Module 1 - Penetration Testing 101
Penetration Testing 101
To Know more about Penetration Testing, Attend EC-Council's LPT Program
Introduction to PT
Categories of Security Assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Penetration Testing
Types of Penetration Testing
Risk Management
Do-it-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing Points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Testing Network-Filtering Devices
Enumerating Devices
Denial of Service Emulation
Penetration Testing Tools
Evaluating Different Types of Pentest Tools
Asset Audit
Fault Trees and Attack Trees
GAP Analysis
Threats
Threat
Business Impact of Threat
Internal Metrics Threat
External Metrics Threat
Calculating Relative Criticality
Test Dependencies
Other Tools Useful in Pen-Test
Phases of Penetration Testing
Pre-Attack Phase
Best Practices
Results that can be Expected
Passive Reconnaissance
Active Reconnaissance
Attack Phase
Activity: Perimeter Testing
Activity: Web Application Testing - I
Activity: Web Application Testing - II
Activity: Web Application Testing - III
Activity: Wireless Testing
Activity: Acquiring Target
Activity: Escalating Privileges
Activity: Execute, Implant, and Retract
Post-Attack Phase and Activities
Penetration Testing Deliverables Templates
Module 1 Review
Module 2 - Introduction to Ethical Hacking
Introduction to Ethical Hacking
Module Objective
Module Flow
Problem Definition - Why Security?
Essential Terminologies
Elements of Security
The Security, Functionality, and Ease of Use Triangle
Case Study
What Does a Malicious Hacker Do
Effect on Business
Phase 1 - Reconnaissance
Reconnaissance Types
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
Types of Hacker Attacks
1. Operating System Attacks
Security News: Default Installation
2. Application Level Attacks
3. Shrink Wrap Code Attacks
4. Misconfiguration Attacks
Remember This Rule!
Hacktivism
Hacker Classes
Ethical Hacker Classes
What Do Ethical Hackers Do
Can Hacking be Ethical
How to Become an Ethical Hacker
Skill Profile of an Ethical Hacker
What is Vulnerability Research
Why Hackers Need Vulnerability Research
Vulnerability Research Tools
How to Conduct Ethical Hacking
How Do They Go About It
Approaches to Ethical Hacking
Ethical Hacking Testing
Ethical Hacking Deliverables
Computer Crimes and Implications
What Happened Next
Module 2 Review
Module 3 - Footprinting
Footprinting
Module Objective
Module Flow
Revisiting Reconnaissance
Defining Footprinting
Why is Footprinting Necessary
Areas and Information which Attackers Seek
Information Gathering
Information Gathering Methodology
Unearthing Initial Information
Finding a Company's URL
Internal URL
Extracting Archive of a Website
Google Search for Company's Info.
People Search
Satellite Picture of a Residence
Footprinting Through Job Sites
Passive Information Gathering
Competitive Intelligence Gathering
Why Do You Need Competitive Intelligence
Competitive Intelligence Resource
Competitive Intelligence Tool: Web Investigator
Reputica Dashboard
MyReputation
Public and Private Websites
Footprinting Tools
Whois Tools
DNS Information Extraction Tools
Tool: DNS Enumerator
Locating Network Range
Arin
Traceroute
Trace Route Analysis
Tool: Maltego
Layer Four Traceroute
E-mail Spiders
Tool: 1st E-mail Address Spider
Locating Network Activity
Tool: GEOSpider
Tool: Geowhere
Search Engines
Kartoo Search Engine
Dogpile (Meta Search Engine)
robots.txt
How to Fake Websites
Faking Websites using Man-in-the-Middle Phishing Kit
Steps to Perform Footprinting
What Happened Next
Module 3 Review
Module 4 - Google Hacking
Google Hacking
Module Flow
What is Google Hacking
What a Hacker Can do With Vulnerable Site
Anonymity with Caches
Using Google as a Proxy Server
Directory Listings
Locating Directory Listings
Server Versioning
Going Out on a Limb: Traversal Techniques
Directory Traversal
Incremental Substitution
Extension Walking
Google Advanced Operators
Pre-Assessment
intranet | help.desk
Locating Exploits and Finding Targets
Locating Public Exploit Sites
Locating Vulnerable Targets
"Powered by" Tags Are Common Query Fodder for Finding Web Applications
Vulnerable Web Application Examples
Locating Targets via CGI Scanning
Web Server Software Error Messages
Google Hacking Tools
Google Hacking Database (GHDB)
SiteDigger Tool
Gooscan
Goolink Scanner
Google Hack Honeypot
Module 4 Review
Module 5 - Scanning
Scanning
Module Objective
Scanning - Definition
Types of Scanning
Objectives of Scanning
CEH Scanning Methodology
Checking for Live Systems
Checking for Live Systems - ICMP Scanning
Firewalk Tool
Checking for Open Ports
Three Way Handshake
TCP Communication Flags
Nmap
Nmap: Scan Methods
NMAP Output Format
HPING2
ICMP Echo Scanning/List Scan
TCP Connect / Full Open Scan
SYN/FIN Scanning Using IP Fragments
UDP Scanning
IPSecScan
FloppyScan
ike-scan
LANView
Colasoft MAC Scanner
War Dialer Technique
Why War Dialing?
War Dialing Countermeasures SandTrap Tool
Banner Grabbing
OS Fingerprinting
Active Stack Fingerprinting
Passive Fingerprinting
Active Banner Grabbing Using Telnet
Tools for Active Stack Fingerprinting
Disabling or Changing Banner
IIS Lockdown Tool
Vulnerability Scanning
Qualys Web-based Scanner
SAINT
Nessus
Draw Network Diagrams of Vulnerable Hosts
FriendlyPinger
LANsurveyor
Preparing Proxies
Proxy Servers
Use of Proxies for Attack
SocksChain
How Does MultiProxy Work
TOR Proxy Chaining Software
Anonymizers
Surfing Anonymously
Psiphon
Bloggers Write Text Backwards to Bypass Web Filters in China
Google Cookies
Spoofing IP Address
Detecting IP Spoofing
Despoof Tool
Scanning Countermeasures
What Happened Next?
Scanning Review
Module 5 Review
Module 6 - Enumeration
Enumeration
Module Flow
Overview of System Hacking Cycle
What is Enumeration
Techniques for Enumeration
Netbios Null Sessions
So What's the Big Deal
Tool: DumpSec
NetBIOS Enumeration Using Netview
Null Session Countermeasures
PS Tools
SNMP Enumeration
Management Information Base
SNMPutil Example
Tool: Solarwinds
UNIX Enumeration
SNMP UNIX Enumeration
SNMP Enumeration Countermeasures
LDAP Enumeration
Jxplorer
NTP Enumeration
SMTP Enumeration
Web Enumeration
Asnumber
Lynx
Windows Active Directory Attack Tool
How To Enumerate Web Application Directories in IIS Using Directory Services
Enumerate Systems Using Default Passwords
Terminal Service Agent
Tool: TXDNS
What Happened Next
Enumeration Review
Module 6 Review
Module 7 - System Hacking
System Hacking
Module Flow
CEH Hacking Cycle 01
Password Types
Types of Password Attacks
Passive Online Attack: Wire Sniffing
Passive Online Attack: Man-in-the-Middle and Replay Attacks
Active Online Attack: Password Guessing
Offline Attacks
Offline Attack: Brute-force Attack
Offline Attack: Pre-Computed Hashes
Syllable Attack/Rule-based Attack/Hybrid Attack
Distributed Network Attack
Non-Technical Attacks
PDF Password Cracker
Password Mitigation
Permanent Account Lockout - Employee Privilege Abuse
Administrator Password Guessing
Manual Password Cracking Algorithm
Automatic Password Cracking Algorithm
Microsoft Authentication
LM, NTLMv1, and NTLMv2
NTLM and LM Authentication on the Wire
Kerberos Authentication
What is LAN Manager Hash
Salting
Password Cracking Countermeasures
Do Not Store LAN Manager Hash in SAM Database
LM Hash Backward Compatibility
Escalating Privileges
Privilege Escalation
Executing Applications
Actual Spy
Wiretap Professional
Keylogger Countermeasures
Anti-Keylogger
Hiding Files 01
CEH Hacking Cycle 02
Hiding Files 02
Rootkits
Why Rootkits
Rootkits in Linux
Detecting Rootkits
Steps for Detecting Rootkits
Sony Rootkit Case Study
Rootkit Countermeasures
Creating Alternate Data Streams
NTFS Streams Countermeasures
Hacking Tool: USB Dumper
Steganography
Least Significant Bit Insertion in Image Files
Steganography Tools
Steganography Detection
Steganalysis
Steganalysis Methods/Attacks on Steganography
Steganalysis Tools
Stegdetect
Covering Tracks
Disabling Auditing
Clearing the Event Log
What Happened Next
Module 7 Review
Module 8 - Trojans and Backdoors
Trojans and Backdoors
Introduction
What is a Trojan
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Do Trojan Creators Look For
Different Ways a Trojan Can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
How to Determine which Ports are "Listening"
Wrappers
RemoteByMail
HTTP Trojans
ICMP Tunneling
Trojan: Netcat
Hacking Tools
Trojan Detecting Tools
How to Detect Trojans
Delete Suspicious Device Drivers
Check for Running Processes: What's on My Computer
Super System Helper Tool
Tool: MSConfig
Anti-Trojan Software
TrojanHunter
Backdoor Countermeasures
Tool: Tripwire
System File Verification
How to Avoid a Trojan Infection
What happened next
Module 8 Review
Module 9 - Viruses and Worms
Viruses and Worms
Introduction to Virus
Virus History
Characteristics of a Virus
Working of Virus
Why People Create Computer Viruses
Symptoms of Virus-Like Attack
Virus Hoaxes
Worms
How is a Worm different from a Virus
Indications of a Virus Attack
Hardware Threats
Software Threats
Stages of Virus Life
Types of Viruses
Virus Classification
How does a Virus Infect
Storage Patterns of a Virus
System Sector Viruses
Stealth Virus
Bootable CD-ROM Virus
Self-Modification
Encryption with a Variable Key
Polymorphic Code
Metamorphic Virus
Cavity Virus
Sparse Infector Virus
Companion Virus
File Extension Virus
Famous Viruses and Worms
Famous Viruses/Worms: I Love You Virus
Zombies and DoS
Spread of Slammer Worm - 30 min
Latest Viruses
Disk Killer
Writing Virus Programs
Writing a Simple Virus Program
Virus Construction Kits
Examples of Virus Construction Kits
Virus Detection Methods
Virus Incident Response
What is Sheep Dip
Virus Analysis - IDA Pro Tool
Prevention is Better than Cure
Anti-Virus Software
Module 9 Review
Module 10 - Sniffers
Sniffers
Definition: Sniffing
Protocols Vulnerable to Sniffing
Types of Sniffing
Passive Sniffing
Active Sniffing
What is Address Resolution Protocol (ARP)
Tool: Network View - Scans the Network for Devices
Wiretap
RF Transmitter Wiretaps
Infinity Transmitter
Slave Parallel Wiretaps
Switched Port Analyzer (SPAN)
Lawful Intercept
Benefits of Lawful Intercept
Network Components Used for Lawful Intercept
ARP Spoofing Attack
How Does ARP Spoofing Work
Mac Duplicating
Mac Duplicating Attack
ARP Spoofing Tools
MAC Flooding Tools
Threats of ARP Poisoning
IP-based Sniffing
Linux Sniffing Tools
DNS Poisoning Techniques
1. Intranet DNS Spoofing (Local Network)
2. Internet DNS Spoofing (Remote Network)
3. Proxy Server DNS Poisoning
4. DNS Cache Poisoning
Interactive TCP Relay
Raw Sniffing Tools
Features of Raw Sniffing Tools
Detecting Sniffing
How to Detect Sniffing
Countermeasures
Module 10 Review
Module 11 - Social Engineering
Social Engineering
There is No Patch to Human Stupidity
What is Social Engineering
Human Weakness
"Rebecca" and "Jessica"
Office Workers
Types of Social Engineering
Human-Based Social Engineering
Human-Based Social Engineering: Eavesdropping
Human-Based Social Engineering: Shoulder Surfing
Human-Based Social Engineering: Dumpster Diving
Dumpster Diving Example
Human-Based Social Engineering (cont'd)
Movies to Watch for Reverse Engineering Examples: The Italian Job and Catch Me If You Can
Computer-Based Social Engineering
Insider Attack
Disgruntled Employee
Preventing Insider Threat
Common Targets of Social Engineering
Social Engineering Threats and Defenses
Online Threats
Telephone-Based Threats
Personal Approaches
Defenses Against Social Engineering Threats
Factors that make Companies Vulnerable to Attacks
Why is Social Engineering Effective
Warning Signs of an Attack
Tool: Netcraft Anti-Phishing Toolbar
Phases in a Social Engineering Attack
Behavoirs Vulnerable to Attacks
Impact on the Organization
Countermeasures
Policies and Procedures
Impersonating on Facebook
Identity Theft
Module 11 Review
Module 12 - Phishing
Phishing
Introduction
Reasons for Successful Phishing
Phishing Methods
Process of Phishing
Types of Phishing Attacks
Man-in-the-Middle Attacks
URL Obfuscation Attacks
Cross-site Scripting Attacks
Hidden Attacks
Client-side Vulnerabilities
Deceptive Phishing
Malware-Based Phishing
DNS-Based Phishing
Content-Injection Phishing
Search Engine Phishing
Anti-Phishing
Module 12 Review
Module 13 - Hacking Email Accounts
Hacking Email Accounts
Introduction
Ways for Getting Email Account Information
Stealing Cookies
Social Engineering
Password Phishing
Fraudulent e-mail Messages
Vulnerabilities
Vulnerabilities: Web Email
Email Hacking Tools
Securing Email Accounts
Creating Strong Passwords
Sign-in Seal
Alternate Email Address
Keep Me Signed In/Remember Me
Module 13 Review
Module 14 - Denial of Service
Denial of Service
Terminologies
Goal of DoS
Impact and the Modes of Attack
Types of Attacks
DoS Attack Classification
Smurf Attack
Buffer Overflow Attack
Ping of Death Attack
Teardrop Attack
SYN Attack
SYN Flooding
DoS Attack Tools
Bot (Derived from the Word RoBOT)
Botnets
Uses of Botnets
Types of Bots
How Do They Infect? Analysis Of Agabot
DDOS Unstoppable
DDoS Attack Taxonomy
Reflective DNS Attacks
DDoS Tools
How to Conduct a DDoS Attack
Reflection of the Exploit
Countermeasures for Reflected DoS
Taxonomy of DDoS Countermeasures
Preventing Secondary Victims
Detect and Neutralize Handlers
Mitigate or Stop the Effects of DDoS Attacks
Post-attack Forensics
Module 14 Review
Module 15 - Session Hijacking
Session Hijacking
What is Session Hijacking
Understanding Session Hijacking
Spoofing vs. Hijacking
Steps in Session Hijacking
Types of Session Hijacking
Session Hijacking Levels
Network Level Hijacking
The 3-Way Handshake
Sequence Numbers
Sequence Number Prediction
TCP/IP Hijacking
IP Spoofing: Source Routed Packets
RST Hijacking
Blind Hijacking
Man in the Middle: Packet Sniffer
UDP Hijacking
Application Level Hijacking
Session Hijacking Tools
Programs that Perform Session Hijacking
Dangers Posed by Hijacking
Countermeasures
Protecting against Session Hijacking
Countermeasure: IP Security
What Happened Next
Module 15 Review
Module 16 - Hacking Web Servers
Hacking Web Servers
How are Web Servers Compromised
Web Server Defacement
How are Web Servers Defaced
Attacks Against IIS
IIS 7 Components
IIS Directory Traversal (Unicode) Attack
ServerMask ip100
Unicode
Core Impact Professional 101
Core Impact Professional
Networking Attack Vector
Client Side Application Testing
Web Application Testing
Core Impact Professional 101 Review
Patch Management
Hotfixes and Patches
What is Patch Management
Vulnerability Scanners
Countermeasures
File System Traversal Countermeasures
Increasing Web Server Security
Module 16 Review
Module 17 - Web Application Vulnerabilities
Web Application Vulnerabilities
Web Application Setup
Web Application Hacking
Anatomy of an Attack
Web Application Threats
Cross-Site Scripting/XSS Flaws
Countermeasures 01
SQL Injection
Command Injection Flaws
Countermeasures 02
Cookie/Session Poisoning
Countermeasures 03
Parameter/Form Tampering
Buffer Overflow
Countermeasures 04
Directory Traversal/Forceful Browsing
Countermeasures 05
Cryptographic Interception
Cookie Snooping
Authentication Hijacking
Countermeasures 06
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks
Countermeasures 07
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
Module 17 Review
Module 18 - Web-Based Password Cracking Techniques
Web-Based Password Cracking Techniques
Authentication
Authentication - Definition
Authentication Mechanisms
HTTP Authentication
Basic Authentication
Digest Authentication
Integrated Windows (NTLM) Authentication
Negotiate Authentication
Certificate-based Authentication
Forms-based Authentication
RSA SecurID Token
Biometrics Authentication
Types of Biometrics Authentication
Fingerprint-based Identification
Hand Geometry-based Identification
Retina Scanning
Afghan Woman Recognized After 17 Years
Face Recognition
Face Code: WebCam Based Biometrics Authentication System
Password Cracking
How to Select a Good Password
Things to Avoid in Passwords
Changing Your Password
Windows XP: Remove Saved Passwords
What is a Password Cracker
Modus Operandi of an Attacker Using Password Cracker
How does a Password Cracker Work
Attacks - Classification
Password Guessing
Query String
Cookies
Dictionary Maker
Password Cracking Tools
Security Tools
Password Administrator
Countermeasures
Module 18 Review
Module 19 - SQL Injection
SQL Injection
What is SQL Injection
Exploiting Web Applications
SQL Injection Steps
What Should You Look For
What If It Doesn't Take Input
OLE DB Errors
SQL Injection Techniques
How to Test for SQL Injection Vulnerability
How Does it Work
BadLogin.aspx.cs
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
SQL Injection in Oracle
SQL Injection in MySql Database
Attack Against SQL Servers
SQL Server Resolution Service (SSRS)
Osql L-Probing
SQL Injection Tools
SQL Injection Automated Tools
Blind SQL Injection
Blind SQL Injection: Countermeasures
SQL Injection Countermeasures
Preventing SQL Injection Attacks
Module 19 Review
Module 20 - Hacking Wireless Networks
Hacking Wireless Networks
Introduction to Wireless Networking
Wired Network vs. Wireless Network
Effects of Wireless Attacks on Business
Types of Wireless Network
Advantages and Disadvantages of a Wireless Network
Wireless Standards
Wireless Standard: 802.11a
Wireless Standard: 802.11b - "WiFi"
Wireless Standard: 802.11g
Wireless Standard: 802.11i
Wireless Standard: 802.11n
Related Technology and Carrier Networks
Antennas
Cantenna
Wireless Access Points
SSID
Beacon Frames
Is the SSID a Secret
Setting up a WLAN
Authentication and Association
Authentication Modes
The 802.1X Authentication Process
Wired Equivalent Privacy (WEP)
WEP Issues
What is WPA
WPA
WPA Vulnerabilities
WEP, WPA, and WPA2
WPA2 Wi-Fi Protected Access 2
Attacks and Hacking Tools
Terminologies
Authentication and (Dis)Association Attacks
WEP Attack
Cracking WEP
Weak Keys (a.k.a. Weak IVs)
Problems with WEP's Key Stream and Reuse
Automated WEP Crackers
Attacking WPA Encrypted Networks
Evil Twin: Attack
Rogue Access Points
Cloaked Access Point
Temporal Key Integrity Protocol (TKIP)
Phone Jammers
Phone Jammer: Mobile Blocker
2.4Ghz Wi-Fi & Wireless Camera Jammer
3 Watt Digital Cell Phone Jammer
3 Watt Quad Band Digital Cellular Mobile Phone Jammer
Detecting a Wireless Network
Scanning Tools
Sniffing Tools
Hacking Wireless Networks 02
Step 1: Find Networks to Attack
Step 2: Choose the Networks to Attack
Step 3: Analyzing the Network
Step 4: Cracking the WEP Key
Step 5: Sniffing the Network
Wireless Security
Radius: Used as Additional Layer in Security
Securing Wireless Networks
WLAN Security: Passphrase
Don'ts in Wireless Security
Wireless Security Tools
Google Secure Access
Module 20 Review
Module 21 - Physical Security
Physical Security
Security Facts
Understanding Physical Security
Physical Security 02
What Is the Need for Physical Security
Who Is Accountable for Physical Security
Factors Affecting Physical Security
Physical Security Checklist 01
Physical Security Checklist: Company Surroundings
Gates
Security Guards
Physical Security Checklist: Premises
CCTV Cameras
Physical Security Checklist: Reception
Physical Security Checklist: Server
Physical Security Checklist: Workstation Area
Physical Security Checklist: Wireless Access Points
Physical Security Checklist: Other Equipment
Physical Security Checklist: Access Control
Physical Security Checklist: Biometric Devices
Biometric Identification Techniques
Authentication Mechanisms
Authentication Mechanisms Challenges: Biometrics
Faking Fingerprints
Physical Security Checklist 02
Smart Cards
Security Token
Computer Equipment Maintenance
Wiretapping
Remote Access
Locks
Lock Picking
Lock Picking Tools
Information Security
EPS (Electronic Physical Security)
Wireless Security
Laptop Theft Statistics for 2007
Statistics for Stolen and Recovered Laptops
Laptop Theft
Laptop Security Tools
Laptop Tracker - Xtool Computer Tracker
Laptop Security Countermeasures
Mantrap
TEMPEST
Challenges in Ensuring Physical Security
Spyware Technologies
Physical Security: Lock Down USB Ports
Module 21 Review
Module 22 - Linux Hacking
Linux Hacking
Why Linux
Linux - Basics
Linux Live CD-ROMs
Basic Commands of Linux: Files & Directories
Linux Networking Commands
Directories in Linux
Installing, Configuring, and Compiling Linux Kernel
How to Install a Kernel Patch
Compiling Programs in Linux
Make Files
Make Install Command
Linux Vulnerabilities
Chrooting
Why is Linux Hacked
How to Apply Patches to Vulnerable Programs
Port Scan Detection Tools
Password Cracking in Linux: Xcrack
Firewall in Linux: IPTables
Basic Linux Operating System Defense
Linux Loadable Kernel Modules
Hacking Tool: Linux Rootkits
Rootkit: Countermeasures
Linux Tools: Application Security
Advanced Intrusion Detection Environment (AIDE)
Linux Tools: Encryption
Steps for Hardening Linux
Module 22 Review
Module 23 - Evading IDS, Firewalls and Honeypots
Evading IDS, Firewalls and Honeypots
Introduction to Intrusion Detection Systems
Terminologies
Intrusion Detection System
Intrusion Detection System (IDS)
IDS Placement
Ways to Detect an Intrusion
Types of Intrusion Detection Systems
System Integrity Verifiers (SIV)
Tripwire (www.tripwire.com)
Cisco Security Agent (CSA)
True/False, Positive/Negative
Signature Analysis
General Indications of Intrusion System Indications
General Indications of Intrusion File System Indications
General Indications of Intrusion Network Indications
Intrusion Detection Tools
Snort
Running Snort on Windows 2003
Snort Rules
SnortSam
Steps to Perform After an IDS Detects an Attack
Evading IDS Systems
Ways to Evade IDS
Tools to Evade IDS
Firewall
What is a Firewall
What does a Firewall do
Packet Filtering
What can't a Firewall do
How does a Firewall Work
Hardware Firewall
Types of Firewalls
Packet Filtering Firewall
Circuit-Level Gateway
Application-Level Firewall
Stateful Multilayer Inspection Firewall
Firewall Identification
Firewalking
Banner Grabbing
Breaching Firewalls
Placing Backdoors Through Firewalls
Honeypot
What is a Honeypot
The Honeynet Project
Types of Honeypots
Advantages and Disadvantages of a Honeypot
Where to Place a Honeypot
Physical and Virtual Honeypots
Tools to Detect Honeypots
What to do When Hacked
Module 23 Review
Module 24 - Buffer Overflows
Buffer Overflows
Why are Programs/Applications Vulnerable
Buffer Overflows 02
Reasons for Buffer Overflow Attacks
Knowledge Required to Program Buffer Overflow Exploits
Understanding Stacks
Understanding Heaps
Types of Buffer Overflows: Stack-Based Buffer Overflow
Stack Based Buffer Overflows
Types of Buffer Overflows: Heap-Based Buffer Overflow
Heap-Based Buffer Overflow
Understanding Assembly Language
Shellcode
How to Detect Buffer Overflows in a Program
Attacking a Real Program
NOPS
How to Mutate a Buffer Overflow Exploit
Once the Stack is Smashed
Defense Against Buffer Overflows
Tool to Defend Buffer Overflow: Return Address Defender (RAD)
Tool to Defend Buffer Overflow: StackGuard
Valgrind
Insure++
Module 24 Review
Module 25 - Cryptography
Cryptography
Cryptography 02
Classical Cryptographic Techniques
Encryption
Decryption
Cryptographic Algorithms
RSA (Rivest Shamir Adleman)
RSA Attacks
RSA Challenge
Data Encryption Standard (DES)
DES Overview
RC4, RC5, RC6, Blowfish
RC5
Message Digest Functions
One-way Bash Functions
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
What is SSH
Algorithms and Security
Disk Encryption
Government Access to Keys (GAK)
Digital Signature
Components of a Digital Signature
Method of Digital Signature Technology
Digital Signature Applications
Digital Signature Standard
Digital Signature Algorithms: ECDSA, ElGamal Signature Scheme
Challenges and Opportunities
Digital Certificates
Encryption Engine
Code Breaking: Methodologies
Cryptanalysis
Cryptography Attacks
Brute-Force Attack
Module 25 Review
Course Closure
This self-paced multimedia Ethical Hacking class is in partnership with Mile2. Mile2 is largely responsible for the early adoption and success of Certified Penetration Testing & Ethical Hacker courses
within the USA and several other countries. Mile2 is the world's largest provider of Penetration Testing training and initially chose the basic Ethical Hacker course as our flagship for Penetration Testing training events. Mile2 has delivered more Penetration Testing & Ethical Hacker classes within the USA than any other training provider and possibly globally.
There is no better way to "make real" the threats out there than to practice them in a lab setting. The chain of
events that can turn a very small 'chink in the armor' into 'complete site compromise' sounds obscure until you see it done for yourself.
Certified Ethical Hacking training delivers the core skill sets for every security professional seeking to test, prevent, and protect their corporate network.
This
