CEHv8 COURSE OUTLINE
01.
Introduction to Ethical Hacking
- Internet Crime Current Report: IC3
- Data Breach Investigations Report
- Types of Data Stolen From the
Organizations
- Essential Terminologies
- Elements of Information Security
- Authenticity and Non-Repudiation
- The Security, Functionality, and
Usability Triangle
- Security Challenges
- Effects of Hacking
- Effects of Hacking on Business
- Who is a Hacker?
- Hacker Classes
- Hacktivism
- What Does a Hacker Do?
- Phase 1 - Reconnaissance
- Reconnaissance Types
- Phase 2 - Scanning
- Phase 3 – Gaining Access
- Phase 4 – Maintaining Access
- Phase 5 – Covering Tracks
- Types of Attacks on a System
- Operating System Attacks
- Application-Level Attacks
- Shrink Wrap Code Attacks
- Misconfiguration Attacks
- Why Ethical Hacking is Necessary?
- Defense in Depth
- Scope and Limitations of Ethical Hacking
- What Do Ethical Hackers Do?
- Skills of an Ethical Hacker
- Vulnerability Research
- Vulnerability Research Websites
- What is Penetration Testing?
- Why Penetration Testing?
- Penetration Testing Methodology
02. Footprinting and
Reconnaissance
- Footprinting Terminologies
- What is Footprinting?
- Objectives of Footprinting
- Footprinting Threats
- Finding a Company’s URL
- Locate Internal URLs
- Public and Restricted Websites
- Search for Company’s Information
- Tools to Extract Company’s Data
- Footprinting Through Search Engines
- Collect Location Information
- Satellite Picture of a Residence
- People Search
- People Search Using http://pipl.com
- People Search Online Services
- People Search on Social Networking
Services
- Gather Information from Financial
Services
- Footprinting Through Job Sites
- Monitoring Target Using Alerts
- Competitive Intelligence Gathering
- Competitive Intelligence-When Did this
Company Begin? How Did it Develop?
- Competitive Intelligence-What are the
Company's Plans?
- Competitive Intelligence-What Expert
Opinion Say About the Company?
- Competitive Intelligence Tools
- Competitive Intelligence Consulting
Companies
- WHOIS Lookup
- WHOIS Lookup Result Analysis
- WHOIS Lookup Tools: SmartWhois
- WHOIS Lookup Tools
- WHOIS Lookup Online Tools
- Extracting DNS Information
- DNS Interrogation Tools
- DNS Interrogation Online Tools
- Locate the Network Range
- Traceroute
- Traceroute Analysis
- Traceroute Tool: 3D Traceroute
- Traceroute Tool: LoriotPro
- Traceroute Tool: Path Analyzer Pro
- Traceroute Tools
- Mirroring Entire Website
- Website Mirroring Tools
- Mirroring Entire Website Tools
- Extract Website Information from
http://www.archive.org
- Monitoring Web Updates Using Website
Watcher
- Tracking Email Communications
- Email Tracking Tools
- Footprint Using Google Hacking Techniques
- What a Hacker Can Do With Google Hacking?
- Google Advance Search Operators
- Finding Resources using Google Advance
Operator
- Google Hacking Tool: Google Hacking
Database (GHDB)
- Google Hacking Tools
- Additional Footprinting Tools
- Footprinting Countermeasures
- Footprinting Pen Testing
03. Scanning Networks
- Network Scanning
- Types of Scanning
- Checking for Live Systems - ICMP Scanning
- Ping Sweep
- Ping Sweep Tools
- Three-Way Handshake
- TCP Communication Flags
- Create Custom Packet using TCP Flags
- Hping2 / Hping3
- Hping Commands
- Scanning Techniques
- TCP Connect / Full Open Scan
- Stealth Scan (Half-open Scan)
- Xmas Scan
- FIN Scan
- NULL Scan
- IDLE Scan
- IDLE Scan: Step 1
- IDLE Scan: Step 2.1 (Open Port)
- IDLE Scan: Step 2.2 (Closed Port)
- IDLE Scan: Step 3
- ICMP Echo Scanning/List Scan
- SYN/FIN Scanning Using IP Fragments
- UDP Scanning
- Inverse TCP Flag Scanning
- ACK Flag Scanning
- Scanning: IDS Evasion Techniques
- IP Fragmentation Tools
- Scanning Tool: Nmap
- Scanning Tool: NetScan Tools Pro
- Scanning Tools
- Do Not Scan These IP Addresses (Unless
you want to get into trouble)
- Scanning Countermeasures
- War Dialing
- Why War Dialing?
- War Dialing Tools
- War Dialing Countermeasures
- War Dialing Countermeasures: SandTrap
Tool
- OS Fingerprinting
- Active Banner Grabbing Using Telnet
- Banner Grabbing Tool: ID Serve
- GET REQUESTS
- Banner Grabbing Tool: Netcraft
- Banner Grabbing Tools
- Banner Grabbing Countermeasures:
Disabling or Changing Banner
- Hiding File Extensions
- Hiding File Extensions from Webpages
- Vulnerability Scanning
- Vulnerability Scanning Tool: Nessus
- Vulnerability Scanning Tool: SAINT
- Vulnerability Scanning Tool: GFI
LANGuard
- Network Vulnerability Scanners
- LANsurveyor
- Network Mappers
- Proxy Servers
- Why Attackers Use Proxy Servers?
- Use of Proxies for Attack
- How Does MultiProxy Work?
- Free Proxy Servers
- Proxy Workbench
- Proxifier Tool: Create Chain of Proxy
Servers
- SocksChain
- TOR (The Onion Routing)
- TOR Proxy Chaining Software
- HTTP Tunneling Techniques
- Why do I Need HTTP Tunneling?
- Super Network Tunnel Tool
- Httptunnel for Windows
- Additional HTTP Tunneling Tools
- SSH Tunneling
- SSL Proxy Tool
- How to Run SSL Proxy?
- Proxy Tools
- Anonymizers
- Types of Anonymizers
- Case: Bloggers Write Text Backwards to
Bypass Web Filters in China
- Text Conversion to Avoid Filters
- Censorship Circumvention Tool:
Psiphon
- How Psiphon Works?
- How to Check if Your Website is
Blocked in China or Not?
- G-Zapper
- Anonymizer Tools
- Spoofing IP Address
- IP Spoofing Detection Techniques: Direct
TTL Probes
- IP Spoofing Detection Techniques: IP
Identification Number
- IP Spoofing Detection Techniques: TCP
Flow Control Method
- IP Spoofing Countermeasures
- Scanning Pen Testing
04. Enumeration
- What is Enumeration?
- Techniques for Enumeration
- Netbios Enumeration
- NetBIOS Enumeration Tool: SuperScan
- NetBIOS Enumeration Tool: NetBIOS
Enumerator
- Enumerating User Accounts
- Enumerate Systems Using Default Passwords
- SNMP (Simple Network Management Protocol)
Enumeration
- Management Information Base (MIB)
- SNMP Enumeration Tool: OpUtils Network
Monitoring Toolset
- SNMP Enumeration Tool: SolarWinds
- SNMP Enumeration Tools
- UNIX/Linux Enumeration
- Linux Enumeration Tool: Enum4linux
- LDAP Enumeration
- LDAP Enumeration Tool: JXplorer
- LDAP Enumeration Tool
- NTP Enumeration
- NTP Server Discovery Tool: NTP Server
Scanner
- NTP Server: PresenTense Time Server
- NTP Enumeration Tools
- SMTP Enumeration
- SMTP Enumeration Tool: NetScanTools Pro
- DNS Zone Transfer Enumeration Using
nslookup
- DNS Analyzing and Enumeration
Tool: The Men & Mice Suite
- Enumeration Countermeasures
- SMB Enumeration Countermeasures
- Enumeration Pen Testing
05. System Hacking
- Information at Hand Before System Hacking
Stage
- System Hacking: Goals
- CEH Hacking Methodology (CHM)
- Password Cracking
- Password Complexity
- Password Cracking Techniques
- Types of Password Attacks
- Passive Online Attacks: Wire Sniffing
- Password Sniffing
- Passive Online Attack:
Man-in-the-Middle and Replay Attack
- Active Online Attack: Password Guessing
- Active Online Attack:
Trojan/Spyware/Keylogger
- Active Online Attack: Hash
Injection Attack
- Rainbow Attacks: Pre-Computed Hash
- Distributed Network Attack
- Elcomsoft Distributed Password
Recovery
- Non-Electronic Attacks
- Default Passwords
- Manual Password Cracking (Guessing)
- Automatic Password Cracking Algorithm
- Stealing Passwords Using USB Drive
- Microsoft Authentication
- How Hash Passwords are Stored in Windows
SAM?
- What is LAN Manager Hash?
- LM “Hash” Generation
- LM, NTLMv1, and NTLMv2
- NTLM Authentication Process
- Kerberos Authentication
- Salting
- PWdump7 and Fgdump
- L0phtCrack
- Ophcrack
- Cain & Abel
- RainbowCrack
- Password Cracking Tools
- LM Hash Backward Compatibility
- How to Disable LM HASH?
- How to Defend against Password Cracking?
- Implement and Enforce Strong Security
Policy
- Privilege Escalation
- Escalation of Privileges
- Active@ Password Changer
- Privilege Escalation Tools
- How to Defend against Privilege
Escalation?
- Executing Applications
- Alchemy Remote Executor
- RemoteExec
- Execute This!
- Keylogger
- Types of Keystroke Loggers
- Acoustic/CAM Keylogger
- Keylogger: Advanced Keylogger
- Keylogger: SpytechSpyAgent
- Keylogger: Perfect Keylogger
- Keylogger: Powered Keylogger
- Keylogger for Mac: Aobo Mac OS X
KeyLogger
- Keylogger for Mac: Perfect Keylogger for
Mac
- Hardware Keylogger: KeyGhost
- Keyloggers
- Spyware
- What Does the Spyware Do?
- Types of Spywares
- Desktop Spyware
- Desktop Spyware: Activity
Monitor
- Email and Internet Spyware
- Email and Internet Spyware:
eBLASTER
- Internet and E-mail Spyware
- Child Monitoring Spyware
- Child Monitoring Spyware:
Advanced Parental Control
- Screen Capturing Spyware
- Screen Capturing Spyware:
Spector Pro
- USB Spyware
- USB Spyware: USBDumper
- Audio Spyware
- Audio Spyware: RoboNanny,
Stealth Recorder Pro and Spy Voice Recorder
- Video Spyware
- Video Spyware: Net Video Spy
- Print Spyware
- Print Spyware: Printer
Activity Monitor
- Telephone/Cellphone Spyware
- Cellphone Spyware: Mobile Spy
- GPS Spyware
- GPS Spyware: GPS TrackMaker
- How to Defend against Keyloggers?
- Anti-Keylogger
- Anti-Keylogger: ZemanaAntiLogger
- Anti-Keyloggers
- How to Defend against Spyware?
- Anti-Spyware: Spyware Doctor
- Rootkits
- Types of Rootkits
- How Rootkit Works?
- Rootkit: Fu
- Detecting Rootkits
- Steps for Detecting Rootkits
- How to Defend against Rootkits?
- Anti-Rootkit: RootkitRevealer and McAfee
Rootkit Detective
- NTFS Data Stream
- How to Create NTFS Streams?
- NTFS Stream Manipulation
- How to Defend against NTFS Streams?
- NTFS Stream Detector: ADS Scan Engine
- NTFS Stream Detectors
- What is Steganography?
- Steganography Techniques
- How Steganography Works?
- Types of Steganography
- Whitespace Steganography Tool: SNOW
- Image Steganography
- Image Steganography: Hermetic Stego
- Image Steganography Tools
- Document Steganography: wbStego
- Document Steganography Tools
- Video Steganography: Our Secret
- Video Steganography Tools
- Audio Steganography: Mp3stegz
- Audio Steganography Tools
- Folder Steganography: Invisible Secrets 4
- Folder Steganography Tools
- Spam/Email Steganography: Spam Mimic
- Natural Text Steganography: Sams Big G
Play Maker
- Steganalysis
- Steganalysis Methods/Attacks on
Steganography
- Steganography Detection Tool: Stegdetect
- Steganography Detection Tools
- Why Cover Tracks?
- Covering Tracks
- Ways to Clear Online Tracks
- Disabling Auditing: Auditpol
- Covering Tracks Tool: Window Washer
- Covering Tracks Tool: Tracks Eraser Pro
- Track Covering Tools
- System Hacking Penetration Testing
06. Trojans and
Backdoors
- What is a Trojan?
- Overt and Covert Channels
- Purpose of Trojans
- What Do Trojan Creators Look For?
- Indications of a Trojan Attack
- Common Ports used by Trojans
- How to Infect Systems Using a Trojan?
- Wrappers
- Wrapper Covert Programs
- Different Ways a Trojan can Get into a
System
- How to Deploy a Trojan?
- Evading Anti-Virus Techniques
- Types of Trojans
- Command Shell Trojans
- Command Shell Trojan: Netcat
- GUI Trojan: MoSucker
- GUI Trojan: Jumper and Biodox
- Document Trojans
- E-mail Trojans
- E-mail Trojans: RemoteByMail
- Defacement Trojans
- Defacement Trojans: Restorator
- Botnet Trojans
- Botnet Trojan: Illusion Bot
- Botnet Trojan: NetBot Attacker
- Proxy Server Trojans
- Proxy Server Trojan: W3bPrOxy
Tr0j4nCr34t0r (Funny Name)
- FTP Trojans
- FTP Trojan: TinyFTPD
- VNC Trojans
- HTTP/HTTPS Trojans
- HTTP Trojan: HTTP RAT
- Shttpd Trojan - HTTPS (SSL)
- ICMP Tunneling
- ICMP Trojan: icmpsend
- Remote Access Trojans
- Remote Access Trojan: RAT DarkComet
- Remote Access Trojan: Apocalypse
- Covert Channel Trojan: CCTT
- E-banking Trojans
- Banking Trojan Analysis
- E-banking Trojan: ZeuS
- Destructive Trojans
- Notification Trojans
- Credit Card Trojans
- Data Hiding Trojans (Encrypted Trojans)
- BlackBerry Trojan: PhoneSnoop
- MAC OS X Trojan: DNSChanger
- MAC OS X Trojan: DNSChanger
- Mac OS X Trojan: Hell Raiser
- How to Detect Trojans?
- Scanning for Suspicious Ports
- Port Monitoring Tool: IceSword
- Port Monitoring Tools: CurrPorts and
TCPView
- Scanning for Suspicious Processes
- Process Monitoring Tool: What's Running
- Process Monitoring Tools
- Scanning for Suspicious Registry Entries
- Registry Entry Monitoring Tools
- Scanning for Suspicious Device Drivers
- Device Drivers Monitoring Tools:
DriverView
- Device Drivers Monitoring Tools
- Scanning for Suspicious Windows Services
- Windows Services Monitoring Tools:
Windows Service Manager (SrvMan)
- Windows Services Monitoring Tools
- Scanning for Suspicious Startup Programs
- Windows7 Startup Registry Entries
- Startup Programs Monitoring Tools: Starter
- Startup Programs Monitoring Tools:
Security AutoRun
- Startup Programs Monitoring Tools
- Scanning for Suspicious Files and Folders
- Files and Folder Integrity Checker:
FastSum and WinMD5
- Files and Folder Integrity Checker
- Scanning for Suspicious Network
Activities
- Detecting Trojans and Worms with Capsa
Network Analyzer
- Trojan Countermeasures
- Backdoor Countermeasures
- Trojan Horse Construction Kit
- Anti-Trojan Software: TrojanHunter
- Anti-Trojan Software: Emsisoft
Anti-Malware
- Anti-Trojan Softwares
- Pen Testing for Trojans and Backdoors
07. Viruses and Worms
- Introduction to Viruses
- Virus and Worm Statistics 2010
- Stages of Virus Life
- Working of Viruses: Infection Phase
- Working of Viruses: Attack Phase
- Why Do People Create Computer Viruses?
- Indications of Virus Attack
- How does a Computer get Infected by
Viruses?
- Virus Hoaxes
- Virus Analysis:
- W32/Sality AA
- W32/Toal-A
- W32/Virut
- Klez
- Types of Viruses
- System or Boot Sector Viruses
- File and Multipartite Viruses
- Macro Viruses
- Cluster Viruses
- Stealth/Tunneling Viruses
- Encryption Viruses
- Polymorphic Code
- Metamorphic Viruses
- File Overwriting or Cavity Viruses
- Sparse Infector Viruses
- Companion/Camouflage Viruses
- Shell Viruses
- File Extension Viruses
- Add-on and Intrusive Viruses
- Transient and Terminate and Stay Resident
Viruses
- Writing a Simple Virus Program
- Terabit Virus Maker
- JPS Virus Maker
- DELmE's Batch Virus Maker
- Computer Worms
- How is a Worm Different from a Virus?
- Example of Worm Infection: Conficker Worm
- What does the Conficker Worm do?
- How does the Conficker Worm Work?
- Worm Analysis:
- W32/Netsky
- W32/Bagle.GE
- Worm Maker: Internet Worm Maker Thing
- What is Sheep Dip Computer?
- Anti-Virus Sensors Systems
- Malware Analysis Procedure
- String Extracting Tool: Bintext
- Compression and Decompression Tool: UPX
- Process Monitoring Tools: Process Monitor
- Log Packet Content Monitoring Tools:
NetResident
- Debugging Tool: Ollydbg
- Virus Analysis Tool: IDA Pro
- Online Malware Testing:
- Sunbelt CWSandbox
- VirusTotal
- Online Malware Analysis Services
- Virus Detection Methods
- Virus and Worms Countermeasures
- Companion Antivirus: Immunet Protect
- Anti-virus Tools
- Penetration Testing for Virus
08. Sniffers
- Lawful Intercept
- Benefits of Lawful Intercept
- Network Components Used for Lawful
Intercept
- Wiretapping
- Sniffing Threats
- How a Sniffer Works?
- Hacker Attacking a Switch
- Types of Sniffing: Passive Sniffing
- Types of Sniffing: Active Sniffing
- Protocols Vulnerable to Sniffing
- Tie to Data Link Layer in OSI Model
- Hardware Protocol Analyzers
- SPAN Port
- MAC Flooding
- MAC Address/CAM Table
- How CAM Works?
- What Happens When CAM Table is Full?
- Mac Flooding Switches with macof
- MAC Flooding Tool: Yersinia
- How to Defend against MAC Attacks?
- How DHCP Works?
- DHCP Request/Reply Messages
- IPv4 DHCP Packet Format
- DHCP Starvation Attack
- Rogue DHCP Server Attack
- DHCP Starvation Attack Tool: Gobbler
- How to Defend Against DHCP Starvation
and Rogue Server Attack?
- What is Address Resolution Protocol
(ARP)?
- ARP Spoofing Attack
- How Does ARP Spoofing Work?
- Threats of ARP Poisoning
- ARP Poisoning Tool: Cain and Abel
- ARP Poisoning Tool: WinArpAttacker
- ARP Poisoning Tool: UfasoftSnif
- How to Defend Against ARP Poisoning? Use
DHCP Snooping Binding Table and Dynamic ARP Inspection
- Configuring DHCP Snooping and Dynamic ARP
Inspection on Cisco Switches
- MAC Spoofing/Duplicating
- Spoofing Attack Threats
- MAC Spoofing Tool: SMAC
- How to Defend Against MAC Spoofing? Use
DHCP Snooping Binding Table, Dynamic ARP Inspection and IP Source Guard
- DNS Poisoning Techniques
- Intranet DNS Spoofing
- Internet DNS Spoofing
- Proxy Server DNS Poisoning
- DNS Cache Poisoning
- How to Defend Against DNS Spoofing?
- Sniffing Tool: Wireshark
- Follow TCP Stream in Wireshark
- Display Filters in Wireshark
- Additional Wireshark Filters
- Sniffing Tool: CACE Pilot
- Sniffing Tool: Tcpdump/Windump
- Discovery Tool: NetworkView
- Discovery Tool: The Dude Sniffer
- Password Sniffing Tool: Ace
- Packet Sniffing Tool: Capsa Network
Analyzer
- OmniPeek Network Analyzer
- Network Packet Analyzer: Observer
- Session Capture Sniffer: NetWitness
- Email Message Sniffer: Big-Mother
- TCP/IP Packet Crafter: Packet Builder
- Additional Sniffing Tools
- How an Attacker Hacks the Network Using
Sniffers?
- How to Defend Against Sniffing?
- Sniffing Prevention Techniques
- How to Detect Sniffing?
- Promiscuous Detection Tool: PromqryUI
- Promiscuous Detection Tool: PromiScan
09. Social Engineering
- What is Social Engineering?
- Behaviors Vulnerable to Attacks
- Factors that Make Companies Vulnerable
to Attacks
- Why is Social Engineering Effective?
- Warning Signs of an Attack
- Phases in a Social Engineering Attack
- Impact on the Organization
- Command Injection Attacks
- Common Targets of Social Engineering
- Common Targets of Social Engineering:
Office Workers
- Types of Social Engineering
- Human-Based Social Engineering
- Technical Support Example
- Authority Support Example
- Human-based Social Engineering:
Dumpster Diving
- Computer-Based Social Engineering
- Computer-Based Social Engineering:
Pop-Ups
- Computer-Based Social Engineering:
Phishing
- Social Engineering Using SMS
- Social Engineering by a “Fake SMS Spying
Tool”
- Insider Attack
- Disgruntled Employee
- Preventing Insider Threats
- Common Intrusion Tactics and Strategies
for Prevention
- Social Engineering Through Impersonation
on Social Networking Sites
- Social Engineering Example: LinkedIn
Profile
- Social Engineering on Facebook
- Social Engineering on Twitter
- Social Engineering on Orkut
- Social Engineering on MySpace
- Risks of Social Networking to Corporate
Networks
- Identity Theft Statistics 2010
- Identify Theft
- How to Steal an Identity?
- STEP 1
- STEP 2
- STEP 3
- Real Steven Gets Huge Credit Card
Statement
- Identity Theft - Serious Problem
- Social Engineering Countermeasures:
Policies
- Social Engineering Countermeasures
- How to Detect Phishing Emails?
- Anti-Phishing Toolbar: Netcraft
- Anti-Phishing Toolbar: PhishTank
- Identity Theft Countermeasures
- Social Engineering Pen Testing
- Social Engineering Pen Testing: Using
Emails
- Social Engineering Pen Testing: Using
Phone
- Social Engineering Pen Testing: In
Person
10.Denial of Service
- What is a Denial of Service Attack?
- What is Distributed Denial of Service
Attacks?
- How Distributed Denial of Service
Attacks Work?
- Symptoms of a DoS Attack
- Cyber Criminals
- Organized Cyber Crime: Organizational
Chart
- Internet Chat Query (ICQ)
- Internet Relay Chat (IRC)
- DoS Attack Techniques
- Bandwidth Attacks
- Service Request Floods
- SYN Attack
- SYN Flooding
- ICMP Flood Attack
- Peer-to-Peer Attacks
- Permanent Denial-of-Service Attack
- Application Level Flood Attacks
- Botnet
- Botnet Propagation Technique
- Botnet Ecosystem
- Botnet Trojan: Shark
- Poison Ivy: Botnet Command Control
Center
- Botnet Trojan: PlugBot
- WikiLeak Operation Payback
- DDoS Attack
- DDoS Attack Tool: LOIC
- Denial of Service Attack Against
MasterCard, Visa, and Swiss Banks
- Hackers Advertise Links to Download
Botnet
- DoS Attack Tools
- Detection Techniques
- Activity Profiling
- Wavelet Analysis
- Sequential Change-Point Detection
- DoS/DDoS Countermeasure Strategies
- DDoS Attack Countermeasures
- DoS/DDoS Countermeasures: Protect
Secondary Victims
- DoS/DDoS Countermeasures: Detect and
Neutralize Handlers
- DoS/DDoS Countermeasures: Detect
Potential Attacks
- DoS/DDoS Countermeasures: Deflect
Attacks
- DoS/DDoS Countermeasures: Mitigate
Attacks
- Post-attack Forensics
- Techniques to Defend against Botnets
- DoS/DDoS Countermeasures
- DoS/DDoS Protection at ISP Level
- Enabling TCP Intercept on Cisco IOS
Software
- Advanced DDoS Protection:
IntelliGuardDDoS Protection System (DPS)
- DoS/DDoS Protection Tool
- Denial of Service (DoS) Attack
Penetration Testing
11.Session Hijacking
- What is Session Hijacking?
- Dangers Posed by Hijacking
- Why Session Hijacking is Successful?
- Key Session Hijacking Techniques
- Brute Forcing
- Brute Forcing Attack
- HTTP Referrer Attack
- Spoofing vs. Hijacking
- Session Hijacking Process
- Packet Analysis of a Local Session Hijack
- Types of Session Hijacking
- Session Hijacking in OSI Model
- Application Level Session Hijacking
- Session Sniffing
- Predictable Session Token
- How to Predict a Session Token?
- Man-in-the-Middle Attack
- Man-in-the-Browser Attack
- Steps to Perform Man-in-the-Browser
Attack
- Client-side Attacks
- Cross-site Script Attack
- Session Fixation
- Session Fixation Attack
- Network Level Session Hijacking
- The 3-Way Handshake
- Sequence Numbers
- Sequence Number Prediction
- TCP/IP Hijacking
- IP Spoofing: Source Routed Packets
- RST Hijacking
- Blind Hijacking
- Man-in-the-Middle Attack using Packet
Sniffer
- UDP Hijacking
- Session Hijacking Tools
- Paros
- Burp Suite
- Firesheep
- Countermeasures
- Protecting against Session Hijacking
- Methods to Prevent Session Hijacking: To
be Followed by Web Developers
- Methods to Prevent Session Hijacking: To
be Followed by Web Users
- Defending against Session Hijack Attacks
- Session Hijacking Remediation
- IPSec
- Modes of IPSec
- IPSec Architecture
- IPSec Authentication and Confidentiality
- Components of IPSec
- IPSec Implementation
- Session Hijacking Pen Testing
12.Hijacking Web
Servers
- Webserver Market Shares
- Open Source Webserver Architecture
- IIS Webserver Architecture
- Website Defacement
- Case Study
- Why Web Servers are Compromised?
- Impact of Webserver Attacks
- Webserver Misconfiguration
- Example
- Directory Traversal Attacks
- HTTP Response Splitting Attack
- Web Cache Poisoning Attack
- HTTP Response Hijacking
- SSH Bruteforce Attack
- Man-in-the-Middle Attack
- Webserver Password Cracking
- Webserver Password Cracking Techniques
- Web Application Attacks
- Webserver Attack Methodology
- Information Gathering
- Webserver Footprinting
- Webserver Footprinting Tools
- Mirroring a Website
- Vulnerability Scanning
- Session Hijacking
- Hacking Web Passwords
- Webserver Attack Tools
- Metasploit
- Metasploit Architecture
- Metasploit Exploit Module
- Metasploit Payload Module
- Metasploit Auxiliary Module
- Metasploit NOPS Module
- Wfetch
- Web Password Cracking Tool
- Brutus
- THC-Hydra
- Countermeasures
- Patches and Updates
- Protocols
- Accounts
- Files and Directories
- How to Defend Against Web Server Attacks?
- How to Defend against HTTP Response
Splitting and Web Cache Poisoning?
- Patches and Hotfixes
- What is Patch Management?
- Identifying Appropriate Sources for
Updates and Patches
- Installation of a Patch
- Patch Management Tool: Microsoft Baseline
Security Analyzer (MBSA)
- Patch Management Tools
- Web Application Security Scanner: Sandcat
- Web Server Security Scanner: Wikto
- Webserver Malware Infection Monitoring
Tool: HackAlert
- Webserver Security Tools
- Web Server Penetration Testing
13.Hacking Web
Applications
- Web Application Security Statistics
- Introduction to Web Applications
- Web Application Components
- How Web Applications Work?
- Web Application Architecture
- Web 2.0 Applications
- Vulnerability Stack
- Web Attack Vectors
- Web Application Threats - 1
- Web Application Threats - 2
- Unvalidated Input
- Parameter/Form Tampering
- Directory Traversal
- Security Misconfiguration
- Injection Flaws
- SQL Injection Attacks
- Command Injection Attacks
- Command Injection Example
- File Injection Attack
- What is LDAP Injection?
- How LDAP Injection Works?
- Hidden Field Manipulation Attack
- Cross-Site Scripting (XSS) Attacks
- How XSS Attacks Work?
- Cross-Site Scripting Attack Scenario:
Attack via Email
- XSS Example: Attack via Email
- XSS Example: Stealing Users' Cookies
- XSS Example: Sending an Unauthorized
Request
- XSS Attack in Blog Posting
- XSS Attack in Comment Field
- XSS Cheat Sheet
- Cross-Site Request Forgery (CSRF) Attack
- How CSRF Attacks Work?
- Web Application Denial-of-Service (DoS)
Attack
- Denial of Service (DoS) Examples
- Buffer Overflow Attacks
- Cookie/Session Poisoning
- How Cookie Poisoning Works?
- Session Fixation Attack
- Insufficient Transport Layer Protection
- Improper Error Handling
- Insecure Cryptographic Storage
- Broken Authentication and Session
Management
- Unvalidated Redirects and Forwards
- Web Services Architecture
- Web Services Attack
- Web Services Footprinting Attack
- Web Services XML Poisoning
- Footprint Web Infrastructure
- Footprint Web Infrastructure: Server
Discovery
- Footprint Web Infrastructure: Server
Identification/Banner Grabbing
- Footprint Web Infrastructure: Hidden
Content Discovery
- Web Spidering Using Burp Suite
- Hacking Web Servers
- Web Server Hacking Tool: WebInspect
- Analyze Web Applications
- Analyze Web Applications: Identify Entry
Points for User Input
- Analyze Web Applications: Identify
Server-Side Technologies
- Analyze Web Applications: Identify
Server-Side Functionality
- Analyze Web Applications: Map the Attack
Surface
- Attack Authentication Mechanism
- Username Enumeration
- Password Attacks: Password Functionality
Exploits
- Password Attacks: Password Guessing
- Password Attacks: Brute-forcing
- Session Attacks: Session ID Prediction/
Brute-forcing
- Cookie Exploitation: Cookie Poisoning
- Authorization Attack
- HTTP Request Tampering
- Authorization Attack: Cookie Parameter
Tampering
- Session Management Attack
- Attacking Session Token Generation
Mechanism
- Attacking Session Tokens Handling
Mechanism: Session Token Sniffing
- Injection Attacks
- Attack Data Connectivity
- Connection String Injection
- Connection String Parameter Pollution
(CSPP) Attacks
- Connection Pool DoS
- Attack Web App Client
- Attack Web Services
- Web Services Probing Attacks
- Web Service Attacks: SOAP Injection
- Web Service Attacks: XML Injection
- Web Services Parsing Attacks
- Web Service Attack Tool: soapUI
- Web Service Attack Tool: XMLSpy
- Web Application Hacking Tool: Burp Suite
Professional
- Web Application Hacking Tools:
CookieDigger
- Web Application Hacking Tools: WebScarab
- Web Application Hacking Tools
- Encoding Schemes
- How to Defend Against SQL Injection
Attacks?
- How to Defend Against Command Injection
Flaws?
- How to Defend Against XSS Attacks?
- How to Defend Against DoS Attack?
- How to Defend Against Web Services
Attack?
- Web Application Countermeasures
- How to Defend Against Web Application
Attacks?
- Web Application Security Tool: Acunetix
Web Vulnerability Scanner
- Web Application Security Tool: Falcove
Web Vulnerability Scanner
- Web Application Security Scanner:
Netsparker
- Web Application Security Tool: N-Stalker
Web Application Security Scanner
- Web Application Security Tools
- Web Application Firewall:
dotDefender
- Web Application Firewall: IBM AppScan
- Web Application Firewall: ServerDefender
VP
- Web Application Firewall
- Web Application Pen Testing
- Information Gathering
- Configuration Management Testing
- Authentication Testing
- Session Management Testing
- Authorization Testing
- Data Validation Testing
- Denial of Service Testing
- Web Services Testing
- AJAX Testing
14.SQL Injection
- SQL Injection is the Most Prevalent
Vulnerability in 2010
- SQL Injection Threats
- What is SQL Injection?
- SQL Injection Attacks
- How Web Applications Work?
- Server Side Technologies
- HTTP Post Request
- Example 1: Normal SQL Query
- Example 1: SQL Injection Query
- Example 1: Code Analysis
- Example 2: BadProductList.aspx
- Example 2: Attack Analysis
- Example 3: Updating Table
- Example 4: Adding New Records
- Example 5: Identifying the Table Name
- Example 6: Deleting a Table
- SQL Injection Detection
- SQL Injection Error Messages
- SQL Injection Attack Characters
- Additional Methods to Detect SQL
Injection
- SQL Injection Black Box Pen Testing
- Testing for SQL Injection
- Types of SQL Injection
- Simple SQL Injection Attack
- Union SQL Injection Example
- SQL Injection Error Based
- What is Blind SQL Injection?
- No Error Messages Returned
- Blind SQL Injection: WAITFOR DELAY YES
or NO Response
- Blind SQL Injection – Exploitation
(MySQL)
- Blind SQL Injection - Extract Database
User
- Blind SQL Injection - Extract Database
Name
- Blind SQL Injection - Extract Column
Name
- Blind SQL Injection - Extract Data from
ROWS
- SQL Injection Methodology
- Information Gathering
- Extracting Information through Error
Messages
- Understanding SQL Query
- Bypass Website Logins Using SQL
Injection
- Database, Table, and Column Enumeration
- Advanced Enumeration
- Features of Different DBMSs
- Creating Database Accounts
- Password Grabbing
- Grabbing SQL Server Hashes
- Extracting SQL Hashes (In a Single
Statement)
- Transfer Database to Attacker’s Machine
- Interacting with the Operating System
- Interacting with the FileSystem
- Network Reconnaissance Full Query
- SQL Injection Tools
- SQL Injection Tools: BSQLHacker
- SQL Injection Tools: Marathon Tool
- SQL Injection Tools: SQL Power Injector
- SQL Injection Tools: Havij
- Evading IDS
- Types of Signature Evasion Techniques
- Evasion Technique: Sophisticated Matches
- Evasion Technique: Hex Encoding
- Evasion Technique: Manipulating White
Spaces
- Evasion Technique: In-line Comment
- Evasion Technique: Char Encoding
- Evasion Technique: String Concatenation
- Evasion Technique: Obfuscated Codes
- How to Defend Against SQL Injection
Attacks?
- How to Defend Against SQL Injection
Attacks: Use Type-Safe SQL Parameters
- SQL Injection Detection Tools
- SQL Injection Detection Tool: Microsoft
Source Code Analyzer
- SQL Injection Detection Tool: Microsoft
UrlScan
- SQL Injection Detection Tool:
dotDefender
- SQL Injection Detection Tool: IBM
AppScan
- Snort Rule to Detect SQL Injection
Attacks
15.Hacking Wireless
Networks
- Wireless Networks
- Wi-Fi Usage Statistics in the US
- Wi-Fi Hotspots at Public Places
- Wi-Fi Networks at Home
- Types of Wireless Networks
- Wireless Standards
- Service Set Identifier (SSID)
- Wi-Fi Authentication Modes
- Wi-Fi Authentication Process Using a
Centralized Authentication Server
- Wi-Fi Authentication Process
- Wireless Terminologies
- Wi-Fi Chalking
- Wi-Fi Chalking Symbols
- Wi-Fi Hotspot Finder: jiwire.com
- Wi-Fi Hotspot Finder: WeFi.com
- Types of Wireless Antenna
- Parabolic Grid Antenna
- Types of Wireless Encryption
- WEP Encryption
- How WEP Works?
- What is WPA?
- How WPA Works?
- Temporal Keys
- What is WPA2?
- How WPA2 Works?
- WEP vs. WPA vs. WPA2
- WEP Issues
- Weak Initialization Vectors (IV)
- How to Break WEP Encryption?
- How to Break WPA/WPA2 Encryption?
- How to Defend Against WPA Cracking?
- Wireless Threats: Access Control Attacks
- Wireless Threats: Integrity Attacks
- Wireless Threats: Confidentiality Attacks
- Wireless Threats: Availability Attacks
- Wireless Threats: Authentication Attacks
- Rogue Access Point Attack
- Client Mis-association
- Misconfigured Access Point Attack
- Unauthorized Association
- Ad Hoc Connection Attack
- HoneySpot Access Point Attack
- AP MAC Spoofing
- Denial-of-Service Attack
- Jamming Signal Attack
- Wi-Fi Jamming Devices
- Wireless Hacking Methodology
- Find Wi-Fi Networks to Attack
- Attackers Scanning for Wi-Fi Networks
- Footprint the Wireless Network
- Wi-Fi Discovery Tool: inSSIDer
- Wi-Fi Discovery Tool: NetSurveyor
- Wi-Fi Discovery Tool: NetStumbler
- Wi-Fi Discovery Tool: Vistumbler
- Wi-Fi Discovery Tool: WirelessMon
- Wi-Fi Discovery Tools
- GPS Mapping
- GPS Mapping Tool: WIGLE
- GPS Mapping Tool: Skyhook
- How to Discover Wi-Fi Network Using
Wardriving?
- Wireless Traffic Analysis
- Wireless Cards and Chipsets
- Wi-Fi USB Dongle: AirPcap
- Wi-Fi Packet Sniffer: Wireshark with
AirPcap
- Wi-Fi Packet Sniffer: Wi-Fi Pilot
- Wi-Fi Packet Sniffer: OmniPeek
- Wi-Fi Packet Sniffer: CommView for Wi-Fi
- What is Spectrum Analysis?
- Wireless Sniffers
- Aircrack-ng Suite
- How to Reveal Hidden SSIDs
- Fragmentation Attack
- How to Launch MAC Spoofing Attack?
- Denial of Service: Deauthentication and
Disassociation Attacks
- Man-in-the-Middle Attack
- MITM Attack Using Aircrack-ng
- Wireless ARP Poisoning Attack
- Rogue Access Point
- Evil Twin
- How to Set Up a Fake Hotspot (Evil
Twin)?
- How to Crack WEP Using Aircrack?
- How to Crack WEP Using Aircrack?
Screenshot 1/2
- How to Crack WEP Using Aircrack?
Screenshot 2/2
- How to Crack WPA-PSK Using Aircrack?
- WPA Cracking Tool: KisMAC
- WEP Cracking Using Cain & Abel
- WPA Brute Forcing Using Cain & Abel
- WPA Cracking Tool: Elcomsoft Wireless
Security Auditor
- WEP/WPA Cracking Tools
- Wi-Fi Sniffer: Kismet
- Wardriving Tools
- RF Monitoring Tools
- Wi-Fi Connection Manager Tools
- Wi-Fi Traffic Analyzer Tools
- Wi-Fi Raw Packet Capturing Tools
- Wi-Fi Spectrum Analyzing Tools
- Bluetooth Hacking
- Bluetooth Stack
- Bluetooth Threats
- How to BlueJack a Victim?
- Bluetooth Hacking Tool: Super Bluetooth
Hack
- Bluetooth Hacking Tool: PhoneSnoop
- Bluetooth Hacking Tool: BlueScanner
- Bluetooth Hacking Tools
- How to Defend Against Bluetooth Hacking?
- How to Detect and Block Rogue AP?
- Wireless Security Layers
- How to Defend Against Wireless Attacks?
- Wireless Intrusion Prevention Systems
- Wireless IPS Deployment
- Wi-Fi Security Auditing Tool: AirMagnetWiFi
Analyzer
- Wi-Fi Security Auditing Tool: AirDefense
- Wi-Fi Security Auditing Tool: Adaptive
Wireless IPS
- Wi-Fi Security Auditing Tool: Aruba
RFProtect WIPS
- Wi-Fi Intrusion Prevention System
- Wi-Fi Predictive Planning Tools
- Wi-Fi Vulnerability Scanning Tools
- Wireless Penetration Testing
- Wireless Penetration Testing Framework
- Wi-Fi Pen Testing Framework
- Pen Testing LEAP Encrypted WLAN
- Pen Testing WPA/WPA2 Encrypted WLAN
- Pen Testing WEP Encrypted WLAN
- Pen Testing Unencrypted WLAN
16.Evading Firewalls IDS,
and Honeypots
- Intrusion Detection Systems (IDS) and its
Placement
- How IDS Works?
- Ways to Detect an Intrusion
- Types of Intrusion Detection Systems
- System Integrity Verifiers (SIV)
- General Indications of Intrusions
- General Indications of System Intrusions
- Firewall
- Firewall Architecture
- DeMilitarized Zone (DMZ)
- Types of Firewall
- Packet Filtering Firewall
- Circuit-Level Gateway Firewall
- Application-Level Firewall
- Stateful Multilayer Inspection Firewall
- Firewall Identification
- Port Scanning
- Firewalking
- Banner Grabbing
- Honeypot
- Types of Honeypots
- How to Set Up a Honeypot?
- Intrusion Detection Tool
- Snort
- Snort Rules
- Rule Actions and IP Protocols
- The Direction Operator and IP Addresses
- Port Numbers
- Intrusion Detection Systems: Tipping
Point
- Intrusion Detection Tools
- Firewall: Sunbelt Personal Firewall
- Firewalls
- Honeypot Tools
- KFSensor
- SPECTER
- Insertion Attack
- Evasion
- Denial-of-Service Attack (DoS)
- Obfuscating
- False Positive Generation
- Session Splicing
- Unicode Evasion Technique
- Fragmentation Attack
- Overlapping Fragments
- Time-To-Live Attacks
- Invalid RST Packets
- Urgency Flag
- Polymorphic Shellcode
- ASCII Shellcode
- Application-Layer Attacks
- Desynchronization
- Pre Connection SYN
- Post Connection SYN
- Other Types of Evasion
- IP Address Spoofing
- Attacking Session Token Generation
Mechanism
- Tiny Fragments
- Bypass Blocked Sites Using IP Address in
Place of URL
- Bypass Blocked Sites Using Anonymous
Website Surfing Sites
- Bypass a Firewall using Proxy Server
- Bypassing Firewall through ICMP
Tunneling Method
- Bypassing Firewall through ACK Tunneling
Method
- Bypassing Firewall through HTTP
Tunneling Method
- Bypassing Firewall through External
Systems
- Bypassing Firewall through MITM Attack
- Detecting Honeypots
- Honeypot Detecting Tool: Send-Safe
Honeypot Hunter
- Firewall Evasion Tools
- Traffic IQ Professional
- tcp-over-dns
- Firewall Evasion Tools
- Packet Fragment Generators
- Countermeasures
- Firewall/IDS Penetration Testing
- Firewall Penetration Testing
- IDS Penetration Testing
17.Buffer Overflow
- Buffer Overflows
- Why are Programs And Applications
Vulnerable?
- Understanding Stacks
- Stack-Based Buffer Overflow
- Understanding Heap
- Heap-Based Buffer Overflow
- Stack Operations
- Shellcode
- No Operations (NOPs)
- Knowledge Required to Program Buffer
Overflow Exploits
- Buffer Overflow Steps
- Attacking a Real Program
- Format String Problem
- Overflow using Format String
- Smashing the Stack
- Once the Stack is Smashed...
- Simple Uncontrolled Overflow
- Simple Buffer Overflow in C
- Code Analysis
- Exploiting Semantic Comments in C
(Annotations)
- How to Mutate a Buffer Overflow Exploit?
- Identifying Buffer Overflows
- How to Detect Buffer Overflows in a
Program?
- BOU (Buffer Overflow Utility)
- Testing for Heap Overflow Conditions:
heap.exe
- Steps for Testing for Stack Overflow in
OllyDbg Debugger
- Testing for Stack Overflow in OllyDbg
Debugger
- Testing for Format String Conditions
using IDA Pro
- BoF Detection Tools
- Defense Against Buffer Overflows
- Preventing BoF Attacks
- Programming Countermeasures
- Data Execution Prevention (DEP)
- Enhanced Mitigation Experience Toolkit
(EMET)
- EMET System Configuration Settings
- EMET Application Configuration Window
- /GS http://microsoft.com
- BoF Security Tools
- BufferShield
- Buffer Overflow Penetration Testing
18.Cryptography
- Cryptography
- Types of Cryptography
- Government Access to Keys (GAK)
- Ciphers
- Advanced Encryption Standard (AES)
- Data Encryption Standard (DES)
- RC4, RC5, RC6 Algorithms
- The DSA and Related Signature Schemes
- RSA (Rivest Shamir Adleman)
- Example of RSA Algorithm
- The RSA Signature Scheme
- Message Digest (One-way Bash) Functions
- Message Digest Function: MD5
- Secure Hashing Algorithm (SHA)
- What is SSH (Secure Shell)?
- MD5 Hash Calculators: HashCalc, MD5
Calculator and HashMyFiles
- Cryptography Tool: Advanced Encryption
Package
- Cryptography Tools
- Public Key Infrastructure (PKI)
- Certification Authorities
- Digital Signature
- SSL (Secure Sockets Layer)
- Transport Layer Security (TLS)
- Disk Encryption
- Disk Encryption Tool: TrueCrypt
- Disk Encryption Tools
- Cryptography Attacks
- Code Breaking Methodologies
- Brute-Force Attack
- Meet-in-the-Middle Attack on Digital
Signature Schemes
- Cryptanalysis Tool: CrypTool
- Cryptanalysis Tools
- Online MD5 Decryption Tool
19.Penetration Testing
- Introduction to Penetration Testing
- Security Assessments
- Vulnerability Assessment
- Limitations of Vulnerability
Assessment
- Penetration Testing
- Why Penetration Testing?
- What Should be Tested?
- What Makes a Good Penetration Test?
- ROI on Penetration Testing
- Testing Points
- Testing Locations
- Types of Penetration Testing
- External Penetration Testing
- Internal Security Assessment
- Black-box Penetration Testing
- Grey-box Penetration Testing
- White-box Penetration Testing
- Announced / Unannounced Testing
- Automated Testing
- Manual Testing
- Common Penetration Testing Techniques
- Using DNS Domain Name and IP Address
Information
- Enumerating Information about Hosts on
Publicly-Available Networks
- Phases of Penetration Testing
- Pre-Attack Phase
- Attack Phase
- Activity: Perimeter Testing
- Enumerating Devices
- Activity: Acquiring Target
- Activity: Escalating Privileges
- Activity: Execute, Implant, and Retract
- Post-Attack Phase and Activities
- Penetration Testing Deliverable
Templates
- Penetration Testing Methodology
- Application Security Assessment
- Web Application Testing - I
- Web Application Testing - II
- Web Application Testing - III
- Network Security Assessment
- Wireless/Remote Access Assessment
- Wireless Testing
- Telephony Security Assessment
- Social Engineering
- Testing Network-Filtering Devices
- Denial of Service Emulation
- Outsourcing Penetration Testing Services
- Terms of Engagement
- Project Scope
- Pentest Service Level Agreements
- Penetration Testing Consultants
- Evaluating Different Types of Pentest
Tools
- Application Security Assessment Tool
- Webscarab
- Network Security Assessment Tool
- Angry IP scanner
- GFI LANguard
- Wireless/Remote Access Assessment Tool
- Kismet
- Telephony Security Assessment Tool
- Omnipeek
- Testing Network-Filtering Device Tool
- Traffic IQ Professional