Module 01: Introduction to Ethical Hacking What is Footprinting?

Internet Crime Current Report: IC3 Objectives of Footprinting

Data Breach Investigations Report Footprinting Threats

Types of Data Stolen From the Organizations Finding a Company’s URL

Essential Terminologies Locate Internal URLs

Elements of Information Security Public and Restricted Websites

Authenticity and Non-Repudiation Search for Company’s Information

The Security, Functionality, and Usability Triangle Tools to Extract Company’s Data

Security Challenges Footprinting Through Search Engines

Effects of Hacking Collect Location Information

Effects of Hacking on Business Satellite Picture of a Residence

Who is a Hacker? People Search

Hacker Classes People Search Using http://pipl.com

Hacktivism People Search Online Services

What Does a Hacker Do? People Search on Social Networking Services

Phase 1 - Reconnaissance Gather Information from Financial Services

Reconnaissance Types Footprinting Through Job Sites

Phase 2 - Scanning Monitoring Target Using Alerts

Phase 3 – Gaining Access Competitive Intelligence Gathering

Phase 4 – Maintaining Access Competitive Intelligence-When Did this Company Begin?  How Did it Develop?

Phase 5 – Covering Tracks Competitive Intelligence-What are the Company's Plans?

Types of Attacks on a System Competitive Intelligence-What Expert Opinion Say About the Company?

Operating System Attacks Competitive Intelligence Tools

Application-Level Attacks Competitive Intelligence Consulting Companies

Shrink Wrap Code Attacks WHOIS Lookup

Misconfiguration Attacks WHOIS Lookup Result Analysis

Why Ethical Hacking is Necessary? WHOIS Lookup Tools: SmartWhois

Defense in Depth WHOIS Lookup Tools

Scope and Limitations of Ethical Hacking WHOIS Lookup Online Tools

What Do Ethical Hackers Do? Extracting DNS Information

Skills of an Ethical Hacker DNS Interrogation Tools

Vulnerability Research DNS Interrogation Online Tools

Vulnerability Research Websites Locate the Network Range

What is Penetration Testing? Traceroute

Why Penetration Testing? Traceroute Analysis

Penetration Testing Methodology Traceroute Tool: 3D Traceroute

Traceroute Tool: LoriotPro

Module 02: Footprinting and Reconnaissance Traceroute Tool: Path Analyzer Pro

Footprinting Terminologies Traceroute Tools

CEH v 8 Course Outline: This course prepares you for EC-Council Certified Ethical Hacker exam 312-50

Module 02: Footprinting and Reconnaissance (Continued) ICMP Echo Scanning/List Scan

Mirroring Entire Website SYN/FIN Scanning Using IP Fragments

Website Mirroring Tools UDP Scanning

Mirroring Entire Website Tools Inverse TCP Flag Scanning

Extract Website Information from http://www.archive.org ACK Flag Scanning

Monitoring Web Updates Using Website Watcher Scanning: IDS Evasion Techniques

Tracking Email Communications IP Fragmentation Tools

Email Tracking Tools Scanning Tool: Nmap

Footprint Using Google Hacking Techniques Scanning Tool: NetScan Tools Pro

What a Hacker Can Do With Google Hacking? Scanning Tools

Google Advance Search Operators Do Not Scan These IP Addresses (Unless you want to get into trouble)

Finding Resources using Google Advance Operator Scanning Countermeasures

Google Hacking Tool: Google Hacking Database (GHDB) War Dialing

Google Hacking Tools Why War Dialing?

Additional Footprinting Tools War Dialing Tools

Footprinting Countermeasures War Dialing Countermeasures

Footprinting Pen Testing War Dialing Countermeasures: SandTrap Tool

OS Fingerprinting

Module 03: Scanning Networks Active Banner Grabbing Using Telnet

Network Scanning Banner Grabbing Tool: ID Serve

Types of Scanning GET REQUESTS

Checking for Live Systems - ICMP Scanning Banner Grabbing Tool: Netcraft

Ping Sweep Banner Grabbing Tools

Ping Sweep Tools Banner Grabbing Countermeasures: Disabling or Changing Banner

Three-Way Handshake Hiding File Extensions

TCP Communication Flags Hiding File Extensions from Webpages

Create Custom Packet using TCP Flags Vulnerability Scanning

Hping2 / Hping3 Vulnerability Scanning Tool: Nessus

Hping Commands Vulnerability Scanning Tool: SAINT

Scanning Techniques Vulnerability Scanning Tool: GFI LANGuard

TCP Connect / Full Open Scan Network Vulnerability Scanners

Stealth Scan (Half-open Scan) LANsurveyor

Xmas Scan Network Mappers

FIN Scan Proxy Servers

NULL Scan Why Attackers Use Proxy Servers?

IDLE Scan Use of Proxies for Attack

IDLE Scan: Step 1 How Does MultiProxy Work?

IDLE Scan: Step 2.1 (Open Port) Free Proxy Servers

IDLE Scan: Step 2.2  (Closed Port) Proxy Workbench

IDLE Scan: Step 3 Proxifier Tool: Create Chain of Proxy Servers

Module 03: Scanning Networks (Continued) SNMP Enumeration Tool: SolarWinds

SocksChain SNMP Enumeration Tools

TOR (The Onion Routing) UNIX/Linux Enumeration

TOR Proxy Chaining Software Linux Enumeration Tool: Enum4linux

HTTP Tunneling Techniques LDAP Enumeration

Why do I Need HTTP Tunneling? LDAP Enumeration Tool: JXplorer

Super Network Tunnel Tool LDAP Enumeration Tool

Httptunnel for Windows NTP Enumeration

Additional HTTP  Tunneling Tools NTP Server Discovery Tool: NTP Server Scanner

SSH Tunneling NTP Server: PresenTense Time Server

SSL Proxy Tool NTP Enumeration Tools

How to Run SSL Proxy? SMTP Enumeration

Proxy Tools SMTP Enumeration Tool: NetScanTools Pro

Anonymizers DNS Zone Transfer Enumeration Using nslookup

Types of Anonymizers DNS Analyzing and Enumeration Tool:  The Men & Mice Suite

Case: Bloggers Write Text Backwards to Bypass Web Filters in China Enumeration Countermeasures

Text Conversion to Avoid Filters SMB Enumeration Countermeasures

Censorship Circumvention Tool:  Psiphon Enumeration Pen Testing

How Psiphon Works?

How to Check if  Your Website is Blocked in China or Not? Module 05: System Hacking

G-Zapper Information at Hand Before System Hacking Stage

Anonymizer Tools System Hacking: Goals

Spoofing IP Address CEH Hacking Methodology (CHM)

IP Spoofing Detection Techniques: Direct TTL Probes Password Cracking

IP Spoofing Detection Techniques: IP Identification Number Password Complexity

IP Spoofing Detection Techniques: TCP Flow Control Method Password Cracking Techniques

IP Spoofing Countermeasures Types of Password Attacks

Scanning Pen Testing Passive Online Attacks: Wire Sniffing

Password Sniffing

Module 04: Enumeration Passive Online Attack:  Man-in-the-Middle and Replay Attack

What is Enumeration? Active Online Attack: Password Guessing

Techniques for Enumeration Active Online Attack: Trojan/Spyware/Keylogger

Netbios Enumeration Active Online Attack: Hash Injection Attack

NetBIOS Enumeration Tool: SuperScan Rainbow Attacks: Pre-Computed Hash

NetBIOS Enumeration Tool: NetBIOS Enumerator Distributed Network Attack

Enumerating User Accounts Elcomsoft Distributed Password Recovery

Enumerate Systems Using Default Passwords Non-Electronic Attacks

SNMP (Simple Network Management Protocol) Enumeration Default Passwords

Management Information Base (MIB) Manual Password Cracking (Guessing)

SNMP Enumeration Tool: OpUtils Network Monitoring Toolset Automatic Password Cracking Algorithm

Module 05: System Hacking (Continued) Keyloggers

Stealing Passwords Using USB Drive Spyware

Microsoft Authentication What Does the Spyware Do?

How Hash Passwords are Stored in Windows SAM? Types of Spywares

What is LAN Manager Hash? Desktop Spyware

LM “Hash” Generation Desktop Spyware: Activity Monitor

LM, NTLMv1, and NTLMv2 Email and Internet Spyware

NTLM Authentication Process Email and Internet Spyware: eBLASTER

Kerberos Authentication Internet and E-mail Spyware

Salting Child Monitoring Spyware

PWdump7 and Fgdump Child Monitoring Spyware: Advanced Parental Control

L0phtCrack Screen Capturing Spyware

Ophcrack Screen Capturing Spyware: Spector Pro

Cain & Abel USB Spyware

RainbowCrack USB Spyware: USBDumper

Password Cracking Tools Audio Spyware

LM Hash Backward Compatibility

Audio Spyware: RoboNanny, Stealth Recorder Pro and Spy

Voice Recorder

How to Disable LM HASH? Video Spyware

How to Defend against Password Cracking? Video Spyware: Net Video Spy

Implement and Enforce Strong Security Policy Print Spyware

Privilege Escalation Print Spyware: Printer Activity Monitor

Escalation of Privileges Telephone/Cellphone Spyware

Active@ Password Changer Cellphone Spyware: Mobile Spy

Privilege Escalation Tools GPS Spyware

How to Defend against Privilege Escalation? GPS Spyware: GPS TrackMaker

Executing Applications How to Defend against Keyloggers?

Alchemy Remote Executor Anti-Keylogger

RemoteExec Anti-Keylogger: Zemana AntiLogger

Execute This! Anti-Keyloggers

Keylogger How to Defend against Spyware?

Types of Keystroke Loggers Anti-Spyware: Spyware Doctor

Acoustic/CAM Keylogger Rootkits

Keylogger: Advanced Keylogger Types of Rootkits

Keylogger: Spytech SpyAgent How Rootkit Works?

Keylogger: Perfect Keylogger Rootkit: Fu

Keylogger: Powered Keylogger Detecting Rootkits

Keylogger for Mac: Aobo Mac OS X KeyLogger Steps for Detecting Rootkits

Keylogger for Mac: Perfect Keylogger for Mac How to Defend against Rootkits?

Hardware Keylogger: KeyGhost Anti-Rootkit: RootkitRevealer and McAfee Rootkit Detective

Module 05: System Hacking (Continued) Overt and Covert Channels

NTFS Data Stream Purpose of Trojans

How to Create NTFS Streams? What Do Trojan Creators Look For?

NTFS Stream Manipulation Indications of a Trojan Attack

How to Defend against NTFS Streams? Common Ports used by Trojans

NTFS Stream Detector: ADS Scan Engine How to Infect Systems Using a Trojan?

NTFS Stream Detectors Wrappers

What is Steganography? Wrapper Covert Programs

Steganography Techniques Different Ways a Trojan can Get into a System

How Steganography Works? How to Deploy a Trojan?

Types of Steganography Evading Anti-Virus Techniques

Whitespace Steganography Tool: SNOW Types of Trojans

Image Steganography Command Shell Trojans

Image Steganography: Hermetic Stego Command Shell Trojan: Netcat

Image Steganography Tools GUI Trojan: MoSucker

Document Steganography: wbStego GUI Trojan: Jumper and Biodox

Document Steganography Tools Document Trojans

Video Steganography: Our Secret E-mail Trojans

Video Steganography Tools E-mail Trojans: RemoteByMail

Audio Steganography: Mp3stegz Defacement Trojans

Audio Steganography Tools Defacement Trojans: Restorator

Folder Steganography: Invisible Secrets 4 Botnet Trojans

Folder Steganography Tools Botnet Trojan: Illusion Bot

Spam/Email Steganography: Spam Mimic Botnet Trojan: NetBot Attacker

Natural Text Steganography: Sams Big G Play Maker Proxy Server Trojans

Steganalysis Proxy Server Trojan: W3bPrOxy Tr0j4nCr34t0r (Funny Name)

Steganalysis Methods/Attacks on Steganography FTP Trojans

Steganography Detection Tool: Stegdetect FTP Trojan: TinyFTPD

Steganography Detection Tools VNC Trojans

Why Cover Tracks? HTTP/HTTPS Trojans

Covering Tracks HTTP Trojan: HTTP RAT

Ways to Clear Online Tracks Shttpd Trojan - HTTPS (SSL)

Disabling Auditing: Auditpol ICMP Tunneling

Covering Tracks Tool: Window Washer ICMP Trojan: icmpsend

Covering Tracks Tool: Tracks Eraser Pro Remote Access Trojans

Track Covering Tools Remote Access Trojan: RAT DarkComet

System Hacking Penetration Testing Remote Access Trojan: Apocalypse

Covert Channel Trojan: CCTT

Module 06: Trojans and Backdoors E-banking Trojans

What is a Trojan? Banking Trojan Analysis

Module 06: Trojans and Backdoors (Continued) Anti-Trojan Software: Emsisoft Anti-Malware

E-banking Trojan: ZeuS Anti-Trojan Softwares

Destructive Trojans Pen Testing for Trojans and Backdoors

Notification Trojans

Credit Card Trojans Module 07: Viruses and Worms

Data Hiding Trojans (Encrypted Trojans) Introduction to Viruses

BlackBerry Trojan: PhoneSnoop Virus and Worm Statistics 2010

MAC OS X Trojan: DNSChanger Stages of Virus Life

MAC OS X Trojan: DNSChanger Working of  Viruses: Infection Phase

Mac OS X Trojan: Hell Raiser Working of  Viruses: Attack Phase

How to Detect Trojans? Why Do People Create Computer Viruses?

Scanning for Suspicious Ports Indications of Virus Attack

Port Monitoring Tool: IceSword How does a Computer get Infected by Viruses?

Port Monitoring Tools: CurrPorts and TCPView Virus Hoaxes

Scanning for Suspicious Processes Virus Analysis:

Process Monitoring Tool: What's Running W32/Sality AA

Process Monitoring Tools W32/Toal-A

Scanning for Suspicious Registry Entries W32/Virut

Registry Entry Monitoring Tools Klez

Scanning for Suspicious Device Drivers Types of Viruses

Device Drivers Monitoring Tools: DriverView System or Boot Sector Viruses

Device Drivers Monitoring Tools File and Multipartite Viruses

Scanning for Suspicious Windows Services Macro Viruses

Windows Services Monitoring Tools: Windows Service Manager (SrvMan) Cluster Viruses

Windows Services Monitoring Tools Stealth/Tunneling Viruses

Scanning for Suspicious Startup Programs Encryption Viruses

Windows7 Startup Registry Entries Polymorphic Code

Startup Programs Monitoring Tools: Starter Metamorphic Viruses

Startup Programs Monitoring Tools: Security AutoRun File Overwriting or Cavity Viruses

Startup Programs Monitoring Tools Sparse Infector Viruses

Scanning for Suspicious Files and Folders Companion/Camouflage Viruses

Files and Folder Integrity Checker: FastSum and WinMD5 Shell Viruses

Files and Folder Integrity Checker File Extension Viruses

Scanning for Suspicious Network Activities Add-on and Intrusive Viruses

Detecting Trojans and Worms with Capsa Network Analyzer Transient and Terminate and Stay Resident Viruses

Trojan Countermeasures Writing a Simple Virus Program

Backdoor Countermeasures Terabit Virus Maker

Trojan Horse Construction Kit JPS Virus Maker

Anti-Trojan Software: TrojanHunter DELmE's Batch Virus Maker

Module 07: Viruses and Worms (Continued) Types of Sniffing: Active Sniffing

Computer  Worms Protocols Vulnerable to Sniffing

How is a Worm Different from a Virus? Tie to Data Link Layer in OSI Model

Example of Worm Infection: Conficker Worm Hardware Protocol Analyzers

What does the Conficker Worm do? SPAN Port

How does the Conficker Worm Work? MAC Flooding

Worm Analysis: MAC Address/CAM Table

W32/Netsky How CAM Works?

W32/Bagle.GE What Happens When CAM Table is Full?

Worm Maker: Internet Worm Maker Thing Mac Flooding Switches with macof

What is Sheep Dip Computer? MAC Flooding Tool: Yersinia

Anti-Virus Sensors Systems How to Defend against MAC Attacks?

Malware Analysis Procedure How DHCP Works?

String Extracting Tool: Bintext DHCP Request/Reply Messages

Compression and Decompression Tool: UPX IPv4 DHCP Packet Format

Process Monitoring Tools: Process Monitor DHCP Starvation Attack

Log Packet Content Monitoring Tools: NetResident Rogue DHCP Server Attack

Debugging Tool: Ollydbg DHCP Starvation Attack Tool: Gobbler

Virus  Analysis Tool: IDA Pro How to Defend Against DHCP Starvation and Rogue Server Attack?

Online Malware Testing: What is Address Resolution Protocol (ARP)?

Sunbelt CWSandbox ARP Spoofing Attack

VirusTotal How Does ARP Spoofing Work?

Online Malware Analysis Services Threats of ARP Poisoning

Virus Detection Methods ARP Poisoning Tool: Cain and Abel

Virus and Worms Countermeasures ARP Poisoning Tool: WinArpAttacker

Companion Antivirus: Immunet Protect ARP Poisoning Tool: Ufasoft Snif

Anti-virus Tools

How to Defend Against ARP Poisoning? Use DHCP Snooping Binding Table and

Dynamic ARP Inspection

Penetration Testing for Virus Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches

MAC Spoofing/Duplicating

Module 08: Sniffers Spoofing Attack Threats

Lawful Intercept MAC Spoofing Tool: SMAC

Benefits of Lawful Intercept

How to Defend Against MAC Spoofing? Use DHCP Snooping Binding Table,

Dynamic ARP Inspection and IP Source Guard

Network Components Used for Lawful Intercept DNS Poisoning Techniques

Wiretapping Intranet DNS Spoofing

Sniffing Threats Internet DNS Spoofing

How a Sniffer Works? Proxy Server DNS Poisoning

Hacker Attacking a Switch DNS Cache Poisoning

Types of Sniffing: Passive Sniffing How to Defend Against DNS Spoofing?

Module 08: Sniffers (Continued) Computer-Based Social Engineering

Sniffing Tool: Wireshark Computer-Based Social Engineering: Pop-Ups

Follow TCP Stream in Wireshark Computer-Based Social Engineering: Phishing

Display Filters in Wireshark Social Engineering Using SMS

Additional Wireshark Filters Social Engineering by a “Fake SMS Spying Tool”

Sniffing Tool: CACE Pilot Insider Attack

Sniffing Tool: Tcpdump/Windump Disgruntled Employee

Discovery Tool: NetworkView Preventing Insider Threats

Discovery Tool: The Dude Sniffer Common Intrusion Tactics and Strategies for Prevention

Password Sniffing Tool: Ace Social Engineering Through Impersonation on Social Networking Sites

Packet Sniffing Tool: Capsa Network Analyzer Social Engineering Example: LinkedIn Profile

OmniPeek Network Analyzer Social Engineering on Facebook

Network Packet Analyzer: Observer Social Engineering on Twitter

Session Capture Sniffer: NetWitness Social Engineering on Orkut

Email Message Sniffer: Big-Mother Social Engineering on MySpace

TCP/IP Packet Crafter: Packet Builder Risks of Social Networking to Corporate Networks

Additional Sniffing Tools Identity Theft Statistics 2010

How an Attacker Hacks the Network Using Sniffers? Identify Theft

How to Defend Against Sniffing? How to Steal an Identity?

Sniffing Prevention Techniques STEP 1

How to Detect Sniffing? STEP 2

Promiscuous Detection Tool: PromqryUI STEP 3

Promiscuous Detection Tool: PromiScan Real Steven Gets Huge Credit Card Statement

Identity Theft - Serious Problem

Module 09: Social Engineering Social Engineering Countermeasures: Policies

What is Social Engineering? Social Engineering Countermeasures

Behaviors Vulnerable to Attacks How to Detect Phishing Emails?

Factors that Make Companies Vulnerable to Attacks Anti-Phishing Toolbar: Netcraft

Why is Social Engineering Effective? Anti-Phishing Toolbar: PhishTank

Warning Signs of an Attack Identity Theft Countermeasures

Phases in a Social Engineering Attack Social Engineering Pen Testing

Impact on the Organization Social Engineering Pen Testing: Using Emails

Command Injection Attacks Social Engineering Pen Testing: Using Phone

Common Targets of Social Engineering Social Engineering Pen Testing: In Person

Common Targets of Social Engineering: Office Workers

Types of Social Engineering Module 10: Denial of Service

Human-Based Social Engineering What is a Denial of Service Attack?

Technical Support Example What is Distributed Denial of Service Attacks?

Authority Support Example How Distributed Denial of Service Attacks Work?

Human-based Social Engineering: Dumpster Diving Symptoms of a DoS Attack

Module 10: Denial of Service (Continued) DoS/DDoS Protection at ISP Level

Cyber Criminals Enabling TCP Intercept on Cisco IOS Software

Organized Cyber Crime: Organizational Chart Advanced DDoS Protection: IntelliGuard DDoS Protection System (DPS)

Internet Chat Query (ICQ) DoS/DDoS Protection Tool

Internet Relay Chat (IRC) Denial of Service (DoS) Attack Penetration Testing

DoS Attack Techniques

Bandwidth Attacks Module 11: Session Hijacking

Service Request Floods What is Session Hijacking?

SYN Attack Dangers Posed by Hijacking

SYN Flooding Why Session Hijacking is Successful?

ICMP Flood Attack Key Session Hijacking Techniques

Peer-to-Peer Attacks Brute Forcing

Permanent Denial-of-Service Attack Brute Forcing Attack

Application Level Flood Attacks HTTP Referrer Attack

Botnet Spoofing vs. Hijacking

Botnet Propagation Technique Session Hijacking Process

Botnet Ecosystem Packet Analysis of a Local Session Hijack

Botnet Trojan: Shark Types of Session Hijacking

Poison Ivy: Botnet Command Control Center Session Hijacking in OSI Model

Botnet Trojan: PlugBot Application Level Session Hijacking

WikiLeak Operation Payback Session Sniffing

DDoS Attack Predictable Session Token

DDoS Attack Tool: LOIC How to Predict a Session Token?

Denial of Service Attack Against MasterCard, Visa, and Swiss Banks Man-in-the-Middle Attack

Hackers Advertise Links to Download Botnet Man-in-the-Browser Attack

DoS Attack Tools Steps to Perform Man-in-the-Browser Attack

Detection Techniques Client-side Attacks

Activity Profiling Cross-site Script Attack

Wavelet Analysis Session Fixation

Sequential Change-Point Detection Session Fixation Attack

DoS/DDoS Countermeasure Strategies Network Level Session Hijacking

DDoS Attack Countermeasures The 3-Way Handshake

DoS/DDoS Countermeasures: Protect Secondary Victims Sequence Numbers

DoS/DDoS Countermeasures: Detect and Neutralize Handlers Sequence Number Prediction

DoS/DDoS Countermeasures: Detect Potential Attacks TCP/IP Hijacking

DoS/DDoS Countermeasures: Deflect Attacks IP Spoofing: Source Routed Packets

DoS/DDoS Countermeasures: Mitigate Attacks RST Hijacking

Post-attack Forensics Blind Hijacking

Techniques to Defend against Botnets Man-in-the-Middle Attack using Packet Sniffer

DoS/DDoS Countermeasures UDP Hijacking

Module 11: Session Hijacking (Continued) Webserver Footprinting

Session Hijacking Tools Webserver Footprinting Tools

Paros Mirroring a Website

Burp Suite Vulnerability Scanning

Firesheep Session Hijacking

Countermeasures Hacking Web Passwords

Protecting against Session Hijacking Webserver Attack Tools

Methods to Prevent Session Hijacking: To be Followed by Web Developers Metasploit

Methods to Prevent Session Hijacking: To be Followed by Web Users Metasploit Architecture

Defending against Session Hijack Attacks Metasploit Exploit Module

Session Hijacking Remediation Metasploit Payload Module

IPSec Metasploit Auxiliary Module

Modes of IPSec Metasploit NOPS Module

IPSec Architecture Wfetch

IPSec Authentication and Confidentiality Web Password Cracking Tool

Components of IPSec Brutus

IPSec Implementation THC-Hydra

Session Hijacking Pen Testing Countermeasures

Patches and Updates

Module 12: Hijacking Webservers Protocols

Webserver Market Shares Accounts

Open Source Webserver Architecture Files and Directories

IIS Webserver Architecture How to Defend Against Web Server Attacks?

Website Defacement How to Defend against HTTP Response Splitting and Web Cache Poisoning?

Case Study Patches and Hotfixes

Why Web Servers are Compromised? What is Patch Management?

Impact of Webserver Attacks Identifying Appropriate Sources for Updates and Patches

Webserver Misconfiguration Installation of a Patch

Example Patch Management Tool: Microsoft Baseline Security Analyzer (MBSA)

Directory Traversal Attacks Patch Management Tools

HTTP Response Splitting Attack Web Application Security Scanner: Sandcat

Web Cache Poisoning Attack Web Server Security Scanner: Wikto

HTTP Response Hijacking Webserver Malware Infection Monitoring Tool: HackAlert

SSH Bruteforce Attack Webserver Security Tools

Man-in-the-Middle Attack Web Server Penetration Testing

Webserver Password Cracking

Webserver Password Cracking Techniques Module 13: Hijacking Web Applications

Web Application Attacks Web Application Security Statistics

Webserver Attack Methodology Introduction to Web Applications

Information Gathering Web Application Components

Module 13: Hijacking Web Applications (Continued) Broken Authentication and Session Management

How Web Applications Work? Unvalidated Redirects and Forwards

Web Application Architecture Web Services Architecture

Web 2.0 Applications Web Services Attack

Vulnerability Stack Web Services Footprinting Attack

Web Attack Vectors Web Services XML Poisoning

Web Application Threats - 1 Footprint Web Infrastructure

Web Application Threats - 2 Footprint Web Infrastructure: Server Discovery

Unvalidated Input Footprint Web Infrastructure: Server Identification/Banner Grabbing

Parameter/Form Tampering Footprint Web Infrastructure: Hidden Content Discovery

Directory Traversal Web Spidering Using Burp Suite

Security Misconfiguration Hacking Web Servers

Injection Flaws Web Server Hacking Tool: WebInspect

SQL Injection Attacks Analyze Web Applications

Command Injection Attacks Analyze Web Applications: Identify Entry Points for User Input

Command Injection Example Analyze Web Applications: Identify Server-Side Technologies

File Injection Attack Analyze Web Applications: Identify Server-Side Functionality

What is LDAP Injection? Analyze Web Applications: Map the Attack Surface

How LDAP Injection Works? Attack Authentication Mechanism

Hidden Field Manipulation Attack Username Enumeration

Cross-Site Scripting (XSS) Attacks Password Attacks: Password Functionality Exploits

How XSS Attacks Work? Password Attacks: Password Guessing

Cross-Site Scripting Attack Scenario: Attack via Email Password Attacks: Brute-forcing

XSS Example: Attack via Email Session Attacks: Session ID Prediction/ Brute-forcing

XSS Example: Stealing Users' Cookies Cookie Exploitation: Cookie Poisoning

XSS Example: Sending an Unauthorized Request Authorization Attack

XSS Attack in Blog Posting HTTP Request Tampering

XSS Attack in Comment Field Authorization Attack: Cookie Parameter Tampering

XSS Cheat Sheet Session Management Attack

Cross-Site Request Forgery (CSRF) Attack Attacking Session Token Generation Mechanism

How CSRF Attacks Work? Attacking Session Tokens Handling Mechanism: Session Token Sniffing

Web Application Denial-of-Service (DoS) Attack Injection Attacks

Denial of Service (DoS) Examples Attack Data Connectivity

Buffer Overflow Attacks Connection String Injection

Cookie/Session Poisoning Connection String Parameter Pollution (CSPP) Attacks

How Cookie Poisoning Works? Connection Pool DoS

Session Fixation Attack Attack Web App Client

Insufficient Transport Layer Protection Attack Web Services

Improper Error Handling Web Services Probing Attacks

Insecure Cryptographic Storage Web Service Attacks: SOAP Injection

Module 13: Hijacking Web Applications (Continued) SQL Injection Threats

Web Service Attacks: XML Injection What is SQL Injection?

Web Services Parsing Attacks SQL Injection Attacks

Web Service Attack Tool: soapUI How Web Applications Work?

Web Service Attack Tool: XMLSpy Server Side Technologies

Web Application Hacking Tool: Burp Suite Professional HTTP Post Request

Web Application Hacking Tools: CookieDigger Example 1: Normal SQL Query

Web Application Hacking Tools: WebScarab Example 1: SQL Injection Query

Web Application Hacking Tools Example 1: Code Analysis

Encoding Schemes Example 2: BadProductList.aspx

How to Defend Against SQL Injection Attacks? Example 2: Attack Analysis

How to Defend Against Command Injection Flaws? Example 3: Updating Table

How to Defend Against XSS Attacks? Example 4: Adding New Records

How to Defend Against DoS Attack? Example 5: Identifying the Table Name

How to Defend Against Web Services Attack? Example 6: Deleting a Table

Web Application Countermeasures SQL Injection Detection

How to Defend Against Web Application Attacks? SQL Injection Error Messages

Web Application Security Tool: Acunetix Web Vulnerability Scanner SQL Injection Attack Characters

Web Application Security Tool: Falcove Web Vulnerability Scanner Additional Methods to Detect SQL Injection

Web Application Security Scanner: Netsparker SQL Injection Black Box Pen Testing

Web Application Security Tool: N-Stalker Web Application Security Scanner Testing for SQL Injection

Web Application Security Tools Types of SQL Injection

Web Application Firewall:  dotDefender Simple SQL Injection Attack

Web Application Firewall: IBM AppScan Union SQL Injection Example

Web Application Firewall: ServerDefender VP SQL Injection Error Based

Web Application Firewall What is Blind SQL Injection?

Web Application Pen Testing No Error Messages Returned

Information Gathering Blind SQL Injection: WAITFOR DELAY YES or NO Response

Configuration Management Testing Blind SQL Injection – Exploitation (MySQL)

Authentication Testing Blind SQL Injection - Extract Database User

Session Management Testing Blind SQL Injection - Extract Database Name

Authorization Testing Blind SQL Injection - Extract Column Name

Data Validation Testing Blind SQL Injection - Extract Data from ROWS

Denial of Service Testing SQL Injection Methodology

Web Services Testing Information Gathering

AJAX Testing Extracting Information through Error Messages

Understanding SQL Query

Module 14: SQL Injection Bypass Website Logins Using SQL Injection

SQL Injection is the Most Prevalent Vulnerability in 2010 Database, Table, and Column Enumeration

Module 14: SQL Injection (Continued) Types of Wireless Networks

Advanced Enumeration Wireless Standards

Features of Different DBMSs Service Set Identifier (SSID)

Creating Database Accounts Wi-Fi Authentication Modes

Password Grabbing Wi-Fi Authentication Process Using a Centralized Authentication Server

Grabbing SQL Server Hashes Wi-Fi Authentication Process

Extracting SQL Hashes (In a Single Statement) Wireless Terminologies

Transfer Database to Attacker’s Machine Wi-Fi Chalking

Interacting with the Operating System Wi-Fi Chalking Symbols

Interacting with the FileSystem Wi-Fi Hotspot Finder: jiwire.com

Network Reconnaissance Full Query Wi-Fi Hotspot Finder: WeFi.com

SQL Injection Tools Types of Wireless Antenna

SQL Injection Tools: BSQLHacker Parabolic Grid Antenna

SQL Injection Tools: Marathon Tool Types of Wireless Encryption

SQL Injection Tools: SQL Power Injector WEP Encryption

SQL Injection Tools: Havij How WEP Works?

Evading IDS What is WPA?

Types of Signature Evasion Techniques How WPA Works?

Evasion Technique: Sophisticated Matches Temporal Keys

Evasion Technique: Hex Encoding What is WPA2?

Evasion Technique: Manipulating White Spaces How WPA2 Works?

Evasion Technique: In-line Comment WEP vs. WPA vs. WPA2

Evasion Technique: Char Encoding WEP Issues

Evasion Technique: String Concatenation Weak Initialization Vectors (IV)

Evasion Technique: Obfuscated Codes How to Break WEP Encryption?

How to Defend Against SQL Injection Attacks? How to Break WPA/WPA2 Encryption?

How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters How to Defend Against WPA Cracking?

SQL Injection Detection Tools Wireless Threats: Access Control Attacks

SQL Injection Detection Tool: Microsoft Source Code Analyzer Wireless Threats: Integrity Attacks

SQL Injection Detection Tool: Microsoft UrlScan Wireless Threats: Confidentiality Attacks

SQL Injection Detection Tool: dotDefender Wireless Threats: Availability Attacks

SQL Injection Detection Tool: IBM AppScan Wireless Threats: Authentication Attacks

Snort Rule to Detect SQL Injection Attacks Rogue Access Point Attack

Client Mis-association

Module 15: Hacking Wireless Networks Misconfigured Access Point Attack

Wireless Networks Unauthorized Association

Wi-Fi Usage Statistics in the US Ad Hoc Connection Attack

Wi-Fi Hotspots at Public Places HoneySpot Access Point Attack

Wi-Fi Networks at Home AP MAC Spoofing

Module 15: Hacking Wireless Networks (Continued) How to Crack WEP Using Aircrack? Screenshot 2/2

Denial-of-Service Attack How to Crack WPA-PSK Using Aircrack?

Jamming Signal Attack WPA Cracking Tool: KisMAC

Wi-Fi Jamming Devices WEP Cracking Using Cain & Abel

Wireless Hacking Methodology WPA Brute Forcing Using Cain & Abel

Find Wi-Fi Networks to Attack WPA Cracking Tool: Elcomsoft Wireless Security Auditor

Attackers Scanning for Wi-Fi Networks WEP/WPA Cracking Tools

Footprint the Wireless Network Wi-Fi Sniffer: Kismet

Wi-Fi Discovery Tool: inSSIDer Wardriving Tools

Wi-Fi Discovery Tool: NetSurveyor RF Monitoring Tools

Wi-Fi Discovery Tool: NetStumbler Wi-Fi Connection Manager Tools

Wi-Fi Discovery Tool: Vistumbler Wi-Fi Traffic Analyzer Tools

Wi-Fi Discovery Tool: WirelessMon Wi-Fi Raw Packet Capturing Tools

Wi-Fi Discovery Tools Wi-Fi Spectrum Analyzing Tools

GPS Mapping Bluetooth Hacking

GPS Mapping Tool: WIGLE Bluetooth Stack

GPS Mapping Tool: Skyhook Bluetooth Threats

How to Discover Wi-Fi Network Using Wardriving? How to BlueJack a Victim?

Wireless Traffic Analysis Bluetooth Hacking Tool: Super Bluetooth Hack

Wireless Cards and Chipsets Bluetooth Hacking Tool: PhoneSnoop

Wi-Fi USB Dongle: AirPcap Bluetooth Hacking Tool:  BlueScanner

Wi-Fi Packet Sniffer: Wireshark with AirPcap Bluetooth Hacking Tools

Wi-Fi Packet Sniffer: Wi-Fi Pilot How to Defend Against Bluetooth Hacking?

Wi-Fi Packet Sniffer: OmniPeek How to Detect and Block Rogue AP?

Wi-Fi Packet Sniffer: CommView for Wi-Fi Wireless Security Layers

What is Spectrum Analysis? How to Defend Against Wireless Attacks?

Wireless Sniffers Wireless Intrusion Prevention Systems

Aircrack-ng Suite Wireless IPS Deployment

How to Reveal Hidden SSIDs Wi-Fi Security Auditing Tool: AirMagnet WiFi Analyzer

Fragmentation Attack Wi-Fi Security Auditing Tool: AirDefense

How to Launch MAC Spoofing Attack? Wi-Fi Security Auditing Tool: Adaptive Wireless IPS

Denial of Service: Deauthentication and Disassociation Attacks Wi-Fi Security Auditing Tool: Aruba RFProtect WIPS

Man-in-the-Middle Attack Wi-Fi Intrusion Prevention System

MITM Attack Using Aircrack-ng Wi-Fi Predictive Planning Tools

Wireless ARP Poisoning Attack Wi-Fi Vulnerability Scanning Tools

Rogue Access Point Wireless Penetration Testing

Evil Twin Wireless Penetration Testing Framework

How to Set Up a Fake Hotspot (Evil Twin)? Wi-Fi Pen Testing Framework

How to Crack WEP Using Aircrack? Pen Testing LEAP Encrypted WLAN

How to Crack WEP Using Aircrack? Screenshot 1/2 Pen Testing WPA/WPA2 Encrypted WLAN

Module 15: Hacking Wireless Networks (Continued) Insertion Attack

Pen Testing WEP Encrypted WLAN Evasion

Pen Testing Unencrypted WLAN Denial-of-Service Attack (DoS)

Obfuscating

Module 16: Evading IDS, Firewalls and Honeypots False Positive Generation

Intrusion Detection Systems (IDS) and its Placement Session Splicing

How IDS Works? Unicode Evasion Technique

Ways to Detect an Intrusion Fragmentation Attack

Types of Intrusion Detection Systems Overlapping Fragments

System Integrity Verifiers (SIV) Time-To-Live Attacks

General Indications of Intrusions Invalid RST Packets

General Indications of System Intrusions Urgency Flag

Firewall Polymorphic Shellcode

Firewall Architecture ASCII Shellcode

DeMilitarized Zone (DMZ) Application-Layer Attacks

Types of Firewall Desynchronization

Packet Filtering Firewall Pre Connection SYN

Circuit-Level Gateway Firewall Post Connection SYN

Application-Level Firewall Other Types of Evasion

Stateful Multilayer Inspection Firewall IP Address Spoofing

Firewall Identification Attacking Session Token Generation Mechanism

Port Scanning Tiny Fragments

Firewalking Bypass Blocked Sites Using IP Address in Place of URL

Banner Grabbing Bypass Blocked Sites Using Anonymous Website Surfing Sites

Honeypot Bypass a Firewall using Proxy Server

Types of Honeypots Bypassing Firewall through ICMP Tunneling Method

How to Set Up a Honeypot? Bypassing Firewall through ACK Tunneling Method

Intrusion Detection Tool Bypassing Firewall through HTTP Tunneling Method

Snort Bypassing Firewall through External Systems

Snort Rules Bypassing Firewall through MITM Attack

Rule Actions and IP Protocols Detecting Honeypots

The Direction Operator and IP Addresses Honeypot Detecting Tool: Send-Safe Honeypot Hunter

Port Numbers Firewall Evasion Tools

Intrusion Detection Systems: Tipping Point Traffic IQ Professional

Intrusion Detection Tools tcp-over-dns

Firewall: Sunbelt Personal Firewall Firewall Evasion Tools

Firewalls Packet Fragment Generators

Honeypot Tools Countermeasures

KFSensor Firewall/IDS Penetration Testing

SPECTER Firewall Penetration Testing

Module 16: Evading IDS, Firewalls and Honeypots (Continued) BoF Security Tools

IDS Penetration Testing BufferShield

Buffer Overflow Penetration Testing

Module 17: Buffer Overflow

Buffer Overflows Module 18: Cryptography

Why are Programs And Applications Vulnerable? Cryptography

Understanding Stacks Types of Cryptography

Stack-Based Buffer Overflow Government Access to Keys (GAK)

Understanding Heap Ciphers

Heap-Based Buffer Overflow Advanced Encryption Standard (AES)

Stack Operations Data Encryption Standard (DES)

Shellcode RC4, RC5, RC6 Algorithms

No Operations (NOPs) The DSA and Related Signature Schemes

Knowledge Required to Program Buffer Overflow Exploits RSA (Rivest Shamir Adleman)

Buffer Overflow Steps Example of RSA Algorithm

Attacking a Real Program The RSA Signature Scheme

Format String Problem Message Digest (One-way Bash) Functions

Overflow using Format String Message Digest Function: MD5

Smashing the Stack Secure Hashing Algorithm (SHA)

Once the Stack is Smashed... What is SSH (Secure Shell)?

Simple Uncontrolled Overflow MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles

Simple Buffer Overflow in C Cryptography Tool: Advanced Encryption Package

Code Analysis Cryptography Tools

Exploiting Semantic Comments in C (Annotations) Public Key Infrastructure (PKI)

How to Mutate a Buffer Overflow Exploit? Certification Authorities

Identifying Buffer Overflows Digital Signature

How to Detect Buffer Overflows in a Program? SSL (Secure Sockets Layer)

BOU (Buffer Overflow Utility) Transport Layer Security (TLS)

Testing for Heap Overflow Conditions: heap.exe Disk Encryption

Steps for Testing for Stack Overflow in OllyDbg Debugger Disk Encryption Tool: TrueCrypt

Testing for Stack Overflow in OllyDbg Debugger Disk Encryption Tools

Testing for Format String Conditions using IDA Pro Cryptography Attacks

BoF Detection Tools Code Breaking Methodologies

Defense Against Buffer Overflows Brute-Force Attack

Preventing BoF Attacks Meet-in-the-Middle Attack on Digital Signature Schemes

Programming Countermeasures Cryptanalysis Tool: CrypTool

Data Execution Prevention (DEP) Cryptanalysis Tools

Enhanced Mitigation Experience Toolkit (EMET) Online MD5 Decryption Tool

EMET System Configuration Settings Module 19: Penetration Testing

EMET Application Configuration Window Introduction to Penetration Testing

Module 19: Penetration Testing (Continued) Wireless Testing

Security Assessments Telephony Security Assessment

Vulnerability Assessment Social Engineering

Limitations of  Vulnerability Assessment Testing Network-Filtering Devices

Penetration Testing Denial of Service Emulation

Why Penetration Testing? Outsourcing Penetration Testing Services

What Should be Tested? Terms of Engagement

What Makes a Good Penetration Test? Project Scope

ROI on Penetration Testing Pentest Service Level Agreements

Testing Points Penetration Testing Consultants

Testing Locations Evaluating Different Types of Pentest Tools

Types of Penetration Testing Application Security Assessment Tool

External Penetration Testing Webscarab

Internal Security Assessment Network Security Assessment Tool

Black-box Penetration Testing Angry IP scanner

Grey-box Penetration Testing GFI LANguard

White-box Penetration Testing Wireless/Remote Access Assessment Tool

Announced / Unannounced Testing Kismet

Automated Testing Telephony Security Assessment Tool

Manual Testing Omnipeek

Common Penetration Testing Techniques Testing Network-Filtering Device Tool

Using DNS Domain Name and IP Address Information Traffic IQ Professional

Enumerating Information about Hosts on Publicly-Available Networks

Phases of Penetration Testing

Pre-Attack Phase

Attack Phase

Activity: Perimeter Testing

Enumerating Devices

Activity: Acquiring Target

Activity: Escalating Privileges

Activity: Execute, Implant, and Retract

Post-Attack Phase and Activities

Penetration Testing Deliverable Templates

Penetration Testing Methodology

Application Security Assessment

Web Application Testing - I

Web Application Testing - II

Web Application Testing - III

Network Security Assessment

Wireless/Remote Access Assessment