Ceh Cbt Nugget Outline
description
Transcript of Ceh Cbt Nugget Outline
Module 01: Introduction to Ethical Hacking What is Footprinting?
Internet Crime Current Report: IC3 Objectives of Footprinting
Data Breach Investigations Report Footprinting Threats
Types of Data Stolen From the Organizations Finding a Company’s URL
Essential Terminologies Locate Internal URLs
Elements of Information Security Public and Restricted Websites
Authenticity and Non-Repudiation Search for Company’s Information
The Security, Functionality, and Usability Triangle Tools to Extract Company’s Data
Security Challenges Footprinting Through Search Engines
Effects of Hacking Collect Location Information
Effects of Hacking on Business Satellite Picture of a Residence
Who is a Hacker? People Search
Hacker Classes People Search Using http://pipl.com
Hacktivism People Search Online Services
What Does a Hacker Do? People Search on Social Networking Services
Phase 1 - Reconnaissance Gather Information from Financial Services
Reconnaissance Types Footprinting Through Job Sites
Phase 2 - Scanning Monitoring Target Using Alerts
Phase 3 – Gaining Access Competitive Intelligence Gathering
Phase 4 – Maintaining Access Competitive Intelligence-When Did this Company Begin? How Did it Develop?
Phase 5 – Covering Tracks Competitive Intelligence-What are the Company's Plans?
Types of Attacks on a System Competitive Intelligence-What Expert Opinion Say About the Company?
Operating System Attacks Competitive Intelligence Tools
Application-Level Attacks Competitive Intelligence Consulting Companies
Shrink Wrap Code Attacks WHOIS Lookup
Misconfiguration Attacks WHOIS Lookup Result Analysis
Why Ethical Hacking is Necessary? WHOIS Lookup Tools: SmartWhois
Defense in Depth WHOIS Lookup Tools
Scope and Limitations of Ethical Hacking WHOIS Lookup Online Tools
What Do Ethical Hackers Do? Extracting DNS Information
Skills of an Ethical Hacker DNS Interrogation Tools
Vulnerability Research DNS Interrogation Online Tools
Vulnerability Research Websites Locate the Network Range
What is Penetration Testing? Traceroute
Why Penetration Testing? Traceroute Analysis
Penetration Testing Methodology Traceroute Tool: 3D Traceroute
Traceroute Tool: LoriotPro
Module 02: Footprinting and Reconnaissance Traceroute Tool: Path Analyzer Pro
Footprinting Terminologies Traceroute Tools
CEH v 8 Course Outline: This course prepares you for EC-Council Certified Ethical Hacker exam 312-50
Module 02: Footprinting and Reconnaissance (Continued) ICMP Echo Scanning/List Scan
Mirroring Entire Website SYN/FIN Scanning Using IP Fragments
Website Mirroring Tools UDP Scanning
Mirroring Entire Website Tools Inverse TCP Flag Scanning
Extract Website Information from http://www.archive.org ACK Flag Scanning
Monitoring Web Updates Using Website Watcher Scanning: IDS Evasion Techniques
Tracking Email Communications IP Fragmentation Tools
Email Tracking Tools Scanning Tool: Nmap
Footprint Using Google Hacking Techniques Scanning Tool: NetScan Tools Pro
What a Hacker Can Do With Google Hacking? Scanning Tools
Google Advance Search Operators Do Not Scan These IP Addresses (Unless you want to get into trouble)
Finding Resources using Google Advance Operator Scanning Countermeasures
Google Hacking Tool: Google Hacking Database (GHDB) War Dialing
Google Hacking Tools Why War Dialing?
Additional Footprinting Tools War Dialing Tools
Footprinting Countermeasures War Dialing Countermeasures
Footprinting Pen Testing War Dialing Countermeasures: SandTrap Tool
OS Fingerprinting
Module 03: Scanning Networks Active Banner Grabbing Using Telnet
Network Scanning Banner Grabbing Tool: ID Serve
Types of Scanning GET REQUESTS
Checking for Live Systems - ICMP Scanning Banner Grabbing Tool: Netcraft
Ping Sweep Banner Grabbing Tools
Ping Sweep Tools Banner Grabbing Countermeasures: Disabling or Changing Banner
Three-Way Handshake Hiding File Extensions
TCP Communication Flags Hiding File Extensions from Webpages
Create Custom Packet using TCP Flags Vulnerability Scanning
Hping2 / Hping3 Vulnerability Scanning Tool: Nessus
Hping Commands Vulnerability Scanning Tool: SAINT
Scanning Techniques Vulnerability Scanning Tool: GFI LANGuard
TCP Connect / Full Open Scan Network Vulnerability Scanners
Stealth Scan (Half-open Scan) LANsurveyor
Xmas Scan Network Mappers
FIN Scan Proxy Servers
NULL Scan Why Attackers Use Proxy Servers?
IDLE Scan Use of Proxies for Attack
IDLE Scan: Step 1 How Does MultiProxy Work?
IDLE Scan: Step 2.1 (Open Port) Free Proxy Servers
IDLE Scan: Step 2.2 (Closed Port) Proxy Workbench
IDLE Scan: Step 3 Proxifier Tool: Create Chain of Proxy Servers
Module 03: Scanning Networks (Continued) SNMP Enumeration Tool: SolarWinds
SocksChain SNMP Enumeration Tools
TOR (The Onion Routing) UNIX/Linux Enumeration
TOR Proxy Chaining Software Linux Enumeration Tool: Enum4linux
HTTP Tunneling Techniques LDAP Enumeration
Why do I Need HTTP Tunneling? LDAP Enumeration Tool: JXplorer
Super Network Tunnel Tool LDAP Enumeration Tool
Httptunnel for Windows NTP Enumeration
Additional HTTP Tunneling Tools NTP Server Discovery Tool: NTP Server Scanner
SSH Tunneling NTP Server: PresenTense Time Server
SSL Proxy Tool NTP Enumeration Tools
How to Run SSL Proxy? SMTP Enumeration
Proxy Tools SMTP Enumeration Tool: NetScanTools Pro
Anonymizers DNS Zone Transfer Enumeration Using nslookup
Types of Anonymizers DNS Analyzing and Enumeration Tool: The Men & Mice Suite
Case: Bloggers Write Text Backwards to Bypass Web Filters in China Enumeration Countermeasures
Text Conversion to Avoid Filters SMB Enumeration Countermeasures
Censorship Circumvention Tool: Psiphon Enumeration Pen Testing
How Psiphon Works?
How to Check if Your Website is Blocked in China or Not? Module 05: System Hacking
G-Zapper Information at Hand Before System Hacking Stage
Anonymizer Tools System Hacking: Goals
Spoofing IP Address CEH Hacking Methodology (CHM)
IP Spoofing Detection Techniques: Direct TTL Probes Password Cracking
IP Spoofing Detection Techniques: IP Identification Number Password Complexity
IP Spoofing Detection Techniques: TCP Flow Control Method Password Cracking Techniques
IP Spoofing Countermeasures Types of Password Attacks
Scanning Pen Testing Passive Online Attacks: Wire Sniffing
Password Sniffing
Module 04: Enumeration Passive Online Attack: Man-in-the-Middle and Replay Attack
What is Enumeration? Active Online Attack: Password Guessing
Techniques for Enumeration Active Online Attack: Trojan/Spyware/Keylogger
Netbios Enumeration Active Online Attack: Hash Injection Attack
NetBIOS Enumeration Tool: SuperScan Rainbow Attacks: Pre-Computed Hash
NetBIOS Enumeration Tool: NetBIOS Enumerator Distributed Network Attack
Enumerating User Accounts Elcomsoft Distributed Password Recovery
Enumerate Systems Using Default Passwords Non-Electronic Attacks
SNMP (Simple Network Management Protocol) Enumeration Default Passwords
Management Information Base (MIB) Manual Password Cracking (Guessing)
SNMP Enumeration Tool: OpUtils Network Monitoring Toolset Automatic Password Cracking Algorithm
Module 05: System Hacking (Continued) Keyloggers
Stealing Passwords Using USB Drive Spyware
Microsoft Authentication What Does the Spyware Do?
How Hash Passwords are Stored in Windows SAM? Types of Spywares
What is LAN Manager Hash? Desktop Spyware
LM “Hash” Generation Desktop Spyware: Activity Monitor
LM, NTLMv1, and NTLMv2 Email and Internet Spyware
NTLM Authentication Process Email and Internet Spyware: eBLASTER
Kerberos Authentication Internet and E-mail Spyware
Salting Child Monitoring Spyware
PWdump7 and Fgdump Child Monitoring Spyware: Advanced Parental Control
L0phtCrack Screen Capturing Spyware
Ophcrack Screen Capturing Spyware: Spector Pro
Cain & Abel USB Spyware
RainbowCrack USB Spyware: USBDumper
Password Cracking Tools Audio Spyware
LM Hash Backward Compatibility
Audio Spyware: RoboNanny, Stealth Recorder Pro and Spy
Voice Recorder
How to Disable LM HASH? Video Spyware
How to Defend against Password Cracking? Video Spyware: Net Video Spy
Implement and Enforce Strong Security Policy Print Spyware
Privilege Escalation Print Spyware: Printer Activity Monitor
Escalation of Privileges Telephone/Cellphone Spyware
Active@ Password Changer Cellphone Spyware: Mobile Spy
Privilege Escalation Tools GPS Spyware
How to Defend against Privilege Escalation? GPS Spyware: GPS TrackMaker
Executing Applications How to Defend against Keyloggers?
Alchemy Remote Executor Anti-Keylogger
RemoteExec Anti-Keylogger: Zemana AntiLogger
Execute This! Anti-Keyloggers
Keylogger How to Defend against Spyware?
Types of Keystroke Loggers Anti-Spyware: Spyware Doctor
Acoustic/CAM Keylogger Rootkits
Keylogger: Advanced Keylogger Types of Rootkits
Keylogger: Spytech SpyAgent How Rootkit Works?
Keylogger: Perfect Keylogger Rootkit: Fu
Keylogger: Powered Keylogger Detecting Rootkits
Keylogger for Mac: Aobo Mac OS X KeyLogger Steps for Detecting Rootkits
Keylogger for Mac: Perfect Keylogger for Mac How to Defend against Rootkits?
Hardware Keylogger: KeyGhost Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective
Module 05: System Hacking (Continued) Overt and Covert Channels
NTFS Data Stream Purpose of Trojans
How to Create NTFS Streams? What Do Trojan Creators Look For?
NTFS Stream Manipulation Indications of a Trojan Attack
How to Defend against NTFS Streams? Common Ports used by Trojans
NTFS Stream Detector: ADS Scan Engine How to Infect Systems Using a Trojan?
NTFS Stream Detectors Wrappers
What is Steganography? Wrapper Covert Programs
Steganography Techniques Different Ways a Trojan can Get into a System
How Steganography Works? How to Deploy a Trojan?
Types of Steganography Evading Anti-Virus Techniques
Whitespace Steganography Tool: SNOW Types of Trojans
Image Steganography Command Shell Trojans
Image Steganography: Hermetic Stego Command Shell Trojan: Netcat
Image Steganography Tools GUI Trojan: MoSucker
Document Steganography: wbStego GUI Trojan: Jumper and Biodox
Document Steganography Tools Document Trojans
Video Steganography: Our Secret E-mail Trojans
Video Steganography Tools E-mail Trojans: RemoteByMail
Audio Steganography: Mp3stegz Defacement Trojans
Audio Steganography Tools Defacement Trojans: Restorator
Folder Steganography: Invisible Secrets 4 Botnet Trojans
Folder Steganography Tools Botnet Trojan: Illusion Bot
Spam/Email Steganography: Spam Mimic Botnet Trojan: NetBot Attacker
Natural Text Steganography: Sams Big G Play Maker Proxy Server Trojans
Steganalysis Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)
Steganalysis Methods/Attacks on Steganography FTP Trojans
Steganography Detection Tool: Stegdetect FTP Trojan: TinyFTPD
Steganography Detection Tools VNC Trojans
Why Cover Tracks? HTTP/HTTPS Trojans
Covering Tracks HTTP Trojan: HTTP RAT
Ways to Clear Online Tracks Shttpd Trojan - HTTPS (SSL)
Disabling Auditing: Auditpol ICMP Tunneling
Covering Tracks Tool: Window Washer ICMP Trojan: icmpsend
Covering Tracks Tool: Tracks Eraser Pro Remote Access Trojans
Track Covering Tools Remote Access Trojan: RAT DarkComet
System Hacking Penetration Testing Remote Access Trojan: Apocalypse
Covert Channel Trojan: CCTT
Module 06: Trojans and Backdoors E-banking Trojans
What is a Trojan? Banking Trojan Analysis
Module 06: Trojans and Backdoors (Continued) Anti-Trojan Software: Emsisoft Anti-Malware
E-banking Trojan: ZeuS Anti-Trojan Softwares
Destructive Trojans Pen Testing for Trojans and Backdoors
Notification Trojans
Credit Card Trojans Module 07: Viruses and Worms
Data Hiding Trojans (Encrypted Trojans) Introduction to Viruses
BlackBerry Trojan: PhoneSnoop Virus and Worm Statistics 2010
MAC OS X Trojan: DNSChanger Stages of Virus Life
MAC OS X Trojan: DNSChanger Working of Viruses: Infection Phase
Mac OS X Trojan: Hell Raiser Working of Viruses: Attack Phase
How to Detect Trojans? Why Do People Create Computer Viruses?
Scanning for Suspicious Ports Indications of Virus Attack
Port Monitoring Tool: IceSword How does a Computer get Infected by Viruses?
Port Monitoring Tools: CurrPorts and TCPView Virus Hoaxes
Scanning for Suspicious Processes Virus Analysis:
Process Monitoring Tool: What's Running W32/Sality AA
Process Monitoring Tools W32/Toal-A
Scanning for Suspicious Registry Entries W32/Virut
Registry Entry Monitoring Tools Klez
Scanning for Suspicious Device Drivers Types of Viruses
Device Drivers Monitoring Tools: DriverView System or Boot Sector Viruses
Device Drivers Monitoring Tools File and Multipartite Viruses
Scanning for Suspicious Windows Services Macro Viruses
Windows Services Monitoring Tools: Windows Service Manager (SrvMan) Cluster Viruses
Windows Services Monitoring Tools Stealth/Tunneling Viruses
Scanning for Suspicious Startup Programs Encryption Viruses
Windows7 Startup Registry Entries Polymorphic Code
Startup Programs Monitoring Tools: Starter Metamorphic Viruses
Startup Programs Monitoring Tools: Security AutoRun File Overwriting or Cavity Viruses
Startup Programs Monitoring Tools Sparse Infector Viruses
Scanning for Suspicious Files and Folders Companion/Camouflage Viruses
Files and Folder Integrity Checker: FastSum and WinMD5 Shell Viruses
Files and Folder Integrity Checker File Extension Viruses
Scanning for Suspicious Network Activities Add-on and Intrusive Viruses
Detecting Trojans and Worms with Capsa Network Analyzer Transient and Terminate and Stay Resident Viruses
Trojan Countermeasures Writing a Simple Virus Program
Backdoor Countermeasures Terabit Virus Maker
Trojan Horse Construction Kit JPS Virus Maker
Anti-Trojan Software: TrojanHunter DELmE's Batch Virus Maker
Module 07: Viruses and Worms (Continued) Types of Sniffing: Active Sniffing
Computer Worms Protocols Vulnerable to Sniffing
How is a Worm Different from a Virus? Tie to Data Link Layer in OSI Model
Example of Worm Infection: Conficker Worm Hardware Protocol Analyzers
What does the Conficker Worm do? SPAN Port
How does the Conficker Worm Work? MAC Flooding
Worm Analysis: MAC Address/CAM Table
W32/Netsky How CAM Works?
W32/Bagle.GE What Happens When CAM Table is Full?
Worm Maker: Internet Worm Maker Thing Mac Flooding Switches with macof
What is Sheep Dip Computer? MAC Flooding Tool: Yersinia
Anti-Virus Sensors Systems How to Defend against MAC Attacks?
Malware Analysis Procedure How DHCP Works?
String Extracting Tool: Bintext DHCP Request/Reply Messages
Compression and Decompression Tool: UPX IPv4 DHCP Packet Format
Process Monitoring Tools: Process Monitor DHCP Starvation Attack
Log Packet Content Monitoring Tools: NetResident Rogue DHCP Server Attack
Debugging Tool: Ollydbg DHCP Starvation Attack Tool: Gobbler
Virus Analysis Tool: IDA Pro How to Defend Against DHCP Starvation and Rogue Server Attack?
Online Malware Testing: What is Address Resolution Protocol (ARP)?
Sunbelt CWSandbox ARP Spoofing Attack
VirusTotal How Does ARP Spoofing Work?
Online Malware Analysis Services Threats of ARP Poisoning
Virus Detection Methods ARP Poisoning Tool: Cain and Abel
Virus and Worms Countermeasures ARP Poisoning Tool: WinArpAttacker
Companion Antivirus: Immunet Protect ARP Poisoning Tool: Ufasoft Snif
Anti-virus Tools
How to Defend Against ARP Poisoning? Use DHCP Snooping Binding Table and
Dynamic ARP Inspection
Penetration Testing for Virus Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
MAC Spoofing/Duplicating
Module 08: Sniffers Spoofing Attack Threats
Lawful Intercept MAC Spoofing Tool: SMAC
Benefits of Lawful Intercept
How to Defend Against MAC Spoofing? Use DHCP Snooping Binding Table,
Dynamic ARP Inspection and IP Source Guard
Network Components Used for Lawful Intercept DNS Poisoning Techniques
Wiretapping Intranet DNS Spoofing
Sniffing Threats Internet DNS Spoofing
How a Sniffer Works? Proxy Server DNS Poisoning
Hacker Attacking a Switch DNS Cache Poisoning
Types of Sniffing: Passive Sniffing How to Defend Against DNS Spoofing?
Module 08: Sniffers (Continued) Computer-Based Social Engineering
Sniffing Tool: Wireshark Computer-Based Social Engineering: Pop-Ups
Follow TCP Stream in Wireshark Computer-Based Social Engineering: Phishing
Display Filters in Wireshark Social Engineering Using SMS
Additional Wireshark Filters Social Engineering by a “Fake SMS Spying Tool”
Sniffing Tool: CACE Pilot Insider Attack
Sniffing Tool: Tcpdump/Windump Disgruntled Employee
Discovery Tool: NetworkView Preventing Insider Threats
Discovery Tool: The Dude Sniffer Common Intrusion Tactics and Strategies for Prevention
Password Sniffing Tool: Ace Social Engineering Through Impersonation on Social Networking Sites
Packet Sniffing Tool: Capsa Network Analyzer Social Engineering Example: LinkedIn Profile
OmniPeek Network Analyzer Social Engineering on Facebook
Network Packet Analyzer: Observer Social Engineering on Twitter
Session Capture Sniffer: NetWitness Social Engineering on Orkut
Email Message Sniffer: Big-Mother Social Engineering on MySpace
TCP/IP Packet Crafter: Packet Builder Risks of Social Networking to Corporate Networks
Additional Sniffing Tools Identity Theft Statistics 2010
How an Attacker Hacks the Network Using Sniffers? Identify Theft
How to Defend Against Sniffing? How to Steal an Identity?
Sniffing Prevention Techniques STEP 1
How to Detect Sniffing? STEP 2
Promiscuous Detection Tool: PromqryUI STEP 3
Promiscuous Detection Tool: PromiScan Real Steven Gets Huge Credit Card Statement
Identity Theft - Serious Problem
Module 09: Social Engineering Social Engineering Countermeasures: Policies
What is Social Engineering? Social Engineering Countermeasures
Behaviors Vulnerable to Attacks How to Detect Phishing Emails?
Factors that Make Companies Vulnerable to Attacks Anti-Phishing Toolbar: Netcraft
Why is Social Engineering Effective? Anti-Phishing Toolbar: PhishTank
Warning Signs of an Attack Identity Theft Countermeasures
Phases in a Social Engineering Attack Social Engineering Pen Testing
Impact on the Organization Social Engineering Pen Testing: Using Emails
Command Injection Attacks Social Engineering Pen Testing: Using Phone
Common Targets of Social Engineering Social Engineering Pen Testing: In Person
Common Targets of Social Engineering: Office Workers
Types of Social Engineering Module 10: Denial of Service
Human-Based Social Engineering What is a Denial of Service Attack?
Technical Support Example What is Distributed Denial of Service Attacks?
Authority Support Example How Distributed Denial of Service Attacks Work?
Human-based Social Engineering: Dumpster Diving Symptoms of a DoS Attack
Module 10: Denial of Service (Continued) DoS/DDoS Protection at ISP Level
Cyber Criminals Enabling TCP Intercept on Cisco IOS Software
Organized Cyber Crime: Organizational Chart Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)
Internet Chat Query (ICQ) DoS/DDoS Protection Tool
Internet Relay Chat (IRC) Denial of Service (DoS) Attack Penetration Testing
DoS Attack Techniques
Bandwidth Attacks Module 11: Session Hijacking
Service Request Floods What is Session Hijacking?
SYN Attack Dangers Posed by Hijacking
SYN Flooding Why Session Hijacking is Successful?
ICMP Flood Attack Key Session Hijacking Techniques
Peer-to-Peer Attacks Brute Forcing
Permanent Denial-of-Service Attack Brute Forcing Attack
Application Level Flood Attacks HTTP Referrer Attack
Botnet Spoofing vs. Hijacking
Botnet Propagation Technique Session Hijacking Process
Botnet Ecosystem Packet Analysis of a Local Session Hijack
Botnet Trojan: Shark Types of Session Hijacking
Poison Ivy: Botnet Command Control Center Session Hijacking in OSI Model
Botnet Trojan: PlugBot Application Level Session Hijacking
WikiLeak Operation Payback Session Sniffing
DDoS Attack Predictable Session Token
DDoS Attack Tool: LOIC How to Predict a Session Token?
Denial of Service Attack Against MasterCard, Visa, and Swiss Banks Man-in-the-Middle Attack
Hackers Advertise Links to Download Botnet Man-in-the-Browser Attack
DoS Attack Tools Steps to Perform Man-in-the-Browser Attack
Detection Techniques Client-side Attacks
Activity Profiling Cross-site Script Attack
Wavelet Analysis Session Fixation
Sequential Change-Point Detection Session Fixation Attack
DoS/DDoS Countermeasure Strategies Network Level Session Hijacking
DDoS Attack Countermeasures The 3-Way Handshake
DoS/DDoS Countermeasures: Protect Secondary Victims Sequence Numbers
DoS/DDoS Countermeasures: Detect and Neutralize Handlers Sequence Number Prediction
DoS/DDoS Countermeasures: Detect Potential Attacks TCP/IP Hijacking
DoS/DDoS Countermeasures: Deflect Attacks IP Spoofing: Source Routed Packets
DoS/DDoS Countermeasures: Mitigate Attacks RST Hijacking
Post-attack Forensics Blind Hijacking
Techniques to Defend against Botnets Man-in-the-Middle Attack using Packet Sniffer
DoS/DDoS Countermeasures UDP Hijacking
Module 11: Session Hijacking (Continued) Webserver Footprinting
Session Hijacking Tools Webserver Footprinting Tools
Paros Mirroring a Website
Burp Suite Vulnerability Scanning
Firesheep Session Hijacking
Countermeasures Hacking Web Passwords
Protecting against Session Hijacking Webserver Attack Tools
Methods to Prevent Session Hijacking: To be Followed by Web Developers Metasploit
Methods to Prevent Session Hijacking: To be Followed by Web Users Metasploit Architecture
Defending against Session Hijack Attacks Metasploit Exploit Module
Session Hijacking Remediation Metasploit Payload Module
IPSec Metasploit Auxiliary Module
Modes of IPSec Metasploit NOPS Module
IPSec Architecture Wfetch
IPSec Authentication and Confidentiality Web Password Cracking Tool
Components of IPSec Brutus
IPSec Implementation THC-Hydra
Session Hijacking Pen Testing Countermeasures
Patches and Updates
Module 12: Hijacking Webservers Protocols
Webserver Market Shares Accounts
Open Source Webserver Architecture Files and Directories
IIS Webserver Architecture How to Defend Against Web Server Attacks?
Website Defacement How to Defend against HTTP Response Splitting and Web Cache Poisoning?
Case Study Patches and Hotfixes
Why Web Servers are Compromised? What is Patch Management?
Impact of Webserver Attacks Identifying Appropriate Sources for Updates and Patches
Webserver Misconfiguration Installation of a Patch
Example Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)
Directory Traversal Attacks Patch Management Tools
HTTP Response Splitting Attack Web Application Security Scanner: Sandcat
Web Cache Poisoning Attack Web Server Security Scanner: Wikto
HTTP Response Hijacking Webserver Malware Infection Monitoring Tool: HackAlert
SSH Bruteforce Attack Webserver Security Tools
Man-in-the-Middle Attack Web Server Penetration Testing
Webserver Password Cracking
Webserver Password Cracking Techniques Module 13: Hijacking Web Applications
Web Application Attacks Web Application Security Statistics
Webserver Attack Methodology Introduction to Web Applications
Information Gathering Web Application Components
Module 13: Hijacking Web Applications (Continued) Broken Authentication and Session Management
How Web Applications Work? Unvalidated Redirects and Forwards
Web Application Architecture Web Services Architecture
Web 2.0 Applications Web Services Attack
Vulnerability Stack Web Services Footprinting Attack
Web Attack Vectors Web Services XML Poisoning
Web Application Threats - 1 Footprint Web Infrastructure
Web Application Threats - 2 Footprint Web Infrastructure: Server Discovery
Unvalidated Input Footprint Web Infrastructure: Server Identification/Banner Grabbing
Parameter/Form Tampering Footprint Web Infrastructure: Hidden Content Discovery
Directory Traversal Web Spidering Using Burp Suite
Security Misconfiguration Hacking Web Servers
Injection Flaws Web Server Hacking Tool: WebInspect
SQL Injection Attacks Analyze Web Applications
Command Injection Attacks Analyze Web Applications: Identify Entry Points for User Input
Command Injection Example Analyze Web Applications: Identify Server-Side Technologies
File Injection Attack Analyze Web Applications: Identify Server-Side Functionality
What is LDAP Injection? Analyze Web Applications: Map the Attack Surface
How LDAP Injection Works? Attack Authentication Mechanism
Hidden Field Manipulation Attack Username Enumeration
Cross-Site Scripting (XSS) Attacks Password Attacks: Password Functionality Exploits
How XSS Attacks Work? Password Attacks: Password Guessing
Cross-Site Scripting Attack Scenario: Attack via Email Password Attacks: Brute-forcing
XSS Example: Attack via Email Session Attacks: Session ID Prediction/ Brute-forcing
XSS Example: Stealing Users' Cookies Cookie Exploitation: Cookie Poisoning
XSS Example: Sending an Unauthorized Request Authorization Attack
XSS Attack in Blog Posting HTTP Request Tampering
XSS Attack in Comment Field Authorization Attack: Cookie Parameter Tampering
XSS Cheat Sheet Session Management Attack
Cross-Site Request Forgery (CSRF) Attack Attacking Session Token Generation Mechanism
How CSRF Attacks Work? Attacking Session Tokens Handling Mechanism: Session Token Sniffing
Web Application Denial-of-Service (DoS) Attack Injection Attacks
Denial of Service (DoS) Examples Attack Data Connectivity
Buffer Overflow Attacks Connection String Injection
Cookie/Session Poisoning Connection String Parameter Pollution (CSPP) Attacks
How Cookie Poisoning Works? Connection Pool DoS
Session Fixation Attack Attack Web App Client
Insufficient Transport Layer Protection Attack Web Services
Improper Error Handling Web Services Probing Attacks
Insecure Cryptographic Storage Web Service Attacks: SOAP Injection
Module 13: Hijacking Web Applications (Continued) SQL Injection Threats
Web Service Attacks: XML Injection What is SQL Injection?
Web Services Parsing Attacks SQL Injection Attacks
Web Service Attack Tool: soapUI How Web Applications Work?
Web Service Attack Tool: XMLSpy Server Side Technologies
Web Application Hacking Tool: Burp Suite Professional HTTP Post Request
Web Application Hacking Tools: CookieDigger Example 1: Normal SQL Query
Web Application Hacking Tools: WebScarab Example 1: SQL Injection Query
Web Application Hacking Tools Example 1: Code Analysis
Encoding Schemes Example 2: BadProductList.aspx
How to Defend Against SQL Injection Attacks? Example 2: Attack Analysis
How to Defend Against Command Injection Flaws? Example 3: Updating Table
How to Defend Against XSS Attacks? Example 4: Adding New Records
How to Defend Against DoS Attack? Example 5: Identifying the Table Name
How to Defend Against Web Services Attack? Example 6: Deleting a Table
Web Application Countermeasures SQL Injection Detection
How to Defend Against Web Application Attacks? SQL Injection Error Messages
Web Application Security Tool: Acunetix Web Vulnerability Scanner SQL Injection Attack Characters
Web Application Security Tool: Falcove Web Vulnerability Scanner Additional Methods to Detect SQL Injection
Web Application Security Scanner: Netsparker SQL Injection Black Box Pen Testing
Web Application Security Tool: N-Stalker Web Application Security Scanner Testing for SQL Injection
Web Application Security Tools Types of SQL Injection
Web Application Firewall: dotDefender Simple SQL Injection Attack
Web Application Firewall: IBM AppScan Union SQL Injection Example
Web Application Firewall: ServerDefender VP SQL Injection Error Based
Web Application Firewall What is Blind SQL Injection?
Web Application Pen Testing No Error Messages Returned
Information Gathering Blind SQL Injection: WAITFOR DELAY YES or NO Response
Configuration Management Testing Blind SQL Injection – Exploitation (MySQL)
Authentication Testing Blind SQL Injection - Extract Database User
Session Management Testing Blind SQL Injection - Extract Database Name
Authorization Testing Blind SQL Injection - Extract Column Name
Data Validation Testing Blind SQL Injection - Extract Data from ROWS
Denial of Service Testing SQL Injection Methodology
Web Services Testing Information Gathering
AJAX Testing Extracting Information through Error Messages
Understanding SQL Query
Module 14: SQL Injection Bypass Website Logins Using SQL Injection
SQL Injection is the Most Prevalent Vulnerability in 2010 Database, Table, and Column Enumeration
Module 14: SQL Injection (Continued) Types of Wireless Networks
Advanced Enumeration Wireless Standards
Features of Different DBMSs Service Set Identifier (SSID)
Creating Database Accounts Wi-Fi Authentication Modes
Password Grabbing Wi-Fi Authentication Process Using a Centralized Authentication Server
Grabbing SQL Server Hashes Wi-Fi Authentication Process
Extracting SQL Hashes (In a Single Statement) Wireless Terminologies
Transfer Database to Attacker’s Machine Wi-Fi Chalking
Interacting with the Operating System Wi-Fi Chalking Symbols
Interacting with the FileSystem Wi-Fi Hotspot Finder: jiwire.com
Network Reconnaissance Full Query Wi-Fi Hotspot Finder: WeFi.com
SQL Injection Tools Types of Wireless Antenna
SQL Injection Tools: BSQLHacker Parabolic Grid Antenna
SQL Injection Tools: Marathon Tool Types of Wireless Encryption
SQL Injection Tools: SQL Power Injector WEP Encryption
SQL Injection Tools: Havij How WEP Works?
Evading IDS What is WPA?
Types of Signature Evasion Techniques How WPA Works?
Evasion Technique: Sophisticated Matches Temporal Keys
Evasion Technique: Hex Encoding What is WPA2?
Evasion Technique: Manipulating White Spaces How WPA2 Works?
Evasion Technique: In-line Comment WEP vs. WPA vs. WPA2
Evasion Technique: Char Encoding WEP Issues
Evasion Technique: String Concatenation Weak Initialization Vectors (IV)
Evasion Technique: Obfuscated Codes How to Break WEP Encryption?
How to Defend Against SQL Injection Attacks? How to Break WPA/WPA2 Encryption?
How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters How to Defend Against WPA Cracking?
SQL Injection Detection Tools Wireless Threats: Access Control Attacks
SQL Injection Detection Tool: Microsoft Source Code Analyzer Wireless Threats: Integrity Attacks
SQL Injection Detection Tool: Microsoft UrlScan Wireless Threats: Confidentiality Attacks
SQL Injection Detection Tool: dotDefender Wireless Threats: Availability Attacks
SQL Injection Detection Tool: IBM AppScan Wireless Threats: Authentication Attacks
Snort Rule to Detect SQL Injection Attacks Rogue Access Point Attack
Client Mis-association
Module 15: Hacking Wireless Networks Misconfigured Access Point Attack
Wireless Networks Unauthorized Association
Wi-Fi Usage Statistics in the US Ad Hoc Connection Attack
Wi-Fi Hotspots at Public Places HoneySpot Access Point Attack
Wi-Fi Networks at Home AP MAC Spoofing
Module 15: Hacking Wireless Networks (Continued) How to Crack WEP Using Aircrack? Screenshot 2/2
Denial-of-Service Attack How to Crack WPA-PSK Using Aircrack?
Jamming Signal Attack WPA Cracking Tool: KisMAC
Wi-Fi Jamming Devices WEP Cracking Using Cain & Abel
Wireless Hacking Methodology WPA Brute Forcing Using Cain & Abel
Find Wi-Fi Networks to Attack WPA Cracking Tool: Elcomsoft Wireless Security Auditor
Attackers Scanning for Wi-Fi Networks WEP/WPA Cracking Tools
Footprint the Wireless Network Wi-Fi Sniffer: Kismet
Wi-Fi Discovery Tool: inSSIDer Wardriving Tools
Wi-Fi Discovery Tool: NetSurveyor RF Monitoring Tools
Wi-Fi Discovery Tool: NetStumbler Wi-Fi Connection Manager Tools
Wi-Fi Discovery Tool: Vistumbler Wi-Fi Traffic Analyzer Tools
Wi-Fi Discovery Tool: WirelessMon Wi-Fi Raw Packet Capturing Tools
Wi-Fi Discovery Tools Wi-Fi Spectrum Analyzing Tools
GPS Mapping Bluetooth Hacking
GPS Mapping Tool: WIGLE Bluetooth Stack
GPS Mapping Tool: Skyhook Bluetooth Threats
How to Discover Wi-Fi Network Using Wardriving? How to BlueJack a Victim?
Wireless Traffic Analysis Bluetooth Hacking Tool: Super Bluetooth Hack
Wireless Cards and Chipsets Bluetooth Hacking Tool: PhoneSnoop
Wi-Fi USB Dongle: AirPcap Bluetooth Hacking Tool: BlueScanner
Wi-Fi Packet Sniffer: Wireshark with AirPcap Bluetooth Hacking Tools
Wi-Fi Packet Sniffer: Wi-Fi Pilot How to Defend Against Bluetooth Hacking?
Wi-Fi Packet Sniffer: OmniPeek How to Detect and Block Rogue AP?
Wi-Fi Packet Sniffer: CommView for Wi-Fi Wireless Security Layers
What is Spectrum Analysis? How to Defend Against Wireless Attacks?
Wireless Sniffers Wireless Intrusion Prevention Systems
Aircrack-ng Suite Wireless IPS Deployment
How to Reveal Hidden SSIDs Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer
Fragmentation Attack Wi-Fi Security Auditing Tool: AirDefense
How to Launch MAC Spoofing Attack? Wi-Fi Security Auditing Tool: Adaptive Wireless IPS
Denial of Service: Deauthentication and Disassociation Attacks Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS
Man-in-the-Middle Attack Wi-Fi Intrusion Prevention System
MITM Attack Using Aircrack-ng Wi-Fi Predictive Planning Tools
Wireless ARP Poisoning Attack Wi-Fi Vulnerability Scanning Tools
Rogue Access Point Wireless Penetration Testing
Evil Twin Wireless Penetration Testing Framework
How to Set Up a Fake Hotspot (Evil Twin)? Wi-Fi Pen Testing Framework
How to Crack WEP Using Aircrack? Pen Testing LEAP Encrypted WLAN
How to Crack WEP Using Aircrack? Screenshot 1/2 Pen Testing WPA/WPA2 Encrypted WLAN
Module 15: Hacking Wireless Networks (Continued) Insertion Attack
Pen Testing WEP Encrypted WLAN Evasion
Pen Testing Unencrypted WLAN Denial-of-Service Attack (DoS)
Obfuscating
Module 16: Evading IDS, Firewalls and Honeypots False Positive Generation
Intrusion Detection Systems (IDS) and its Placement Session Splicing
How IDS Works? Unicode Evasion Technique
Ways to Detect an Intrusion Fragmentation Attack
Types of Intrusion Detection Systems Overlapping Fragments
System Integrity Verifiers (SIV) Time-To-Live Attacks
General Indications of Intrusions Invalid RST Packets
General Indications of System Intrusions Urgency Flag
Firewall Polymorphic Shellcode
Firewall Architecture ASCII Shellcode
DeMilitarized Zone (DMZ) Application-Layer Attacks
Types of Firewall Desynchronization
Packet Filtering Firewall Pre Connection SYN
Circuit-Level Gateway Firewall Post Connection SYN
Application-Level Firewall Other Types of Evasion
Stateful Multilayer Inspection Firewall IP Address Spoofing
Firewall Identification Attacking Session Token Generation Mechanism
Port Scanning Tiny Fragments
Firewalking Bypass Blocked Sites Using IP Address in Place of URL
Banner Grabbing Bypass Blocked Sites Using Anonymous Website Surfing Sites
Honeypot Bypass a Firewall using Proxy Server
Types of Honeypots Bypassing Firewall through ICMP Tunneling Method
How to Set Up a Honeypot? Bypassing Firewall through ACK Tunneling Method
Intrusion Detection Tool Bypassing Firewall through HTTP Tunneling Method
Snort Bypassing Firewall through External Systems
Snort Rules Bypassing Firewall through MITM Attack
Rule Actions and IP Protocols Detecting Honeypots
The Direction Operator and IP Addresses Honeypot Detecting Tool: Send-Safe Honeypot Hunter
Port Numbers Firewall Evasion Tools
Intrusion Detection Systems: Tipping Point Traffic IQ Professional
Intrusion Detection Tools tcp-over-dns
Firewall: Sunbelt Personal Firewall Firewall Evasion Tools
Firewalls Packet Fragment Generators
Honeypot Tools Countermeasures
KFSensor Firewall/IDS Penetration Testing
SPECTER Firewall Penetration Testing
Module 16: Evading IDS, Firewalls and Honeypots (Continued) BoF Security Tools
IDS Penetration Testing BufferShield
Buffer Overflow Penetration Testing
Module 17: Buffer Overflow
Buffer Overflows Module 18: Cryptography
Why are Programs And Applications Vulnerable? Cryptography
Understanding Stacks Types of Cryptography
Stack-Based Buffer Overflow Government Access to Keys (GAK)
Understanding Heap Ciphers
Heap-Based Buffer Overflow Advanced Encryption Standard (AES)
Stack Operations Data Encryption Standard (DES)
Shellcode RC4, RC5, RC6 Algorithms
No Operations (NOPs) The DSA and Related Signature Schemes
Knowledge Required to Program Buffer Overflow Exploits RSA (Rivest Shamir Adleman)
Buffer Overflow Steps Example of RSA Algorithm
Attacking a Real Program The RSA Signature Scheme
Format String Problem Message Digest (One-way Bash) Functions
Overflow using Format String Message Digest Function: MD5
Smashing the Stack Secure Hashing Algorithm (SHA)
Once the Stack is Smashed... What is SSH (Secure Shell)?
Simple Uncontrolled Overflow MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
Simple Buffer Overflow in C Cryptography Tool: Advanced Encryption Package
Code Analysis Cryptography Tools
Exploiting Semantic Comments in C (Annotations) Public Key Infrastructure (PKI)
How to Mutate a Buffer Overflow Exploit? Certification Authorities
Identifying Buffer Overflows Digital Signature
How to Detect Buffer Overflows in a Program? SSL (Secure Sockets Layer)
BOU (Buffer Overflow Utility) Transport Layer Security (TLS)
Testing for Heap Overflow Conditions: heap.exe Disk Encryption
Steps for Testing for Stack Overflow in OllyDbg Debugger Disk Encryption Tool: TrueCrypt
Testing for Stack Overflow in OllyDbg Debugger Disk Encryption Tools
Testing for Format String Conditions using IDA Pro Cryptography Attacks
BoF Detection Tools Code Breaking Methodologies
Defense Against Buffer Overflows Brute-Force Attack
Preventing BoF Attacks Meet-in-the-Middle Attack on Digital Signature Schemes
Programming Countermeasures Cryptanalysis Tool: CrypTool
Data Execution Prevention (DEP) Cryptanalysis Tools
Enhanced Mitigation Experience Toolkit (EMET) Online MD5 Decryption Tool
EMET System Configuration Settings Module 19: Penetration Testing
EMET Application Configuration Window Introduction to Penetration Testing
Module 19: Penetration Testing (Continued) Wireless Testing
Security Assessments Telephony Security Assessment
Vulnerability Assessment Social Engineering
Limitations of Vulnerability Assessment Testing Network-Filtering Devices
Penetration Testing Denial of Service Emulation
Why Penetration Testing? Outsourcing Penetration Testing Services
What Should be Tested? Terms of Engagement
What Makes a Good Penetration Test? Project Scope
ROI on Penetration Testing Pentest Service Level Agreements
Testing Points Penetration Testing Consultants
Testing Locations Evaluating Different Types of Pentest Tools
Types of Penetration Testing Application Security Assessment Tool
External Penetration Testing Webscarab
Internal Security Assessment Network Security Assessment Tool
Black-box Penetration Testing Angry IP scanner
Grey-box Penetration Testing GFI LANguard
White-box Penetration Testing Wireless/Remote Access Assessment Tool
Announced / Unannounced Testing Kismet
Automated Testing Telephony Security Assessment Tool
Manual Testing Omnipeek
Common Penetration Testing Techniques Testing Network-Filtering Device Tool
Using DNS Domain Name and IP Address Information Traffic IQ Professional
Enumerating Information about Hosts on Publicly-Available Networks
Phases of Penetration Testing
Pre-Attack Phase
Attack Phase
Activity: Perimeter Testing
Enumerating Devices
Activity: Acquiring Target
Activity: Escalating Privileges
Activity: Execute, Implant, and Retract
Post-Attack Phase and Activities
Penetration Testing Deliverable Templates
Penetration Testing Methodology
Application Security Assessment
Web Application Testing - I
Web Application Testing - II
Web Application Testing - III
Network Security Assessment
Wireless/Remote Access Assessment