* What to do when hacked
Module 24: Buffer Overflows
* Buffer Overflow Concepts
o Why are Programs/Applications Vulnerable
o Buffer Overflows
o Reasons for Buffer Overflow Attacks
o Knowledge Required to Program Buffer Overflow Exploits
o Understanding Stacks
o Understanding Heaps
o Types of Buffer Overflows: Stack-based Buffer Overflow
o Types of Buffer Overflows: Heap-Based Buffer Overflow
o Understanding Assembly Language
o Shellcode
* Attacking a Real Program
* NOPs
* How to Mutate a Buffer Overflow Exploit
* Once the Stack is Smashed
* Examples of Buffer Overflow
o Simple Uncontrolled Overflow of the Stack
o Heap Memory Buffer Overflow Bug
o Simple Buffer Overflow in C
+ Code Analysis
* Tools
o Tool to Defend Buffer Overflow: Return Address Defender (RAD)
o Tool to Defend Buffer Overflow: StackGuard
o Insure++
o Comodo Memory Firewall
o DefencePlus
o BufferShield
o Hardware Level Prevention Of Buffer Overflow
* How to Detect Buffer Overflows in a Program
* Defense Against Buffer Overflows
Module 25: Cryptography
* Public-key Cryptography
* Working of Encryption
* Digital Signature
* RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
* RC4, RC5, RC6, Blowfish
* Algorithms and Security
* Brute-Force Attack
* RSA Attacks
* Message Digest Functions
o One-way Bash Functions
o MD5
* SHA (Secure Hash Algorithm)
* SSL (Secure Sockets Layer)
o RC5
* What is SSH
* Government Access to Keys (GAK)
* RSA Challenge
* distributed.net
* Code Breaking: Methodologies
* Cryptography Attacks
* Disk Encryption
* Magic Lantern
* WEPCrack
* Cracking S/MIME Encryption Using Idle CPU Time
* Cryptography Tools
o Cleversafe Grid Builder
o PGP (Pretty Good Privacy)
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
o Microsoft Cryptography Tools
Module 26: Penetration Testing
* Introduction to Penetration Testing (PT)
* Categories of security assessments
* Vulnerability Assessment
* Limitations of Vulnerability Assessment
* Testing
o Penetration Testing
o Types of Penetration Testing
o Risk Management
o Do-It-Yourself Testing
o Outsourcing Penetration Testing Services
o Terms of Engagement
o Project Scope
o Pentest Service Level Agreements
o Testing points
o Testing Locations
o Automated Testing
o Manual Testing
o Using DNS Domain Name and IP Address Information
o Enumerating Information about Hosts on Publicly Available Networks
o Testing Network-filtering Devices
o Enumerating Devices
o Denial-of-Service Emulation
* Penetration Testing Tools
o Pentest using Appscan
o HackerShield
o Pen-Test Using Cerberus Internet Scanner
o Pen-Test Using Cybercop Scanner
o Pen-Test Using FoundScan Hardware Appliances
o Pen-Test Using Nessus
o Pen-Test Using NetRecon
o Pen-Test Using SAINT
o Pen-Test Using SecureNet Pro
o Pen-Test Using SecureScan
o Pen-Test Using SATAN, SARA and Security Analyzer
o Pen-Test Using STAT Analyzer
o Pentest Using VigilENT
o Pentest Using WebInspect
o Pentest Using CredDigger
o Pentest Using Nsauditor
o Evaluating Different Types of Pen-Test Tools
o Asset Audit
o Fault Tree and Attack Trees
o GAP Analysis
* Threat
o Business Impact of Threat
o Internal Metrics Threat
o External Metrics Threat
o Calculating Relative Criticality
o Test Dependencies
* Other Tools Useful in Pen-Test
o Defect Tracking Tools: Bug Tracker Server
o Disk Replication Tools
o DNS Zone Transfer Testing Tools
o Network Auditing Tools
o Trace Route Tools and Services
o Network Sniffing Tools
o Denial of Service Emulation Tools
o Traditional Load Testing Tools
o System Software Assessment Tools
o Operating System Protection Tools
o Fingerprinting Tools
o Port Scanning Tools
o Directory and File Access Control Tools
o File Share Scanning Tools
o Password Directories
o Password Guessing Tools
o Link Checking Tools
o Web-Testing Based Scripting tools
o Buffer Overflow protection Tools
o File Encryption Tools
o Database Assessment Tools
o Keyboard Logging and Screen Reordering Tools
o System Event Logging and Reviewing Tools
o Tripwire and Checksum Tools
o Mobile-code Scanning Tools
o Centralized Security Monitoring Tools
o Web Log Analysis Tools
o Forensic Data and Collection Tools
o Security Assessment Tools
o Multiple OS Management Tools
* Phases of Penetration Testing
* Pre-attack Phase
* Best Practices
* Results that can be Expected
* Passive Reconnaissance
* Active Reconnaissance
* Attack Phase
o Activity: Perimeter Testing
o Activity: Web Application Testing
o Activity: Wireless Testing
o Activity: Acquiring Target
o Activity: Escalating Privileges
o Activity: Execute, Implant and Retract
* Post Attack Phase and Activities
* Penetration Testing Deliverables Templates
Module 27: Covert Hacking
* Insider Attacks
* What is Covert Channel?
* Security Breach
* Why Do You Want to Use Covert Channel?
* Motivation of a Firewall Bypass
* Covert Channels Scope
* Covert Channel: Attack Techniques
* Simple Covert Attacks
* Advanced Covert Attacks
* Standard Direct Connection
* Reverse Shell (Reverse Telnet)
* Direct Attack Example
* In-Direct Attack Example
* Reverse Connecting Agents
* Covert Channel Attack Tools
o Netcat
o DNS Tunneling
o Covert Channel Using DNS Tunneling
o DNS Tunnel Client
o DNS Tunneling Countermeasures
o Covert Channel Using SSH
o Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
* Covert Channel Hacking Tool: Active Port Forwarder
* Covert Channel Hacking Tool: CCTT
* Covert Channel Hacking Tool: Firepass
* Covert Channel Hacking Tool: MsnShell
* Covert Channel Hacking Tool: Web Shell
* Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
* Covert Channel Hacking via Spam E-mail Messages
* Hydan
Module 28: Writing Virus Codes
* Introduction of Virus
* Types of Viruses
* Symptoms of a Virus Attack
* Prerequisites for Writing Viruses
* Required Tools and Utilities
* Virus Infection Flow Chart
o Virus Infection: Step I
+ Directory Traversal Method
+ Example Directory Traversal Function
+ “dot dot” Method
+ Example Code for a “dot dot” Method
o Virus Infection: Step II
o Virus Infection: Step III
+ Marking a File for Infection
o Virus Infection: Step IV
o Virus Infection: Step V
* Components of Viruses
o Functioning of Replicator part
o Writing Replicator
o Writing Concealer
o Dispatcher
o Writing Bomb/Payload
+ Trigger Mechanism
+ Bombs/Payloads
+ Brute Force Logic Bombs
* Testing Virus Codes
* Tips for Better Virus Writing
Module 29: Assembly Language Tutorial
* Base 10 System
* Base 2 System
* Decimal 0 to 15 in Binary
* Binary Addition (C stands for Canary)
* Hexadecimal Number
* Hex Example
* Hex Conversion
* nibble
* Computer memory
* Characters Coding
* ASCII and UNICODE
* CPU
* Machine Language
* Compilers
* Clock Cycle
* Original Registers
* Instruction Pointer
* Pentium Processor
* Interrupts
* Interrupt handler
* External interrupts and Internal interrupts
* Handlers
* Machine Language
* Assembly Language
* Assembler
* Assembly Language Vs High-level Language
* Assembly Language Compilers
* Instruction operands
* MOV instruction
* ADD instruction
* SUB instruction
* INC and DEC instructions
* Directive
* preprocessor
* equ directive
* %define directive
* Data directives
* Labels
* Input and output
* C Interface
* Call
* Creating a Program
* Why should anyone learn assembly at all?
o First.asm
* Assembling the code
* Compiling the C code
* Linking the object files
* Understanding an assembly listing file
* Big and Little Endian Representation
* Skeleton File
* Working with Integers
* Signed integers
* Signed Magnitude
* Two’s Compliment
* If statements
* Do while loops
* Indirect addressing
* Subprogram
* The Stack
* The SS segment
* ESP
* The Stack Usage
* The CALL and RET Instructions
* General subprogram form
* Local variables on the stack
* General subprogram form with local variables
* Multi-module program
* Saving registers
* Labels of functions
* Calculating addresses of local variables
Module 30: Exploit Writing
* Exploits Overview
* Prerequisites for Writing Exploits and Shellcodes
* Purpose of Exploit Writing
* Types of Exploits
* Stack Overflow
* Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
* The Proof-of-Concept and Commercial Grade Exploit
* Converting a Proof of Concept Exploit to Commercial Grade Exploit
* Attack Methodologies
* Socket Binding Exploits
* Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
* Steps for Writing an Exploit
* Differences Between Windows and Linux Exploits
* Shellcodes
* NULL Byte
* Types of Shellcodes
* Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
* Steps for Writing a Shellcode
* Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation
Module 31: Smashing the Stack for Fun and Profit
* What is a Buffer?
* Static Vs Dynamic Variables
* Stack Buffers
* Data Region
* Memory Process Regions
* What Is A Stack?
* Why Do We Use A Stack?
* The Stack Region
* Stack frame
* Stack pointer
* Procedure Call (Procedure Prolog)
* Compiling the code to assembly
* Call Statement
* Return Address (RET)
* Word Size
* Stack
* Buffer Overflows
* Error
* Why do we get a segmentation violation?
* Segmentation Error
* Instruction Jump
* Guess Key Parameters
* Calculation
* Shell Code
o The code to spawn a shell in C
* Lets try to understand what is going on here. We'll start by studying main:
* execve()
o execve() system call
* exit.c
o List of steps with exit call
* The code in Assembly
* JMP
* Code using indexed addressing
* Offset calculation
* shellcodeasm.c
* testsc.c
* Compile the code
* NULL byte
* shellcodeasm2.c
* testsc2.c
* Writing an Exploit
* overflow1.c
* Compiling the code
* sp.c
* vulnerable.c
* NOPs
o Using NOPs
o Estimating the Location
Module 32: Windows Based Buffer Overflow Exploit Writing
* Buffer Overflow
* Stack overflow
* Writing Windows Based Exploits
* Exploiting stack based buffer overflow
* OpenDataSource Buffer Overflow Vulnerability Details
* Simple Proof of Concept
* Windbg.exe
* Analysis
* EIP Register
o Location of EIP
o EIP
* Execution Flow
* But where can we jump to?
* Offset Address
* The Query
* Finding jmp esp
* Debug.exe
* listdlls.exe
* Msvcrt.dll
* Out.sql
* The payload
* ESP
* Limited Space
* Getting Windows API/function absolute address
* Memory Address
* Other Addresses
* Compile the program
* Final Code
Module 33: Reverse Engineering
* Positive Applications of Reverse Engineering
* Ethical Reverse Engineering
* World War Case Study
* DMCA Act
* What is Disassembler?
* Why do you need to decompile?
* Professional Disassembler Tools
* Tool: IDA Pro
* Convert Machine Code to Assembly Code
* Decompilers
* Program Obfuscation
* Convert Assembly Code to C++ code
* Machine Decompilers
* Tool: dcc
* Machine Code of compute.exe Prorgam
* Assembly Code of compute.exe Program
* Code Produced by the dcc Decompiler in C
* Tool: Boomerang
* What Boomerang Can Do?
* Andromeda Decompiler
* Tool: REC Decompiler
* Tool: EXE To C Decompiler
* Delphi Decompilers
* Tools for Decompiling .NET Applications
* Salamander .NET Decompiler
* Tool: LSW DotNet-Reflection-Browser
* Tool: Reflector
* Tool: Spices NET.Decompiler
* Tool: Decompilers.NET
* .NET Obfuscator and .NET Obfuscation
* Java Bytecode Decompilers
* Tool: JODE Java Decompiler
* Tool: JREVERSEPRO
* Tool: SourceAgain
* Tool: ClassCracker
* Python Decompilers
* Reverse Engineering Tutorial
* OllyDbg Debugger
* How Does OllyDbg Work?
* Debugging a Simple Console Application
Module 34: Macintosh Hacking
* Introduction to MAC OS
* Vulnerabilities in MAC
o Buffer Overflow Vulnerability
o Local Privilege Escalation Vulnerabilities
o DiskManagement BOM Local Privilege Escalation Vulnerability
o HFS+ do_hfs_truncate() Denial of Service Vulnerability
o ATPsndrsp() Heap Buffer Overflow Vulnerability
o UFS ufs_lookup() Denial of Service Vulnerability
o Other Vulnerabilities in MAC
* How a Malformed Installer Package Can Crack Mac OS X
* Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses
* MAC OS X Trojans
o Termite
o Sub7ME
o WinJack
o Xover
o Hell Raiser 2.5b
* Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Sophos Endpoint Security and Control
o Norton Internet Security
* Mac Security Tools
o MacScan
o ClamXav
o IPNetsentryx
o FileGuard
* Countermeasures
Module 35: Hacking Routers, cable Modems and Firewalls
* Network Devices
* Identifying a Router
o SING: Tool for Identifying the Router
* HTTP Configuration Arbitrary Administrative Access Vulnerability
* ADMsnmp
* Solarwinds MIB Browser
* Brute-Forcing Login Services
* Hydra
* Analyzing the Router Config
* Cracking the Enable Password
* Tool: Cain and Abel
* Implications of a Router Attack
* Types of Router Attacks
* Router Attack Topology
* Denial of Service (DoS) Attacks
* Packet “Mistreating” Attacks
* Routing Table Poisoning
* Hit-and-run Attacks vs. Persistent Attacks
* Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Covering Tracks
o Looking Around
* Eigrp-tool
* Tool: Zebra
* Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
* Tool: Cisco Torch
* Monitoring SMTP(port25) Using SLcheck
* Monitoring HTTP(port 80)
* Cable Modem Hacking
o OneStep: ZUP
* www.bypassfirewalls.net
* Waldo Beta 0.7 (b)
Module 36: Hacking Mobile Phones, PDA and Handheld Devices
* Different OS in Mobile Phone
* Different OS Structure in Mobile Phone
* Evolution of Mobile Threat
* Threats
* What Can A Hacker Do
* Vulnerabilities in Different Mobile Phones
* Malware
* Spyware
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware
* Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures
* PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs
* iPod
o Misuse of iPod
o Jailbreaking
+ Tool for Jailbreaking: iDemocracy
+ Tool for Jailbreaking: iActivator
+ Tool for Jailbreaking: iNdependence
+ Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Step by step iPhone Hacking
o AppSnapp
+ Steps for AppSnapp
o Tool to Unlock iPhone: iPhoneSimFree
o Tool to Unlock iPhone: anySIM
o Steps for Unlocking your iPhone using AnySIM
o Activate the Voicemail Button on your Unlocked iPhone
o Podloso Virus
o Security tool: Icon Lock-iT XP
* Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations
* Viruses
o Skulls
o Duts
o Doomboot.A: Trojan
* Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus
* Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile
* Defending Cell Phones and PDAs Against Attack
* Mobile Phone Security Tips
Module 37: Bluetooth Hacking
* Bluetooth Introduction
* Security Issues in Bluetooth
* Security Attacks in Bluetooth Devices
o Bluejacking
o Tools for Bluejacking
o BlueSpam
o Blue snarfing
o BlueBug Attack
o Short Pairing Code Attacks
o Man-In-Middle Attacks
o OnLine PIN Cracking Attack
o BTKeylogging attack
o BTVoiceBugging attack
o Blueprinting
o Bluesmacking - The Ping of Death
o Denial-of-Service Attack
o BlueDump Attack
* Bluetooth hacking tools
o BTScanner
o Bluesnarfer
o Bluediving
o Transient Bluetooth Environment Auditor
o BTcrack
o Blooover
o Hidattack
* Bluetooth Viruses and Worms
o Cabir
o Mabir
o Lasco
* Bluetooth Security tools
o BlueWatch
o BlueSweep
o Bluekey
o BlueFire Mobile Security Enterprise Edition
o BlueAuditor
o Bluetooth Network Scanner
* Countermeasures
Module 38: VoIP Hacking
* What is VoIP
* VoIP Hacking Steps
* Footprinting
o Information Sources
o Unearthing Information
o Organizational Structure and Corporate Locations
o Help Desk
o Job Listings
o Phone Numbers and Extensions
o VoIP Vendors
o Resumes
o WHOIS and DNS Analysis
o Steps to Perform Footprinting
* Scanning
o Host/Device Discovery
o ICMP Ping Sweeps
o ARP Pings
o TCP Ping Scans
o SNMP Sweeps
o Port Scanning and Service Discovery
o TCP SYN Scan
o UDP Scan
o Host/Device Identification
* Enumeration
o Steps to Perform Enumeration
o Banner Grabbing with Netcat
o SIP User/Extension Enumeration
+ REGISTER Username Enumeration
+ INVITE Username Enumeration
+ OPTIONS Username Enumeration
+ Automated OPTIONS Scanning with sipsak
+ Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server
+ Automated OPTIONS Scanning Using SIPSCAN against SIP Phones
o Enumerating TFTP Servers
o SNMP Enumeration
o Enumerating VxWorks VoIP Devices
* Steps to Exploit the Network
o Denial-of-Service (DoS)
o Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
o Flooding Attacks
o DNS Cache Poisoning
o Sniffing TFTP Configuration File Transfers
o Performing Number Harvesting and Call Pattern Tracking
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques
+ How to Insert Rogue Application
+ SIP Rogue Application
+ Listening to/Recording Calls
+ Replacing/Mixing Audio
+ Dropping Calls with a Rogue SIP Proxy
+ Randomly Redirect Calls with a Rogue SIP Proxy
+ Additional Attacks with a Rogue SIP Proxy
o What is Fuzzing
+ Why Fuzzing
+ Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation
+ Registration Removal with erase_registrations Tool
+ Registration Addition with add_registrations Tool
o VoIP Phishing
* Covering Tracks
Module 39: RFID Hacking
* RFID- Definition
* Components of RFID Systems
* RFID Collisions
* RFID Risks
o Business Process Risk
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
+ Hazards of Electromagnetic Radiation
+ Computer Network Attacks
* RFID and Privacy Issues
* Countermeasures
* RFID Security and Privacy Threats
o Sniffing
o Tracking
o Spoofing
o Replay attacks
o Denial-of-service
* Protection Against RFID Attacks
* RFID Guardian
* RFID Malware
o How to Write an RFID Virus
o How to Write an RFID Worm
o Defending Against RFID Malware
* RFID Exploits
* Vulnerabilities in RFID-enabled Credit Cards
o Skimming Attack
o Replay Attack
o Eavesdropping Attack
* RFID Hacking Tool: RFDump
* RFID Security Controls
o Management Controls
o Operational Controls
o Technical Controls
* RFID Security
Module 40: Spamming
* Introduction
* Techniques used by Spammers
* How Spamming is performed
* Ways of Spamming
* Spammer: Statistics
* Worsen ISP: Statistics
* Top Spam Effected Countries: Statistics
* Types of Spam Attacks
* Spamming Tools
o Farelogic Worldcast
o 123 Hidden Sender
o YL Mail Man
o Sendblaster
o Direct Sender
o Hotmailer
o PackPal Bulk Email Server
o IEmailer
* Anti-Spam Techniques
* Anti- Spamming Tools
o AEVITA Stop SPAM Email
o SpamExperts Desktop
o SpamEater Pro
o SpamWeasel
o Spytech SpamAgent
o AntispamSniper
o Spam Reader
o Spam Assassin Proxy (SA) Proxy
o MailWasher Free
o Spam Bully
* Countermeasures
Module 41: Hacking USB Devices
* Introduction to USB Devices
* Electrical Attack
* Software Attack
* USB Attack on Windows
* Viruses and Worms
o W32/Madang-Fam
o W32/Hasnot-A
o W32/Fujacks-AK
o W32/Fujacks-E
o W32/Dzan-C
o W32/SillyFD-AA
o W32/SillyFDC-BK
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
* Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
* USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
o USB CopyNotify
o Remora USB File Guard
o Advanced USB Pro Monitor
o Folder Password Expert USB
o USBlyzer
o USB PC Lock Pro
o Torpark
o Virus Chaser USB
* Countermeasures
Module 42: Hacking Database Servers
* Hacking Database server: Introduction
* Hacking Oracle Database Server
o Attacking Oracle
o Security Issues in Oracle
o Types of Database Attacks
o How to Break into an Oracle Database and Gain DBA Privileges
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems
* Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer
* Security Tools
* SQL Server Security Best Practices: Administrator Checklist
* SQL Server Security Best Practices: Developer Checklist
Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism
* Cyber Terrorism Over Internet
* Cyber-Warfare Attacks
* 45 Muslim Doctors Planned US Terror Raids
* Net Attack
* Al-Qaeda
* Why Terrorists Use Cyber Techniques
* Cyber Support to Terrorist Operations
* Planning
* Recruitment
* Research
* Propaganda
* Propaganda: Hizballah Website
* Cyber Threat to the Military
* Russia ‘hired botnets’ for Estonia Cyber-War
* NATO Threatens War with Russia
* Bush on Cyber War: ‘a subject I can learn a lot about’
* E.U. Urged to Launch Coordinated Effort Against Cybercrime
* Budget: Eye on Cyber-Terrorism Attacks
* Cyber Terror Threat is Growing, Says Reid
* Terror Web 2.0
* Table 1: How Websites Support Objectives of terrorist/Extremist Groups
* Electronic Jihad
* Electronic Jihad' App Offers Cyber Terrorism for the Masses
* Cyber Jihad – Cyber Firesale
* http://internet-haganah.com/haganah/
Module 44: Internet Content Filtering Techniques
* Introduction to Internet Filter
* Key Features of Internet Filters
* Pros and Cons of Internet Filters
* Internet Content Filtering Tools
o iProtectYou
o Tool: Block Porn
o Tool: FilterGate
o Tool: Adblock
o Tool: AdSubtract
o Tool: GalaxySpy
o Tool: AdsGone Pop Up Killer
o Tool: AntiPopUp
o Tool: Pop Up Police
o Tool: Super Ad Blocker
o Tool: Anti-AD Guard
o Net Nanny
o CyberSieve
o BSafe Internet Filter
o Tool: Stop-the-Pop-Up Lite
o Tool: WebCleaner
o Tool: AdCleaner
o Tool: Adult Photo Blanker
o Tool: LiveMark Family
o Tool: KDT Site Blocker
o Internet Safety Guidelines for Children
Module 45: Privacy on the Internet
* Internet privacy
* Proxy privacy
* Spyware privacy
* Email privacy
* Cookies
* Examining Information in Cookies
* How Internet Cookies Work
* How Google Stores Personal Information
* Google Privacy Policy
* Web Browsers
* Web Bugs
* Downloading Freeware
* Internet Relay Chat
* Pros and Cons of Internet Relay Chat
* Electronic Commerce
* Internet Privacy Tools: Anonymizers
o Anonymizer Anonymous Surfing
o Anonymizer Total Net Shield
o Anonymizer Nyms
o Anonymizer Anti-Spyware
o Anonymizer Digital Shredder Lite
o Steganos Internet Anonym
o Invisible IP Map
o NetConceal Anonymity Shield
o Anonymous Guest
o ViewShield
o IP Hider
o Mask Surf Standard
o VIP Anonymity
o SmartHide
o Anonymity Gateway
o Hide My IP
o Claros Anonymity
o Max Internet Optimizer
o Hotspot Shield
o Anonymous Browsing Toolbar
o Invisible Browsing
o Real Time Cleaner
o Anonymous Web Surfing
o Anonymous Friend
o Easy Hide IP
* Internet Privacy Tools: Firewall Tools
o Agnitum firewall
o Firestarter
o Sunbelt Personal Firewall
o Netdefender
* Internet Privacy Tools: Others
o Privacy Eraser
o CookieCop
o Cookiepal
o Historykill
o Tracks eraser
* Best Practices
o Protecting Search Privacy
o Tips for Internet Privacy
* Counter measures
Module 46: Securing Laptop Computers
* Statistics for Stolen and Recovered Laptops
* Statistics on Security
* Percentage of Organizations Following the Security Measures
* Laptop threats
* Laptop Theft
* Fingerprint Reader
* Protecting Laptops Through Face Recognition
* Bluetooth in Laptops
* Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
* Securing from Physical Laptop Thefts
* Hardware Security for Laptops
* Protecting the Sensitive Data
* Preventing Laptop Communications from Wireless Threats
* Protecting the Stolen Laptops from Being Used
* Security Tips
Module 47: Spying Technologies
* Spying
* Motives of Spying
* Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
* Vendors Hosting Spy Devices
o Spy Gadgets
o Spy Tools Directory
o Amazon.com
o Spy Associates
o Paramountzone
o Surveillance Protection
* Spying Tools
o Net Spy Pro-Computer Network Monitoring and Protection
o SpyBoss Pro
o CyberSpy
o Spytech SpyAgent
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o O&K Work Spy
o WebCam Spy
o Golden Eye
* Anti-Spying Tools
o Internet Spy Filter
o Spybot - S&D
o SpyCop
o Spyware Terminator
o XoftSpySE
Module 48: Corporate Espionage- Hacking Using Insiders
* Introduction To Corporate Espionage
* Information Corporate Spies Seek
* Insider Threat
* Different Categories of Insider Threat
* Privileged Access
* Driving Force behind Insider Attack
* Common Attacks carried out by Insiders
* Techniques Used for Corporate Espionage
* Process of Hacking
* Former Forbes Employee Pleads Guilty
* Former Employees Abet Stealing Trade Secrets
* California Man Sentenced For Hacking
* Federal Employee Sentenced for Hacking
* Facts
* Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
* Tools
o NetVizor
o Privatefirewall w/Pest Patrol
* Countermeasures
o Best Practices against Insider Threat
o Countermeasures
Module 49: Creating Security Policies
* Security policies
* Key Elements of Security Policy
* Defining the Purpose and Goals of Security Policy
* Role of Security Policy
* Classification of Security Policy
* Design of Security Policy
* Contents of Security Policy
* Configurations of Security Policy
* Implementing Security Policies
* Types of Security Policies
o Promiscuous Policy
o Permissive Policy
o Prudent Policy
o Paranoid Policy
o Acceptable-Use Policy
o User-Account Policy
o Remote-Access Policy
o Information-Protection Policy
o Firewall-Management Policy
o Special-Access Policy
o Network-Connection Policy
o Business-Partner Policy
o Other Important Policies
* Policy Statements
* Basic Document Set of Information Security Policies
* E-mail Security Policy
o Best Practices for Creating E-mail Security Policies
o User Identification and Passwords Policy
* Software Security Policy
* Software License Policy
* Points to Remember While Writing a Security Policy
* Sample Policies
o Remote Access Policy
o Wireless Security Policy
o E-mail Security Policy
o E-mail and Internet Usage Policies
o Personal Computer Acceptable Use Policy
o Firewall Management policy
o Internet Acceptable Use Policy
o User Identification and Password Policy
o Software License Policy
Module 50: Software Piracy and Warez
* Software Activation: Introduction
o Process of Software Activation
* Piracy
o Piracy Over Internet
o Abusive Copies
o Pirated Copies
o Cracked Copies
o Impacts of piracy
o Software Piracy Rate in 2006
o Piracy Blocking
* Software Copy Protection Backgrounders
o CD Key Numbers
o Dongles
o Media Limited Installations
o Protected Media
o Hidden Serial Numbers
o Digital Right Management (DRM)
o Copy protection for DVD
* Warez
o Warez
o Types of Warez
o Warez Distribution
o Distribution Methods
* Tool: Crypkey
* Tool: EnTrial
* EnTrial Tool: Distribution File
* EnTrial Tool: Product & Package Initialization Dialog
* EnTrial Tool: Add Package GUI
* Tool: DF_ProtectionKit
* Tool: Crack Killer
* Tool: Logic Protect
* Tool: Software License Manager
* Tool: Quick License Manager
* Tool: WTM CD Protect
Module 51: Hacking and Cheating Online Games
* Online Games
* Basics of Game Hacking
* Online Gaming Exploits
* Types of Exploits
* Online Gaming Risks
* Threats in Online Gaming
* Online Gaming Theft
* How Passwords for Online Games are Stolen
* Social Engineering and Phishing
* An Example of a Phishing Email
* Exploiting Game Server Vulnerabilities
* Vulnerability in-game chat in Lineage 2
* Using Malware
* Malicious Programs and Malware
* Email-Worm.Win32.Lewor.a
* Part of a file infected by Virus.Win32.Alman.a
* Online Gaming Malware from 1997-2007
* How Modern Attacks are Conducted
* Geographical Considerations
* Statistics
* Best Practices for Secure Online Gaming
Module 52: Hacking RSS and Atom
* Introduction
* Areas Where RSS and Atom is Used
* Building a Feed Aggregator
* Routing Feeds to the Email Inbox
* Monitoring the Server with Feeds
* Tracking Changes in Open Source Projects
* Risks by Zone
o Remote Zone risk
o Local Zone Risk
* Reader Specific Risks
* Utilizing the Web Feeds Vulnerabilities
* Example for Attacker to Attack the Feeds
* Tools
o Perseptio FeedAgent
o RssFeedEater
o Thingamablog
o RSS Builder
o RSS Submit
o FeedDemon
o FeedForAll
o FeedExpress
o RSS and Atom Security
Module 53: Hacking Web Browsers
* Introduction
* How Web Browsers Work
* How Web Browsers Access HTML Documents
* Protocols for an URL
* Hacking Firefox
o Firefox Proof of Concept Information Leak Vulnerability
o Firefox Spoofing Vulnerability
o Password Vulnerability
o Concerns With Saving Form Or Login Data
o Cleaning Up Browsing History
o Cookies
o Internet History Viewer: Cookie Viewer
* Firefox Security
o Blocking Cookies Options
o Tools For Cleaning Unwanted Cookies
o Tool: CookieCuller
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Mozilla Firefox Security Features
* Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
* Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
* Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
* Security Features of Opera
o Security and Privacy Features
* Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion Remote Dos Vulnerability
* Securing Safari
o Getting started
o Preferences
o AutoFill
o Security Features
* Hacking Netscape
o Netscape Navigator Improperly Validates SSL Sessions
o Netscape Navigator Security Vulnerability
* Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
Module 54: Proxy Server Technologies
* Introduction: Proxy Server
* Working of Proxy Server
* Types of Proxy Server
* Socks Proxy
* Free Proxy Servers
* Use of Proxies for Attack
* Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
o Proxy Workbench
o ProxyManager Tool
o Super Proxy Helper Tool
o MultiProxy
* How Does MultiProxy Work
* TOR Proxy Chaining Software
* TOR Proxy Chaining Software
* AnalogX Proxy
* NetProxy
* Proxy+
* ProxySwitcher Lite
* Tool: JAP
* Proxomitron
* SSL Proxy Tool
* How to Run SSL Proxy
Module 55: Data Loss Prevention
* Introduction: Data Loss
* Causes of Data Loss
* How to Prevent Data Loss
* Impact Assessment for Data Loss Prevention
* Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
o Imperva: SecureSphere
o MailMarshal
o WebMarshal
o Marshal EndPoint
o Novell ZENworks Endpoint Security Management
o Prism EventTracker
o Proofpoint Messaging Security Gateway
o Proofpoint Platform Architecture
o Summary Dashboard
o End-user Safe/Block List
o Defiance Data Protection System
o Sentrigo: Hedgehog
o Symantec Database Security
o Varonis: DataPrivilege
o Verdasys: Digital Guardian
o VolumeShield AntiCopy
o Websense Content Protection Suite
Module 56: Hacking Global Positioning System (GPS)
* Global Positioning System (GPS)
* Terminologies
* GPS Devices Manufacturers
* Gpsd-GPS Service Daemon
* Sharing Waypoints
* Wardriving
* Areas of Concern
* Sources of GPS Signal Errors
* Methods to Mitigate Signal Loss
* GPS Secrets
o GPS Hidden Secrets
o Secret Startup Commands in Garmin
o Hard Reset/ Soft Reset
* Firmware Hacking
o Firmware
o Hacking GPS Firmware: Bypassing the Garmin eTrex Vista Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Legend Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Venture Startup Screen
* GPS Tools
o Tool: GPS NMEA LOG
o Tool: GPS Diagnostic
o Tool: RECSIM III
o Tool: G7toWin
o Tool: G7toCE
o Tool: GPS Security Guard
o GPS Security Guard Functions
o UberTracker
Module 57: Computer Forensics and Incident Handling
* Computer Forensics
o What is Computer Forensics
o Need for Computer Forensics
o Objectives of Computer Forensics
o Stages of Forensic Investigation in Tracking Cyber Criminals
o Key Steps in Forensic Investigations
o List of Computer Forensics Tools
* Incident Handling
o Present Networking Scenario
o What is an Incident
o Category of Incidents: Low Level
o Category of Incidents: Mid Level
o Category of Incidents: High Level
o How to Identify an Incident
o How to Prevent an Incident
o Defining the Relationship between Incident Response, Incident Handling, and Incident Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
+ Stage 1: Preparation
+ Stage 2: Identification
+ Stage 3: Containment
+ Stage 4: Eradication
+ Stage 5: Recovery
+ Stage 6: Follow-up
* Incident Management
* Why don’t Organizations Report Computer Crimes
* Estimating Cost of an Incident
* Whom to Report an Incident
* Incident Reporting
* Vulnerability Resources
* What is CSIRT
o CSIRT: Goals and Strategy
o Why an Organization needs an Incident Response Team
o CSIRT Case Classification
o Types of Incidents and Level of Support
o Incident Specific Procedures-I (Virus and Worm Incidents)
o Incident Specific Procedures-II (Hacker Incidents)
o Incident Specific Procedures-III (Social Incidents, Physical Incidents)
o How CSIRT Handles Case: Steps
o Example of CSIRT
o Best Practices for Creating a CSIRT
+ Step 1: Obtain Management Support and Buy-in
+ Step 2: Determine the CSIRT Development Strategic Plan
+ Step 3: Gather Relevant Information
+ Step 4: Design your CSIRT Vision
+ Step 5: Communicate the CSIRT Vision
+ Step 6: Begin CSIRT Implementation
+ Step 7: Announce the CSIRT
* World CERTs http://www.trusted-introducer.nl/teams/country.html
* http://www.first.org/about/organization/teams/
* IRTs Around the World
Module 58: Credit Card Frauds
* E-Crime
* Statistics
* Credit Card
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
* Credit Card Generators
o Credit Card Generator
o RockLegend’s !Credit Card Generator
* Credit Card Fraud Detection
o Credit Card Fraud Detection Technique: Pattern Detection
o Credit Card Fraud Detection Technique: Fraud Screening
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
* Best Practices: Ways to Protect Your Credit Cards
Module 59: How to Steal Passwords
* Password Stealing
* How to Steal Passwords
* Password Stealing Techniques
* Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
o Kesk
o MTM Recorded pwd Stealer
o Password Devil
* Password Stealing Tools
o Password Thief
o Remote Password Stealer
o POP3 Email Password Finder
o Instant Password Finder
o MessenPass
o PstPassword
o Remote Desktop PassView
o IE PassView
o Yahoo Messenger Password
* Recommendations for Improving Password Security
* Best Practices
Module 60: Firewall Technologies
* Firewalls: Introduction
* Hardware Firewalls
o Hardware Firewall
o Netgear Firewall
o Personal Firewall Hardware: Linksys
o Personal Firewall Hardware: Cisco’s PIX
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
o CISCO PIX 525 Firewall
o CISCO PIX 535 Firewall
o Check Point Firewall
o Nortel Switched Firewall
* Software Firewalls
o Software Firewall
* Windows Firewalls
o Norton Personal Firewall
o McAfee Personal Firewall
o Symantec Enterprise Firewall
o Kerio WinRoute Firewall
o Sunbelt Personal Firewall
o Xeon Firewall
o InJoy Firewall
o PC Tools Firewall Plus
o Comodo Personal Firewall
o ZoneAlarm
o Linux Firewalls
o KMyFirewall
o Firestarter
o Guarddog
o Firewall Builder
* Mac OS X Firewalls
o Flying Buttress
o DoorStop X Firewall
o Intego NetBarrier X5
o Little Snitch
Module 61: Threats and Countermeasures
Module 62: Case Studies
Module 63: Botnets
* What Is a Botnet?
* The Botnet Life Cycle
* Uses of Botnets
* How to Identify Whether Your Computer is a Botnet
* Common Botnets
o SDBot
o RBot
o Agobot
o Spybot
o Mytob
* Botnet Detection: Tools and Techniques
o Abuse E-mail
o Network Infrastructure: Tools and Techniques
o Intrusion Detection
o Darknets, Honeypots, and Other Snares
o Forensics Techniques and Tools for Botnet Detection
* Tool: Ourmon
o How Ourmon Works
* Anomaly Detection
o TCP Anomaly Detection by Ourmon
o UDP Anomaly Detection by Ourmon
o Detecting E-mail Anomalies using Ourmon
* IRC Protocol
o Ourmon’s RRDTOOL Statistics and IRC Reports
* Detecting an IRC Client Botnet
* Detecting an IRC Botnet Server
* Automated Packet Capture
* Ourmon Event Log
o DNS and C&C Technology
o Tricks for Searching the Ourmon Logs
* Sniffing IRC Messages
* Sandboxes
* CWSandbox
o Operations Revealed by CWSandbox
* Automated Analysis Suite (AAS)
* Responding to Botnets
Module 64: Economic Espionage
* Economic Espionage
* Who are Behind This?
* Motives
* Economic Intelligence
* Trade Secrets
* How Foreign Competitors Get the Information
* Methods of Acquiring Trade Secrets
* How Economic Espionage Increases
* Difference Between Industrial Espionage and Economic Espionage
* Competitive Intelligence
o Competitive Intelligence Is Not Corporate Espionage
* The Economic Espionage Act of 1996, 18 U.S.C. §§ 1831-1839
* Methods for Economic Espionage Protection
Module 65: Patch Management
* Hotfixes and Patches
* What is Patch Management
* Patch Testing
* Understanding Patch Monitoring and Management
* Types of Patches Defined by Microsoft
* Opsware Server Automation System (SAS)
o Tool: UpdateExpert
o Tool: Qfecheck
o Tool: HFNetChk
o cacls.exe Utility
o Tool: Shavlik NetChk Protect
o Tool: Kaseya Patch Management
o Tool: IBM Tivoli Configuration Manager
o Tool: LANDesk Patch Manager
o Tool: ConfigureSoft Enterprise Configuration Manager (ECM)
o Tool: BladeLogic Configuration Manager
o Tool: Microsoft Baseline Security Analyzer (MBSA)
+ MBSA: Scanning Updates in GUI Mode
+ MBSA: Scanning Updates in Command-line Version
o Tool: QChain
o Tool: BigFix Enterprise Suite (BFS)
o Tool: Shavlik NetChk Protect
o Tool: PatchLink Update
o Tool: SecureCentral PatchQuest
o Tool: Patch Authority Ultimate
o Tool: ZENworks Patch Management
o Tool: Ecora Patch Manager
o Tool: Service Pack Manager
o Tool: Altiris Patch Management Solution
o Tool: BMC Patch Manager
o Tool: Hotfix Reporter
o Tool: Numara Patch Manager
o Tool: TrueUpdate
o Tool: FlashUpdate
o Tool: Microsoft Software Update Services (SUS)
o Tool: Prism Patch Manager
o Tool: Patch-Magic
* Patch Management Checklist
* Best Practices for Patch Management
Module 66: Security Convergence
* Security Convergence
* Challenges Confronting an Effective Security Convergence Policy
* Benefits of Using Risk Management in Planning IT Security Administration
* RAMCAP
* Open Security Exchange (OSE)
* CISO (Chief Information Security Officer)
* Elements of Building Secure Operations
* Enterprise Security Management (ESM)
o ESM Deployment Strategies
* Convergence of Network Operations and Security Operations
* Log Collection
* Log Normalization
* Log Severity
* Log Time Correction
* Log Categorization
* Event Storage
* Discovering and Interacting with Patterns
o Discovering and Interacting with Patterns: Data Sources
* Intelligent Platform Management Interface (IPMI) Standard
Appendix
* Trojan: Phatbot
* Trojan: Amitis
* Trojan: Senna Spy
* Trojan: QAZ
* Trojan: Back Orifice
* Trojan: Back Oriffice 2000
* Back Oriffice Plug-ins
* Trojan: SubSeven
* Trojan: CyberSpy Telnet Trojan
* Trojan: Subroot Telnet Trojan
* Trojan: Let Me Rule! 2.0 BETA 9
* Trojan: Donald Dick
* Trojan: RECUB
from ec-council site
jai mAta di
