Certification Camps



EC-Council Certified Ethical Hacker (CEH) Certification Boot CampWhether you are new to technology, changing jobs, or a seasoned IT professional, becoming certified demonstrates to your customers, peers, and employers that you are committed to advancing your skills and taking on greater challenges. The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.Immersion's world class instructors deliver the knowledge and skills required for students to pass the following exams during the intense, but rewarding, 5-day Boot Camp:?312-50 Certified Ethical HackerWhat your Live Classroom-based Immersion Boot Camp includes:?Roundtrip airfare and lodging ?Hands-on delivery by a certified EC-Council Master instructor ?Includes all course materials and practice exams?Custom virtual environment for extensive hands on exercises ?Includes all exam vouchers (with one extra test voucher per exam, only if needed) ?The Immersion Guarantee - re-sit tuition-free! Student may re-sit any course, tuition-free, as often as they like. Students are responsible for their own travel and accommodations.CEH Certification Guaranteed!Course Outline Version 7CEHv7 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.Module 01: Introduction to Ethical HackingInternet Crime Current Report: IC3Data Breach Investigations ReportTypes of Data Stolen From the OrganizationsEssential TerminologiesElements of Information SecurityAuthenticity and Non-RepudiationThe Security, Functionality, and Usability TriangleSecurity ChallengesEffects of HackingEffects of Hacking on BusinessWho is a Hacker?Hacker ClassesHacktivismWhat Does a Hacker Do?Phase 1 - ReconnaissanceReconnaissance TypesPhase 2 - ScanningPhase 3 – Gaining AccessPhase 4 – Maintaining AccessPhase 5 – Covering TracksTypes of Attacks on a SystemOperating System AttacksApplication-Level AttacksShrink Wrap Code AttacksMisconfiguration AttacksWhy Ethical Hacking is Necessary?Defense in DepthScope and Limitations of Ethical HackingWhat Do Ethical Hackers Do?Skills of an Ethical HackerVulnerability ResearchVulnerability Research WebsitesWhat is Penetration Testing?Why Penetration Testing?Penetration Testing MethodologyModule 02: Footprinting and ReconnaissanceFootprinting TerminologiesWhat is Footprinting?Objectives of FootprintingFootprinting ThreatsFinding a Company’s URLLocate Internal URLsPublic and Restricted WebsitesSearch for Company’s InformationTools to Extract Company’s DataFootprinting Through Search EnginesCollect Location InformationSatellite Picture of a ResidencePeople SearchPeople Search Using Search Online ServicesPeople Search on Social Networking ServicesGather Information from Financial ServicesFootprinting Through Job SitesMonitoring Target Using AlertsCompetitive Intelligence GatheringCompetitive Intelligence-When Did this Company Begin? How Did it Develop?Competitive Intelligence-What are the Company's Plans?Competitive Intelligence-What Expert Opinion Say About the Company?Competitive Intelligence ToolsCompetitive Intelligence Consulting CompaniesWHOIS LookupWHOIS Lookup Result AnalysisWHOIS Lookup Tools: SmartWhoisWHOIS Lookup ToolsWHOIS Lookup Online ToolsExtracting DNS InformationDNS Interrogation ToolsDNS Interrogation Online ToolsLocate the Network RangeTracerouteTraceroute AnalysisTraceroute Tool: 3D TracerouteTraceroute Tool: LoriotProTraceroute Tool: Path Analyzer ProTraceroute ToolsMirroring Entire WebsiteWebsite Mirroring ToolsMirroring Entire Website ToolsExtract Website Information from Web Updates Using Website WatcherTracking Email CommunicationsEmail Tracking ToolsFootprint Using Google Hacking TechniquesWhat a Hacker Can Do With Google Hacking?Google Advance Search OperatorsFinding Resources using Google Advance OperatorGoogle Hacking Tool: Google Hacking Database (GHDB)Google Hacking ToolsAdditional Footprinting ToolsFootprinting CountermeasuresFootprinting Pen TestingModule 03: Scanning NetworksNetwork ScanningTypes of ScanningChecking for Live Systems - ICMP ScanningPing SweepPing Sweep ToolsThree-Way HandshakeTCP Communication FlagsCreate Custom Packet using TCP FlagsHping2 / Hping3Hping CommandsScanning TechniquesTCP Connect / Full Open ScanStealth Scan (Half-open Scan)Xmas ScanFIN ScanNULL ScanIDLE ScanIDLE Scan: Step 1IDLE Scan: Step 2.1 (Open Port)IDLE Scan: Step 2.2 (Closed Port)IDLE Scan: Step 3ICMP Echo Scanning/List ScanSYN/FIN Scanning Using IP FragmentsUDP ScanningInverse TCP Flag ScanningACK Flag ScanningScanning: IDS Evasion TechniquesIP Fragmentation ToolsScanning Tool: NmapScanning Tool: NetScan Tools ProScanning ToolsDo Not Scan These IP Addresses (Unless you want to get into trouble)Scanning CountermeasuresWar DialingWhy War Dialing?War Dialing ToolsWar Dialing CountermeasuresWar Dialing Countermeasures: SandTrap ToolOS FingerprintingActive Banner Grabbing Using TelnetBanner Grabbing Tool: ID ServeGET REQUESTSBanner Grabbing Tool: NetcraftBanner Grabbing ToolsBanner Grabbing Countermeasures: Disabling or Changing BannerHiding File ExtensionsHiding File Extensions from WebpagesVulnerability ScanningVulnerability Scanning Tool: NessusVulnerability Scanning Tool: SAINTVulnerability Scanning Tool: GFI LANGuardNetwork Vulnerability ScannersLANsurveyorNetwork MappersProxy ServersWhy Attackers Use Proxy Servers?Use of Proxies for AttackHow Does MultiProxy Work?Free Proxy ServersProxy WorkbenchProxifier Tool: Create Chain of Proxy ServersSocksChainTOR (The Onion Routing)TOR Proxy Chaining SoftwareHTTP Tunneling TechniquesWhy do I Need HTTP Tunneling?Super Network Tunnel ToolHttptunnel for WindowsAdditional HTTP Tunneling ToolsSSH TunnelingSSL Proxy ToolHow to Run SSL Proxy?Proxy ToolsAnonymizersTypes of AnonymizersCase: Bloggers Write Text Backwards to Bypass Web Filters in ChinaText Conversion to Avoid FiltersCensorship Circumvention Tool: PsiphonHow Psiphon Works?How to Check if Your Website is Blocked in China or Not?G-ZapperAnonymizer ToolsSpoofing IP AddressIP Spoofing Detection Techniques: Direct TTL ProbesIP Spoofing Detection Techniques: IP Identification NumberIP Spoofing Detection Techniques: TCP Flow Control MethodIP Spoofing CountermeasuresScanning Pen TestingModule 04: EnumerationWhat is Enumeration?Techniques for EnumerationNetbios EnumerationNetBIOS Enumeration Tool: SuperScanNetBIOS Enumeration Tool: NetBIOS EnumeratorEnumerating User AccountsEnumerate Systems Using Default PasswordsSNMP (Simple Network Management Protocol) EnumerationManagement Information Base (MIB)SNMP Enumeration Tool: OpUtils Network Monitoring ToolsetSNMP Enumeration Tool: SolarWindsSNMP Enumeration ToolsUNIX/Linux EnumerationLinux Enumeration Tool: Enum4linuxLDAP EnumerationLDAP Enumeration Tool: JXplorerLDAP Enumeration ToolNTP EnumerationNTP Server Discovery Tool: NTP Server ScannerNTP Server: PresenTense Time ServerNTP Enumeration ToolsSMTP EnumerationSMTP Enumeration Tool: NetScanTools ProDNS Zone Transfer Enumeration Using nslookupDNS Analyzing and Enumeration Tool: The Men & Mice SuiteEnumeration CountermeasuresSMB Enumeration CountermeasuresEnumeration Pen TestingModule 05: System HackingInformation at Hand Before System Hacking StageSystem Hacking: GoalsCEH Hacking Methodology (CHM)Password CrackingPassword ComplexityPassword Cracking TechniquesTypes of Password AttacksPassive Online Attacks: Wire SniffingPassword SniffingPassive Online Attack: Man-in-the-Middle and Replay AttackActive Online Attack: Password GuessingActive Online Attack: Trojan/Spyware/KeyloggerActive Online Attack: Hash Injection AttackRainbow Attacks: Pre-Computed HashDistributed Network AttackElcomsoft Distributed Password RecoveryNon-Electronic AttacksDefault PasswordsManual Password Cracking (Guessing)Automatic Password Cracking AlgorithmStealing Passwords Using USB DriveMicrosoft AuthenticationHow Hash Passwords are Stored in Windows SAM?What is LAN Manager Hash?LM “Hash” GenerationLM, NTLMv1, and NTLMv2NTLM Authentication ProcessKerberos AuthenticationSaltingPWdump7 and FgdumpL0phtCrackOphcrackCain & AbelRainbowCrackPassword Cracking ToolsLM Hash Backward CompatibilityHow to Disable LM HASH?How to Defend against Password Cracking?Implement and Enforce Strong Security PolicyPrivilege EscalationEscalation of PrivilegesActive@ Password ChangerPrivilege Escalation ToolsHow to Defend against Privilege Escalation?Executing ApplicationsAlchemy Remote ExecutorRemoteExecExecute This!KeyloggerTypes of Keystroke LoggersAcoustic/CAM KeyloggerKeylogger: Advanced KeyloggerKeylogger: Spytech SpyAgentKeylogger: Perfect KeyloggerKeylogger: Powered KeyloggerKeylogger for Mac: Aobo Mac OS X KeyLoggerKeylogger for Mac: Perfect Keylogger for MacHardware Keylogger: KeyGhostKeyloggersSpywareWhat Does the Spyware Do?Types of SpywaresDesktop SpywareDesktop Spyware: Activity MonitorEmail and Internet SpywareEmail and Internet Spyware: eBLASTERInternet and E-mail SpywareChild Monitoring SpywareChild Monitoring Spyware: Advanced Parental ControlScreen Capturing SpywareScreen Capturing Spyware: Spector ProUSB SpywareUSB Spyware: USBDumperAudio SpywareAudio Spyware: RoboNanny, Stealth Recorder Pro and Spy Voice RecorderVideo SpywareVideo Spyware: Net Video SpyPrint SpywarePrint Spyware: Printer Activity MonitorTelephone/Cellphone SpywareCellphone Spyware: Mobile SpyGPS SpywareGPS Spyware: GPS TrackMakerHow to Defend against Keyloggers?Anti-KeyloggerAnti-Keylogger: Zemana AntiLoggerAnti-KeyloggersHow to Defend against Spyware?Anti-Spyware: Spyware DoctorRootkitsTypes of RootkitsHow Rootkit Works?Rootkit: FuDetecting RootkitsSteps for Detecting RootkitsHow to Defend against Rootkits?Anti-Rootkit: RootkitRevealer and McAfee Rootkit DetectiveNTFS Data StreamHow to Create NTFS Streams?NTFS Stream ManipulationHow to Defend against NTFS Streams?NTFS Stream Detector: ADS Scan EngineNTFS Stream DetectorsWhat is Steganography?Steganography TechniquesHow Steganography Works?Types of SteganographyWhitespace Steganography Tool: SNOWImage SteganographyImage Steganography: Hermetic StegoImage Steganography ToolsDocument Steganography: wbStegoDocument Steganography ToolsVideo Steganography: Our SecretVideo Steganography ToolsAudio Steganography: Mp3stegzAudio Steganography ToolsFolder Steganography: Invisible Secrets 4Folder Steganography ToolsSpam/Email Steganography: Spam MimicNatural Text Steganography: Sams Big G Play MakerSteganalysisSteganalysis Methods/Attacks on SteganographySteganography Detection Tool: StegdetectSteganography Detection ToolsWhy Cover Tracks?Covering TracksWays to Clear Online TracksDisabling Auditing: AuditpolCovering Tracks Tool: Window WasherCovering Tracks Tool: Tracks Eraser ProTrack Covering ToolsSystem Hacking Penetration TestingModule 06: Trojans and BackdoorsWhat is a Trojan?Overt and Covert ChannelsPurpose of TrojansWhat Do Trojan Creators Look For?Indications of a Trojan AttackCommon Ports used by TrojansHow to Infect Systems Using a Trojan?WrappersWrapper Covert ProgramsDifferent Ways a Trojan can Get into a SystemHow to Deploy a Trojan?Evading Anti-Virus TechniquesTypes of TrojansCommand Shell TrojansCommand Shell Trojan: NetcatGUI Trojan: MoSuckerGUI Trojan: Jumper and BiodoxDocument TrojansE-mail TrojansE-mail Trojans: RemoteByMailDefacement TrojansDefacement Trojans: RestoratorBotnet TrojansBotnet Trojan: Illusion BotBotnet Trojan: NetBot AttackerProxy Server TrojansProxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)FTP TrojansFTP Trojan: TinyFTPDVNC TrojansHTTP/HTTPS TrojansHTTP Trojan: HTTP RATShttpd Trojan - HTTPS (SSL)ICMP TunnelingICMP Trojan: icmpsendRemote Access TrojansRemote Access Trojan: RAT DarkCometRemote Access Trojan: ApocalypseCovert Channel Trojan: CCTTE-banking TrojansBanking Trojan AnalysisE-banking Trojan: ZeuSDestructive TrojansNotification TrojansCredit Card TrojansData Hiding Trojans (Encrypted Trojans)BlackBerry Trojan: PhoneSnoopMAC OS X Trojan: DNSChangerMAC OS X Trojan: DNSChangerMac OS X Trojan: Hell RaiserHow to Detect Trojans?Scanning for Suspicious PortsPort Monitoring Tool: IceSwordPort Monitoring Tools: CurrPorts and TCPViewScanning for Suspicious ProcessesProcess Monitoring Tool: What's RunningProcess Monitoring ToolsScanning for Suspicious Registry EntriesRegistry Entry Monitoring ToolsScanning for Suspicious Device DriversDevice Drivers Monitoring Tools: DriverViewDevice Drivers Monitoring ToolsScanning for Suspicious Windows ServicesWindows Services Monitoring Tools: Windows Service Manager (SrvMan)Windows Services Monitoring ToolsScanning for Suspicious Startup ProgramsWindows7 Startup Registry EntriesStartup Programs Monitoring Tools: StarterStartup Programs Monitoring Tools: Security AutoRunStartup Programs Monitoring ToolsScanning for Suspicious Files and FoldersFiles and Folder Integrity Checker: FastSum and WinMD5Files and Folder Integrity CheckerScanning for Suspicious Network ActivitiesDetecting Trojans and Worms with Capsa Network AnalyzerTrojan CountermeasuresBackdoor CountermeasuresTrojan Horse Construction KitAnti-Trojan Software: TrojanHunterAnti-Trojan Software: Emsisoft Anti-MalwareAnti-Trojan SoftwaresPen Testing for Trojans and BackdoorsModule 07: Viruses and WormsIntroduction to VirusesVirus and Worm Statistics 2010Stages of Virus LifeWorking of Viruses: Infection PhaseWorking of Viruses: Attack PhaseWhy Do People Create Computer Viruses?Indications of Virus AttackHow does a Computer get Infected by Viruses?Virus HoaxesVirus Analysis:W32/Sality AAW32/Toal-AW32/VirutKlezTypes of VirusesSystem or Boot Sector VirusesFile and Multipartite VirusesMacro VirusesCluster VirusesStealth/Tunneling VirusesEncryption VirusesPolymorphic CodeMetamorphic VirusesFile Overwriting or Cavity VirusesSparse Infector VirusesCompanion/Camouflage VirusesShell VirusesFile Extension VirusesAdd-on and Intrusive VirusesTransient and Terminate and Stay Resident VirusesWriting a Simple Virus ProgramTerabit Virus MakerJPS Virus MakerDELmE's Batch Virus MakerComputer WormsHow is a Worm Different from a Virus?Example of Worm Infection: Conficker WormWhat does the Conficker Worm do?How does the Conficker Worm Work?Worm Analysis:W32/NetskyW32/Bagle.GEWorm Maker: Internet Worm Maker ThingWhat is Sheep Dip Computer?Anti-Virus Sensors SystemsMalware Analysis ProcedureString Extracting Tool: BintextCompression and Decompression Tool: UPXProcess Monitoring Tools: Process MonitorLog Packet Content Monitoring Tools: NetResidentDebugging Tool: OllydbgVirus Analysis Tool: IDA ProOnline Malware Testing:Sunbelt CWSandboxVirusTotalOnline Malware Analysis ServicesVirus Detection MethodsVirus and Worms CountermeasuresCompanion Antivirus: Immunet ProtectAnti-virus ToolsPenetration Testing for VirusModule 08: SniffersLawful InterceptBenefits of Lawful InterceptNetwork Components Used for Lawful InterceptWiretappingSniffing ThreatsHow a Sniffer Works?Hacker Attacking a SwitchTypes of Sniffing: Passive SniffingTypes of Sniffing: Active SniffingProtocols Vulnerable to SniffingTie to Data Link Layer in OSI ModelHardware Protocol AnalyzersSPAN PortMAC FloodingMAC Address/CAM TableHow CAM Works?What Happens When CAM Table is Full?Mac Flooding Switches with macofMAC Flooding Tool: YersiniaHow to Defend against MAC Attacks?How DHCP Works?DHCP Request/Reply MessagesIPv4 DHCP Packet FormatDHCP Starvation AttackRogue DHCP Server AttackDHCP Starvation Attack Tool: GobblerHow to Defend Against DHCP Starvation and Rogue Server Attack?What is Address Resolution Protocol (ARP)?ARP Spoofing AttackHow Does ARP Spoofing Work?Threats of ARP PoisoningARP Poisoning Tool: Cain and AbelARP Poisoning Tool: WinArpAttackerARP Poisoning Tool: Ufasoft SnifHow to Defend Against ARP Poisoning? Use DHCP Snooping Binding Table and Dynamic ARP InspectionConfiguring DHCP Snooping and Dynamic ARP Inspection on Cisco SwitchesMAC Spoofing/DuplicatingSpoofing Attack ThreatsMAC Spoofing Tool: SMACHow to Defend Against MAC Spoofing? Use DHCP Snooping Binding Table, Dynamic ARP Inspection and IP Source GuardDNS Poisoning TechniquesIntranet DNS SpoofingInternet DNS SpoofingProxy Server DNS PoisoningDNS Cache PoisoningHow to Defend Against DNS Spoofing?Sniffing Tool: WiresharkFollow TCP Stream in WiresharkDisplay Filters in WiresharkAdditional Wireshark FiltersSniffing Tool: CACE PilotSniffing Tool: Tcpdump/WindumpDiscovery Tool: NetworkViewDiscovery Tool: The Dude SnifferPassword Sniffing Tool: AcePacket Sniffing Tool: Capsa Network AnalyzerOmniPeek Network AnalyzerNetwork Packet Analyzer: ObserverSession Capture Sniffer: NetWitnessEmail Message Sniffer: Big-MotherTCP/IP Packet Crafter: Packet BuilderAdditional Sniffing ToolsHow an Attacker Hacks the Network Using Sniffers?How to Defend Against Sniffing?Sniffing Prevention TechniquesHow to Detect Sniffing?Promiscuous Detection Tool: PromqryUIPromiscuous Detection Tool: PromiScanModule 09: Social EngineeringWhat is Social Engineering?Behaviors Vulnerable to AttacksFactors that Make Companies Vulnerable to AttacksWhy is Social Engineering Effective?Warning Signs of an AttackPhases in a Social Engineering AttackImpact on the OrganizationCommand Injection AttacksCommon Targets of Social EngineeringCommon Targets of Social Engineering: Office WorkersTypes of Social EngineeringHuman-Based Social EngineeringTechnical Support ExampleAuthority Support ExampleHuman-based Social Engineering: Dumpster DivingComputer-Based Social EngineeringComputer-Based Social Engineering: Pop-UpsComputer-Based Social Engineering: PhishingSocial Engineering Using SMSSocial Engineering by a “Fake SMS Spying Tool”Insider AttackDisgruntled EmployeePreventing Insider ThreatsCommon Intrusion Tactics and Strategies for PreventionSocial Engineering Through Impersonation on Social Networking SitesSocial Engineering Example: LinkedIn ProfileSocial Engineering on FacebookSocial Engineering on TwitterSocial Engineering on OrkutSocial Engineering on MySpaceRisks of Social Networking to Corporate NetworksIdentity Theft Statistics 2010Identify TheftHow to Steal an Identity?STEP 1STEP 2STEP 3Real Steven Gets Huge Credit Card StatementIdentity Theft - Serious ProblemSocial Engineering Countermeasures: PoliciesSocial Engineering CountermeasuresHow to Detect Phishing Emails?Anti-Phishing Toolbar: NetcraftAnti-Phishing Toolbar: PhishTankIdentity Theft CountermeasuresSocial Engineering Pen TestingSocial Engineering Pen Testing: Using EmailsSocial Engineering Pen Testing: Using PhoneSocial Engineering Pen Testing: In PersonModule 10: Denial of ServiceWhat is a Denial of Service Attack?What is Distributed Denial of Service Attacks?How Distributed Denial of Service Attacks Work?Symptoms of a DoS AttackCyber CriminalsOrganized Cyber Crime: Organizational ChartInternet Chat Query (ICQ)Internet Relay Chat (IRC)DoS Attack TechniquesBandwidth AttacksService Request FloodsSYN AttackSYN FloodingICMP Flood AttackPeer-to-Peer AttacksPermanent Denial-of-Service AttackApplication Level Flood AttacksBotnetBotnet Propagation TechniqueBotnet EcosystemBotnet Trojan: SharkPoison Ivy: Botnet Command Control CenterBotnet Trojan: PlugBotWikiLeak Operation PaybackDDoS AttackDDoS Attack Tool: LOICDenial of Service Attack Against MasterCard, Visa, and Swiss BanksHackers Advertise Links to Download BotnetDoS Attack ToolsDetection TechniquesActivity ProfilingWavelet AnalysisSequential Change-Point DetectionDoS/DDoS Countermeasure StrategiesDDoS Attack CountermeasuresDoS/DDoS Countermeasures: Protect Secondary VictimsDoS/DDoS Countermeasures: Detect and Neutralize HandlersDoS/DDoS Countermeasures: Detect Potential AttacksDoS/DDoS Countermeasures: Deflect AttacksDoS/DDoS Countermeasures: Mitigate AttacksPost-attack ForensicsTechniques to Defend against BotnetsDoS/DDoS CountermeasuresDoS/DDoS Protection at ISP LevelEnabling TCP Intercept on Cisco IOS SoftwareAdvanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)DoS/DDoS Protection ToolDenial of Service (DoS) Attack Penetration TestingModule 11: Session HijackingWhat is Session Hijacking?Dangers Posed by HijackingWhy Session Hijacking is Successful?Key Session Hijacking TechniquesBrute ForcingBrute Forcing AttackHTTP Referrer AttackSpoofing vs. HijackingSession Hijacking ProcessPacket Analysis of a Local Session HijackTypes of Session HijackingSession Hijacking in OSI ModelApplication Level Session HijackingSession SniffingPredictable Session TokenHow to Predict a Session Token?Man-in-the-Middle AttackMan-in-the-Browser AttackSteps to Perform Man-in-the-Browser AttackClient-side AttacksCross-site Script AttackSession FixationSession Fixation AttackNetwork Level Session HijackingThe 3-Way HandshakeSequence NumbersSequence Number PredictionTCP/IP HijackingIP Spoofing: Source Routed PacketsRST HijackingBlind HijackingMan-in-the-Middle Attack using Packet SnifferUDP HijackingSession Hijacking ToolsParosBurp SuiteFiresheepCountermeasuresProtecting against Session HijackingMethods to Prevent Session Hijacking: To be Followed by Web DevelopersMethods to Prevent Session Hijacking: To be Followed by Web UsersDefending against Session Hijack AttacksSession Hijacking RemediationIPSecModes of IPSecIPSec ArchitectureIPSec Authentication and ConfidentialityComponents of IPSecIPSec ImplementationSession Hijacking Pen TestingModule 12: Hijacking WebserversWebserver Market SharesOpen Source Webserver ArchitectureIIS Webserver ArchitectureWebsite DefacementCase StudyWhy Web Servers are Compromised?Impact of Webserver AttacksWebserver MisconfigurationExampleDirectory Traversal AttacksHTTP Response Splitting AttackWeb Cache Poisoning AttackHTTP Response HijackingSSH Bruteforce AttackMan-in-the-Middle AttackWebserver Password CrackingWebserver Password Cracking TechniquesWeb Application AttacksWebserver Attack MethodologyInformation GatheringWebserver FootprintingWebserver Footprinting ToolsMirroring a WebsiteVulnerability ScanningSession HijackingHacking Web PasswordsWebserver Attack ToolsMetasploitMetasploit ArchitectureMetasploit Exploit ModuleMetasploit Payload ModuleMetasploit Auxiliary ModuleMetasploit NOPS ModuleWfetchWeb Password Cracking ToolBrutusTHC-HydraCountermeasuresPatches and UpdatesProtocolsAccountsFiles and DirectoriesHow to Defend Against Web Server Attacks?How to Defend against HTTP Response Splitting and Web Cache Poisoning?Patches and HotfixesWhat is Patch Management?Identifying Appropriate Sources for Updates and PatchesInstallation of a PatchPatch Management Tool: Microsoft Baseline Security Analyzer (MBSA)Patch Management ToolsWeb Application Security Scanner: SandcatWeb Server Security Scanner: WiktoWebserver Malware Infection Monitoring Tool: HackAlertWebserver Security ToolsWeb Server Penetration TestingModule 13: Hacking Web ApplicationsWeb Application Security StatisticsIntroduction to Web ApplicationsWeb Application ComponentsHow Web Applications Work?Web Application ArchitectureWeb 2.0 ApplicationsVulnerability StackWeb Attack VectorsWeb Application Threats - 1Web Application Threats - 2Unvalidated InputParameter/Form TamperingDirectory TraversalSecurity MisconfigurationInjection FlawsSQL Injection AttacksCommand Injection AttacksCommand Injection ExampleFile Injection AttackWhat is LDAP Injection?How LDAP Injection Works?Hidden Field Manipulation AttackCross-Site Scripting (XSS) AttacksHow XSS Attacks Work?Cross-Site Scripting Attack Scenario: Attack via EmailXSS Example: Attack via EmailXSS Example: Stealing Users' CookiesXSS Example: Sending an Unauthorized RequestXSS Attack in Blog PostingXSS Attack in Comment FieldXSS Cheat SheetCross-Site Request Forgery (CSRF) AttackHow CSRF Attacks Work?Web Application Denial-of-Service (DoS) AttackDenial of Service (DoS) ExamplesBuffer Overflow AttacksCookie/Session PoisoningHow Cookie Poisoning Works?Session Fixation AttackInsufficient Transport Layer ProtectionImproper Error HandlingInsecure Cryptographic StorageBroken Authentication and Session ManagementUnvalidated Redirects and ForwardsWeb Services ArchitectureWeb Services AttackWeb Services Footprinting AttackWeb Services XML PoisoningFootprint Web InfrastructureFootprint Web Infrastructure: Server DiscoveryFootprint Web Infrastructure: Server Identification/Banner GrabbingFootprint Web Infrastructure: Hidden Content DiscoveryWeb Spidering Using Burp SuiteHacking Web ServersWeb Server Hacking Tool: WebInspectAnalyze Web ApplicationsAnalyze Web Applications: Identify Entry Points for User InputAnalyze Web Applications: Identify Server-Side TechnologiesAnalyze Web Applications: Identify Server-Side FunctionalityAnalyze Web Applications: Map the Attack SurfaceAttack Authentication MechanismUsername EnumerationPassword Attacks: Password Functionality ExploitsPassword Attacks: Password GuessingPassword Attacks: Brute-forcingSession Attacks: Session ID Prediction/ Brute-forcingCookie Exploitation: Cookie PoisoningAuthorization AttackHTTP Request TamperingAuthorization Attack: Cookie Parameter TamperingSession Management AttackAttacking Session Token Generation MechanismAttacking Session Tokens Handling Mechanism: Session Token SniffingInjection AttacksAttack Data ConnectivityConnection String InjectionConnection String Parameter Pollution (CSPP) AttacksConnection Pool DoSAttack Web App ClientAttack Web ServicesWeb Services Probing AttacksWeb Service Attacks: SOAP InjectionWeb Service Attacks: XML InjectionWeb Services Parsing AttacksWeb Service Attack Tool: soapUIWeb Service Attack Tool: XMLSpyWeb Application Hacking Tool: Burp Suite ProfessionalWeb Application Hacking Tools: CookieDiggerWeb Application Hacking Tools: WebScarabWeb Application Hacking ToolsEncoding SchemesHow to Defend Against SQL Injection Attacks?How to Defend Against Command Injection Flaws?How to Defend Against XSS Attacks?How to Defend Against DoS Attack?How to Defend Against Web Services Attack?Web Application CountermeasuresHow to Defend Against Web Application Attacks?Web Application Security Tool: Acunetix Web Vulnerability ScannerWeb Application Security Tool: Falcove Web Vulnerability ScannerWeb Application Security Scanner: NetsparkerWeb Application Security Tool: N-Stalker Web Application Security ScannerWeb Application Security ToolsWeb Application Firewall: dotDefenderWeb Application Firewall: IBM AppScanWeb Application Firewall: ServerDefender VPWeb Application FirewallWeb Application Pen TestingInformation GatheringConfiguration Management TestingAuthentication TestingSession Management TestingAuthorization TestingData Validation TestingDenial of Service TestingWeb Services TestingAJAX TestingModule 14: SQL InjectionSQL Injection is the Most Prevalent Vulnerability in 2010SQL Injection ThreatsWhat is SQL Injection?SQL Injection AttacksHow Web Applications Work?Server Side TechnologiesHTTP Post RequestExample 1: Normal SQL QueryExample 1: SQL Injection QueryExample 1: Code AnalysisExample 2: BadProductList.aspxExample 2: Attack AnalysisExample 3: Updating TableExample 4: Adding New RecordsExample 5: Identifying the Table NameExample 6: Deleting a TableSQL Injection DetectionSQL Injection Error MessagesSQL Injection Attack CharactersAdditional Methods to Detect SQL InjectionSQL Injection Black Box Pen TestingTesting for SQL InjectionTypes of SQL InjectionSimple SQL Injection AttackUnion SQL Injection ExampleSQL Injection Error BasedWhat is Blind SQL Injection?No Error Messages ReturnedBlind SQL Injection: WAITFOR DELAY YES or NO ResponseBlind SQL Injection – Exploitation (MySQL)Blind SQL Injection - Extract Database UserBlind SQL Injection - Extract Database NameBlind SQL Injection - Extract Column NameBlind SQL Injection - Extract Data from ROWSSQL Injection MethodologyInformation GatheringExtracting Information through Error MessagesUnderstanding SQL QueryBypass Website Logins Using SQL InjectionDatabase, Table, and Column EnumerationAdvanced EnumerationFeatures of Different DBMSsCreating Database AccountsPassword GrabbingGrabbing SQL Server HashesExtracting SQL Hashes (In a Single Statement)Transfer Database to Attacker’s MachineInteracting with the Operating SystemInteracting with the FileSystemNetwork Reconnaissance Full QuerySQL Injection ToolsSQL Injection Tools: BSQLHackerSQL Injection Tools: Marathon ToolSQL Injection Tools: SQL Power InjectorSQL Injection Tools: HavijEvading IDSTypes of Signature Evasion TechniquesEvasion Technique: Sophisticated MatchesEvasion Technique: Hex EncodingEvasion Technique: Manipulating White SpacesEvasion Technique: In-line CommentEvasion Technique: Char EncodingEvasion Technique: String ConcatenationEvasion Technique: Obfuscated CodesHow to Defend Against SQL Injection Attacks?How to Defend Against SQL Injection Attacks: Use Type-Safe SQL ParametersSQL Injection Detection ToolsSQL Injection Detection Tool: Microsoft Source Code AnalyzerSQL Injection Detection Tool: Microsoft UrlScanSQL Injection Detection Tool: dotDefenderSQL Injection Detection Tool: IBM AppScanSnort Rule to Detect SQL Injection AttacksModule 15: Hacking Wireless NetworksWireless NetworksWi-Fi Usage Statistics in the USWi-Fi Hotspots at Public PlacesWi-Fi Networks at HomeTypes of Wireless NetworksWireless StandardsService Set Identifier (SSID)Wi-Fi Authentication ModesWi-Fi Authentication Process Using a Centralized Authentication ServerWi-Fi Authentication ProcessWireless TerminologiesWi-Fi ChalkingWi-Fi Chalking SymbolsWi-Fi Hotspot Finder: Wi-Fi Hotspot Finder: Types of Wireless AntennaParabolic Grid AntennaTypes of Wireless EncryptionWEP EncryptionHow WEP Works?What is WPA?How WPA Works?Temporal KeysWhat is WPA2?How WPA2 Works?WEP vs. WPA vs. WPA2WEP IssuesWeak Initialization Vectors (IV)How to Break WEP Encryption?How to Break WPA/WPA2 Encryption?How to Defend Against WPA Cracking?Wireless Threats: Access Control AttacksWireless Threats: Integrity AttacksWireless Threats: Confidentiality AttacksWireless Threats: Availability AttacksWireless Threats: Authentication AttacksRogue Access Point AttackClient Mis-associationMisconfigured Access Point AttackUnauthorized AssociationAd Hoc Connection AttackHoneySpot Access Point AttackAP MAC SpoofingDenial-of-Service AttackJamming Signal AttackWi-Fi Jamming DevicesWireless Hacking MethodologyFind Wi-Fi Networks to AttackAttackers Scanning for Wi-Fi NetworksFootprint the Wireless NetworkWi-Fi Discovery Tool: inSSIDerWi-Fi Discovery Tool: NetSurveyorWi-Fi Discovery Tool: NetStumblerWi-Fi Discovery Tool: VistumblerWi-Fi Discovery Tool: WirelessMonWi-Fi Discovery ToolsGPS MappingGPS Mapping Tool: WIGLEGPS Mapping Tool: SkyhookHow to Discover Wi-Fi Network Using Wardriving?Wireless Traffic AnalysisWireless Cards and ChipsetsWi-Fi USB Dongle: AirPcapWi-Fi Packet Sniffer: Wireshark with AirPcapWi-Fi Packet Sniffer: Wi-Fi PilotWi-Fi Packet Sniffer: OmniPeekWi-Fi Packet Sniffer: CommView for Wi-FiWhat is Spectrum Analysis?Wireless SniffersAircrack-ng SuiteHow to Reveal Hidden SSIDsFragmentation AttackHow to Launch MAC Spoofing Attack?Denial of Service: Deauthentication and Disassociation AttacksMan-in-the-Middle AttackMITM Attack Using Aircrack-ngWireless ARP Poisoning AttackRogue Access PointEvil TwinHow to Set Up a Fake Hotspot (Evil Twin)?How to Crack WEP Using Aircrack?How to Crack WEP Using Aircrack? Screenshot 1/2How to Crack WEP Using Aircrack? Screenshot 2/2How to Crack WPA-PSK Using Aircrack?WPA Cracking Tool: KisMACWEP Cracking Using Cain & AbelWPA Brute Forcing Using Cain & AbelWPA Cracking Tool: Elcomsoft Wireless Security AuditorWEP/WPA Cracking ToolsWi-Fi Sniffer: KismetWardriving ToolsRF Monitoring ToolsWi-Fi Connection Manager ToolsWi-Fi Traffic Analyzer ToolsWi-Fi Raw Packet Capturing ToolsWi-Fi Spectrum Analyzing ToolsBluetooth HackingBluetooth StackBluetooth ThreatsHow to BlueJack a Victim?Bluetooth Hacking Tool: Super Bluetooth HackBluetooth Hacking Tool: PhoneSnoopBluetooth Hacking Tool: BlueScannerBluetooth Hacking ToolsHow to Defend Against Bluetooth Hacking?How to Detect and Block Rogue AP?Wireless Security LayersHow to Defend Against Wireless Attacks?Wireless Intrusion Prevention SystemsWireless IPS DeploymentWi-Fi Security Auditing Tool: AirMagnet WiFi AnalyzerWi-Fi Security Auditing Tool: AirDefenseWi-Fi Security Auditing Tool: Adaptive Wireless IPSWi-Fi Security Auditing Tool: Aruba RFProtect WIPSWi-Fi Intrusion Prevention SystemWi-Fi Predictive Planning ToolsWi-Fi Vulnerability Scanning ToolsWireless Penetration TestingWireless Penetration Testing FrameworkWi-Fi Pen Testing FrameworkPen Testing LEAP Encrypted WLANPen Testing WPA/WPA2 Encrypted WLANPen Testing WEP Encrypted WLANPen Testing Unencrypted WLANModule 16: Evading IDS, Firewalls, and HoneypotsIntrusion Detection Systems (IDS) and its PlacementHow IDS Works?Ways to Detect an IntrusionTypes of Intrusion Detection SystemsSystem Integrity Verifiers (SIV)General Indications of IntrusionsGeneral Indications of System IntrusionsFirewallFirewall ArchitectureDeMilitarized Zone (DMZ)Types of FirewallPacket Filtering FirewallCircuit-Level Gateway FirewallApplication-Level FirewallStateful Multilayer Inspection FirewallFirewall IdentificationPort ScanningFirewalkingBanner GrabbingHoneypotTypes of HoneypotsHow to Set Up a Honeypot?Intrusion Detection ToolSnortSnort RulesRule Actions and IP ProtocolsThe Direction Operator and IP AddressesPort NumbersIntrusion Detection Systems: Tipping PointIntrusion Detection ToolsFirewall: Sunbelt Personal FirewallFirewallsHoneypot ToolsKFSensorSPECTERInsertion AttackEvasionDenial-of-Service Attack (DoS)ObfuscatingFalse Positive GenerationSession SplicingUnicode Evasion TechniqueFragmentation AttackOverlapping FragmentsTime-To-Live AttacksInvalid RST PacketsUrgency FlagPolymorphic ShellcodeASCII ShellcodeApplication-Layer AttacksDesynchronizationPre Connection SYNPost Connection SYNOther Types of EvasionIP Address SpoofingAttacking Session Token Generation MechanismTiny FragmentsBypass Blocked Sites Using IP Address in Place of URLBypass Blocked Sites Using Anonymous Website Surfing SitesBypass a Firewall using Proxy ServerBypassing Firewall through ICMP Tunneling MethodBypassing Firewall through ACK Tunneling MethodBypassing Firewall through HTTP Tunneling MethodBypassing Firewall through External SystemsBypassing Firewall through MITM AttackDetecting HoneypotsHoneypot Detecting Tool: Send-Safe Honeypot HunterFirewall Evasion ToolsTraffic IQ Professionaltcp-over-dnsFirewall Evasion ToolsPacket Fragment GeneratorsCountermeasuresFirewall/IDS Penetration TestingFirewall Penetration TestingIDS Penetration TestingModule 17: Buffer OverflowBuffer OverflowsWhy are Programs And Applications Vulnerable?Understanding StacksStack-Based Buffer OverflowUnderstanding HeapHeap-Based Buffer OverflowStack OperationsShellcodeNo Operations (NOPs)Knowledge Required to Program Buffer Overflow ExploitsBuffer Overflow StepsAttacking a Real ProgramFormat String ProblemOverflow using Format StringSmashing the StackOnce the Stack is Smashed...Simple Uncontrolled OverflowSimple Buffer Overflow in CCode AnalysisExploiting Semantic Comments in C (Annotations)How to Mutate a Buffer Overflow Exploit?Identifying Buffer OverflowsHow to Detect Buffer Overflows in a Program?BOU (Buffer Overflow Utility)Testing for Heap Overflow Conditions: heap.exeSteps for Testing for Stack Overflow in OllyDbg DebuggerTesting for Stack Overflow in OllyDbg DebuggerTesting for Format String Conditions using IDA ProBoF Detection ToolsDefense Against Buffer OverflowsPreventing BoF AttacksProgramming CountermeasuresData Execution Prevention (DEP)Enhanced Mitigation Experience Toolkit (EMET)EMET System Configuration SettingsEMET Application Configuration Window/GS Security ToolsBufferShieldBuffer Overflow Penetration TestingModule 18: CryptographyCryptographyTypes of CryptographyGovernment Access to Keys (GAK)CiphersAdvanced Encryption Standard (AES)Data Encryption Standard (DES)RC4, RC5, RC6 AlgorithmsThe DSA and Related Signature SchemesRSA (Rivest Shamir Adleman)Example of RSA AlgorithmThe RSA Signature SchemeMessage Digest (One-way Bash) FunctionsMessage Digest Function: MD5Secure Hashing Algorithm (SHA)What is SSH (Secure Shell)?MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFilesCryptography Tool: Advanced Encryption PackageCryptography ToolsPublic Key Infrastructure (PKI)Certification AuthoritiesDigital SignatureSSL (Secure Sockets Layer)Transport Layer Security (TLS)Disk EncryptionDisk Encryption Tool: TrueCryptDisk Encryption ToolsCryptography AttacksCode Breaking MethodologiesBrute-Force AttackMeet-in-the-Middle Attack on Digital Signature SchemesCryptanalysis Tool: CrypToolCryptanalysis ToolsOnline MD5 Decryption ToolModule 19: Penetration TestingIntroduction to Penetration TestingSecurity AssessmentsVulnerability AssessmentLimitations of Vulnerability AssessmentPenetration TestingWhy Penetration Testing?What Should be Tested?What Makes a Good Penetration Test?ROI on Penetration TestingTesting PointsTesting LocationsTypes of Penetration TestingExternal Penetration TestingInternal Security AssessmentBlack-box Penetration TestingGrey-box Penetration TestingWhite-box Penetration TestingAnnounced / Unannounced TestingAutomated TestingManual TestingCommon Penetration Testing TechniquesUsing DNS Domain Name and IP Address InformationEnumerating Information about Hosts on Publicly-Available NetworksPhases of Penetration TestingPre-Attack PhaseAttack PhaseActivity: Perimeter TestingEnumerating DevicesActivity: Acquiring TargetActivity: Escalating PrivilegesActivity: Execute, Implant, and RetractPost-Attack Phase and ActivitiesPenetration Testing Deliverable TemplatesPenetration Testing MethodologyApplication Security AssessmentWeb Application Testing - IWeb Application Testing - IIWeb Application Testing - IIINetwork Security AssessmentWireless/Remote Access AssessmentWireless TestingTelephony Security AssessmentSocial EngineeringTesting Network-Filtering DevicesDenial of Service EmulationOutsourcing Penetration Testing ServicesTerms of EngagementProject ScopePentest Service Level AgreementsPenetration Testing ConsultantsEvaluating Different Types of Pentest ToolsApplication Security Assessment ToolWebscarabNetwork Security Assessment ToolAngry IP scannerGFI LANguardWireless/Remote Access Assessment ToolKismetTelephony Security Assessment ToolOmnipeekTesting Network-Filtering Device ToolTraffic IQ Professional ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download