cehv8 outline

8/13/2019 CEHv8 Outline

1/51

Ethical Hacking and Countermeasures Exam 312-50 Certified Ethical Hacker

Course Outline

Page | 1 Ethical Hacking and Countermeasures Copyright by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking and Countermeasures

Course Outline

(Version 8)

Module 01: Introduction to Ethical Hacking

Information Security Overviewo Internet Crime Current Report: IC3o Data Breach Investigations Reporto Essential Terminologyo Elements of Information Securityo The Security, Functionality, and Usability Triangle

Information Security Threats and Attack Vectorso Top Information Security Attack Vectorso Motives, Goals, and Objectives of Information Security Attackso Information Security Threatso Information Warfareo IPv6 Security Threats

Hacking Conceptso Hacking vs. Ethical Hackingo Effects of Hacking on Businesso Who Is a Hacker?o Hacker Classeso Hacktivism

Hacking Phases


2/51


Course Outline



Types of Attackso Types of Attacks on a Systemo Operating System Attackso Misconfiguration Attackso Application-Level Attackso Examples of Application-Level Attackso Shrink Wrap Code Attacks

Information Security Controlso Why Ethical Hacking is Necessaryo Scope and Limitations of Ethical Hackingo Skills of an Ethical Hackero Defense in Deptho Incident Management Processo Information Security Policieso Classification of Security Policieso Structure and Contents of Security Policieso Types of Security Policieso Steps to Create and Implement Security Policieso Examples of Security Policieso Vulnerability Researcho Vulnerability Research Websiteso What Is Penetration Testing?o Why Penetration Testingo Penetration Testing Methodology

Module 02: Footprinting and Reconnaissance

Footprinting Conceptso Footprinting Terminologyo What is Footprinting?o Why Footprinting?o Objectives of Footprinting


3/51


Course Outline



Footprinting Threatso Footprinting Threats

Footprinting Methodologyo Footprinting through Search Engines

Finding Companys External and Internal URLs Public and Restricted Websites Collect Location Information People Search People Search Online Services People Search on Social Networking Services Gather Information from Financial Services Footprinting through Job Sites Monitoring Target Using Alerts

o Website Footprinting Mirroring Entire Website Website Mirroring Tools Extract Website Information from http://www.archive.org Monitoring Web Updates Using Website Watcher

o Email Footprinting Tracking Email Communications Collecting Information from Email Header Email Tracking Tools

o Competitive Intelligence Competitive Intelligence Gathering Competitive Intelligence - When Did this Company Begin? How did it develop?

Competitive Intelligence - What Are the Company's Plans? Competitive Intelligence - What Expert Opinions Say About the Company

o Footprinting using Google Footprint Using Google Hacking Techniques What a Hacker can do with Google Hacking? Google Advance Search Operators


4/51


Course Outline



Finding Resources Using Google Advance Operator Google Hacking Tool: Google Hacking Database (GHDB) Google Hacking Tools

o WHOIS Footprinting WHOIS Lookup WHOIS Lookup Result Analysis WHOIS Lookup Tool: SmartWhois WHOIS Lookup Tools WHOIS Lookup Online Tools

o DNS Footprinting Extracting DNS Information DNS Interrogation Tools

o Network Footprinting Locate the Network Range Determine the Operating System Traceroute Traceroute Analysis Traceroute Tools

o Footprinting through Social Engineering Footprinting through Social Engineering Collect Information Using Eavesdropping, Shoulder Surfing, and Dumpster Diving

o Footprinting through Collect Information through Social Engineering on Social Networking Sites Information Available on Social Networking Sites Collecting Facebook Information Collecting Twitter Information Collecting Linkedin Information Collecting Youtube Information Tracking Users on Social Networking Sites

Footprinting Tools


5/51


Course Outline



o Footprinting Tool: Maltegoo Footprinting Tool: Domain Name Analyzer Proo Footprinting Tool: Web Data Extractoro Additional Footprinting Tools

Footprinting Countermeasures Footprinting Penetration Testing

o Footprinting Pen Testingo Footprinting Pen Testing Report Templates

Module 03: Scanning Networks

Overview of Network Scanning CEH Scanning Methodology

o Check for Live Systems Checking for Live Systems - ICMP Scanning Ping Sweep Ping Sweep Toolso Check for Open Ports Three-Way Handshake

TCP Communication Flags Create Custom Packet Using TCP Flags Create Custom Packet Using TCP Flags Scanning IPv6 Network Scanning Tool: Nmap Hping2 / Hping3 Hping Commands Scanning Techniques TCP Connect / Full Open Scan Stealth Scan (Half-open Scan) Stealth Scan (Half-open Scan) Xmas Scan FIN Scan


6/51


Course Outline



NULL Scan IDLE Scan IDLE Scan: Step 1 IDLE Scan: Step 2 and 3 ICMP Echo Scanning/List Scan UDP Scanning Inverse TCP Flag Scanning ACK Flag Scanning Scanning Tool: NetScan Tools Pro Scanning Tools Do Not Scan These IP Addresses (Unless you want to get into trouble) Port Scanning Countermeasures

o Scanning Beyond IDS IDS Evasion Techniques SYN/FIN Scanning Using IP Fragments

o Banner Grabbing Banner Grabbing Tools Banner Grabbing Countermeasures: Disabling or Changing Banner Hiding File Extensions from Web Pages

o Scan for Vulnerability Vulnerability Scanning Vulnerability Scanning Tool: Nessus Vulnerability Scanning Tool: GAFI LanGuard Vulnerability Scanning Tool: SAINT Network Vulnerability Scanners

o Draw Network Diagrams Drawing Network Diagrams Network Discovery Tool: LANsurveyor Network Discovery Tool: OpManager Network Discovery Tool: NetworkView


7/51


Course Outline



Network Discovery Tool: The Dude Network Discovery and Mapping Tools

o Prepare Proxies Proxy Servers Why Attackers Use Proxy Servers? Use of Proxies for Attack Proxy Chaining Proxy Tool: Proxy Workbench Proxy Tool: Proxifier Proxy Tool: Proxy Switcher Proxy Tool: SocksChain Proxy Tool: TOR (The Onion Routing) Proxy Tools Free Proxy Servers HTTP Tunneling Techniques Why do I Need HTTP Tunneling HTTP Tunneling Tool: Super

Network Tunnel

HTTP Tunneling Tool: HTTP-Tunnel SSH Tunneling SSH Tunneling Tool: Bitvise Anonymizers Case: Bloggers Write Text Backwards to Bypass Web Filters in China Censorship Circumvention Tool: Psiphon Censorship Circumvention Tool: Your-Freedom How to Check if Your Website is Blocked in China or Not? G-Zapper Anonymizers Spoofing IP Address IP Spoofing Detection Techniques: Direct TTL Probes IP Spoofing Detection Techniques: IP Identification Number


8/51


Course Outline



IP Spoofing Detection Techniques: TCP Flow Control Method IP Spoofing Countermeasures

o Scanning Pen Testing

Module 04: Enumeration

Enumeration Conceptso What is Enumeration?o Techniques for Enumerationo Services and Ports to Enumerate

NetBIOS Enumerationo NetBIOS Enumerationo NetBIOS Enumeration Tool: SuperScano NetBIOS Enumeration Tool: Hyenao NetBIOS Enumeration Tool: Winfingerprinto NetBIOS Enumeration Tool: NetBIOS Enumeratoro Enumerating User Accountso Enumerate Systems Using Default Passwords

SNMP Enumerationo

SNMP (Simple Network Management Protocol) Enumerationo Working of SNMPo Management Information Base (MIB)o SNMP Enumeration Tool: OpUtilso SNMP Enumeration Tool: SolarWinds IP Network Browsero SNMP Enumeration Tools

UNIX/Linux Enumerationo UNIX/Linux Enumeration Commandso Linux Enumeration Tool: Enum4linux

LDAP Enumerationo LDAP Enumerationo LDAP Enumeration Tool: Softerra LDAP Administratoro LDAP Enumeration Tools


9/51


Course Outline



NTP Enumerationo NTP Enumerationo NTP Enumeration Commands

SMTP Enumerationo SMTP Enumerationo SMTP Enumeration Tool: NetScanTools Pro

DNS Enumerationo DNS Zone Transfer Enumeration Using NSLookup

Enumeration Countermeasures SMB Enumeration Countermeasures Enumeration Pen Testing

Module 05: System Hacking

Information at Hand Before System Hacking Stage System Hacking: Goals CEH Hacking Methodology (CHM) CEH System Hacking Steps

o Cracking Passwords Password Cracking Password Complexity Password Cracking Techniques Types of Password Attacks Passive Online Attack: Wire Sniffing Passive Online Attack: Eavesdropping Passive Online Attacks: Man-in-the-Middle and Replay Attack Active Online Attack: Password Guessing Active Online Attack: Trojan/Spyware/Keylogger Active Online Attack: Hash Injection Attack Offline Attack: Rainbow Attacks Tools to Create Rainbow Tables: Winrtgen and rtgen Distributed Network Attack


10/51


Course Outline



Elcomsoft Distributed Password Recovery Non-Electronic Attacks Default Passwords Manual Password Cracking (Guessing) Automatic Password Cracking Algorithm Stealing Passwords Using USB Drive Stealing Passwords Using Keyloggers Microsoft Authentication How Hash Passwords Are Stored in Windows SAM? What Is LAN Manager Hash? LM Hash Generation LM, NTLMv1, and NTLMv2 NTLM Authentication Process Kerberos Authentication Salting PWdump7 and Fgdump L0phtCrack Ophcrack Cain & Abel RainbowCrack Password Cracking Tools LM Hash Backward Compatibility How to Disable LM HASH How to Defend against Password Cracking Implement and Enforce Strong Security Policy CEH System Hacking Steps

o Escalating Privileges Privilege Escalation Privilege Escalation Tool: Active@ Password Changer Privilege Escalation Tools


11/51


Course Outline



How to Defend Against Privilege Escalationo Executing Applications

Executing Applications Executing Applications: RemoteExec Executing Applications: PDQ Deploy Executing Applications: DameWare NT Utilities Keylogger Types of Keystroke Loggers Methodology of Attacker in Using Remote Keylogger Acoustic/CAM Keylogger Keyloggers Keylogger: Spytech SpyAgent Keylogger: All In One Keylogger Keyloggers for Windows Keylogger for Mac: Amac Keylogger for Mac Keyloggers for MAC Hardware Keyloggers Spyware What Does the Spyware Do? Types of Spywares Desktop Spyware Desktop Spyware: Activity Monitor Desktop Spyware Email and Internet Spyware Email and Internet Spyware: Power Spy Internet and Email Spyware Child Monitoring Spyware Child Monitoring Spyware: Net Nanny Home Suite Child Monitoring Spyware Screen Capturing Spyware


12/51


Course Outline



Screen Capturing Spyware: SoftActivity TS Monitor Screen Capturing Spyware USB Spyware

USB Spyware: USBSpy USB Spyware Audio Spyware Audio Spyware: Spy Voice Recorder and Sound Snooper Video Spyware Video Spyware: WebCam Recorder Video Spyware Print Spyware Print Spyware: Printer Activity Monitor Print Spyware Telephone/Cellphone Spyware Cellphone Spyware: Mobile Spy Telephone/Cellphone Spyware GPS Spyware GPS Spyware: SPYPhone GPS Spyware How to Defend Against Keyloggers Anti-Keylogger Anti-Keylogger: Zemana AntiLogger Anti-Keylogger How to Defend Against Spyware Anti-Spyware: PC Tools Spyware Doctor Anti-Spywares

o Hiding Files Rootkits Types of Rootkits How Rootkit Works


13/51


Course Outline



Rootkit: Fu Rootkit: KBeast Rootkit: Hacker Defender HxDef Rootkit Detecting Rootkits Steps for Detecting Rootkits How to Defend against Rootkits Anti-Rootkit: Stinger Anti-Rootkit: UnHackMe Anti-Rootkits NTFS Data Stream How to Create NTFS Streams NTFS Stream Manipulation How to Defend against NTFS Streams NTFS Stream Detector: StreamArmor NTFS Stream Detectors What Is Steganography? Application of Steganography Classification of Steganography Technical Steganography Linguistic Steganography Steganography Techniques How Steganography Works Types of Steganography Whitespace Steganography Tool: SNOW Image Steganography Least Significant Bit Insertion Masking and Filtering Algorithms and Transformation Image Steganography: QuickStego Image Steganography Tools


14/51


Course Outline



Document Steganography: wbStego Document Steganography Tools Video Steganography Video Steganography: OmniHide PRO Video Steganography Tools Audio Steganography Audio Steganography Methods Audio Steganography: DeepSound Audio Steganography Tools Folder Steganography: Invisible Secrets 4 Folder Steganography Tools Spam/Email Steganography: Spam Mimic Natural Text Steganography: Sams Big G Play Maker Issues in Information Hiding Steganalysis Steganalysis Methods/Attacks on Steganography Detecting Text and Image Steganography Detecting Audio and Video Steganography Steganography Detection Tool: Gargoyle Investigator Forensic Pro Steganography Detection Tools

o Covering Tracks Why Cover Tracks? Covering Tracks Ways to Clear Online Tracks Disabling Auditing: Auditpol Covering Tracks Tool: CCleaner Covering Tracks Tool: MRU-Blaster Track Covering Tools

o Penetration Testing Password Cracking


15/51


Course Outline



Privilege Escalation Executing Applications Hiding Files Covering Tracks

Module 06: Trojans and Backdoors

Trojan Conceptso What is a Trojan?o Communication Paths: Overt and Covert Channelso Purpose of Trojanso What Do Trojan Creators Look Foro Indications of a Trojan Attacko Common Ports used by Trojans

Trojan Infectiono How to Infect Systems Using a Trojano Wrapperso Wrapper Covert Programso Different Ways a Trojan can Get into a Systemo

How to Deploy a Trojano Evading Anti-Virus Techniques

Types of Trojanso Command Shell Trojanso Command Shell Trojan: Netcato GUI Trojan: MoSuckero GUI Trojan: Jumper and Biodoxo Document Trojanso E-mail Trojanso E-mail Trojans: RemoteByMailo Defacement Trojanso Defacement Trojans: Restoratoro Botnet Trojans


16/51


Course Outline



o Botnet Trojan: Illusion Bot and NetBot Attackero Proxy Server Trojanso Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)o FTP Trojanso VNC Trojanso VNC Trojans: WinVNC and VNC Stealero HTTP/HTTPS Trojanso HTTP Trojan: HTTP RATo Shttpd Trojan - HTTPS (SSL)o ICMP Tunnelingo Remote Access Trojanso Remote Access Trojan: RAT DarkComet and Apocalypseo Covert Channel Trojan: CCTTo E-banking Trojanso Banking Trojan Analysiso E-banking Trojan: ZeuS and SpyEyeo Destructive Trojans: M4sT3r Trojano Notification Trojanso Credit Card Trojanso Data Hiding Trojans (Encrypted Trojans)o OS X Trojan: Crisiso MAC OS X Trojan: DNSChangero Mac OS X Trojan: Hell Raisero Trojan Analysis: Flameo Flame C&C Server Analysiso Trojan Analysis: SpyEyeo Trojan Analysis: ZeroAccesso Trojan Analysis: Duquo Trojan Analysis: Duqu Frameworko Trojan Analysis: Event Driven Framework

Trojan Detection


17/51


Course Outline



o How to Detect Trojanso Scanning for Suspicious Portso Port Monitoring Tools: TCPView and CurrPortso Scanning for Suspicious Processeso Port Monitoring Tools: TCPView and CurrPortso Scanning for Suspicious Processeso Process Monitoring Tool: What's Runningo Process Monitoring Toolso Scanning for Suspicious Registry Entrieso Registry Entry Monitoring Tool: PC Tools Registry Mechanico Registry Entry Monitoring Toolso Scanning for Suspicious Device Driverso Device Drivers Monitoring Tool: DriverViewo Device Drivers Monitoring Toolso Scanning for Suspicious Windows Serviceso Windows Services Monitoring Tool: Windows Service Manager (SrvMan)o Windows Services Monitoring Toolso Scanning for Suspicious Startup Programso Windows8 Startup Registry Entrieso Startup Programs Monitoring Tool: Startero Startup Programs Monitoring Tool: Security AutoRuno Startup Programs Monitoring Toolso Scanning for Suspicious Files and Folderso Files and Folder Integrity Checker: FastSum and WinMD5o Files and Folder Integrity Checkero Scanning for Suspicious Network Activitieso Detecting Trojans and Worms with Capsa Network Analyzer

Countermeasureso Trojan Countermeasureso Backdoor Countermeasureso Trojan Horse Construction Kit


18/51


Course Outline



o Anti-Trojan Software

o Anti-Trojan Software: TrojanHuntero Anti-Trojan Software: Emsisoft Anti-Malwareo Anti-Trojan Softwares

Pen Testing for Trojans and Backdoors

Module 07: Viruses and Worms

Virus and Worms Conceptso Introduction to Viruseso Virus and Worm Statisticso Stages of Virus Lifeo Working of Viruses: Infection Phaseo Working of Viruses: Attack Phaseo Why Do People Create Computer Viruseso Indications of Virus Attacko How does a Computer Get Infected by Viruseso Common Techniques Used to Distribute Malware on the Webo Virus Hoaxes and Fake Antiviruseso Virus Analysis: DNSChanger

Types of Viruseso System or Boot Sector Viruseso File and Multipartite Viruseso Macro Viruseso Cluster Viruseso Stealth/Tunneling Viruseso Encryption Viruseso Polymorphic Codeo Metamorphic Viruseso File Overwriting or Cavity Viruseso Sparse Infector Viruses


19/51


Course Outline



o Companion/Camouflage Viruseso Shell Viruseso File Extension Viruseso Add-on and Intrusive Viruseso Transient and Terminate and Stay Resident Viruseso Writing a Simple Virus Programo Terabit Virus Makero JPS Virus Maker and DELmE's Batch Virus Maker

Computer Wormso How Is a Worm Different from a Virus?o Worm Analysis: Stuxneto Worm Maker: Internet Worm Maker Thing

Malware Analysiso What is Sheep Dip Computer?o Anti-Virus Sensors Systemso Malware Analysis Procedure: Preparing Testbedo Malware Analysis Procedureo Virus Analysis Tool: IDA Proo Online Malware Testing: VirusTotalo Online Malware Analysis Services

Counter-measureso Virus Detection Methodso Virus and Worms Countermeasureso Companion Antivirus: Immuneto Anti-virus Tools

Penetration Testing for Virus

Module 08: Sniffers

Sniffing Conceptso Wiretappingo Lawful Interception


20/51


Course Outline



o Packet Sniffingo Sniffing Threatso How a Sniffer Workso Types of Sniffing Attackso Types of Sniffing: Passive Sniffingo Types of Sniffing: Active Sniffingo Protocols Vulnerable to Sniffingo Tie to Data Link Layer in OSI Modelo IPv6 Addresseso IPv4 and IPv6 Header Comparisono Hardware Protocol Analyzerso SPAN Port

MAC Attackso MAC Floodingo MAC Address/CAM Tableo How CAM Workso What Happens When CAM Table Is Full?o Mac Flooding Switches with macofo MAC Flooding Tool: Yersiniao How to Defend against MAC Attacks

DHCP Attackso How DHCP Workso DHCP Request/Reply Messageso IPv4 DHCP Packet Formato DHCP Starvation Attacko DHCP Starvation Attack Toolso Rogue DHCP Server Attacko How to Defend Against DHCP Starvation and Rogue Server Attack

ARP Poisoningo What Is Address Resolution Protocol (ARP)?o ARP Spoofing Techniques


21/51


Course Outline



o ARP Spoofing Attacko How Does ARP Spoofing Worko Threats of ARP Poisoningo ARP Poisoning Tool: Cain & Abelo ARP Poisoning Tool: WinArpAttackero ARP Poisoning Tool: Ufasoft Snifo How to Defend Against ARP Poisoningo Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switcheso ARP Spoofing Detection: XArp

Spoofing Attacko Spoofing Attack Threatso MAC Spoofing/Duplicatingo MAC Spoofing Technique: Windowso MAC Spoofing Tool: SMACo IRDP Spoofingo How to Defend Against MAC Spoofing

DNS Poisoningo DNS Poisoning Techniqueso Intranet DNS Spoofingo Internet DNS Spoofingo Proxy Server DNS Poisoningo DNS Cache Poisoningo How to Defend Against DNS Spoofing

Sniffing Toolso Sniffing Tool: Wiresharko Follow TCP Stream in Wiresharko Display Filters in Wiresharko Additional Wireshark Filterso Sniffing Tool: Cascade Piloto Sniffing Tool: Tcpdump/Windumpo Packet Sniffing Tool: Capsa Network Analyzer


22/51


Course Outline



o Network Packet Analyzer: OmniPeek Network Analyzero Network Packet Analyzer: Observero Network Packet Analyzer: Sniff-O-Matico Network Packet Analyzer: JitBit Network Sniffero Chat Message Sniffer: MSN Sniffer 2o TCP/IP Packet Crafter: Colasoft Packet Buildero Additional Sniffing Toolso How an Attacker Hacks the Network Using Sniffers

Counter measureso How to Defend Against Sniffingo How to Detect Sniffingo Sniffer Detection Technique: Ping Methodo Sniffer Detection Technique: ARP Methodo Sniffer Detection Technique: DNS Methodo Promiscuous Detection Tool: PromqryUI

Sniffing Pen Testing

Module 09: Social Engineering

Social Engineering Conceptso What is Social Engineering?o Behaviors Vulnerable to Attackso Factors that Make Companies Vulnerable to Attackso Why Is Social Engineering Effective?o Warning Signs of an Attacko Phases in a Social Engineering Attacko Impact on the Organizationo Rebecca and Jessicao Common Targets of Social Engineeringo Common Targets of Social Engineering: Office Workers

Social Engineering Techniqueso Types of Social Engineering


23/51


Course Outline



o Human-based Social Engineeringo Technical Support Exampleo Authority Support Exampleo Human-based Social Engineering: Eavesdropping and Shoulder Surfingo Human-based Social Engineering: Dumpster Divingo Human-based Social Engineeringo Watch these Movieso Watch this Movieo Computer-based Social Engineeringo Computer-based Social Engineering: Pop-Upso Computer-based Social Engineering: Phishingo Computer-based Social Engineering: Spear Phishingo Mobile-based Social Engineering: Publishing Malicious Appso Mobile-based Social Engineering: Repackaging Legitimate Appso Mobile-based Social Engineering: Fake Security Applicationso Mobile-based Social Engineering: Using SMSo Insider Attacko Disgruntled Employeeo Preventing Insider Threatso Common Social Engineering Targets and Defense Strategies

Imperso-nation on Social Networking Siteso Social Engineering Through Impersonation on Social Networking Siteso Social Engineering on Facebooko Social Engineering Example: LinkedIn Profileo Social Engineering on Twittero Risks of Social Networking to Corporate Networks

Identity Thefto Identity Theft Statistics 2011o Identify Thefto How to Steal an Identity

STEP 1


24/51


Course Outline



STEP 2 Comparison STEP 3

o Real Steven Gets Huge Credit Card Statemento Identity Theft - Serious Problem

Social Engineering Countermeasureso How to Detect Phishing Emailso Anti-Phishing Toolbar: Netcrafto Anti-Phishing Toolbar: PhishTanko Identity Theft Countermeasures

Social Engineering Pen Testingo Social Engineering Pen Testing: Using Emailso Social Engineering Pen Testing: Using Phoneo Social Engineering Pen Testing: In Persono Social Engineering Pen Testing: Social Engineering Toolkit (SET)

Module 10: Denial of Service

DoS/DDoS Conceptso What is a Denial of Service Attack?o What Are Distributed Denial of Service Attacks?o How Distributed Denial of Service Attacks Worko Symptoms of a DoS Attacko Cyber Criminalso Organized Cyber Crime: Organizational Chart

DoS Attack Techniqueso Bandwidth Attackso Service Request Floodso SYN Attacko SYN Floodingo ICMP Flood Attacko Peer-to-Peer Attacks


25/51


Course Outline



o Permanent Denial-of-Service Attacko Application Level Flood Attacks

Botneto Botnet Propagation Techniqueo Botnet Ecosystemo Botnet Trojan: Sharko Poison Ivy: Botnet Command Control Centero Botnet Trojan: PlugBoto Botnet Trojans: Illusion Bot and NetBot Attacker

DDoS Case Studyo DDoS Attacko DDoS Attack Tool: LOICo Hackers Advertise Links to Download Botnet

DoS Attack Tools Counter-measures

o Detection Techniqueso Activity Profilingo Wavelet Analysiso Sequential Change-Point Detectiono DoS/DDoS Countermeasure Strategieso DDoS Attack Countermeasureso DoS/DDoS Countermeasures: Protect Secondary Victimso DoS/DDoS Countermeasures: Detect and Neutralize Handlerso DoS/DDoS Countermeasures: Detect Potential Attackso DoS/DDoS Countermeasures: Deflect Attackso DoS/DDoS Countermeasures: Mitigate Attackso Post-Attack Forensicso Techniques to Defend against Botnetso DoS/DDoS Countermeasureso DoS/DDoS Protection at ISP Levelo Enabling TCP Intercept on Cisco IOS Software


26/51


Course Outline



o Advanced DDoS Protection Appliances DoS/DDoS Protection Tools

o DoS/DDoS Protection Tool: D-Guard Anti-DDoS Firewallo DoS/DDoS Protection Tools

Denial-of-Service (DoS) Attack Penetration Testing

Module 11: Session Hijacking

Session Hijacking Conceptso What is Session Hijacking?o Dangers Posed by Hijackingo Why Session Hijacking is Successful?o Key Session Hijacking Techniqueso Brute Forcing Attacko Spoofing vs. Hijackingo Session Hijacking Processo Packet Analysis of a Local Session Hijacko Types of Session Hijackingo Session Hijacking in OSI Modelo Application Level Session Hijackingo Session Sniffingo Predictable Session Tokeno How to Predict a Session Tokeno Man-in-the-Middle Attacko Man-in-the-Browser Attacko Steps to Perform Man-in-the-Browser Attacko Client-side Attackso Cross-site Script Attacko Session Fixationo Session Fixation Attack

Network-level Session Hijackingo The 3-Way Handshake


27/51


Course Outline



o Sequence Numberso Sequence Numbers Predictiono TCP/IP Hijackingo IP Spoofing: Source Routed Packetso RST Hijackingo Blind Hijackingo Man-in-the-Middle Attack Using Packet Sniffero UDP Hijacking

Session Hijacking Toolso Session Hijacking Tool: Zaproxyo Session Hijacking Tool: Burp Suiteo Session Hijacking Tool: JHijacko Session Hijacking Tools

Counter-measureso Protecting against Session Hijackingo Methods to Prevent Session Hijacking: To be Followed by Web Developerso Methods to Prevent Session Hijacking: To be Followed by Web Userso IPSeco Modes of IPseco IPsec Architectureo IPsec Authentication and Confidentialityo Components of IPseco IPsec Implementation

Session Hijacking Pen Testing

Module 12: Hacking Webservers

Webserver Conceptso Webserver Market Shareso Open Source Webserver Architectureo IIS Webserver Architectureo Website Defacement


28/51


Course Outline



o Why Web Servers are compromised?o Impact of Webserver Attacks

Webserver Attackso Webserver Misconfigurationo Webserver Misconfiguration Exampleo Directory Traversal Attackso HTTP Response Splitting Attacko Web Cache Poisoning Attacko HTTP Response Hijackingo SSH Bruteforce Attacko Man-in-the-Middle Attacko Webserver Password Crackingo Webserver Password Cracking Techniqueso Web Application Attacks

Attack Methodologyo Webserver Attack Methodologyo Webserver Attack Methodology: Information Gatheringo Webserver Attack Methodology: Webserver Footprintingo Webserver Footprinting Toolso Webserver Attack Methodology: Mirroring a Websiteo Webserver Attack Methodology: Vulnerability Scanningo Webserver Attack Methodology: Session Hijackingo Webserver Attack Methodology: Hacking Web Passwords

Webserver Attack Toolso Webserver Attack Tools: Metasploito Metasploit Architectureo Metasploit Exploit Moduleo Metasploit Payload Moduleo Metasploit Auxiliary Moduleo Metasploit NOPS Moduleo Webserver Attack Tools: Wfetch


29/51


Course Outline



o Web Password Cracking Tool: Brutuso Web Password Cracking Tool: THC-Hydrao Web Password Cracking Tool: Internet Password Recovery Toolbox

Counter-measureso Countermeasures: Patches and Updateso Countermeasures: Protocolso Countermeasures: Accountso Countermeasures: Files and Directorieso How to Defend Against Web Server Attackso How to Defend against HTTP Response Splitting and Web Cache Poisoning

Patch Managemento Patches and Hotfixeso What Is Patch Management?o Identifying Appropriate Sources for Updates and Patcheso Installation of a Patcho Implementation and Verification of a Security Patch or Upgradeo Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)o Patch Management Tools

Webserver Security Toolso Web Application Security Scanner: Syhunt Dynamico Web Application Security Scanner: N-Stalker Web Application Security Scannero Web Server Security Scanner: Wiktoo Web Server Security Scanner: Acunetix Web Vulnerability Scannero Web Server Malware Infection Monitoring Tool: HackAlerto Web Server Malware Infection Monitoring Tool: QualysGuard Malware Detectiono Webserver Security Tools

Webserver Pen Testingo Web Server Pen Testing Tool: CORE Impact Proo Web Server Pen Testing Tool: Immunity CANVASo Web Server Pen Testingo Web Server Penetration Testing


30/51


Course Outline



Module 13: Hacking Web Applications

Web App Conceptso Web Application Security Statisticso Introduction to Web Applicationso Web Application Componentso How Web Applications Work?o Web Application Architectureo Web 2.0 Applicationso Vulnerability Stacko Web Attack Vectors

Web App Threatso Web Application Threats - 1o Web Application Threats - 2o Invalidated Inputo Parameter/Form Tamperingo Directory Traversalo Security Misconfigurationo Injection Flawso SQL Injection Attackso Command Injection Attackso Command Injection Attackso Command Injection Exampleo File Injection Attacko What is LDAP Injection?o How LDAP Injection Works?o Hidden Field Manipulation Attacko Cross-Site Scripting (XSS) Attackso How XSS Attacks Work?o Cross-Site Scripting Attack Scenario: Attack via Emailo XSS Example: Attack via Email


31/51


Course Outline



o XSS Example: Stealing Users' Cookieso XSS Example: Sending an Unauthorized Requesto XSS Attack in Blog Postingo XSS Attack in Comment Fieldo XSS Cheat Sheeto Cross-Site Request Forgery (CSRF) Attacko How CSRF Attacks Work?o Web Application Denial-of-Service (DoS) Attacko Denial of Service (DoS) Exampleso Buffer Overflow Attackso Cookie/Session Poisoningo How Cookie Poisoning Works?o Session Fixation Attacko Insufficient Transport Layer Protectiono Improper Error Handlingo Insecure Cryptographic Storageo Broken Authentication and Session Managemento Invalidated Redirects and Forwardso Web Services Architectureo Web Services Attacko Web Services Footprinting Attacko Web Services XML Poisoning

Web App Hacking Methodologyo Footprint Web Infrastructure

Footprint Web Infrastructure: Server Discovery Footprint Web Infrastructure: Service Discovery Footprint Web Infrastructure: Server Identification/Banner Grabbing Footprint Web Infrastructure: Hidden Content Discovery Web Spidering Using Burp Suite Web Spidering Using Mozenda Web Agent Builder

o Attack Web Servers


32/51


Course Outline



Hacking Web Servers Web Server Hacking Tool: WebInspect

o Analyze Web Applications Analyze Web Applications: Identify Entry Points for User Input Analyze Web Applications: Identify Server-Side Technologies Analyze Web Applications: Identify Server-Side Functionality Analyze Web Applications: Map the Attack Surface

o Attack Authentication Mechanism Username Enumeration Password Attacks: Password Functionality Exploits Password Attacks: Password Guessing Password Attacks: Brute-forcing Session Attacks: Session ID Prediction/ Brute-forcing Cookie Exploitation: Cookie Poisoning

o Authorization Attack Schemes Authorization Attack HTTP Request Tampering Authorization Attack: Cookie Parameter Tampering

o Attack Session Management Mechanism Session Management Attack Attacking Session Token Generation Mechanism Attacking Session Tokens Handling Mechanism: Session Token Sniffing

o Perform Injection Attacks Injection Attacks

o Attack Data Connectivity Connection String Injection Connection String Parameter Pollution (CSPP) Attacks Connection Pool DoS

o Attack Web App Cliento Attack Web Services


33/51


Course Outline



Web Services Probing Attacks Web Service Attacks: SOAP Injection Web Service Attacks: XML Injection Web Services Parsing Attacks Web Service Attack Tool: soapUI Web Service Attack Tool: XMLSpy

Web Application Hacking Toolso Web Application Hacking Tool: Burp Suite Professionalo Web Application Hacking Tools: CookieDiggero Web Application Hacking Tools: WebScarabo Web Application Hacking Tools

Countermeasureso Encoding Schemeso How to Defend Against SQL Injection Attacks?o How to Defend Against Command Injection Flaws?o How to Defend Against XSS Attacks?o How to Defend Against DoS Attack?o How to Defend Against Web Services Attack?o Web Application Countermeasureso How to Defend Against Web Application Attacks?

Security Toolso Web Application Security Tool: Acunetix Web Vulnerability Scannero Web Application Security Tool: Watcher Web Security Toolo Web Application Security Scanner: Netsparkero Web Application Security Tool: N-Stalker Web Application Security Scannero Web Application Security Tool: VampireScano Web Application Security Toolso Web Application Firewall: dotDefendero Web Application Firewall: ServerDefender VPo Web Application Firewall

Web App Pen Testing


34/51


Course Outline



o Web Application Pen Testingo Information Gatheringo Configuration Management Testingo Authentication Testingo Session Management Testingo Authorization Testingo Data Validation Testingo Denial of Service Testingo Web Services Testingo AJAX Testing

Module 14: SQL Injection

SQL Injection Conceptso SQL Injectiono Scenarioo SQL Injection is the Most Prevalent Vulnerability in 2012o SQL Injection Threatso What is SQL Injection?o SQL Injection Attackso How Web Applications Work?o Server Side Technologieso HTTP Post Requesto Example 1: Normal SQL Queryo Example 1: SQL Injection Queryo Example 1: Code Analysiso Example 2: BadProductList.aspxo Example 2: Attack Analysiso Example 3: Updating Tableo Example 4: Adding New Recordso Example 5: Identifying the Table Nameo Example 6: Deleting a Table


35/51


Course Outline



Testing for SQL Injectiono SQL Injection Detectiono SQL Injection Error Messageso SQL Injection Attack Characterso Additional Methods to Detect SQL Injectiono SQL Injection Black Box Pen Testingo Testing for SQL Injection

Types of SQL Injectiono Simple SQL Injection Attacko Union SQL Injection Exampleo SQL Injection Error Based

Blind SQL Injectiono What is Blind SQL Injection?o No Error Messages Returnedo Blind SQL Injection: WAITFOR DELAY YES or NO Responseo Blind SQL InjectionExploitation (MySQL)o Blind SQL Injection - Extract Database Usero Blind SQL Injection - Extract Database Nameo Blind SQL Injection - Extract Column Nameo Blind SQL Injection - Extract Data from ROWS

SQL Injection Methodology Advanced SQL Injection

o Information Gatheringo Extracting Information through Error Messageso Understanding SQL Queryo Bypass Website Logins Using SQL Injectiono Database, Table, and Column Enumerationo Advanced Enumerationo Features of Different DBMSso Creating Database Accountso Password Grabbing


36/51


Course Outline



o Grabbing SQL Server Hasheso Extracting SQL Hashes (In a Single Statement)o Transfer Database to Attackers Machineo Interacting with the Operating Systemo Interacting with the FileSystemo Network Reconnaissance Using SQL Injectiono Network Reconnaissance Full Query

SQL Injection Toolso SQL Injection Tools: BSQLHackero SQL Injection Tools: Marathon Toolo SQL Injection Tools: SQL Power Injectoro SQL Injection Tools: Havijo SQL Injection Tools

Evasion Techniqueso Evading IDSo Types of Signature Evasion Techniqueso Evasion Technique: Sophisticated Matcheso Evasion Technique: Hex Encodingo Evasion Technique: Manipulating White Spaceso Evasion Technique: In-line Commento Evasion Technique: Char Encodingo Evasion Technique: String Concatenationo Evasion Technique: Obfuscated Codes

Counter-measureso How to Defend Against SQL Injection Attacks?o How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameterso How to Defend Against SQL Injection Attackso SQL Injection Detection Tool: Microsoft Source Code Analyzero SQL Injection Detection Tool: Microsoft UrlScan Filtero SQL Injection Detection Tool: dotDefendero SQL Injection Detection Tool: IBM Security AppScan


37/51


Course Outline



o SQL Injection Detection Tool: WebCruisero Snort Rule to Detect SQL Injection Attackso SQL Injection Detection Tools

Module 15: Hacking Wireless Networks

Wireless Conceptso Wireless Networkso 2010 vs. 2011 Wi-Fi Device Type Comparisono Wi-Fi Networks at Home and Public Placeso Types of Wireless Networkso Wireless Standardso Service Set Identifier (SSID)o Wi-Fi Authentication Modeso Wi-Fi Authentication Process Using a Centralized Authentication Servero Wireless Terminologieso Wi-Fi Chalkingo Wi-Fi Chalking Symbolso Types of Wireless Antennao Parabolic Grid Antenna

Wireless Encryptiono Types of Wireless Encryptiono WEP Encryptiono How WEP Works?o What is WPA?o How WPA Works?o Temporal Keyso What is WPA2?o How WPA2 Works?o WEP vs. WPA vs. WPA2o WEP Issueso Weak Initialization Vectors (IV)


38/51


Course Outline



o How to Break WEP Encryption?o How to Break WPA/WPA2 Encryption?o How to Defend Against WPA Cracking?

Wireless Threatso Wireless Threats: Access Control Attackso Wireless Threats: Integrity Attackso Wireless Threats: Confidentiality Attackso Wireless Threats: Availability Attackso Wireless Threats: Authentication Attackso Rogue Access Point Attacko Client Mis-associationo Misconfigured Access Point Attacko Unauthorized Associationo Ad Hoc Connection Attacko HoneySpot Access Point Attacko AP MAC Spoofingo Denial-of-Service Attacko Jamming Signal Attacko Wi-Fi Jamming Devices

Wireless Hacking Methodologyo Wi-Fi Discovery

Footprint the Wireless Network Attackers Scanning for Wi-Fi Networks Find Wi-Fi Networks to Attack Wi-Fi Discovery Tool: inSSIDer Wi-Fi Discovery Tool: NetSurveyor Wi-Fi Discovery Tool: NetStumbler Wi-Fi Discovery Tool: Vistumbler Wi-Fi Discovery Tool: WirelessMon Mobile-based Wi-Fi Discovery Tool Wi-Fi Discovery Tools


39/51


Course Outline



o GPS Mapping GPS Mapping Tool: WIGLE GPS Mapping Tool: Skyhook Wi-Fi Hotspot Finder: jiWire Wi-Fi Hotspot Finder: WeFi How to Discover Wi-Fi Network Using Wardriving?

o Wireless Traffic Analysis Wireless Cards and Chipsets Wi-Fi USB Dongle: AirPcap Wi-Fi Packet Sniffer: Wireshark with AirPcap Wi-Fi Packet Sniffer: Cascade Pilot Wi-Fi Packet Sniffer: OmniPeek Wi-Fi Packet Sniffer: CommView for Wi-Fi What is Spectrum Analysis? Wi-Fi Packet Sniffers

o Launch Wireless Attacks Aircrack-ng Suite How to Reveal Hidden SSIDs Fragmentation Attack How to Launch MAC Spoofing Attack? Denial of Service: Deauthentication and Disassociation Attacks Man-in-the-Middle Attack MITM Attack Using Aircrack-ng Wireless ARP Poisoning Attack Rogue Access Point Evil Twin How to Set Up a Fake Hotspot (Evil Twin)?

o Crack Wi-Fi Encryption How to Crack WEP Using Aircrack? How to Crack WEP Using Aircrack? Screenshot 1/2


40/51


Course Outline



How to Crack WEP Using Aircrack? Screenshot 2/2 How to Crack WPA-PSK Using Aircrack? WPA Cracking Tool: KisMAC WEP Cracking Using Cain & Abel WPA Brute Forcing Using Cain & Abel WPA Cracking Tool: Elcomsoft Wireless Security Auditor WEP/WPA Cracking Tools

Wireless Hacking Toolso Wi-Fi Sniffer: Kismeto Wardriving Toolso RF Monitoring Toolso Wi-Fi Traffic Analyzer Toolso Wi-Fi Raw Packet Capturing and Spectrum Analyzing Tools

Bluetooth Hackingo Bluetooth Stacko Bluetooth Threatso How to BlueJack a Victim?o Bluetooth Hacking Tool: Super Bluetooth Hacko Bluetooth Hacking Tool: PhoneSnoopo Bluetooth Hacking Tool: BlueScannero Bluetooth Hacking Tools

Counter-measureso How to Defend Against Bluetooth Hacking?o How to Detect and Block Rogue AP?o Wireless Security Layerso How to Defend Against Wireless Attacks?

Wireless Security Toolso Wireless Intrusion Prevention Systemso Wireless IPS Deploymento Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzero Wi-Fi Security Auditing Tool: AirDefense


41/51


Course Outline



o Wi-Fi Security Auditing Tool: Adaptive Wireless IPSo Wi-Fi Security Auditing Tool: Aruba RFProtect WIPSo Wi-Fi Intrusion Prevention Systemo Wi-Fi Predictive Planning Toolso Wi-Fi Vulnerability Scanning Tools

Wi-Fi Pen Testingo Wireless Penetration Testingo Wireless Penetration Testing Frameworko Wi-Fi Pen Testing Frameworko Pen Testing LEAP Encrypted WLANo Pen Testing WPA/WPA2 Encrypted WLANo Pen Testing WEP Encrypted WLANo Pen Testing Unencrypted WLAN

Module 16: Hacking Mobile Platforms

Mobile Platform Attack Vectorso Mobile Threat Report Q2 2012o Terminologyo Mobile Attack Vectorso Mobile Platform Vulnerabilities and Riskso Security Issues Arising from App Storeso Threats of Mobile Malwareo App Sandboxing Issues

Hacking Android OSo Android OSo Android OS Architectureo Android Device Administration APIo Android Vulnerabilitieso Android Rootingo Rooting Android Phones using SuperOneClicko Rooting Android Phones Using Superboot


42/51


Course Outline



o Android Rooting Toolso Session Hijacking Using DroidSheepo Android-based Sniffer: FaceNiffo Android Trojan: ZitMo (ZeuS-in-the-Mobile)o Android Trojan: GingerBreako Android Trojan: AcnetSteal and Cawitto Android Trojan: Frogonal and Gamexo Android Trojan: KabStamper and Maniao Android Trojan: PremiumSMS and SmsSpyo Android Trojan: DroidLive SMS and UpdtKillero Android Trojan: FakeTokeno Securing Android Deviceso Google Apps Device Policyo Remote Wipe Service: Remote Wipeo Android Security Tool: DroidSheep Guardo Android Vulnerability Scanner: X-Rayo Android Penetration Testing Tool: Android Network Toolkit - Antio Android Device Tracking Tools

Hacking iOSo Security Newso Apple iOSo Jailbreaking iOSo Types of Jailbreakingo Jailbreaking Techniqueso App Platform for Jailbroken Devices: Cydiao Jailbreaking Tools: Redsn0w and Absintheo Tethered Jailbreaking of iOS 6 Using RedSn0wo Jailbreaking Tools: Sn0wbreeze and PwnageToolo Jailbreaking Tools: LimeRa1n and Jailbreakme.como Jailbreaking Tools: Blackra1n and Spirito Guidelines for Securing iOS Devices


43/51


Course Outline



o iOS Device Tracking Tools Hacking Windows Phone OS

o Windows Phone 8o Windows Phone 8 Architectureo Secure Boot Processo Windows Phone 8 Vulnerabilitieso Guidelines for Securing Windows OS Devices

Hacking BlackBerryo BlackBerry Operating Systemo BlackBerry Enterprise Solution Architectureo Blackberry Attack Vectorso Malicious Code Signingo JAD File Exploits and Memory/ Processes Manipulationso Short Message Service (SMS) Exploitso Email Exploitso PIM Data Attacks and TCP/IP Connections Vulnerabilitieso Telephony Attackso Blackberry Spyware: FinSpy Mobileo BlackBerry Router Protocolo Guidelines for Securing BlackBerry Devices

Mobile Device Management (MDM)o MDM Logical Architectureo MDM Solution: MaaS360 Mobile Device Management (MDM)o MDM Solutions

Mobile Security Guidelines and Toolso General Guidelines for Mobile Platform Securityo Mobile Device Security Guidelines for Administratoro Mobile Protection Tool: BullGuard Mobile Securityo Mobile Protection Tool: Lookouto Mobile Protection Tool: WISeIDo Mobile Protection Tools


44/51


Course Outline



Mobile Pen Testingo Android Phone Pen Testingo iPhone Pen Testingo Windows Phone Pen Testingo BlackBerry Pen Testing

Module 17: Evading IDS, Firewalls, and Honeypots

IDS, Firewall and Honeypot Conceptso Intrusion Detection Systems (IDS) and their Placemento How IDS Works?o Ways to Detect an Intrusiono Types of Intrusion Detection Systemso System Integrity Verifiers (SIV)o General Indications of Intrusionso General Indications of System Intrusionso Firewallo Firewall Architectureo DeMilitarized Zone (DMZ)o Types of Firewallo Packet Filtering Firewallo Circuit-Level Gateway Firewallo Application-Level Firewallo Stateful Multilayer Inspection Firewallo Firewall Identification: Port Scanningo Firewall Identification: Firewalkingo Firewall Identification: Banner Grabbingo Honeypoto Types of Honeypotso How to Set Up a Honeypot?

IDS, Firewall and Honeypot Systemo Intrusion Detection Tool: Snort


45/51


Course Outline



o How Snort Workso Snort Ruleso Snort Rules : Rule Actions and IP Protocolso Snort Rules : The Direction Operator and IP Addresseso Snort Rules : Port Numberso Intrusion Detection Systems: Tipping Pointo Intrusion Detection Toolso Firewall: ZoneAlarm PRO Firewallo Firewallso Honeypot Tool: KFSensoro Honeypot Tool: SPECTERo Honeypot Tools

Evading IDSo Insertion Attacko Evasiono Denial-of-Service Attack (DoS)o Obfuscatingo False Positive Generationo Session Splicingo Unicode Evasion Techniqueo Fragmentation Attacko Overlapping Fragmentso Time-To-Live Attackso Invalid RST Packetso Urgency Flago Polymorphic Shellcodeo ASCII Shellcodeo Application-Layer Attackso Desynchronization - Pre Connection SYNo Desynchronization - Post Connection SYNo Other Types of Evasion


46/51


47/51


Course Outline



o Stack-Based Buffer Overflowo Understanding Heapo Heap-Based Buffer Overflowo Stack Operationso Shellcodeo No Operations (NOPs)

Buffer Overflow Methodologyo Knowledge Required to Program Buffer Overflow Exploitso Buffer Overflow Stepso Attacking a Real Programo Format String Problemo Overflow using Format Stringo Smashing the Stacko Once the Stack is smashed...

Buffer Overflow Exampleso Simple Uncontrolled Overflowo Simple Buffer Overflow in C: Code Analysiso Exploiting Semantic Comments in C (Annotations)o How to Mutate a Buffer Overflow Exploit?

Buffer Overflow Detectiono Identifying Buffer Overflowso How to Detect Buffer Overflows in a Program?o Testing for Heap Overflow Conditions: heap.exeo Steps for Testing for Stack Overflow in OllyDbg Debuggero Testing for Stack Overflow in OllyDbg Debuggero Testing for Format String Conditions using IDA Proo BoF Detection Tool: Immunity CANVASo BoF Detection Tools

Buffer Overflow Counter-measureso Defense Against Buffer Overflowso Preventing BoF Attacks


48/51


Course Outline



o Programming Countermeasureso Data Execution Prevention (DEP)o Enhanced Mitigation Experience Toolkit (EMET)o EMET System Configuration Settingso EMET Application Configuration Settings

Buffer Overflow Security Toolso /GShttp://microsoft.como BoF Security Tool: BufferShieldo BoF Security Tools

Buffer Overflow Penetration Testing

Module 19: Cryptography

Cryptography Conceptso Cryptographyo Types of Cryptographyo Government Access to Keys (GAK)

Encryption Algorithmso Cipherso Advanced Encryption Standard (AES)o Data Encryption Standard (DES)o RC4, RC5, RC6 Algorithmso The DSA and Related Signature Schemeso RSA (Rivest Shamir Adleman)o Example of RSA Algorithmo The RSA Signature Schemeo Message Digest (One-way Hash) Functionso Message Digest Function: MD5o Secure Hashing Algorithm (SHA)o What is SSH (Secure Shell)?

Cryptography Toolso MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
http://microsoft.com/http://microsoft.com/http://microsoft.com/http://microsoft.com/


49/51


Course Outline



o Cryptography Tool: Advanced Encryption Packageo Cryptography Tool: BCTextEncodero Cryptography Tools

Public Key Infrastructure(PKI)o Public Key Infrastructure (PKI)o Certification Authorities

Email Encryptiono Digital Signatureo SSL (Secure Sockets Layer)o Transport Layer Security (TLS)

Disk Encryptiono Disk Encryption Tool: TrueCrypto Disk Encryption Tool: GiliSoft Full Disk Encryptiono Disk Encryption Tools

Cryptography Attackso Code Breaking Methodologieso Brute-Force Attacko Meet-in-the-Middle Attack on Digital Signature Schemes

Cryptanalysis Toolso Cryptanalysis Tool: CrypToolo Cryptanalysis Toolso Online MD5 Decryption Tool

Module 20: Penetration Testing

Pen Testing Conceptso Security Assessmentso Security Audito Vulnerability Assessmento Limitations of Vulnerability Assessmento Introduction to Penetration Testingo Penetration Testing


50/51


51/51


Course Outline

o Activity: Perimeter Testingo Enumerating Deviceso Activity: Acquiring Targeto Activity: Escalating Privilegeso Activity: Execute, Implant, and Retracto Post-Attack Phase and Activitieso Penetration Testing Deliverable Templates

Pen Testing Roadmapo Penetration Testing Methodologyo Application Security Assessmento Web Application Testing - Io Web Application Testing - IIo Web Application Testing - IIIo Network Security Assessmento Wireless/Remote Access Assessmento Wireless Testingo Telephony Security Assessmento Social Engineeringo Testing Network-Filtering Deviceso Denial of Service Emulation

Outsourcing Pen Testing Serviceso Outsourcing Penetration Testing Serviceso Terms of Engagemento Project Scopeo Pentest Service Level Agreementso Penetration Testing Consultants

cehv8 outline

Documents