Certified Ethical Hacker Course Outline

Certified Ethical Hacker

Revision: TE3418_20110620

(28.4 KB) View, Download, or Print Course as a PDF.

Course Length:

5 Days

Course Description:

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5--day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50.

Who Should Attend:

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Benefits of Attendance:

Upon completion of this course, students will be able to:

Understand how intruders escalate privileges.
Understand Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation.
Understand Ethical Hacking.

Prerequisites:

Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent. Not anyone can be a student - the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.

Course Outline:

Module 01: Introduction to Ethical Hacking
1. Internet Crime Current Report: IC3
2. Data Breach Investigations Report
3. Types of Data Stolen From the Organizations
4. Essential Terminologies
5. Elements of Information Security
6. Authenticity and Non-Repudiation
7. The Security, Functionality, and Usability Triangle
8. Security Challenges
9. Effects of Hacking
10. Who is a Hacker?
11. Hacker Classes
12. Hacktivism
13. What Does a Hacker Do?
14. Phase 1 - Reconnaissance
15. Phase 2 - Scanning
16. Phase 3 - Gaining Access
17. Phase 4 - Maintaining Access
18. Phase 5 - Covering Tracks
19. Types of Attacks on a System
20. Why Ethical Hacking is Necessary?
21. Defense in Depth
22. Scope and Limitations of Ethical Hacking
23. What Do Ethical Hackers Do?
24. Skills of an Ethical Hacker
25. Vulnerability Research
26. Vulnerability Research Websites
27. What is Penetration Testing?
28. Why Penetration Testing?
29. Penetration Testing Methodology
Module 02: Footprinting and Reconnaissance
1. Footprinting Terminologies
2. What is Footprinting?
3. Objectives of Footprinting
4. Footprinting Threats
5. Finding a Company’s URL
6. Locate Internal URLs
7. Public and Restricted Websites
8. Search for Company’s Information
9. Footprinting Through Search Engines
10. Collect Location Information
11. People Search
12. Gather Information from Financial Services
13. Footprinting Through Job Sites
14. Monitoring Target Using Alerts
15. Competitive Intelligence Gathering
16. WHOIS Lookup
17. Extracting DNS Information
18. Locate the Network Range
19. Traceroute
20. Mirroring Entire Website
21. Extract Website Information from http://www.archive.org
22. Monitoring Web Updates Using Website Watcher
23. Tracking Email Communications
24. Footprint Using Google Hacking Techniques
25. What a Hacker Can Do With Google Hacking?
26. Google Advance Search Operators
27. Google Hacking Tool: Google Hacking Database (GHDB)
28. Google Hacking Tools
29. Additional Footprinting Tools
30. Footprinting Countermeasures
31. Footprinting Pen Testing
Module 03: Scanning Networks
1. Network Scanning
2. Types of Scanning
3. Checking for Live Systems - ICMP Scanning
4. Ping Sweep
5. Three-Way Handshake
6. TCP Communication Flags
7. Hping2 / Hping3
8. Hping Commands
9. Scanning Techniques
10. Scanning: IDS Evasion Techniques
11. IP Fragmentation Tools
12. Scanning Tool: Nmap
13. Scanning Tool: NetScan Tools Pro
14. Scanning Tools
15. Do Not Scan These IP Addresses (Unless you want to get into trouble)
16. Scanning Countermeasures
17. War Dialing
18. Why War Dialing?
19. War Dialing Tools
20. War Dialing Countermeasures
21. OS Fingerprinting
22. Banner Grabbing Tool: ID Serve
23. GET REQUESTS
24. Banner Grabbing Tool: Netcraft
25. Banner Grabbing Tools
26. Banner Grabbing Countermeasures: Disabling or Changing Banner
27. Hiding File Extensions
28. Hiding File Extensions from Webpages
29. Vulnerability Scanning
30. Network Vulnerability Scanners
31. LANsurveyor
32. Network Mappers
33. Proxy Servers
34. Why Attackers Use Proxy Servers?
35. Use of Proxies for Attack
36. How Does MultiProxy Work?
37. Free Proxy Servers
38. Proxy Workbench
39. Proxifier Tool: Create Chain of Proxy Servers
40. SocksChain
41. TOR (The Onion Routing)
42. TOR Proxy Chaining Software
43. HTTP Tunneling Techniques
44. Why do I Need HTTP Tunneling?
45. Super Network Tunnel Tool
46. Httptunnel for Windows
47. Additional HTTP Tunneling Tools
48. SSH Tunneling
49. SSL Proxy Tool
50. How to Run SSL Proxy?
51. Proxy Tools
52. Anonymizers
53. Types of Anonymizers
54. Case: Bloggers Write Text Backwards to Bypass Web Filters in China
55. Text Conversion to Avoid Filters
56. Censorship Circumvention Tool: Psiphon
57. How Psiphon Works?
58. How to Check if Your Website is Blocked in China or Not?
59. G-Zapper
60. Anonymizer Tools
61. Spoofing IP Address
62. IP Spoofing Detection Techniques: Direct TTL Probes
63. IP Spoofing Detection Techniques: IP Identification Number
64. IP Spoofing Detection Techniques: TCP Flow Control Method
65. IP Spoofing Countermeasures
66. Scanning Pen Testing
Module 04: Enumeration
1. What is Enumeration?
2. Techniques for Enumeration
3. Netbios Enumeration
4. Enumerating User Accounts
5. Enumerate Systems Using Default Passwords
6. SNMP (Simple Network Management Protocol) Enumeration
7. UNIX/Linux Enumeration
8. LDAP Enumeration
9. NTP Enumeration
10. SMTP Enumeration
11. DNS Zone Transfer Enumeration Using nslookup
12. Enumeration Countermeasures
13. Enumeration Pen Testing
Module 05: System Hacking
1. Information at Hand Before System Hacking Stage
2. System Hacking: Goals
3. CEH Hacking Methodology (CHM)
4. Password Cracking
5. Microsoft Authentication
6. How Hash Passwords are Stored in Windows SAM?
7. What is LAN Manager Hash?
8. Kerberos Authentication
9. Salting
10. PWdump7 and Fgdump
11. L0phtCrack
12. Ophcrack
13. Cain & Abel
14. RainbowCrack
15. Password Cracking Tools
16. LM Hash Backward Compatibility
17. How to Defend against Password Cracking?
18. Privilege Escalation
19. Active@ Password Changer
20. Privilege Escalation Tools
21. How to Defend against Privilege Escalation?
22. Executing Applications
23. Alchemy Remote Executor
24. RemoteExec
25. Execute This!
26. Keylogger
27. Types of Keystroke Loggers
28. Acoustic/CAM Keylogger
29. Keyloggers
30. Spyware
31. How to Defend against Keyloggers?
32. How to Defend against Spyware?
33. Rootkits
34. Types of Rootkits
35. How Rootkit Works?
36. Rootkit: Fu
37. Detecting Rootkits
38. How to Defend against Rootkits?
39. Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective
40. NTFS Data Stream
41. What is Steganography?
42. Types of Steganography
43. Image Steganography
44. Document Steganography: wbStego
45. Video Steganography: Our Secret
46. Audio Steganography: Mp3stegz
47. Folder Steganography: Invisible Secrets 4
48. Spam/Email Steganography: Spam Mimic
49. Natural Text Steganography: Sams Big G Play Maker
50. Steganalysis
51. Steganography Detection Tool: Stegdetect
52. Why Cover Tracks?
53. Ways to Clear Online Tracks
54. Disabling Auditing: Auditpol
55. Covering Tracks Tool: Window Washer
56. Covering Tracks Tool: Tracks Eraser Pro
57. System Hacking Penetration Testing
Module 06: Trojans and Backdoors
1. What is a Trojan?
2. Overt and Covert Channels
3. Purpose of Trojans
4. What Do Trojan Creators Look For?
5. Indications of a Trojan Attack
6. Common Ports used by Trojans
7. How to Infect Systems Using a Trojan?
8. Wrappers
9. Different Ways a Trojan can Get into a System
10. How to Deploy a Trojan?
11. Evading Anti-Virus Techniques
12. Types of Trojans
13. Destructive Trojans
14. Notification Trojans
15. Credit Card Trojans
16. Data Hiding Trojans (Encrypted Trojans)
17. BlackBerry Trojan: PhoneSnoop
18. MAC OS X Trojan: DNSChanger
19. MAC OS X Trojan: DNSChanger
20. Mac OS X Trojan: Hell Raiser
21. How to Detect Trojans?
22. Process Monitoring Tool: What's Running
23. Scanning for Suspicious Registry Entries
24. Registry Entry Monitoring Tools
25. Scanning for Suspicious Device Drivers
26. Scanning for Suspicious Windows Services
27. Scanning for Suspicious Startup Programs
28. Scanning for Suspicious Files and Folders
29. Scanning for Suspicious Network Activities
30. Trojan Countermeasures
31. Backdoor Countermeasures
32. Trojan Horse Construction Kit
33. Anti-Trojan Software: TrojanHunter
34. Anti-Trojan Software: Emsisoft Anti-Malware
35. Anti-Trojan Softwares
36. Pen Testing for Trojans and Backdoors
Module 07: Viruses and Worms
1. Introduction to Viruses
2. Virus and Worm Statistics 2010
3. Stages of Virus Life
4. Working of Viruses: Infection Phase
5. Working of Viruses: Attack Phase
6. Why Do People Create Computer Viruses?
7. Indications of Virus Attack
8. How does a Computer get Infected by Viruses?
9. Virus Hoaxes
10. Virus Analysis:
11. Types of Viruses
12. Transient and Terminate and Stay Resident Viruses
13. Writing a Simple Virus Program
14. Computer Worms
15. How is a Worm Different from a Virus?
16. Example of Worm Infection: Conficker Worm
17. Worm Analysis:
18. What is Sheep Dip Computer?
19. Anti-Virus Sensors Systems
20. Malware Analysis Procedure
21. String Extracting Tool: Bintext
22. Compression and Decompression Tool: UPX
23. Process Monitoring Tools: Process Monitor
24. Log Packet Content Monitoring Tools: NetResident
25. Debugging Tool: Ollydbg
26. Virus Analysis Tool: IDA Pro
27. Online Malware Testing:
28. Online Malware Analysis Services
29. Virus Detection Methods
30. Virus and Worms Countermeasures
31. Companion Antivirus: Immunet Protect
32. Anti-virus Tools
33. Penetration Testing for Virus
Module 08: Sniffers
1. Lawful Intercept
2. Wiretapping
3. Sniffing Threats
4. How a Sniffer Works?
5. Hacker Attacking a Switch
6. Types of Sniffing: Passive Sniffing
7. Types of Sniffing: Active Sniffing
8. Protocols Vulnerable to Sniffing
9. Tie to Data Link Layer in OSI Model
10. Hardware Protocol Analyzers
11. SPAN Port
12. MAC Flooding
13. How DHCP Works?
14. What is Address Resolution Protocol (ARP)?
15. Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
16. MAC Spoofing/Duplicating
17. DNS Poisoning Techniques
18. Sniffing Tool: Wireshark
19. Sniffing Tool: CACE Pilot
20. Sniffing Tool: Tcpdump/Windump
21. Discovery Tool: NetworkView
22. Discovery Tool: The Dude Sniffer
23. Password Sniffing Tool: Ace
24. Packet Sniffing Tool: Capsa Network Analyzer
25. OmniPeek Network Analyzer
26. Network Packet Analyzer: Observer
27. Session Capture Sniffer: NetWitness
28. Email Message Sniffer: Big-Mother
29. TCP/IP Packet Crafter: Packet Builder
30. Additional Sniffing Tools
31. How an Attacker Hacks the Network Using Sniffers?
32. How to Defend Against Sniffing?
33. Sniffing Prevention Techniques
34. How to Detect Sniffing?
35. Promiscuous Detection Tool: PromqryUI
36. Promiscuous Detection Tool: PromiScan
Module 09: Social Engineering
1. What is Social Engineering?
2. Behaviors Vulnerable to Attacks
3. Why is Social Engineering Effective?
4. Warning Signs of an Attack
5. Phases in a Social Engineering Attack
6. Impact on the Organization
7. Command Injection Attacks
8. Common Targets of Social Engineering
9. Types of Social Engineering
10. Insider Attack
11. Common Intrusion Tactics and Strategies for Prevention
12. Social Engineering Through Impersonation on Social Networking Sites
13. Risks of Social Networking to Corporate Networks
14. Identity Theft Statistics 2010
15. Real Steven Gets Huge Credit Card Statement
16. Identity Theft - Serious Problem
17. Social Engineering Countermeasures: Policies
18. How to Detect Phishing Emails?
19. Identity Theft Countermeasures
20. Social Engineering Pen Testing
Module 10: Denial of Service
1. What is a Denial of Service Attack?
2. What is Distributed Denial of Service Attacks?
3. Symptoms of a DoS Attack
4. Cyber Criminals
5. Internet Chat Query (ICQ)
6. Internet Relay Chat (IRC)
7. DoS Attack Techniques
8. Botnet
9. WikiLeak Operation Payback
10. DoS Attack Tools
11. Detection Techniques
12. DoS/DDoS Countermeasure Strategies
13. DDoS Attack Countermeasures
14. Post-attack Forensics
15. Techniques to Defend against Botnets
16. DoS/DDoS Countermeasures
17. DoS/DDoS Protection at ISP Level
18. Enabling TCP Intercept on Cisco IOS Software
19. Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)
20. DoS/DDoS Protection Tool
21. Denial of Service (DoS) Attack Penetration Testing
Module 11: Session Hijacking
1. What is Session Hijacking?
2. Dangers Posed by Hijacking
3. Why Session Hijacking is Successful?
4. Key Session Hijacking Techniques
5. Brute Forcing
6. HTTP Referrer Attack
7. Spoofing vs. Hijacking
8. Session Hijacking Process
9. Packet Analysis of a Local Session Hijack
10. Types of Session Hijacking
11. Predictable Session Token
12. Man-in-the-Middle Attack
13. Man-in-the-Browser Attack
14. Client-side Attacks
15. Cross-site Script Attack
16. Session Fixation
17. Network Level Session Hijacking
18. The 3-Way Handshake
19. Sequence Numbers
20. TCP/IP Hijacking
21. IP Spoofing: Source Routed Packets
22. RST Hijacking
23. Blind Hijacking
24. Man-in-the-Middle Attack using Packet Sniffer
25. UDP Hijacking
26. Session Hijacking Tools
27. Countermeasures
28. Protecting against Session Hijacking
29. Methods to Prevent Session Hijacking: To be Followed by Web Developers
30. Methods to Prevent Session Hijacking: To be Followed by Web Users
31. Defending against Session Hijack Attacks
32. Session Hijacking Remediation
33. IPSec
34. Session Hijacking Pen Testing
Module 12: Hijacking Webservers
1. Webserver Market Shares
2. Open Source Webserver Architecture
3. IIS Webserver Architecture
4. Website Defacement
5. Case Study
6. Why Web Servers are Compromised?
7. Impact of Webserver Attacks
8. Webserver Misconfiguration
9. Directory Traversal Attacks
10. HTTP Response Splitting Attack
11. Web Cache Poisoning Attack
12. HTTP Response Hijacking
13. SSH Bruteforce Attack
14. Man-in-the-Middle Attack
15. Webserver Password Cracking
16. Web Application Attacks
17. Webserver Attack Methodology
18. Webserver Attack Tools
19. Web Password Cracking Tool
20. Countermeasures
21. How to Defend Against Web Server Attacks?
22. How to Defend against HTTP Response Splitting and Web Cache Poisoning?
23. Patches and Hotfixes
24. What is Patch Management?
25. Identifying Appropriate Sources for Updates and Patches
26. Installation of a Patch
27. Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
28. Web Application Security Scanner: Sandcat
29. Web Server Security Scanner: Wikto
30. Webserver Malware Infection Monitoring Tool: HackAlert
31. Webserver Security Tools
32. Web Server Penetration Testing
Module 13: Hacking Web Applications
1. Web Application Security Statistics
2. Introduction to Web Applications
3. Web Application Components
4. How Web Applications Work?
5. Web Application Architecture
6. Web 2.0 Applications
7. Vulnerability Stack
8. Web Attack Vectors
9. Web Application Threats - 1
10. Web Application Threats - 2
11. Unvalidated Input
12. Parameter/Form Tampering
13. Directory Traversal
14. Security Misconfiguration
15. Injection Flaws
16. What is LDAP Injection?
17. How LDAP Injection Works?
18. Hidden Field Manipulation Attack
19. Cross-Site Scripting (XSS) Attacks
20. Web Application Denial-of-Service (DoS) Attack
21. Buffer Overflow Attacks
22. Cookie/Session Poisoning
23. Session Fixation Attack
24. Insufficient Transport Layer Protection
25. Improper Error Handling
26. Insecure Cryptographic Storage
27. Broken Authentication and Session Management
28. Unvalidated Redirects and Forwards
29. Web Services Architecture
30. Footprint Web Infrastructure
31. Web Spidering Using Burp Suite
32. Hacking Web Servers
33. Analyze Web Applications
34. Attack Authentication Mechanism
35. Username Enumeration
36. Password Attacks: Password Functionality Exploits
37. Password Attacks: Password Guessing
38. Password Attacks: Brute-forcing
39. Session Attacks: Session ID Prediction/ Brute-forcing
40. Cookie Exploitation: Cookie Poisoning
41. Authorization Attack
42. Session Management Attack
43. Injection Attacks
44. Attack Data Connectivity
45. Attack Web App Client
46. Attack Web Services
47. Web Services Probing Attacks
48. Web Service Attack Tool: soapUI
49. Web Service Attack Tool: XMLSpy
50. Web Application Hacking Tool: Burp Suite Professional
51. Web Application Hacking Tools: CookieDigger
52. Web Application Hacking Tools: WebScarab
53. Encoding Schemes
54. Web Application Countermeasures
55. Web Application Firewall: dotDefender
56. Web Application Firewall: IBM AppScan
57. Web Application Firewall: ServerDefender VP
58. Web Application Pen Testing
Module 14: SQL Injection
1. SQL Injection is the Most Prevalent Vulnerability in 2010
2. SQL Injection Threats
3. What is SQL Injection?
4. SQL Injection Attacks
5. How Web Applications Work?
6. Server Side Technologies
7. HTTP Post Request
8. SQL Injection Detection
9. SQL Injection Black Box Pen Testing
10. Types of SQL Injection
11. What is Blind SQL Injection?
12. SQL Injection Methodology
13. Information Gathering
14. Database, Table, and Column Enumeration
15. Features of Different DBMSs
16. Password Grabbing
17. Transfer Database to Attacker’s Machine
18. Interacting with the Operating System
19. Interacting with the FileSystem
20. Network Reconnaissance Full Query
21. SQL Injection Tools
22. Evading IDS
23. How to Defend Against SQL Injection Attacks?
24. SQL Injection Detection Tools
25. Snort Rule to Detect SQL Injection Attacks
Module 15: Hacking Wireless Networks
1. Wireless Networks
2. Wi-Fi Usage Statistics in the US
3. Wi-Fi Hotspots at Public Places
4. Wi-Fi Networks at Home
5. Types of Wireless Networks
6. Wireless Standards
7. Service Set Identifier (SSID)
8. Wi-Fi Authentication Modes
9. Wireless Terminologies
10. Wi-Fi Chalking
11. Wi-Fi Hotspot Finder: jiwire.com
12. Wi-Fi Hotspot Finder: WeFi.com
13. Types of Wireless Antenna
14. Parabolic Grid Antenna
15. Types of Wireless Encryption
16. WEP Encryption
17. What is WPA?
18. Temporal Keys
19. What is WPA2?
20. WEP vs. WPA vs. WPA2
21. WEP Issues
22. Weak Initialization Vectors (IV)
23. How to Break WEP Encryption?
24. How to Break WPA/WPA2 Encryption?
25. How to Defend Against WPA Cracking?
26. Wireless Threats: Access Control Attacks
27. Wireless Threats: Integrity Attacks
28. Wireless Threats: Confidentiality Attacks
29. Wireless Threats: Availability Attacks
30. Wireless Threats: Authentication Attacks
31. Rogue Access Point Attack
32. Client Mis-association
33. Misconfigured Access Point Attack
34. Unauthorized Association
35. Ad Hoc Connection Attack
36. HoneySpot Access Point Attack
37. AP MAC Spoofing
38. Denial-of-Service Attack
39. Jamming Signal Attack
40. Wi-Fi Jamming Devices
41. Wireless Hacking Methodology
42. Find Wi-Fi Networks to Attack
43. Attackers Scanning for Wi-Fi Networks
44. Footprint the Wireless Network
45. Wi-Fi Discovery Tool: inSSIDer
46. Wi-Fi Discovery Tool: NetSurveyor
47. Wi-Fi Discovery Tool: NetStumbler
48. Wi-Fi Discovery Tool: Vistumbler
49. Wi-Fi Discovery Tool: WirelessMon
50. Wi-Fi Discovery Tools
51. GPS Mapping
52. How to Discover Wi-Fi Network Using Wardriving?
53. Wireless Traffic Analysis
54. Wireless Cards and Chipsets
55. Wi-Fi USB Dongle: AirPcap
56. Wi-Fi Packet Sniffer: Wireshark with AirPcap
57. Wi-Fi Packet Sniffer: Wi-Fi Pilot
58. Wi-Fi Packet Sniffer: OmniPeek
59. Wi-Fi Packet Sniffer: CommView for Wi-Fi
60. What is Spectrum Analysis?
61. Wireless Sniffers
62. Aircrack-ng Suite
63. How to Reveal Hidden SSIDs
64. Fragmentation Attack
65. How to Launch MAC Spoofing Attack?
66. Denial of Service: Deauthentication and Disassociation Attacks
67. Man-in-the-Middle Attack
68. MITM Attack Using Aircrack-ng
69. Wireless ARP Poisoning Attack
70. Rogue Access Point
71. Evil Twin
72. How to Crack WEP Using Aircrack?
73. How to Crack WEP Using Aircrack? Screenshot 1/2
74. How to Crack WEP Using Aircrack? Screenshot 2/2
75. How to Crack WPA-PSK Using Aircrack?
76. WPA Cracking Tool: KisMAC
77. WEP Cracking Using Cain & Abel
78. WPA Brute Forcing Using Cain & Abel
79. WPA Cracking Tool: Elcomsoft Wireless Security Auditor
80. WEP/WPA Cracking Tools
81. Wi-Fi Sniffer: Kismet
82. Wardriving Tools
83. RF Monitoring Tools
84. Wi-Fi Connection Manager Tools
85. Wi-Fi Traffic Analyzer Tools
86. Wi-Fi Raw Packet Capturing Tools
87. Wi-Fi Spectrum Analyzing Tools
88. Bluetooth Hacking
89. How to BlueJack a Victim?
90. Bluetooth Hacking Tool: Super Bluetooth Hack
91. Bluetooth Hacking Tool: PhoneSnoop
92. Bluetooth Hacking Tool: BlueScanner
93. How to Defend Against Bluetooth Hacking?
94. How to Detect and Block Rogue AP?
95. Wireless Security Layers
96. How to Defend Against Wireless Attacks?
97. Wireless Intrusion Prevention Systems
98. Wireless IPS Deployment
99. Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer
100. Wi-Fi Security Auditing Tool: AirDefense
101. Wi-Fi Security Auditing Tool: Adaptive Wireless IPS
102. Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS
103. Wi-Fi Intrusion Prevention System
104. Wi-Fi Predictive Planning Tools
105. Wi-Fi Vulnerability Scanning Tools
106. Wireless Penetration Testing
Module 16: Evading IDS, Firewalls, and Honeypots
1. Intrusion Detection Systems (IDS) and its Placement
2. How IDS Works?
3. Ways to Detect an Intrusion
4. Types of Intrusion Detection Systems
5. System Integrity Verifiers (SIV)
6. General Indications of Intrusions
7. General Indications of System Intrusions
8. Firewall
9. DeMilitarized Zone (DMZ)
10. Types of Firewall
11. Firewall Identification
12. Honeypot
13. How to Set Up a Honeypot?
14. Intrusion Detection Tool
15. Intrusion Detection Systems: Tipping Point
16. Firewall: Sunbelt Personal Firewall
17. Honeypot Tools
18. Insertion Attack
19. Evasion
20. Denial-of-Service Attack (DoS)
21. Obfuscating
22. False Positive Generation
23. Session Splicing
24. Unicode Evasion Technique
25. Fragmentation Attack
26. Overlapping Fragments
27. Time-To-Live Attacks
28. Invalid RST Packets
29. Urgency Flag
30. Polymorphic Shellcode
31. ASCII Shellcode
32. Application-Layer Attacks
33. Desynchronization
34. Pre Connection SYN
35. Post Connection SYN
36. Other Types of Evasion
37. Bypass Blocked Sites Using IP Address in Place of URL
38. Bypass a Firewall using Proxy Server
39. Detecting Honeypots
40. Honeypot Detecting Tool: Send-Safe Honeypot Hunter
41. Firewall Evasion Tools
42. Packet Fragment Generators
43. Countermeasures
44. Firewall/IDS Penetration Testing
Module 17: Buffer Overflow
1. Buffer Overflows
2. Why are Programs And Applications Vulnerable?
3. Understanding Stacks
4. Stack-Based Buffer Overflow
5. Understanding Heap
6. Stack Operations
7. Knowledge Required to Program Buffer Overflow Exploits
8. Buffer Overflow Steps
9. Simple Uncontrolled Overflow
10. Simple Buffer Overflow in C
11. Code Analysis
12. Exploiting Semantic Comments in C (Annotations)
13. How to Mutate a Buffer Overflow Exploit?
14. Identifying Buffer Overflows
15. How to Detect Buffer Overflows in a Program?
16. BOU (Buffer Overflow Utility)
17. Testing for Heap Overflow Conditions: heap.exe
18. Steps for Testing for Stack Overflow in OllyDbg Debugger
19. Testing for Format String Conditions using IDA Pro
20. BoF Detection Tools
21. Defense Against Buffer Overflows
22. Data Execution Prevention (DEP)
23. Enhanced Mitigation Experience Toolkit (EMET)
24. /GS http://microsoft.com
25. BoF Security Tools
26. Buffer Overflow Penetration Testing
Module 18: Cryptography
1. Cryptography
2. Types of Cryptography
3. Government Access to Keys (GAK)
4. Ciphers
5. Advanced Encryption Standard (AES)
6. Data Encryption Standard (DES)
7. RC4, RC5, RC6 Algorithms
8. The DSA and Related Signature Schemes
9. RSA (Rivest Shamir Adleman)
10. Message Digest (One-way Bash) Functions
11. Secure Hashing Algorithm (SHA)
12. What is SSH (Secure Shell)?
13. MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
14. Cryptography Tool: Advanced Encryption Package
15. Cryptography Tools
16. Public Key Infrastructure (PKI)
17. Certification Authorities
18. Digital Signature
19. SSL (Secure Sockets Layer)
20. Transport Layer Security (TLS)
21. Disk Encryption
22. Cryptography Attacks
23. Code Breaking Methodologies
24. Meet-in-the-Middle Attack on Digital Signature Schemes
25. Cryptanalysis Tool: CrypTool
26. Cryptanalysis Tools
27. Online MD5 Decryption Tool
Module 19: Penetration Testing
1. Introduction to Penetration Testing
2. Security Assessments
3. Vulnerability Assessment
4. Penetration Testing
5. Why Penetration Testing?
6. What Should be Tested?
7. What Makes a Good Penetration Test?
8. ROI on Penetration Testing
9. Testing Points
10. Testing Locations
11. Types of Penetration Testing
12. Common Penetration Testing Techniques
13. Using DNS Domain Name and IP Address Information
14. Enumerating Information about Hosts on Publicly-Available Networks
15. Phases of Penetration Testing
16. Penetration Testing Methodology
17. Outsourcing Penetration Testing Services
18. Evaluating Different Types of Pentest Tools
19. Application Security Assessment Tool
20. Network Security Assessment Tool
21. Wireless/Remote Access Assessment Tool
22. Telephony Security Assessment Tool
23. Testing Network-Filtering Device Tool