Ethical Hacking and Countermeasures course mission is to educate, introduce and

demonstrate hacking tools for penetration testing purposes only. Prior to attending
this course, you will be asked to sign an agreement stating that you will not use the
newly acquired skills for illegal or malicious attacks.
Course Details
Module 0! "ntroduction to Ethical Hacking
"nternet Crime Current #eport! "C$
%ata &reach "n'estigations #eport
(ypes of %ata )tolen *rom the +rgani,ations
Essential (erminologies
Elements of "nformation )ecurity
-uthenticity and .on/#epudiation
(he )ecurity, *unctionality, and 0sability (riangle
)ecurity Challenges
Effects of Hacking
o Effects of Hacking on &usiness
1ho is a Hacker2
Hacker Classes
Hackti'ism
1hat %oes a Hacker %o2
Phase / #econnaissance
o #econnaissance (ypes
Phase 3 / )canning
Phase $ 4 5aining -ccess
Phase 6 4 Maintaining -ccess
Phase 7 4 Co'ering (racks
(ypes of -ttacks on a )ystem
o +perating )ystem -ttacks
o -pplication/8e'el -ttacks
o )hrink 1rap Code -ttacks
o Misconfiguration -ttacks
1hy Ethical Hacking is .ecessary2
%efense in %epth
)cope and 8imitations of Ethical Hacking
1hat %o Ethical Hackers %o2
)kills of an Ethical Hacker
9ulnerability #esearch
9ulnerability #esearch 1ebsites
1hat is Penetration (esting2
1hy Penetration (esting2
Penetration (esting Methodology
Module 03! *ootprinting and #econnaissance
*ootprinting (erminologies
1hat is *ootprinting2
+b:ecti'es of *ootprinting
*ootprinting (hreats
*inding a Company;s 0#8
8ocate "nternal 0#8s
Public and #estricted 1ebsites
)earch for Company;s "nformation
o (ools to E<tract Company;s %ata
*ootprinting (hrough )earch Engines
Collect 8ocation "nformation
o )atellite Picture of a #esidence
People )earch
o People )earch 0sing http!==pipl.com
o People )earch +nline )er'ices
o People )earch on )ocial .etworking )er'ices
5ather "nformation from *inancial )er'ices
*ootprinting (hrough >ob )ites
Monitoring (arget 0sing -lerts
Competiti'e "ntelligence 5athering
o Competiti'e "ntelligence/1hen %id this Company &egin2 How %id it
%e'elop2
o Competiti'e "ntelligence/1hat are the Company;s Plans2
o Competiti'e "ntelligence/1hat E<pert +pinion )ay -bout the
Company2
o Competiti'e "ntelligence (ools
o Competiti'e "ntelligence Consulting Companies
1H+") 8ookup
o 1H+") 8ookup #esult -nalysis
o 1H+") 8ookup (ools! )mart1hois
o 1H+") 8ookup (ools
o 1H+") 8ookup +nline (ools
E<tracting %.) "nformation
o %.) "nterrogation (ools
o %.) "nterrogation +nline (ools
8ocate the .etwork #ange
(raceroute
o (raceroute -nalysis
o (raceroute (ool! $% (raceroute
o (raceroute (ool! 8oriotPro
o (raceroute (ool! Path -naly,er Pro
o (raceroute (ools
Mirroring Entire 1ebsite
o 1ebsite Mirroring (ools
o Mirroring Entire 1ebsite (ools
E<tract 1ebsite "nformation from http!==www.archi'e.org
Monitoring 1eb 0pdates 0sing 1ebsite 1atcher
(racking Email Communications
o Email (racking (ools
*ootprint 0sing 5oogle Hacking (echniques
1hat a Hacker Can %o 1ith 5oogle Hacking2
5oogle -d'ance )earch +perators
o *inding #esources using 5oogle -d'ance +perator
5oogle Hacking (ool! 5oogle Hacking %atabase ?5H%&@
5oogle Hacking (ools
-dditional *ootprinting (ools
*ootprinting Countermeasures
*ootprinting Pen (esting
Module 0$! )canning .etworks
.etwork )canning
(ypes of )canning
Checking for 8i'e )ystems / "CMP )canning
Ping )weep
o Ping )weep (ool
(hree/1ay Handshake
(CP Communication *lags
o Create Custom Packet using (CP *lags
Hping3 = Hping$
Hping Commands
)canning (echniques
o (CP Connect = *ull +pen )can
o )tealth )can ?Half/open )can@
o Amas )can
o *". )can
o .088 )can
o "%8E )can
"%8E )can! )tep
"%8E )can! )tep 3. ?+pen Port@
"%8E )can! )tep 3.3 ?Closed Port@
"%8E )can! )tep $
o "CMP Echo )canning=8ist )can
o )B.=*". )canning 0sing "P *ragments
o 0%P )canning
o "n'erse (CP *lag )canning
o -CC *lag )canning
)canning! "%) E'asion (echniques
"P *ragmentation (ools
)canning (ool! .map
)canning (ool! .et)can (ools Pro
)canning (ools
%o .ot )can (hese "P -ddresses ?0nless you want to get into trouble@
)canning Countermeasures
1ar %ialing
1hy 1ar %ialing2
1ar %ialing (ools
1ar %ialing Countermeasures
o 1ar %ialing Countermeasures! )and(rap (ool
+) *ingerprinting
o -cti'e &anner 5rabbing 0sing (elnet
&anner 5rabbing (ool! "% )er'e
5E( #ED0E)()
&anner 5rabbing (ool! .etcraft
&anner 5rabbing (ools
&anner 5rabbing Countermeasures! %isabling or Changing &anner
Hiding *ile E<tensions
Hiding *ile E<tensions from 1ebpages
9ulnerability )canning
o 9ulnerability )canning (ool! .essus
o 9ulnerability )canning (ool! )-".(
o 9ulnerability )canning (ool! 5*" 8-.5uard
.etwork 9ulnerability )canners
8-.sur'eyor
.etwork Mappers
Pro<y )er'ers
1hy -ttackers 0se Pro<y )er'ers2
0se of Pro<ies for -ttack
How %oes MultiPro<y 1ork2
*ree Pro<y )er'ers
Pro<y 1orkbench
Pro<ifier (ool! Create Chain of Pro<y )er'ers
)ocksChain
(+# ?(he +nion #outing@
(+# Pro<y Chaining )oftware
H((P (unneling (echniques
1hy do " .eed H((P (unneling2
)uper .etwork (unnel (ool
Httptunnel for 1indows
-dditional H((P (unneling (ools
))H (unneling
))8 Pro<y (ool
How to #un ))8 Pro<y2
Pro<y (ools
-nonymi,ers
(ypes of -nonymi,ers
Case! &loggers 1rite (e<t &ackwards to &ypass 1eb *ilters in China
(e<t Con'ersion to -'oid *ilters
Censorship Circum'ention (ool! Psiphon
How Psiphon 1orks2
How to Check if Bour 1ebsite is &locked in China or .ot2
5/Eapper
-nonymi,er (ools
)poofing "P -ddress
"P )poofing %etection (echniques! %irect ((8 Probes
"P )poofing %etection (echniques! "P "dentification .umber
"P )poofing %etection (echniques! (CP *low Control Method
"P )poofing Countermeasures
)canning Pen (esting
Module 06! Enumeration
1hat is Enumeration2
(echniques for Enumeration
.etbios Enumeration
o .et&"+) Enumeration (ool! )uper)can
o .et&"+) Enumeration (ool! .et&"+) Enumerator
Enumerating 0ser -ccounts
Enumerate )ystems 0sing %efault Passwords
).MP ?)imple .etwork Management Protocol@ Enumeration
o Management "nformation &ase ?M"&@
o ).MP Enumeration (ool! +p0tils .etwork Monitoring (oolset
o ).MP Enumeration (ool! )olar1inds
o ).MP Enumeration (ools
0."A=8inu< Enumeration
o 8inu< Enumeration (ool! Enum6linu<
8%-P Enumeration
o 8%-P Enumeration (ool! >Aplorer
o 8%-P Enumeration (ool
.(P Enumeration
o .(P )er'er %isco'ery (ool! .(P )er'er )canner
o .(P )er'er! Presen(ense (ime )er'er
o .(P Enumeration (ools
)M(P Enumeration
o )M(P Enumeration (ool! .et)can(ools Pro
%.) Eone (ransfer Enumeration 0sing nslookup
o %.) -naly,ing and Enumeration (ool! (he Men F Mice )uite
Enumeration Countermeasures
o )M& Enumeration Countermeasures
Enumeration Pen (esting
Module 07! )ystem Hacking
"nformation at Hand &efore )ystem Hacking )tage
)ystem Hacking! 5oals
CEH Hacking Methodology ?CHM@
Password Cracking
o Password Comple<ity
o Password Cracking (echniques
o (ypes of Password -ttacks
Passi'e +nline -ttacks! 1ire )niffing
Password )niffing
Passi'e +nline -ttack! Man/in/the/Middle and #eplay -ttack
-cti'e +nline -ttack! Password 5uessing
-cti'e +nline -ttack! (ro:an=)pyware=Ceylogger
-cti'e +nline -ttack! Hash "n:ection -ttack
#ainbow -ttacks! Pre/Computed Hash
%istributed .etwork -ttack
Elcomsoft %istributed Password #eco'ery
.on/Electronic -ttacks
%efault Passwords
Manual Password Cracking ?5uessing@
-utomatic Password Cracking -lgorithm
)tealing Passwords 0sing 0)& %ri'e
Microsoft -uthentication
How Hash Passwords are )tored in 1indows )-M2
1hat is 8-. Manager Hash2
o 8M GHashH 5eneration
o 8M, .(8M', and .(8M'3
o .(8M -uthentication Process
Cerberos -uthentication
)alting
P1dumpI and *gdump
80phtCrack
+phcrack
Cain F -bel
#ainbowCrack
Password Cracking (ools
8M Hash &ackward Compatibility
o How to %isable 8M H-)H2
How to %efend against Password Cracking2
o "mplement and Enforce )trong )ecurity Policy
Pri'ilege Escalation
o Escalation of Pri'ileges
-cti'eJ Password Changer
Pri'ilege Escalation (ools
How to %efend against Pri'ilege Escalation2
E<ecuting -pplications
-lchemy #emote E<ecutor
#emoteE<ec
E<ecute (hisK
Ceylogger
(ypes of Ceystroke 8oggers
-coustic=C-M Ceylogger
o Ceylogger! -d'anced Ceylogger
o Ceylogger! )pytech )py-gent
o Ceylogger! Perfect Ceylogger
o Ceylogger! Powered Ceylogger
o Ceylogger for Mac! -obo Mac +) A Cey8ogger
o Ceylogger for Mac! Perfect Ceylogger for Mac
o Hardware Ceylogger! Cey5host
Ceyloggers
)pyware
1hat %oes the )pyware %o2
(ypes of )pywares
o %esktop )pyware
o %esktop )pyware! -cti'ity Monitor
Email and "nternet )pyware
o Email and "nternet )pyware! e&8-)(E#
"nternet and E/mail )pyware
Child Monitoring )pyware
o Child Monitoring )pyware! -d'anced Parental Control
0)& )pyware
o 0)& )pyware! 0)&%umper
-udio )pyware
o -udio )pyware! #obo.anny, )tealth #ecorder Pro and )py 9oice
#ecorder
9ideo )pyware
o 9ideo )pyware! .et 9ideo )py
Print )pyware
o Print )pyware! Printer -cti'ity Monitor
(elephone=Cellphone )pyware
Cellphone )pyware! Mobile )py
5P) )pyware
o 5P) )pyware! 5P) (rackMaker
How to %efend against Ceyloggers2
o -nti/Ceylogger
o -nti/Ceylogger! Eemana -nti8ogger
o -nti/Ceyloggers
How to %efend against )pyware2
o -nti/)pyware! )pyware %octor
#ootkits
(ypes of #ootkits
How #ootkit 1orks2
#ootkit! *u
%etecting #ootkits
o -nti/)pyware! )pyware %octor
reser'ation only
o How to %efend against #ootkits2
o -nti/#ootkit! #ootkit#e'ealer and Mc-fee #ootkit %etecti'e
o .(*) %ata )tream
How to Create .(*) )treams2
.(*) )tream Manipulation
How to %efend against .(*) )treams2
.(*) )tream %etector! -%) )can Engine
.(*) )tream %etectors
o 1hat is )teganography2
)teganography (echniques
How )teganography 1orks2
o (ypes of )teganography
1hitespace )teganography (ool! ).+1
o "mage )teganography
"mage )teganography! Hermetic )tego
"mage )teganography (ools
o %ocument )teganography! wb)tego
%ocument )teganography (ools
o 9ideo )teganography! +ur )ecret
9ideo )teganography (ools
o -udio )teganography! Mp$steg,
-udio )teganography (ools
o *older )teganography! "n'isible )ecrets 6
*older )teganography (ools
o )pam=Email )teganography! )pam Mimic
o .atural (e<t )teganography! )ams &ig 5 Play Maker
o )teganalysis
)teganalysis Methods=-ttacks on )teganography
o )teganography %etection (ool! )tegdetect
)teganography %etection (ools
o 1hy Co'er (racks2
Co'ering (racks
o 1ays to Clear +nline (racks
o %isabling -uditing! -uditpol
o Co'ering (racks (ool! 1indow 1asher
o Co'ering (racks (ool! (racks Eraser Pro
(rack Co'ering (ools
o )ystem Hacking Penetration (esting
Module 0L! (ro:ans and &ackdoors
1hat is a (ro:an2
+'ert and Co'ert Channels
Purpose of (ro:ans
1hat %o (ro:an Creators 8ook *or2
"ndications of a (ro:an -ttack
Common Ports used by (ro:ans
How to "nfect )ystems 0sing a (ro:an2
1rappers
o 1rapper Co'ert Programs
%ifferent 1ays a (ro:an can 5et into a )ystem
How to %eploy a (ro:an2
E'ading -nti/9irus (echniques
(ypes of (ro:ans
Command )hell (ro:ans
o Command )hell (ro:an! .etcat
50" (ro:an! Mo)ucker
o 50" (ro:an! >umper and &iodo<
%ocument (ro:ans
E/mail (ro:ans
o E/mail (ro:ans! #emote&yMail
%efacement (ro:ans
o %efacement (ro:ans! #estorator
&otnet (ro:ans
o &otnet (ro:an! "llusion &ot
o &otnet (ro:an! .et&ot -ttacker
Pro<y )er'er (ro:ans
o Pro<y )er'er (ro:an! 1$bPr+<y (r0:6nCr$6t0r ?*unny .ame@
*(P (ro:ans
o *(P (ro:an! (iny*(P%
9.C (ro:ans
H((P=H((P) (ro:ans
o H((P (ro:an! H((P #-(
)httpd (ro:an / H((P) ?))8@
"CMP (unneling
o "CMP (ro:an! icmpsend
#emote -ccess (ro:ans
o #emote -ccess (ro:an! #-( %arkComet
o #emote -ccess (ro:an! -pocalypse
Co'ert Channel (ro:an! CC((
E/banking (ro:ans
&anking (ro:an -nalysis
o E/banking (ro:an! Eeu)
%estructi'e (ro:ans
.otification (ro:ans
Credit Card (ro:ans
%ata Hiding (ro:ans ?Encrypted (ro:ans@
&lack&erry (ro:an! Phone)noop
M-C +) A (ro:an! %.)Changer
M-C +) A (ro:an! %.)Changer
Mac +) A (ro:an! Hell #aiser
How to %etect (ro:ans2
o )canning for )uspicious Ports
o Port Monitoring (ool! "ce)word
o Port Monitoring (ools! CurrPorts and (CP9iew
o )canning for )uspicious Processes
Process Monitoring (ool! 1hat;s #unning
o Process Monitoring (ools
)canning for )uspicious #egistry Entries
#egistry Entry Monitoring (ools
)canning for )uspicious %e'ice %ri'ers
o %e'ice %ri'ers Monitoring (ools! %ri'er9iew
o %e'ice %ri'ers Monitoring (ools
)canning for )uspicious 1indows )er'ices
o 1indows )er'ices Monitoring (ools! 1indows )er'ice Manager
?)r'Man@
o 1indows )er'ices Monitoring (ools
)canning for )uspicious )tartup Programs
o 1indowsI )tartup #egistry Entries
o )tartup Programs Monitoring (ools! )tarter
o )tartup Programs Monitoring (ools! )ecurity -uto#un
o )tartup Programs Monitoring (ools
)canning for )uspicious *iles and *olders
o *iles and *older "ntegrity Checker! *ast)um and 1inM%7
o *iles and *older "ntegrity Checker
)canning for )uspicious .etwork -cti'ities
o %etecting (ro:ans and 1orms with Capsa .etwork -naly,er
(ro:an Countermeasures
&ackdoor Countermeasures
(ro:an Horse Construction Cit
-nti/(ro:an )oftware! (ro:anHunter
-nti/(ro:an )oftware! Emsisoft -nti/Malware
-nti/(ro:an )oftwares
Pen (esting for (ro:ans and &ackdoors
Module 0I! 9iruses and 1orms
"ntroduction to 9iruses
9irus and 1orm )tatistics 300
)tages of 9irus 8ife
1orking of 9iruses! "nfection Phase
1orking of 9iruses! -ttack Phase
1hy %o People Create Computer 9iruses2
"ndications of 9irus -ttack
How does a Computer get "nfected by 9iruses2
9irus Hoa<es
9irus -nalysis!
o 1$3=)ality --
o 1$3=(oal/-
o 1$3=9irut
o Cle,
(ypes of 9iruses
o )ystem or &oot )ector 9iruses
o *ile and Multipartite 9iruses
o Macro 9iruses
o Cluster 9iruses
o )tealth=(unneling 9iruses
o Encryption 9iruses
o Polymorphic Code
o Metamorphic 9iruses
o *ile +'erwriting or Ca'ity 9iruses
o )parse "nfector 9iruses
o Companion=Camouflage 9iruses
o )hell 9iruses
o *ile E<tension 9iruses
o -dd/on and "ntrusi'e 9iruses
(ransient and (erminate and )tay #esident 9iruses
1riting a )imple 9irus Program
o (erabit 9irus Maker
o >P) 9irus Maker
o %E8mE;s &atch 9irus Maker
Computer 1orms
How is a 1orm %ifferent from a 9irus2
E<ample of 1orm "nfection! Conficker 1orm
o 1hat does the Conficker 1orm do2
o How does the Conficker 1orm 1ork2
1orm -nalysis!
o 1$3=.etsky
o 1$3=&agle.5E
1orm Maker! "nternet 1orm Maker (hing
1hat is )heep %ip Computer2
-nti/9irus )ensors )ystems
Malware -nalysis Procedure
)tring E<tracting (ool! &inte<t
Compression and %ecompression (ool! 0PA
Process Monitoring (ools! Process Monitor
8og Packet Content Monitoring (ools! .et#esident
%ebugging (ool! +llydbg
9irus -nalysis (ool! "%- Pro
+nline Malware (esting!
o )unbelt C1)andbo<
o 9irus(otal
+nline Malware -nalysis )er'ices
9irus %etection Methods
9irus and 1orms Countermeasures
Companion -nti'irus! "mmunet Protect
-nti/'irus (ools
Penetration (esting for 9irus
Module 0M! )niffing
8awful"ntercept
o &enefits of 8awful "ntercept
o .etwork Components 0sed for 8awful "ntercept
1iretapping
)niffing (hreats
How a )niffer 1orks2
Hacker -ttacking a )witch
(ypes of )niffing! Passi'e )niffing
(ypes of )niffing! -cti'e )niffing
Protocols 9ulnerable to )niffing
(ie to %ata 8ink 8ayer in +)" Model
Hardware Protocol -naly,ers
)P-. Port
M-C *looding
o M-C -ddress=C-M (able
o How C-M 1orks2
o 1hat Happens 1hen C-M (able is *ull2
o Mac *looding )witches with macof
o M-C *looding (ool! Bersinia
o How to %efend against M-C -ttacks2
How %HCP 1orks2
o %HCP #equest=#eply Messages
o "P'6 %HCP Packet *ormat
o %HCP )tar'ation -ttack
o #ogue %HCP )er'er -ttack
o %HCP )tar'ation -ttack (ool! 5obbler
o How to %efend -gainst %HCP )tar'ation and #ogue )er'er -ttack2
1hat is -ddress #esolution Protocol ?-#P@2
o -#P )poofing -ttack
o How %oes -#P )poofing 1ork2
o (hreats of -#P Poisoning
o -#P Poisoning (ool! Cain and -bel
o -#P Poisoning (ool! 1in-rp-ttacker
o -#P Poisoning (ool! 0fasoft )nif
o How to %efend -gainst -#P Poisoning2 0se %HCP )nooping
&inding (able and %ynamic -#P "nspection
Configuring %HCP )nooping and %ynamic -#P "nspection on Cisco
)witches
M-C )poofing=%uplicating
o )poofing -ttack (hreats
o M-C )poofing (ool! )M-C
o How to %efend -gainst M-C )poofing2 0se %HCP )nooping
&inding (able, %ynamic -#P "nspection and "P )ource 5uard
%.) Poisoning (echniques
o "ntranet %.) )poofing
o "nternet %.) )poofing
o Pro<y )er'er %.) Poisoning
o %.) Cache Poisoning
o How to %efend -gainst %.) )poofing2
)niffing (ool! 1ireshark
o *ollow (CP )tream in 1ireshark
o %isplay *ilters in 1ireshark
o -dditional 1ireshark *ilters
)niffing (ool! C-CE Pilot
)niffing (ool! (cpdump=1indump
%isco'ery (ool! .etwork9iew
%isco'ery (ool! (he %ude )niffer
Password )niffing (ool! -ce
Packet )niffing (ool! Capsa .etwork -naly,er
+mniPeek .etwork -naly,er
.etwork Packet -naly,er! +bser'er
)ession Capture )niffer! .et1itness
Email Message )niffer! &ig/Mother
(CP="P Packet Crafter! Packet &uilder
-dditional )niffing (ools
How an -ttacker Hacks the .etwork 0sing )niffers2
How to %efend -gainst )niffing2
)niffing Pre'ention (echniques
How to %etect )niffing2
Promiscuous %etection (ool! Promqry0"
Promiscuous %etection (ool! Promi)can
Module 0N! )ocial Engineering
1hat is )ocial Engineering2
&eha'iors 9ulnerable to -ttacks
o *actors that Make Companies 9ulnerable to -ttacks
1hy is )ocial Engineering Effecti'e2
1arning )igns of an -ttack
Phases in a )ocial Engineering -ttack
"mpact on the +rgani,ation
Command "n:ection -ttacks
Common (argets of )ocial Engineering
o Common (argets of )ocial Engineering! +ffice 1orkers
(ypes of )ocial Engineering
o Human/&ased )ocial Engineering
o (echnical )upport E<ample
o -uthority )upport E<ample
o Human/based )ocial Engineering! %umpster %i'ing
Computer/&ased )ocial Engineering
o Computer/&ased )ocial Engineering! Pop/0ps
o Computer/&ased )ocial Engineering! Phishing
)ocial Engineering 0sing )M)
)ocial Engineering by a G*ake )M) )pying (oolH
"nsider -ttack
o %isgruntled Employee
o Pre'enting "nsider (hreats
Common "ntrusion (actics and )trategies for Pre'ention
)ocial Engineering (hrough "mpersonation on )ocial .etworking )ites
o )ocial Engineering E<ample! 8inked"n Profile
o )ocial Engineering on *acebook
o )ocial Engineering on (witter
o )ocial Engineering on +rkut
o )ocial Engineering on My)pace
#isks of )ocial .etworking to Corporate .etworks
"dentity (heft )tatistics 300
o "dentify (heft
o How to )teal an "dentity2
o )(EP
o )(EP 3
o )(EP $
#eal )te'en 5ets Huge Credit Card )tatement
"dentity (heft / )erious Problem
)ocial Engineering Countermeasures! Policies
o )ocial Engineering Countermeasures
How to %etect Phishing Emails2
o -nti/Phishing (oolbar! .etcraft
o -nti/Phishing (oolbar! Phish(ank
"dentity (heft Countermeasures
)ocial Engineering Pen (esting
o )ocial Engineering Pen (esting! 0sing Emails
o )ocial Engineering Pen (esting! 0sing Phone
o )ocial Engineering Pen (esting! "n Person
Module 0! %enial of )er'ice
1hat is a %enial of )er'ice -ttack2
1hat is %istributed %enial of )er'ice -ttacks2
o How %istributed %enial of )er'ice -ttacks 1ork2
)ymptoms of a %o) -ttack
Cyber Criminals
o +rgani,ed Cyber Crime! +rgani,ational Chart
"nternet Chat Duery ?"CD@
"nternet #elay Chat ?"#C@
%o) -ttack (echniques
o &andwidth -ttacks
o )er'ice #equest *loods
o )B. -ttack
o )B. *looding
o "CMP *lood -ttack
o Peer/to/Peer -ttacks
o Permanent %enial/of/)er'ice -ttack
o -pplication 8e'el *lood -ttacks
&otnet
o &otnet Propagation (echnique
o &otnet Ecosystem
o &otnet (ro:an! )hark
o Poison "'y! &otnet Command Control Center
o &otnet (ro:an! Plug&ot
1iki8eak +peration Payback
o %%o) -ttack
o %%o) -ttack (ool! 8+"C
o %enial of )er'ice -ttack -gainst MasterCard, 9isa, and )wiss &anks
o Hackers -d'ertise 8inks to %ownload &otnet
%o) -ttack (ools
%etection (echniques
o -cti'ity Profiling
o 1a'elet -nalysis
o )equential Change/Point %etection
%o)=%%o) Countermeasure )trategies
%%o) -ttack Countermeasures
o %o)=%%o) Countermeasures! Protect )econdary 9ictims
o %o)=%%o) Countermeasures! %etect and .eutrali,e Handlers
o %o)=%%o) Countermeasures! %etect Potential -ttacks
o %o)=%%o) Countermeasures! %eflect -ttacks
o %o)=%%o) Countermeasures! Mitigate -ttacks
Post/attack *orensics
(echniques to %efend against &otnets
%o)=%%o) Countermeasures
%o)=%%o) Protection at ")P 8e'el
Enabling (CP "ntercept on Cisco "+) )oftware
-d'anced %%o) Protection! "ntelli5uard %%o) Protection )ystem ?%P)@
%o)=%%o) Protection (ool
%enial of )er'ice ?%o)@ -ttack Penetration (esting
Module ! )ession Hi:acking
1hat is )ession Hi:acking2
%angers Posed by Hi:acking
1hy )ession Hi:acking is )uccessful2
Cey )ession Hi:acking (echniques
&rute *orcing
o &rute *orcing -ttack
H((P #eferrer -ttack
)poofing 's. Hi:acking
)ession Hi:acking Process
Packet -nalysis of a 8ocal )ession Hi:ack
(ypes of )ession Hi:acking
o )ession Hi:acking in +)" Model
o -pplication 8e'el )ession Hi:acking
o )ession )niffing
Predictable )ession (oken
o How to Predict a )ession (oken2
Man/in/the/Middle -ttack
Man/in/the/&rowser -ttack
o )teps to Perform Man/in/the/&rowser -ttack
Client/side -ttacks
Cross/site )cript -ttack
)ession *i<ation
o )ession *i<ation -ttack
.etwork 8e'el )ession Hi:acking
(he $/1ay Handshake
)equence .umbers
o )equence .umber Prediction
(CP="P Hi:acking
"P )poofing! )ource #outed Packets
#)( Hi:acking
&lind Hi:acking
Man/in/the/Middle -ttack using Packet )niffer
0%P Hi:acking
)ession Hi:acking (ools
o Paros
o &urp )uite
o *iresheep
Countermeasures
Protecting against )ession Hi:acking
Methods to Pre'ent )ession Hi:acking! (o be *ollowed by 1eb %e'elopers
Methods to Pre'ent )ession Hi:acking! (o be *ollowed by 1eb 0sers
%efending against )ession Hi:ack -ttacks
)ession Hi:acking #emediation
"P)ec
o Modes of "P)ec
o "P)ec -rchitecture
o "P)ec -uthentication and Confidentiality
o Components of "P)ec
o "P)ec "mplementation
)ession Hi:acking Pen (esting
Module 3! Hacking 1ebser'ers
1ebser'er Market )hares
+pen )ource 1ebser'er -rchitecture
"") 1ebser'er -rchitecture
1ebsite %efacement
Case )tudy
1hy 1eb )er'ers are Compromised2
"mpact of 1ebser'er -ttacks
1ebser'er Misconfiguration
o E<ample
%irectory (ra'ersal -ttacks
H((P #esponse )plitting -ttack
1eb Cache Poisoning -ttack
H((P #esponse Hi:acking
))H &ruteforce -ttack
Man/in/the/Middle -ttack
1ebser'er Password Cracking
o 1ebser'er Password Cracking (echniques
1eb -pplication -ttacks
1ebser'er -ttack Methodology
o "nformation 5athering
o 1ebser'er *ootprinting
1ebser'er *ootprinting (ools
Mirroring a 1ebsite
9ulnerability )canning
)ession Hi:acking
Hacking 1eb Passwords
1ebser'er -ttack (ools
o Metasploit
Metasploit -rchitecture
Metasploit E<ploit Module
Metasploit Payload Module
Metasploit -u<iliary Module
Metasploit .+P) Module
1fetch
1eb Password Cracking (ool
o &rutus
o (HC/Hydra
Countermeasures
o Patches and 0pdates
o Protocols
o -ccounts
o *iles and %irectories
How to %efend -gainst 1eb )er'er -ttacks2
How to %efend against H((P #esponse )plitting and 1eb Cache
Poisoning2
Patches and Hotfi<es
1hat is Patch Management2
"dentifying -ppropriate )ources for 0pdates and Patches
"nstallation of a Patch
Patch Management (ool! Microsoft &aseline )ecurity -naly,er ?M&)-@
o Patch Management (ools
1eb -pplication )ecurity )canner! )andcat
1eb )er'er )ecurity )canner! 1ikto
1ebser'er Malware "nfection Monitoring (ool! Hack-lert
1ebser'er )ecurity (ools
1eb )er'er Penetration (esting
Module $! Hacking 1eb -pplications
1eb -pplication )ecurity )tatistics
"ntroduction to 1eb -pplications
1eb -pplication Components
How 1eb -pplications 1ork2
1eb -pplication -rchitecture
1eb 3.0 -pplications
9ulnerability )tack
1eb -ttack 9ectors
1eb -pplication (hreats /
1eb -pplication (hreats / 3
0n'alidated "nput
Parameter=*orm (ampering
%irectory (ra'ersal
)ecurity Misconfiguration
"n:ection *laws
o )D8 "n:ection -ttacks
o Command "n:ection -ttacks
o Command "n:ection E<ample
o *ile "n:ection -ttack
1hat is 8%-P "n:ection2
How 8%-P "n:ection 1orks2
Hidden *ield Manipulation -ttack
Cross/)ite )cripting ?A))@ -ttacks
o How A)) -ttacks 1ork2
o Cross/)ite )cripting -ttack )cenario! -ttack 'ia Email
o A)) E<ample! -ttack 'ia Email
o A)) E<ample! )tealing 0sers; Cookies
o A)) E<ample! )ending an 0nauthori,ed #equest
o A)) -ttack in &log Posting
o A)) -ttack in Comment *ield
o A)) Cheat )heet
o Cross/)ite #equest *orgery ?C)#*@ -ttack
o How C)#* -ttacks 1ork2
1eb -pplication %enial/of/)er'ice ?%o)@ -ttack
o %enial of )er'ice ?%o)@ E<amples
&uffer +'erflow -ttacks
Cookie=)ession Poisoning
o How Cookie Poisoning 1orks2
)ession *i<ation -ttack
"nsufficient (ransport 8ayer Protection
"mproper Error Handling
"nsecure Cryptographic )torage
&roken -uthentication and )ession Management
0n'alidated #edirects and *orwards
1eb )er'ices -rchitecture
o 1eb )er'ices -ttack
o 1eb )er'ices *ootprinting -ttack
o 1eb )er'ices AM8 Poisoning
*ootprint 1eb "nfrastructure
o *ootprint 1eb "nfrastructure! )er'er %isco'ery
o *ootprint 1eb "nfrastructure! )er'er "dentification=&anner 5rabbing
o *ootprint 1eb "nfrastructure! Hidden Content %isco'ery
1eb )pidering 0sing &urp )uite
Hacking 1eb )er'ers
o 1eb )er'er Hacking (ool! 1eb"nspect
-naly,e 1eb -pplications
o -naly,e 1eb -pplications! "dentify Entry Points for 0ser "nput
o -naly,e 1eb -pplications! "dentify )er'er/)ide (echnologies
o -naly,e 1eb -pplications! "dentify )er'er/)ide *unctionality
o -naly,e 1eb -pplications! Map the -ttack )urface
-ttack -uthentication Mechanism
0sername Enumeration
Password -ttacks! Password *unctionality E<ploits
Password -ttacks! Password 5uessing
Password -ttacks! &rute/forcing
)ession -ttacks! )ession "% Prediction= &rute/forcing
Cookie E<ploitation! Cookie Poisoning
-uthori,ation -ttack
o H((P #equest (ampering
o -uthori,ation -ttack! Cookie Parameter (ampering
)ession Management -ttack
o -ttacking )ession (oken 5eneration Mechanism
o -ttacking )ession (okens Handling Mechanism! )ession (oken
)niffing
"n:ection -ttacks
-ttack %ata Connecti'ity
o Connection )tring "n:ection
o Connection )tring Parameter Pollution ?C)PP@ -ttacks
o Connection Pool %o)
-ttack 1eb -pp Client
-ttack 1eb )er'ices
1eb )er'ices Probing -ttacks
o 1eb )er'ice -ttacks! )+-P "n:ection
o 1eb )er'ice -ttacks! AM8 "n:ection
o 1eb )er'ices Parsing -ttacks
1eb )er'ice -ttack (ool! soap0"
1eb )er'ice -ttack (ool! AM8)py
1eb -pplication Hacking (ool! &urp )uite Professional
1eb -pplication Hacking (ools! Cookie%igger
1eb -pplication Hacking (ools! 1eb)carab
o 1eb -pplication Hacking (ools
Encoding )chemes
o How to %efend -gainst )D8 "n:ection -ttacks2
o How to %efend -gainst Command "n:ection *laws2
o How to %efend -gainst A)) -ttacks2
o How to %efend -gainst %o) -ttack2
o How to %efend -gainst 1eb )er'ices -ttack2
1eb -pplication Countermeasures
o How to %efend -gainst 1eb -pplication -ttacks2
o 1eb -pplication )ecurity (ool! -cuneti< 1eb 9ulnerability )canner
o 1eb -pplication )ecurity (ool! *alco'e 1eb 9ulnerability )canner
o 1eb -pplication )ecurity )canner! .etsparker
o 1eb -pplication )ecurity (ool! ./)talker 1eb -pplication )ecurity
)canner
o 1eb -pplication )ecurity (ools
1eb -pplication *irewall! dot%efender
1eb -pplication *irewall! "&M -pp)can
1eb -pplication *irewall! )er'er%efender 9P
o 1eb -pplication *irewall
1eb -pplication Pen (esting
o "nformation 5athering
o Configuration Management (esting
o -uthentication (esting
o )ession Management (esting
o -uthori,ation (esting
o %ata 9alidation (esting
o %enial of )er'ice (esting
o 1eb )er'ices (esting
o ->-A (esting
Module 6! )D8 "n:ection
)D8 "n:ection is the Most Pre'alent 9ulnerability in 300
)D8 "n:ection (hreats
1hat is )D8 "n:ection2
)D8 "n:ection -ttacks
How 1eb -pplications 1ork2
)er'er )ide (echnologies
H((P Post #equest
o E<ample! .ormal )D8 Duery
o E<ample! )D8 "n:ection Duery
o E<ample! Code -nalysis
o E<ample3! &adProduct8ist.asp<
o E<ample3! -ttack -nalysis
o E<ample$! 0pdating (able
o E<ample6! -dding .ew #ecords
o E<ample7! "dentifying the (able .ame
o E<ampleL! %eleting a (able
)D8 "n:ection %etection
o )D8 "n:ection Error Messages
o )D8 "n:ection -ttack Characters
o -dditional Methods to %etect )D8 "n:ection
)D8 "n:ection &lack &o< Pen (esting
o (esting for )D8 "n:ection
(ypes of )D8 "n:ection
o )imple )D8 "n:ection -ttack
o 0nion )D8 "n:ection E<ample
o )D8 "n:ection Error &ased
1hat is &lind )D8 "n:ection2
o .o Error Messages #eturned
o &lind )D8 "n:ection! 1-"(*+# %E8-B BE) or .+ #esponse
o &lind )D8 "n:ection 4 E<ploitation ?My)D8@
o &lind )D8 "n:ection / E<tract %atabase 0ser
o &lind )D8 "n:ection / E<tract %atabase .ame
o &lind )D8 "n:ection / E<tract Column .ame
o &lind )D8 "n:ection / E<tract %ata from #+1)
)D8 "n:ection Methodology
"nformation 5athering
o E<tracting "nformation through Error Messages
o 0nderstanding )D8 Duery
o &ypass 1ebsite 8ogins 0sing )D8 "n:ection
%atabase, (able, and Column Enumeration
o -d'anced Enumeration
*eatures of %ifferent %&M)s
o Creating %atabase -ccounts
Password 5rabbing
o 5rabbing )D8 )er'er Hashes
o E<tracting )D8 Hashes ?"n a )ingle )tatement@
(ransfer %atabase to -ttackerOs Machine
"nteracting with the +perating )ystem
"nteracting with the *ile)ystem
.etwork #econnaissance *ull Duery
)D8 "n:ection (ools
o )D8 "n:ection (ools! &)D8Hacker
o )D8 "n:ection (ools! Marathon (ool
o )D8 "n:ection (ools! )D8 Power "n:ector
o )D8 "n:ection (ools! Ha'i:
E'ading "%)
o (ypes of )ignature E'asion (echniques
o E'asion (echnique! )ophisticated Matches
o E'asion (echnique! He< Encoding
o E'asion (echnique! Manipulating 1hite )paces
o E'asion (echnique! "n/line Comment
o E'asion (echnique! Char Encoding
o E'asion (echnique! )tring Concatenation
o E'asion (echnique! +bfuscated Codes
How to %efend -gainst )D8 "n:ection -ttacks2
o How to %efend -gainst )D8 "n:ection -ttacks! 0se (ype/)afe )D8
Parameters
)D8 "n:ection %etection (ools
o )D8 "n:ection %etection (ool! Microsoft )ource Code -naly,er
o )D8 "n:ection %etection (ool! Microsoft 0rl)can
o )D8 "n:ection %etection (ool! dot%efender
o )D8 "n:ection %etection (ool! "&M -pp)can
)nort #ule to %etect )D8 "n:ection -ttacks
Module 7! Hacking 1ireless .etworks
1ireless .etworks
1i/*i 0sage )tatistics in the 0)
1i/*i Hotspots at Public Places
1i/*i .etworks at Home
(ypes of 1ireless .etworks
1ireless )tandards
)er'ice )et "dentifier ?))"%@
1i/*i -uthentication Modes
o 1i/*i -uthentication Process 0sing a Centrali,ed -uthentication
)er'er
o 1i/*i -uthentication Process
1ireless (erminologies
1i/*i Chalking
o 1i/*i Chalking )ymbols
1i/*i Hotspot *inder! :iwire.com
1i/*i Hotspot *inder! 1e*i.com
(ypes of 1ireless -ntenna
Parabolic 5rid -ntenna
(ypes of 1ireless Encryption
1EP Encryption
o How 1EP 1orks2
1hat is 1P-2
o How 1P- 1orks2
(emporal Ceys
1hat is 1P-32
o How 1P-3 1orks2
1EP 's. 1P- 's. 1P-3
1EP "ssues
1eak "nitiali,ation 9ectors ?"9@
How to &reak 1EP Encryption2
How to &reak 1P-=1P-3 Encryption2
How to %efend -gainst 1P- Cracking2
1ireless (hreats! -ccess Control -ttacks
1ireless (hreats! "ntegrity -ttacks
1ireless (hreats! Confidentiality -ttacks
1ireless (hreats! -'ailability -ttacks
1ireless (hreats! -uthentication -ttacks
#ogue -ccess Point -ttack
Client Mis/association
Misconfigured -ccess Point -ttack
0nauthori,ed -ssociation
-d Hoc Connection -ttack
Honey)pot -ccess Point -ttack
-P M-C )poofing
%enial/of/)er'ice -ttack
>amming )ignal -ttack
1i/*i >amming %e'ices
1ireless Hacking Methodology
*ind 1i/*i .etworks to -ttack
-ttackers )canning for 1i/*i .etworks
*ootprint the 1ireless .etwork
1i/*i %isco'ery (ool! in))"%er
1i/*i %isco'ery (ool! .et)ur'eyor
1i/*i %isco'ery (ool! .et)tumbler
1i/*i %isco'ery (ool! 9istumbler
1i/*i %isco'ery (ool! 1irelessMon
1i/*i %isco'ery (ools
5P) Mapping
o 5P) Mapping (ool! 1"58E
o 5P) Mapping (ool! )kyhook
How to %isco'er 1i/*i .etwork 0sing 1ardri'ing2
1ireless (raffic -nalysis
1ireless Cards and Chipsets
1i/*i 0)& %ongle! -irPcap
1i/*i Packet )niffer! 1ireshark with -irPcap
1i/*i Packet )niffer! 1i/*i Pilot
1i/*i Packet )niffer! +mniPeek
1i/*i Packet )niffer! Comm9iew for 1i/*i
1hat is )pectrum -nalysis2
1ireless )niffers
-ircrack/ng )uite
How to #e'eal Hidden ))"%s
*ragmentation -ttack
How to 8aunch M-C )poofing -ttack2
%enial of )er'ice! %eauthentication and %isassociation -ttacks
Man/in/the/Middle -ttack
M"(M -ttack 0sing -ircrack/ng
1ireless -#P Poisoning -ttack
#ogue -ccess Point
E'il (win
o How to )et 0p a *ake Hotspot ?E'il (win@2
How to Crack 1EP 0sing -ircrack2
How to Crack 1EP 0sing -ircrack2 )creenshot =3
How to Crack 1EP 0sing -ircrack2 )creenshot 3=3
How to Crack 1P-/P)C 0sing -ircrack2
1P- Cracking (ool! CisM-C
1EP Cracking 0sing Cain F -bel
1P- &rute *orcing 0sing Cain F -bel
1P- Cracking (ool! Elcomsoft 1ireless )ecurity -uditor
1EP=1P- Cracking (ools
1i/*i )niffer! Cismet
1ardri'ing (ools
#* Monitoring (ools
1i/*i Connection Manager (ools
1i/*i (raffic -naly,er (ools
1i/*i #aw Packet Capturing (ools
1i/*i )pectrum -naly,ing (ools
&luetooth Hacking
o &luetooth )tack
o &luetooth (hreats
How to &lue>ack a 9ictim2
&luetooth Hacking (ool! )uper &luetooth Hack
&luetooth Hacking (ool! Phone)noop
&luetooth Hacking (ool! &lue)canner
o &luetooth Hacking (ools
How to %efend -gainst &luetooth Hacking2
How to %etect and &lock #ogue -P2
1ireless )ecurity 8ayers
How to %efend -gainst 1ireless -ttacks2
1ireless "ntrusion Pre'ention )ystems
1ireless "P) %eployment
1i/*i )ecurity -uditing (ool! -irMagnet 1i*i -naly,er
1i/*i )ecurity -uditing (ool! -ir%efense
1i/*i )ecurity -uditing (ool! -dapti'e 1ireless "P)
1i/*i )ecurity -uditing (ool! -ruba #*Protect 1"P)
1i/*i "ntrusion Pre'ention )ystem
1i/*i Predicti'e Planning (ools
1i/*i 9ulnerability )canning (ools
1ireless Penetration (esting
o 1ireless Penetration (esting *ramework
o 1i/*i Pen (esting *ramework
o Pen (esting 8E-P Encrypted 18-.
o Pen (esting 1P-=1P-3 Encrypted 18-.
o Pen (esting 1EP Encrypted 18-.
o Pen (esting 0nencrypted 18-.
Module L! Hacking Mobile Platforms
Mobile (hreat #eport D3 303
Mobile -ttack 9ectors
Mobile Plarform 9ulnerabilities and #isks
)ecurity "ssues -rising from -pp )tores
(hreats of Mobile Malware
-pp )andbo<ing "ssues
-ndroid +)
o -ndroid +) -rchitecture
o -ndroid %e'ice -dministration -P"
o -ndroid #ooting
o -ndroid #ooting (ools
o )ecurity -ndroid %e'ices
o 5oogle -pps %e'ice Policy
o -ndroid %e'ice (racking (ools
-pple i+)
o (ypes of >ailbreaking
o >ailbreaking (echniques
o 5uidelines for )ecuring i+) %e'ices
o i+) %e'ice (racking (ools
1indows Phone M
o 1indows Phone M -rchitecture
o )ecure &oot Process
o 5uidelines for )ecuring 1indows +) %e'ices
&lack&erry +perating )ystem
o &lackberry Enterprise )olution -rchitecture
o &lackberry -ttack 9ectors
o Malicious Code )igning
o >-% *ile E<ploits and Memory=Processes Manipulations
o )hort Message )er'ice ?)M)@ E<ploits
o Email E<ploits
o P"M %ata -ttacks and (CP="P Connections 9ulnerabilities
o 5uidelines for )ecuring &lack&erry %e'ices
Mobile %e'ice Management ?M%M@
o M%M 8ogical -rchitecture
o M%M )olutions
5eneral 5uidelines for Mobile Platform )ecurity
Mobile Protection (ools
-ndroid Phone Pen (esting
iPhone Pen (esting
1indows Phone Pen (esting
&lack&erry Pen (esting
Module I! E'ading "%), *irewalls, and Honeypots
"ntrusion %etection )ystems ?"%)@ and its Placement
How "%) 1orks2
1ays to %etect an "ntrusion
(ypes of "ntrusion %etection )ystems
)ystem "ntegrity 9erifiers ?)"9@
5eneral "ndications of "ntrusions
5eneral "ndications of )ystem "ntrusions
*irewall
o *irewall -rchitecture
%eMilitari,ed Eone ?%ME@
(ypes of *irewall
o Packet *iltering *irewall
o Circuit/8e'el 5ateway *irewall
o -pplication/8e'el *irewall
o )tateful Multilayer "nspection *irewall
*irewall "dentification
o Port )canning
o *irewalking
o &anner 5rabbing
Honeypot
o (ypes of Honeypots
How to )et 0p a Honeypot2
"ntrusion %etection (ool
o )nort
o )nort #ules
o #ule -ctions and "P Protocols
o (he %irection +perator and "P -ddresses
o Port .umbers
"ntrusion %etection )ystems! (ipping Point
o "ntrusion %etection (ools
*irewall! )unbelt Personal *irewall
o *irewalls
Honeypot (ools
o C*)ensor
o )PEC(E#
"nsertion -ttack
E'asion
%enial/of/)er'ice -ttack ?%o)@
+bfuscating
*alse Positi'e 5eneration
)ession )plicing
0nicode E'asion (echnique
*ragmentation -ttack
+'erlapping *ragments
(ime/(o/8i'e -ttacks
"n'alid #)( Packets
0rgency *lag
Polymorphic )hellcode
-)C"" )hellcode
-pplication/8ayer -ttacks
%esynchroni,ation
Pre Connection )B.
Post Connection )B.
+ther (ypes of E'asion
o "P -ddress )poofing
o -ttacking )ession (oken 5eneration Mechanism
o (iny *ragments
&ypass &locked )ites 0sing "P -ddress in Place of 0#8
o &ypass &locked )ites 0sing -nonymous 1ebsite )urfing )ites
&ypass a *irewall using Pro<y )er'er
o &ypassing *irewall through "CMP (unneling Method
o &ypassing *irewall through -CC (unneling Method
o &ypassing *irewall through H((P (unneling Method
o &ypassing *irewall through E<ternal )ystems
o &ypassing *irewall through M"(M -ttack
%etecting Honeypots
Honeypot %etecting (ool! )end/)afe Honeypot Hunter
*irewall E'asion (ools
o (raffic "D Professional
o tcp/o'er/dns
o *irewall E'asion (ools
Packet *ragment 5enerators
Countermeasures
*irewall="%) Penetration (esting
o *irewall Penetration (esting
o "%) Penetration (esting
Module M! &uffer +'erflow
&uffer +'erflows
1hy are Programs -nd -pplications 9ulnerable2
0nderstanding )tacks
)tack/&ased &uffer +'erflow
0nderstanding Heap
o Heap/&ased &uffer +'erflow
)tack +perations
o )hellcode
o .o +perations ?.+Ps@
Cnowledge #equired to Program &uffer +'erflow E<ploits
&uffer +'erflow )teps
o -ttacking a #eal Program
o *ormat )tring Problem
o +'erflow using *ormat )tring
o )mashing the )tack
o +nce the )tack is )mashed...
)imple 0ncontrolled +'erflow
)imple &uffer +'erflow in C
Code -nalysis
E<ploiting )emantic Comments in C ?-nnotations@
How to Mutate a &uffer +'erflow E<ploit2
"dentifying &uffer +'erflows
How to %etect &uffer +'erflows in a Program2
&+0 ?&uffer +'erflow 0tility@
(esting for Heap +'erflow Conditions! heap.e<e
)teps for (esting for )tack +'erflow in +lly%bg %ebugger
o (esting for )tack +'erflow in +lly%bg %ebugger
(esting for *ormat )tring Conditions using "%- Pro
&o* %etection (ools
%efense -gainst &uffer +'erflows
o Pre'enting &o* -ttacks
o Programming Countermeasures
%ata E<ecution Pre'ention ?%EP@
Enhanced Mitigation E<perience (oolkit ?EME(@
o EME( )ystem Configuration )ettings
o EME( -pplication Configuration 1indow
=5) http!==microsoft.com
&o* )ecurity (ools
o &uffer)hield
&uffer +'erflow Penetration (esting
Module N! Cryptography
Cryptography
(ypes of Cryptography
5o'ernment -ccess to Ceys ?5-C@
Ciphers
-d'anced Encryption )tandard ?-E)@
%ata Encryption )tandard ?%E)@
#C6, #C7, #CL -lgorithms
(he %)- and #elated )ignature )chemes
#)- ?#i'est )hamir -dleman@
o E<ample of #)- -lgorithm
o (he #)- )ignature )cheme
Message %igest ?+ne/way &ash@ *unctions
o Message %igest *unction! M%7
)ecure Hashing -lgorithm ?)H-@
1hat is ))H ?)ecure )hell@2
M%7 Hash Calculators! HashCalc, M%7 Calculator and HashMy*iles
Cryptography (ool! -d'anced Encryption Package
Cryptography (ools
Public Cey "nfrastructure ?PC"@
Certification -uthorities
%igital )ignature
))8 ?)ecure )ockets 8ayer@
(ransport 8ayer )ecurity ?(8)@
%isk Encryption
o %isk Encryption (ool! (rueCrypt
o %isk Encryption (ools
Cryptography -ttacks
Code &reaking Methodologies
o &rute/*orce -ttack
Meet/in/the/Middle -ttack on %igital )ignature )chemes
Cryptanalysis (ool! Cryp(ool
Cryptanalysis (ools
+nline M%7 %ecryption (ool
Module 30! Penetration (esting
"ntroduction to Penetration (esting
)ecurity -ssessments
9ulnerability -ssessment
o 8imitations of 9ulnerability -ssessment
Penetration (esting
1hy Penetration (esting2
1hat )hould be (ested2
1hat Makes a 5ood Penetration (est2
#+" on Penetration (esting
(esting Points
(esting 8ocations
(ypes of Penetration (esting
o E<ternal Penetration (esting
o "nternal )ecurity -ssessment
o &lack/bo< Penetration (esting
o 5rey/bo< Penetration (esting
o 1hite/bo< Penetration (esting
o -nnounced = 0nannounced (esting
o -utomated (esting
o Manual (esting
Common Penetration (esting (echniques
0sing %.) %omain .ame and "P -ddress "nformation
Enumerating "nformation about Hosts on Publicly/-'ailable .etworks
Phases of Penetration (esting
o Pre/-ttack Phase
o -ttack Phase
-cti'ity! Perimeter (esting
Enumerating %e'ices
-cti'ity! -cquiring (arget
-cti'ity! Escalating Pri'ileges
-cti'ity! E<ecute, "mplant, and #etract
Post/-ttack Phase and -cti'ities
o Penetration (esting %eli'erable (emplates
Penetration (esting Methodology
o -pplication )ecurity -ssessment
1eb -pplication (esting / "
1eb -pplication (esting / ""
1eb -pplication (esting / """
.etwork )ecurity -ssessment
1ireless=#emote -ccess -ssessment
o 1ireless (esting
o (elephony )ecurity -ssessment
o )ocial Engineering
o (esting .etwork/*iltering %e'ices
o %enial of )er'ice Emulation
+utsourcing Penetration (esting )er'ices
o (erms of Engagement
o Pro:ect )cope
o Pentest )er'ice 8e'el -greements
o Penetration (esting Consultants
E'aluating %ifferent (ypes of Pentest (ools
-pplication )ecurity -ssessment (ool
o 1ebscarab
.etwork )ecurity -ssessment (ool
o -ngry "P scanner
o 5*" 8-.guard
1ireless=#emote -ccess -ssessment (ool
o Cismet
(elephony )ecurity -ssessment (ool
o +mnipeek
(esting .etwork/*iltering %e'ice (ool
o (raffic "D Professional