Certified Ethical Hacker version 8

Transcription

1 Hackers will hit yu frm anywhere Certified Ethical Hacker versin 8 Ethical Hacking & Cunter Measures 5-days Instructr Led Training/Wrkshp Overview T beat a hacker, yu need t think like ne! This is exactly what this class will teach yu. It is the pinnacle f the mst desired infrmatin security training prgram any infrmatin security prfessinal will ever want t be in. T master the hacking technlgies, yu will need t becme ne. The Certified Ethical Hacker class will immerse the students int a hands-n envirnment where they will be shwn hw t cnduct ethical hacking. They will be expsed t an entirely different way f achieving ptimal infrmatin security psture in their rganizatin; by hacking it! They will scan, test, hack and secure their wn systems. The lab intensive envirnment gives each student in-depth knwledge and practical experience with the current essential security systems. Students will begin by understanding hw perimeter defenses wrk and then be lead int scanning and attacking their wn netwrks, n real netwrk is harmed. Students then learn hw intruders escalate privileges and what steps can be taken t secure a system. Students will als learn abut Intrusin Detectin, Plicy Creatin, Scial Engineering, DDS Attacks, Buffer Overflws and Virus Creatin. When a student leaves this intensive 5 day class they will have hands n understanding and experience in Ethical Hacking. What yu will learn. Upn cmpletin f this curse, students will be able t: Understand hw intruders escalate privileges Understand Intrusin Detectin, Plicy Creatin, Scial Engineering, DDS Attacks, Buffer Overflws and Virus Creatin Understand Ethical Hacking.. Target Audience This curse will significantly benefit: Security fficers Legal prfessinals, Banking Auditrs Insurance and ther prfessinals Security Prfessinals IT managers. Plice and ther law enfrcement persnnel IT cnsultants wh want t learn mre abut Defense and Military persnnel hacking tls and techniques will als benefit. e-business Security prfessinals And anyne wh is cncerned abut the Site Administratrs integrity f their netwrk infrastructure. Systems administratrs Empwering Peple & Business Page 1 f 20

2 Hackers will hit yu frm anywhere Requirements Trainees are typically experienced system, netwrk r IT administratrs, althugh interested persns frm ther backgrunds are welcme t cntact the rganizers t discuss the suitability f the curse fr them. They are expected t have an awareness f the security issues invlved in cnnecting cmputers t the Internet, and must be cmmitted t using their skills t imprve the security f cmputers and netwrks. Familiarity with Internet prtcls, addresses and prt numbers is beneficial. Certificatin This curse prepares yu fr EC-Cuncil Certified Ethical Hacker exam Students van take the CEH-exam at an Athrized Testing Center f Vue Pearsn r Prmteric. Students need t pass the exam t cmplete the requirements fr receiving the CEH certificatin. Legal Agreement Ethical Hacking and Cuntermeasures curse missin is t educate, intrduce and demnstrate hacking tls fr penetratin testing purpses nly. Prir t attending this curse, yu will be asked t sign an agreement stating that yu will nt use the newly acquired skills fr illegal r malicius attacks and yu will nt use such tls in an attempt t cmprmise any cmputer system, and t indemnify EC-Cuncil with respect t the use r misuse f these tls, regardless f intent. N.B. Nt anyne can be a student the Training rganizatin will make sure the applicants wrk fr legitimate cmpanies. Empwering Peple & Business Page 2 f 20

3 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Mdule 01: Intrductin t Ethical Hacking Infrmatin Security Overview Internet Crime Current Reprt: IC3 Data Breach Investigatins Reprt Essential Terminlgy Elements f Infrmatin Security The Security, Functinality, and Usability Triangle Infrmatin Security Threats and Attack Vectrs Tp Infrmatin Security Attack Vectrs Mtives, Gals, and Objectives f Infrmatin Security Attacks Infrmatin Security Threats Infrmatin Warfare IPv6 Security Threats Hacking Cncepts Hacking vs. Ethical Hacking Effects f Hacking n Business Wh Is a Hacker? Hacker Classes Hacktivism Hacking Phases Types f Attacks Types f Attacks n a System Operating System Attacks Miscnfiguratin Attacks Applicatin-Level Attacks Examples f Applicatin-Level Attacks Shrink Wrap Cde Attacks Infrmatin Security Cntrls Why Ethical Hacking is Necessary Scpe and Limitatins f Ethical Hacking Skills f an Ethical Hacker Defense in Depth Incident Management Prcess Infrmatin Security Plicies Classificatin f Security Plicies Structure and Cntents f Security Plicies Types f Security Plicies Steps t Create and Implement Security Plicies Examples f Security Plicies Vulnerability Research Vulnerability Research Websites What Is Penetratin Testing? Why Penetratin Testing Penetratin Testing Methdlgy Mdule 02: Ftprinting and Recnnaissance Ftprinting Cncepts Ftprinting Terminlgy What is Ftprinting? Why Ftprinting? Objectives f Ftprinting Ftprinting Threats Ftprinting Threats Ftprinting Methdlgy Ftprinting thrugh Search Engines Finding Cmpany s External and Internal URLs Public and Restricted Websites Cllect Lcatin Infrmatin Peple Search Peple Search Online Services Peple Search n Scial Netwrking Services Gather Infrmatin frm Financial Services Ftprinting thrugh Jb Sites Mnitring Target Using Alerts Website Ftprinting Mirrring Entire Website Website Mirrring Tls Extract Website Infrmatin frm Mnitring Web Updates Using Website Watcher Ftprinting Tracking Cmmunicatins Cllecting Infrmatin frm Header Tracking Tls Cmpetitive Intelligence Cmpetitive Intelligence Gathering Cmpetitive Intelligence - When Did this Cmpany Begin? Hw did it develp? Cmpetitive Intelligence - What Are the Cmpany's Plans? Cmpetitive Intelligence - What Expert Opinins Say Abut the Cmpany Empwering Peple & Business Page 3 f 20

4 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Ftprinting using Ggle Ftprint Using Ggle Hacking Techniques What a Hacker can d with Ggle Hacking? Ggle Advance Search Operatrs Finding Resurces Using Ggle Advance Operatr Ggle Hacking Tl: Ggle Hacking Database (GHDB) Ggle Hacking Tls WHOIS Ftprinting WHOIS Lkup WHOIS Lkup Result Analysis WHOIS Lkup Tl: SmartWhis WHOIS Lkup Tls WHOIS Lkup Online Tls DNS Ftprinting Extracting DNS Infrmatin DNS Interrgatin Tls Netwrk Ftprinting Lcate the Netwrk Range Determine the Operating System Tracerute Tracerute Analysis Tracerute Tls Ftprinting thrugh Scial Engineering Ftprinting thrugh Scial Engineering Cllect Infrmatin Using Eavesdrpping, Shulder Surfing, and Dumpster Diving Ftprinting thrugh Cllect Infrmatin thrugh Scial Engineering n Scial Netwrking Sites Infrmatin Available n Scial Netwrking Sites Cllecting Facebk Infrmatin Cllecting Twitter Infrmatin Cllecting Linkedin Infrmatin Cllecting Yutube Infrmatin Tracking Users n Scial Netwrking Sites Ftprinting Tls Ftprinting Tl: Malteg Ftprinting Tl: Dmain Name Analyzer Pr Ftprinting Tl: Web Data Extractr Additinal Ftprinting Tls Ftprinting Cuntermeasures Ftprinting Penetratin Testing Ftprinting Pen Testing Ftprinting Pen Testing Reprt Templates Mdule 03: Scanning Netwrks Overview f Netwrk Scanning CEH Scanning Methdlgy Check fr Live Systems Checking fr Live Systems - ICMP Scanning Ping Sweep Ping Sweep Tls Check fr Open Prts Three-Way Handshake TCP Cmmunicatin Flags Create Custm Packet Using TCP Flags Create Custm Packet Using TCP Flags Scanning IPv6 Netwrk Scanning Tl: Nmap Hping2 / Hping3 Hping Cmmands Scanning Techniques TCP Cnnect / Full Open Scan Stealth Scan (Half-pen Scan) Stealth Scan (Half-pen Scan) Xmas Scan FIN Scan NULL Scan IDLE Scan IDLE Scan: Step 1 IDLE Scan: Step 2 and 3 ICMP Ech Scanning/List Scan UDP Scanning Inverse TCP Flag Scanning ACK Flag Scanning Scanning Tl: NetScan Tls Pr Scanning Tls D Nt Scan These IP Addresses (Unless yu want t get int truble) Prt Scanning Cuntermeasures Empwering Peple & Business Page 4 f 20

5 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Scanning Beynd IDS IDS Evasin Techniques SYN/FIN Scanning Using IP Fragments Banner Grabbing Banner Grabbing Tls Banner Grabbing Cuntermeasures: Disabling r Changing Banner Hiding File Extensins frm Web Pages Scan fr Vulnerability Vulnerability Scanning Vulnerability Scanning Tl: Nessus Vulnerability Scanning Tl: GAFI LanGuard Vulnerability Scanning Tl: SAINT Netwrk Vulnerability Scanners Draw Netwrk Diagrams Drawing Netwrk Diagrams Netwrk Discvery Tl: LANsurveyr Netwrk Discvery Tl: OpManager Netwrk Discvery Tl: NetwrkView Netwrk Discvery Tl: The Dude Netwrk Discvery and Mapping Tls Prepare Prxies Prxy Servers Why Attackers Use Prxy Servers? Use f Prxies fr Attack Prxy Chaining Prxy Tl: Prxy Wrkbench Prxy Tl: Prxifier Prxy Tl: Prxy Switcher Prxy Tl: ScksChain Prxy Tl: TOR (The Onin Ruting) Prxy Tls Free Prxy Servers HTTP Tunneling Techniques Why d I Need HTTP Tunneling HTTP Tunneling Tl: Super Netwrk Tunnel HTTP Tunneling Tl: HTTP-Tunnel SSH Tunneling SSH Tunneling Tl: Bitvise Annymizers Case: Blggers Write Text Backwards t Bypass Web Filters in China Censrship Circumventin Tl: Psiphn Censrship Circumventin Tl: Yur- Freedm Hw t Check if Yur Website is Blcked in China r Nt G-Zapper Annymizers Spfing IP Address IP Spfing Detectin Techniques: Direct TTL Prbes IP Spfing Detectin Techniques: IP Identificatin Number IP Spfing Detectin Techniques: TCP Flw Cntrl Methd IP Spfing Cuntermeasures Scanning Pen Testing Mdule 04: Enumeratin Enumeratin Cncepts What is Enumeratin? Techniques fr Enumeratin Services and Prts t Enumerate NetBIOS Enumeratin NetBIOS Enumeratin NetBIOS Enumeratin Tl: SuperScan NetBIOS Enumeratin Tl: Hyena NetBIOS Enumeratin Tl: Winfingerprint NetBIOS Enumeratin Tl: NetBIOS Enumeratr Enumerating User Accunts Enumerate Systems Using Default Passwrds SNMP Enumeratin SNMP (Simple Netwrk Management Prtcl) Enumeratin Wrking f SNMP Management Infrmatin Base (MIB) SNMP Enumeratin Tl: OpUtils SNMP Enumeratin Tl: SlarWind s IP Netwrk Brwser SNMP Enumeratin Tls UNIX/Linux Enumeratin UNIX/Linux Enumeratin Cmmands Linux Enumeratin Tl: Enum4linux LDAP Enumeratin LDAP Enumeratin Tl: Sfterra LDAP Administratr LDAP Enumeratin Tls NTP Enumeratin NTP Enumeratin NTP Enumeratin Cmmands SMTP Enumeratin SMTP Enumeratin SMTP Enumeratin Tl: NetScanTls Pr DNS Enumeratin DNS Zne Transfer Enumeratin Using NSLkup Enumeratin Cuntermeasures SMB Enumeratin Cuntermeasures Enumeratin Pen Testing LDAP Enumeratin Empwering Peple & Business Page 5 f 20

6 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Mdule 05: System Hacking Infrmatin at Hand Befre System Hacking Stage System Hacking: Gals CEH Hacking Methdlgy (CHM) CEH System Hacking Steps Cracking Passwrds Passwrd Cracking Passwrd Cmplexity Passwrd Cracking Techniques Types f Passwrd Attacks Passive Online Attack: Wire Sniffing Passive Online Attack: Eavesdrpping Passive Online Attacks: Man-in-the-Middle and Replay Attack Active Online Attack: Passwrd Guessing Active Online Attack: Trjan/Spyware/Keylgger Active Online Attack: Hash Injectin Attack Offline Attack: Rainbw Attacks Tls t Create Rainbw Tables: Winrtgen and rtgen Distributed Netwrk Attack Elcmsft Distributed Passwrd Recvery Nn-Electrnic Attacks Default Passwrds Manual Passwrd Cracking (Guessing) Autmatic Passwrd Cracking Algrithm Stealing Passwrds Using USB Drive Stealing Passwrds Using Keylggers Micrsft Authenticatin Hw Hash Passwrds Are Stred in Windws SAM? What Is LAN Manager Hash? LM Hash Generatin LM, NTLMv1, and NTLMv2 NTLM Authenticatin Prcess Kerbers Authenticatin Salting PWdump7 and Fgdump L0phtCrack Ophcrack Cain & Abel RainbwCrack Passwrd Cracking Tls LM Hash Backward Cmpatibility Hw t Disable LM HASH Hw t Defend against Passwrd Cracking Implement and Enfrce Strng Security Plicy CEH System Hacking Steps Escalating Privileges Privilege Escalatin Privilege Escalatin Tl: Active@ Passwrd Changer Privilege Escalatin Tls Hw t Defend Against Privilege Escalatin Executing Applicatins Executing Applicatins: RemteExec Executing Applicatins: PDQ Deply Executing Applicatins: DameWare NT Utilities Keylgger Types f Keystrke Lggers Methdlgy f Attacker in Using Remte Keylgger Acustic/CAM Keylgger Keylggers Keylgger: Spytech SpyAgent Keylgger: All In One Keylgger Keylggers fr Windws Keylgger fr Mac: Amac Keylgger fr Mac Keylggers fr MAC Hardware Keylggers Spyware What Des the Spyware D? Types f Spywares Desktp Spyware Desktp Spyware: Activity Mnitr Desktp Spyware and Internet Spyware and Internet Spyware: Pwer Spy Internet and Spyware Child Mnitring Spyware Child Mnitring Spyware: Net Nanny Hme Suite Child Mnitring Spyware Screen Capturing Spyware Screen Capturing Spyware: SftActivity TS Mnitr Screen Capturing Spyware USB Spyware USB Spyware: USBSpy USB Spyware Audi Spyware Audi Spyware: Spy Vice Recrder and Sund Snper Vide Spyware Vide Spyware: WebCam Recrder Vide Spyware Empwering Peple & Business Page 6 f 20

7 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Print Spyware Print Spyware: Printer Activity Mnitr Print Spyware Hiding Files Rtkits Types f Rtkits Hw Rtkit Wrks Rtkit: Fu Rtkit: KBeast Rtkit: Hacker Defender HxDef Rtkit Detecting Rtkits Steps fr Detecting Rtkits Hw t Defend against Rtkits Anti-Rtkit: Stinger Anti-Rtkit: UnHackMe Anti-Rtkits NTFS Data Stream Hw t Create NTFS Streams NTFS Stream Manipulatin Hw t Defend against NTFS Streams NTFS Stream Detectr: StreamArmr NTFS Stream Detectrs What Is Stegangraphy? Applicatin f Stegangraphy Classificatin f Stegangraphy Technical Stegangraphy Linguistic Stegangraphy Stegangraphy Techniques Hw Stegangraphy Wrks Types f Stegangraphy Whitespace Stegangraphy Tl: SNOW Image Stegangraphy Least Significant Bit Insertin Masking and Filtering Algrithms and Transfrmatin Image Stegangraphy: QuickSteg Image Stegangraphy Tls Dcument Stegangraphy: wbsteg Dcument Stegangraphy Tls Vide Stegangraphy Vide Stegangraphy: OmniHide PRO Vide Stegangraphy Tls Audi Stegangraphy Audi Stegangraphy Methds Audi Stegangraphy: DeepSund Audi Stegangraphy Tls Flder Stegangraphy: Invisible Secrets 4 Flder Stegangraphy Tls Spam/ Stegangraphy: Spam Mimic Natural Text Stegangraphy: Sams Big G Play Maker Issues in Infrmatin Hiding Steganalysis Steganalysis Methds/Attacks n Stegangraphy Detecting Text and Image Stegangraphy Detecting Audi and Vide Stegangraphy Stegangraphy Detectin Tl: Gargyle Investigatr Frensic Pr Stegangraphy Detectin Tls Cvering Tracks Why Cver Tracks? Cvering Tracks Ways t Clear Online Tracks Disabling Auditing: Auditpl Cvering Tracks Tl: CCleaner Cvering Tracks Tl: MRU-Blaster Track Cvering Tls Penetratin Testing Passwrd Cracking Privilege Escalatin Executing Applicatins Hiding Files Cvering Tracks Mdule 06: Trjans and Backdrs Trjan Cncepts What is a Trjan? Cmmunicatin Paths: Overt and Cvert Channels Purpse f Trjans What D Trjan Creatrs Lk Fr Indicatins f a Trjan Attack Cmmn Prts used by Trjans Trjan Infectin Hw t Infect Systems Using a Trjan Wrappers Wrapper Cvert Prgrams Different Ways a Trjan can Get int a System Hw t Deply a Trjan Evading Anti-Virus Techniques Types f Trjans Cmmand Shell Trjans Cmmand Shell Trjan: Netcat GUI Trjan: MSucker GUI Trjan: Jumper and Bidx Dcument Trjans Trjans Trjans: RemteByMail Defacement Trjans Defacement Trjans: Restratr Empwering Peple & Business Page 7 f 20

8 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Btnet Trjans Btnet Trjan: Illusin Bt and NetBt Attacker Prxy Server Trjans Prxy Server Trjan: W3bPrOxy Tr0j4nCr34t0r (Funny Name) FTP Trjans VNC Trjans VNC Trjans: WinVNC and VNC Stealer HTTP/HTTPS Trjans HTTP Trjan: HTTP RAT Shttpd Trjan - HTTPS (SSL) ICMP Tunneling Remte Access Trjans Remte Access Trjan: RAT DarkCmet and Apcalypse Cvert Channel Trjan: CCTT E-banking Trjans Banking Trjan Analysis E-banking Trjan: ZeuS and SpyEye Destructive Trjans: M4sT3r Trjan Ntificatin Trjans Credit Card Trjans Data Hiding Trjans (Encrypted Trjans) OS X Trjan: Crisis MAC OS X Trjan: DNSChanger Mac OS X Trjan: Hell Raiser Trjan Analysis: Flame Flame C&C Server Analysis Trjan Analysis: SpyEye Trjan Analysis: ZerAccess Trjan Analysis: Duqu Trjan Analysis: Duqu Framewrk Trjan Analysis: Event Driven Framewrk Trjan Detectin Hw t Detect Trjans Scanning fr Suspicius Prts Prt Mnitring Tls: TCPView and CurrPrts Scanning fr Suspicius Prcesses Prt Mnitring Tls: TCPView and CurrPrts Scanning fr Suspicius Prcesses Prcess Mnitring Tl: What's Running Prcess Mnitring Tls Scanning fr Suspicius Registry Entries Registry Entry Mnitring Tl: PC Tls Registry Mechanic Registry Entry Mnitring Tls Scanning fr Suspicius Device Drivers Device Drivers Mnitring Tl: DriverView Device Drivers Mnitring Tls Scanning fr Suspicius Windws Services Windws Services Mnitring Tl: Windws Service Manager (SrvMan) Windws Services Mnitring Tls Scanning fr Suspicius Startup Prgrams Windws8 Startup Registry Entries Startup Prgrams Mnitring Tl: Starter Startup Prgrams Mnitring Tl: Security AutRun Startup Prgrams Mnitring Tls Scanning fr Suspicius Files and Flders Files and Flder Integrity Checker: FastSum and WinMD5 Files and Flder Integrity Checker Scanning fr Suspicius Netwrk Activities Detecting Trjans and Wrms with Capsa Netwrk Analyzer Cuntermeasures Trjan Cuntermeasures Backdr Cuntermeasures Trjan Hrse Cnstructin Kit Anti-Trjan Sftware Anti-Trjan Sftware: TrjanHunter Anti-Trjan Sftware: Emsisft Anti-Malware Anti-Trjan Sftwares Pen Testing fr Trjans and Backdrs Mdule 07: Viruses and Wrms Virus and Wrms Cncepts Intrductin t Viruses Virus and Wrm Statistics Stages f Virus Life Wrking f Viruses: Infectin Phase Wrking f Viruses: Attack Phase Why D Peple Create Cmputer Viruses Indicatins f Virus Attack Hw des a Cmputer Get Infected by Viruses Cmmn Techniques Used t Distribute Malware n the Web Virus Haxes and Fake Antiviruses Virus Analysis: DNSChanger Types f Viruses System r Bt Sectr Viruses File and Multipartite Viruses Macr Viruses Cluster Viruses Stealth/Tunneling Viruses Encryptin Viruses Plymrphic Cde Metamrphic Viruses File Overwriting r Cavity Viruses Sparse Infectr Viruses Empwering Peple & Business Page 8 f 20

9 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Cmpanin/Camuflage Viruses Shell Viruses File Extensin Viruses Add-n and Intrusive Viruses Transient and Terminate and Stay Resident Viruses Writing a Simple Virus Prgram Terabit Virus Maker JPS Virus Maker and DELmE's Batch Virus Maker Cmputer Wrms Hw Is a Wrm Different frm a Virus? Wrm Analysis: Stuxnet Wrm Maker: Internet Wrm Maker Thing Malware Analysis What is Sheep Dip Cmputer? Anti-Virus Sensrs Systems Malware Analysis Prcedure: Preparing Testbed Malware Analysis Prcedure Virus Analysis Tl: IDA Pr Online Malware Testing: VirusTtal Online Malware Analysis Services Cunter-measures Virus Detectin Methds Virus and Wrms Cuntermeasures Cmpanin Antivirus: Immunet Anti-virus Tls Penetratin Testing fr Virus Mdule 08: Sniffers Sniffing Cncepts Wiretapping Lawful Interceptin Packet Sniffing Sniffing Threats Hw a Sniffer Wrks Types f Sniffing Attacks Types f Sniffing: Passive Sniffing Types f Sniffing: Active Sniffing Prtcls Vulnerable t Sniffing Tie t Data Link Layer in OSI Mdel IPv6 Addresses IPv4 and IPv6 Header Cmparisn Hardware Prtcl Analyzers SPAN Prt MAC Attacks MAC Flding MAC Address/CAM Table Hw CAM Wrks What Happens When CAM Table Is Full? Mac Flding Switches with macf MAC Flding Tl: Yersinia Hw t Defend against MAC Attacks DHCP Attacks Hw DHCP Wrks DHCP Request/Reply Messages IPv4 DHCP Packet Frmat DHCP Starvatin Attack DHCP Starvatin Attack Tls Rgue DHCP Server Attack Hw t Defend Against DHCP Starvatin and Rgue Server Attack ARP Pisning What Is Address Reslutin Prtcl (ARP)? ARP Spfing Techniques ARP Spfing Attack Hw Des ARP Spfing Wrk Threats f ARP Pisning ARP Pisning Tl: Cain & Abel ARP Pisning Tl: WinArpAttacker ARP Pisning Tl: Ufasft Snif Hw t Defend Against ARP Pisning Cnfiguring DHCP Snping and Dynamic ARP Inspectin n Cisc Switches ARP Spfing Detectin: XArp Spfing Attack Spfing Attack Threats MAC Spfing/Duplicating MAC Spfing Technique: Windws MAC Spfing Tl: SMAC IRDP Spfing Hw t Defend Against MAC Spfing DNS Pisning DNS Pisning Techniques Intranet DNS Spfing Internet DNS Spfing Prxy Server DNS Pisning DNS Cache Pisning Hw t Defend Against DNS Spfing Sniffing Tls Sniffing Tl: Wireshark Fllw TCP Stream in Wireshark Display Filters in Wireshark Additinal Wireshark Filters Sniffing Tl: Cascade Pilt Sniffing Tl: Tcpdump/Windump Packet Sniffing Tl: Capsa Netwrk Analyzer Netwrk Packet Analyzer: OmniPeek Netwrk Analyzer Netwrk Packet Analyzer: Observer Netwrk Packet Analyzer: Sniff-O-Matic Netwrk Packet Analyzer: JitBit Netwrk Sniffer Empwering Peple & Business Page 9 f 20

10 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Chat Message Sniffer: MSN Sniffer 2 TCP/IP Packet Crafter: Clasft Packet Builder Additinal Sniffing Tls Hw an Attacker Hacks the Netwrk Using Sniffers Cunter measures Hw t Defend Against Sniffing Hw t Detect Sniffing Sniffer Detectin Technique: Ping Methd Sniffer Detectin Technique: ARP Methd Sniffer Detectin Technique: DNS Methd Prmiscuus Detectin Tl: PrmqryUI Sniffing Pen Testing Mdule 09: Scial Engineering Scial Engineering Cncepts What is Scial Engineering? Behavirs Vulnerable t Attacks Factrs that Make Cmpanies Vulnerable t Attacks Why Is Scial Engineering Effective? Warning Signs f an Attack Phases in a Scial Engineering Attack Impact n the Organizatin Rebecca and Jessica Cmmn Targets f Scial Engineering Cmmn Targets f Scial Engineering: Office Wrkers Scial Engineering Techniques Types f Scial Engineering Human-based Scial Engineering Technical Supprt Example Authrity Supprt Example Human-based Scial Engineering: Eavesdrpping and Shulder Surfing Human-based Scial Engineering: Dumpster Diving Human-based Scial Engineering Watch these Mvies Watch this Mvie Cmputer-based Scial Engineering Cmputer-based Scial Engineering: Pp- Ups Cmputer-based Scial Engineering: Phishing Cmputer-based Scial Engineering: Spear Phishing Mbile-based Scial Engineering: Publishing Malicius Apps Mbile-based Scial Engineering: Repackaging Legitimate Apps Mbile-based Scial Engineering: Fake Security Applicatins Mbile-based Scial Engineering: Using SMS Insider Attack Disgruntled Emplyee Preventing Insider Threats Cmmn Scial Engineering Targets and Defense Strategies Impers-natin n Scial Netwrking Sites Scial Engineering Thrugh Impersnatin n Scial Netwrking Sites Scial Engineering n Facebk Scial Engineering Example: LinkedIn Prfile Scial Engineering n Twitter Risks f Scial Netwrking t Crprate Netwrks Identity Theft Identity Theft Statistics 2011 Identify Theft Hw t Steal an Identity STEP 1 STEP 2 Cmparisn STEP 3 Real Steven Gets Huge Credit Card Statement Identity Theft - Serius Prblem Scial Engineering Cuntermeasures Hw t Detect Phishing s Anti-Phishing Tlbar: Netcraft Anti-Phishing Tlbar: PhishTank Identity Theft Cuntermeasures Scial Engineering Pen Testing Scial Engineering Pen Testing: Using s Scial Engineering Pen Testing: Using Phne Scial Engineering Pen Testing: In Persn Scial Engineering Pen Testing: Scial Engineering Tlkit (SET) Mdule 10: Denial f Service DS/DDS Cncepts What is a Denial f Service Attack? What Are Distributed Denial f Service Attacks? Hw Distributed Denial f Service Attacks Wrk Symptms f a DS Attack Cyber Criminals Organized Cyber Crime: Organizatinal Chart Empwering Peple & Business Page 10 f 20

11 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 DS Attack Techniques Bandwidth Attacks Service Request Flds SYN Attack SYN Flding ICMP Fld Attack Peer-t-Peer Attacks Permanent Denial-f-Service Attack Applicatin Level Fld Attacks Btnet Btnet Prpagatin Technique Btnet Ecsystem Btnet Trjan: Shark Pisn Ivy: Btnet Cmmand Cntrl Center Btnet Trjan: PlugBt Btnet Trjans: Illusin Bt and NetBt Attacker DDS Case Study DDS Attack DDS Attack Tl: LOIC Hackers Advertise Links t Dwnlad Btnet DS Attack Tls Cunter-measures Detectin Techniques Activity Prfiling Wavelet Analysis Sequential Change-Pint Detectin DS/DDS Cuntermeasure Strategies DDS Attack Cuntermeasures DS/DDS Cuntermeasures: Prtect Secndary Victims DS/DDS Cuntermeasures: Detect and Neutralize Handlers DS/DDS Cuntermeasures: Detect Ptential Attacks DS/DDS Cuntermeasures: Deflect Attacks DS/DDS Cuntermeasures: Mitigate Attacks Pst-Attack Frensics Techniques t Defend against Btnets DS/DDS Cuntermeasures DS/DDS Prtectin at ISP Level Enabling TCP Intercept n Cisc IOS Sftware Advanced DDS Prtectin Appliances DS/DDS Prtectin Tls DS/DDS Prtectin Tl: D-Guard Anti- DDS Firewall DS/DDS Prtectin Tls Denial-f-Service (DS) Attack Penetratin Testing Btnet Trjans: Illusin Bt and NetBt Attacker DDS Case Study DDS Attack DDS Attack Tl: LOIC Hackers Advertise Links t Dwnlad Btnet DS Attack Tls Cunter-measures Detectin Techniques Activity Prfiling Wavelet Analysis Sequential Change-Pint Detectin DS/DDS Cuntermeasure Strategies DDS Attack Cuntermeasures DS/DDS Cuntermeasures: Prtect Secndary Victims DS/DDS Cuntermeasures: Detect and Neutralize Handlers DS/DDS Cuntermeasures: Detect Ptential Attacks DS/DDS Cuntermeasures: Deflect Attacks DS/DDS Cuntermeasures: Mitigate Attacks Pst-Attack Frensics Techniques t Defend against Btnets DS/DDS Cuntermeasures DS/DDS Prtectin at ISP Level Enabling TCP Intercept n Cisc IOS Sftware Advanced DDS Prtectin Appliances DS/DDS Prtectin Tls DS/DDS Prtectin Tl: D-Guard Anti- DDS Firewall DS/DDS Prtectin Tls Denial-f-Service (DS) Attack Penetratin Testing Mdule 11: Sessin Hijacking Sessin Hijacking Cncepts What is Sessin Hijacking? Dangers Psed by Hijacking Why Sessin Hijacking is Successful? Key Sessin Hijacking Techniques Brute Frcing Attack Spfing vs. Hijacking Sessin Hijacking Prcess Packet Analysis f a Lcal Sessin Hijack Types f Sessin Hijacking Sessin Hijacking in OSI Mdel Applicatin Level Sessin Hijacking Empwering Peple & Business Page 11 f 20

12 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Sessin Sniffing Predictable Sessin Tken Hw t Predict a Sessin Tken Man-in-the-Middle Attack Man-in-the-Brwser Attack Steps t Perfrm Man-in-the-Brwser Attack Client-side Attacks Crss-site Script Attack Sessin Fixatin Sessin Fixatin Attack Netwrk-level Sessin Hijacking The 3-Way Handshake Sequence Numbers Sequence Numbers Predictin TCP/IP Hijacking IP Spfing: Surce Ruted Packets RST Hijacking Blind Hijacking Man-in-the-Middle Attack Using Packet Sniffer UDP Hijacking Sessin Hijacking Tls Sessin Hijacking Tl: Zaprxy Sessin Hijacking Tl: Burp Suite Sessin Hijacking Tl: JHijack Sessin Hijacking Tls Cunter-measures Prtecting against Sessin Hijacking Methds t Prevent Sessin Hijacking: T be Fllwed by Web Develpers Methds t Prevent Sessin Hijacking: T be Fllwed by Web Users IPSec Mdes f IPsec IPsec Architecture IPsec Authenticatin and Cnfidentiality Cmpnents f IPsec IPsec Implementatin Sessin Hijacking Pen Testing Mdule 12: Hacking Webservers Webserver Cncepts Webserver Market Shares Open Surce Webserver Architecture IIS Webserver Architecture Website Defacement Why Web Servers are cmprmised? Impact f Webserver Attacks Webserver Attacks Webserver Miscnfiguratin Webserver Miscnfiguratin Example Directry Traversal Attacks HTTP Respnse Splitting Attack Web Cache Pisning Attack HTTP Respnse Hijacking SSH Brutefrce Attack Man-in-the-Middle Attack Webserver Passwrd Cracking Webserver Passwrd Cracking Techniques Web Applicatin Attacks Attack Methdlgy Webserver Attack Methdlgy Webserver Attack Methdlgy: Infrmatin Gathering Webserver Attack Methdlgy: Webserver Ftprinting Webserver Ftprinting Tls Webserver Attack Methdlgy: Mirrring a Website Webserver Attack Methdlgy: Vulnerability Scanning Webserver Attack Methdlgy: Sessin Hijacking Webserver Attack Methdlgy: Hacking Web Passwrds Webserver Attack Tls Webserver Attack Tls: Metasplit Metasplit Architecture Metasplit Explit Mdule Metasplit Paylad Mdule Metasplit Auxiliary Mdule Metasplit NOPS Mdule Webserver Attack Tls: Wfetch Web Passwrd Cracking Tl: Brutus Web Passwrd Cracking Tl: THC-Hydra Web Passwrd Cracking Tl: Internet Passwrd Recvery Tlbx Cunter-measures Cuntermeasures: Patches and Updates Cuntermeasures: Prtcls Cuntermeasures: Accunts Cuntermeasures: Files and Directries Hw t Defend Against Web Server Attacks Hw t Defend against HTTP Respnse Splitting and Web Cache Pisning Patch Management Patches and Htfixes What Is Patch Management? Identifying Apprpriate Surces fr Updates and Patches Installatin f a Patch Implementatin and Verificatin f a Security Patch r Upgrade Patch Management Tl: Micrsft Baseline Security Analyzer (MBSA) Empwering Peple & Business Page 12 f 20

13 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Patch Management Tls Webserver Security Tls Web Applicatin Security Scanner: Syhunt Dynamic Web Applicatin Security Scanner: N-Stalker Web Applicatin Security Scanner Web Server Security Scanner: Wikt Web Server Security Scanner: Acunetix Web Vulnerability Scanner Web Server Malware Infectin Mnitring Tl: HackAlert Web Server Malware Infectin Mnitring Tl: QualysGuard Malware Detectin Webserver Security Tls Webserver Pen Testing Web Server Pen Testing Tl: CORE Impact Pr Web Server Pen Testing Tl: Immunity CANVAS Web Server Pen Testing Web Server Penetratin Testing Mdule 13: Hacking Web Applicatins Web App Cncepts Web Applicatin Security Statistics Intrductin t Web Applicatins Web Applicatin Cmpnents Hw Web Applicatins Wrk? Web Applicatin Architecture Web 2.0 Applicatins Vulnerability Stack Web Attack Vectrs Web App Threats Web Applicatin Threats - 1 Web Applicatin Threats - 2 Invalidated Input Parameter/Frm Tampering Directry Traversal Security Miscnfiguratin Injectin Flaws SQL Injectin Attacks Cmmand Injectin Attacks Cmmand Injectin Attacks Cmmand Injectin Example File Injectin Attack What is LDAP Injectin? Hw LDAP Injectin Wrks? Hidden Field Manipulatin Attack Crss-Site Scripting (XSS) Attacks Hw XSS Attacks Wrk? Crss-Site Scripting Attack Scenari: Attack via XSS Example: Attack via XSS Example: Stealing Users' Ckies XSS Example: Sending an Unauthrized Request XSS Attack in Blg Psting XSS Attack in Cmment Field XSS Cheat Sheet Crss-Site Request Frgery (CSRF) Attack Hw CSRF Attacks Wrk? Web Applicatin Denial-f-Service (DS) Attack Denial f Service (DS) Examples Buffer Overflw Attacks Ckie/Sessin Pisning Hw Ckie Pisning Wrks? Sessin Fixatin Attack Insufficient Transprt Layer Prtectin Imprper Errr Handling Insecure Cryptgraphic Strage Brken Authenticatin and Sessin Management Invalidated Redirects and Frwards Web Services Architecture Web Services Attack Web Services Ftprinting Attack Web Services XML Pisning Web App Hacking Methdlgy Ftprint Web Infrastructure Ftprint Web Infrastructure: Server Discvery Ftprint Web Infrastructure: Service Discvery Ftprint Web Infrastructure: Server Identificatin/Banner Grabbing Ftprint Web Infrastructure: Hidden Cntent Discvery Web Spidering Using Burp Suite Web Spidering Using Mzenda Web Agent Builder Attack Web Servers Hacking Web Servers Web Server Hacking Tl: WebInspect Analyze Web Applicatins Analyze Web Applicatins: Identify Entry Pints fr User Input Analyze Web Applicatins: Identify Server-Side Technlgies Empwering Peple & Business Page 13 f 20

14 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Attack Authenticatin Mechanism Passwrd Attacks: Passwrd Guessing Passwrd Attacks: Brute-frcing Sessin Attacks: Sessin ID Predictin/ Brute-frcing Ckie Explitatin: Ckie Pisning Authrizatin Attack Schemes Authrizatin Attack HTTP Request Tampering Authrizatin Attack: Ckie Parameter Tampering Attack Sessin Management Mechanism Sessin Management Attack Attacking Sessin Tken Generatin Mechanism Attacking Sessin Tkens Handling Mechanism: Sessin Tken Sniffing Perfrm Injectin Attacks Injectin Attacks Attack Data Cnnectivity Cnnectin String Injectin Cnnectin String Parameter Pllutin (CSPP) Attacks Cnnectin Pl DS Attack Web App Client Attack Web Services Web Services Prbing Attacks Web Service Attacks: SOAP Injectin Web Service Attacks: XML Injectin Web Services Parsing Attacks Web Service Attack Tl: sapui Web Service Attack Tl: XMLSpy Web Applicatin Hacking Tls Web Applicatin Hacking Tl: Burp Suite Prfessinal Web Applicatin Hacking Tls: CkieDigger Web Applicatin Hacking Tls: WebScarab Web Applicatin Hacking Tls Cuntermeasures Encding Schemes Hw t Defend Against SQL Injectin Attacks? Hw t Defend Against Cmmand Injectin Flaws? Hw t Defend Against XSS Attacks? Hw t Defend Against DS Attack? Hw t Defend Against Web Services Security Tls Attack? Web Applicatin Cuntermeasures Hw t Defend Against Web Applicatin Attacks? Web Applicatin Security Tl: Acunetix Web Vulnerability Scanner Web Applicatin Security Tl: Watcher Web Security Tl Web Applicatin Security Scanner: Netsparker Web Applicatin Security Tl: N-Stalker Web Applicatin Security Scanner Web Applicatin Security Tl: VampireScan Web Applicatin Security Tls Web Applicatin Firewall: dtdefender Web Applicatin Firewall: ServerDefender VP Web Applicatin Firewall Web App Pen Testing Web Applicatin Pen Testing Infrmatin Gathering Cnfiguratin Management Testing Authenticatin Testing Sessin Management Testing Authrizatin Testing Data Validatin Testing Denial f Service Testing Web Services Testing AJAX Testing Mdule 14: SQL Injectin SQL Injectin Cncepts SQL Injectin Scenari SQL Injectin is the Mst Prevalent Vulnerability in 2012 SQL Injectin Threats What is SQL Injectin? SQL Injectin Attacks Hw Web Applicatins Wrk? Server Side Technlgies HTTP Pst Request Example 1: Nrmal SQL Query Example 1: SQL Injectin Query Example 1: Cde Analysis Example 2: BadPrductList.aspx Example 2: Attack Analysis Example 3: Updating Table Example 4: Adding New Recrds Empwering Peple & Business Page 14 f 20

15 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Example 5: Identifying the Table Name Example 6: Deleting a Table Testing fr SQL Injectin SQL Injectin Detectin SQL Injectin Errr Messages SQL Injectin Attack Characters Additinal Methds t Detect SQL Injectin SQL Injectin Black Bx Pen Testing Testing fr SQL Injectin Types f SQL Injectin Simple SQL Injectin Attack Unin SQL Injectin Example SQL Injectin Errr Based Blind SQL Injectin What is Blind SQL Injectin? N Errr Messages Returned Blind SQL Injectin: WAITFOR DELAY YES r NO Respnse Blind SQL Injectin Explitatin (MySQL) Blind SQL Injectin - Extract Database User Blind SQL Injectin - Extract Database Name Blind SQL Injectin - Extract Clumn Name Blind SQL Injectin - Extract Data frm ROWS SQL Injectin Methdlgy Advanced SQL Injectin Infrmatin Gathering Extracting Infrmatin thrugh Errr Messages Understanding SQL Query Bypass Website Lgins Using SQL Injectin Database, Table, and Clumn Enumeratin Advanced Enumeratin Features f Different DBMSs Creating Database Accunts Passwrd Grabbing Grabbing SQL Server Hashes Extracting SQL Hashes (In a Single Statement) Transfer Database t Attacker s Machine Interacting with the Operating System Interacting with the FileSystem Netwrk Recnnaissance Using SQL Injectin Netwrk Recnnaissance Full Query SQL Injectin Tls SQL Injectin Tls: BSQLHacker SQL Injectin Tls: Marathn Tl SQL Injectin Tls: SQL Pwer Injectr SQL Injectin Tls: Havij SQL Injectin Tls Evasin Techniques Evading IDS Types f Signature Evasin Techniques Evasin Technique: Sphisticated Matches Evasin Technique: Hex Encding Evasin Technique: Manipulating White Spaces Evasin Technique: In-line Cmment Evasin Technique: Char Encding Evasin Technique: String Cncatenatin Evasin Technique: Obfuscated Cdes Cunter-measures Hw t Defend Against SQL Injectin Attacks? Hw t Defend Against SQL Injectin Attacks: Use Type-Safe SQL Parameters Hw t Defend Against SQL Injectin Attacks SQL Injectin Detectin Tl: Micrsft Surce Cde Analyzer SQL Injectin Detectin Tl: Micrsft UrlScan Filter SQL Injectin Detectin Tl: dtdefender SQL Injectin Detectin Tl: IBM Security AppScan SQL Injectin Detectin Tl: WebCruiser Snrt Rule t Detect SQL Injectin Attacks SQL Injectin Detectin Tls Mdule 15: Hacking Wireless Netwrks Wireless Cncepts Wireless Netwrks 2010 vs Wi-Fi Device Type Cmparisn Wi-Fi Netwrks at Hme and Public Places Types f Wireless Netwrks Wireless Standards Service Set Identifier (SSID) Wi-Fi Authenticatin Mdes Wi-Fi Authenticatin Prcess Using a Centralized Authenticatin Server Wireless Terminlgies Wi-Fi Chalking Wi-Fi Chalking Symbls Types f Wireless Antenna Parablic Grid Antenna Empwering Peple & Business Page 15 f 20

16 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Wireless Encryptin Types f Wireless Encryptin WEP Encryptin Hw WEP Wrks? What is WPA? Hw WPA Wrks? Tempral Keys What is WPA2? Hw WPA2 Wrks? WEP vs. WPA vs. WPA2 WEP Issues Weak Initializatin Vectrs (IV) Hw t Break WEP Encryptin? Hw t Break WPA/WPA2 Encryptin? Hw t Defend Against WPA Cracking? Wireless Threats Wireless Threats: Access Cntrl Attacks Wireless Threats: Integrity Attacks Wireless Threats: Cnfidentiality Attacks Wireless Threats: Availability Attacks Wireless Threats: Authenticatin Attacks Rgue Access Pint Attack Client Mis-assciatin Miscnfigured Access Pint Attack Unauthrized Assciatin Ad Hc Cnnectin Attack HneySpt Access Pint Attack AP MAC Spfing Denial-f-Service Attack Jamming Signal Attack Wi-Fi Jamming Devices Wireless Hacking Methdlgy Wi-Fi Discvery Ftprint the Wireless Netwrk Attackers Scanning fr Wi-Fi Netwrks Find Wi-Fi Netwrks t Attack Wi-Fi Discvery Tl: inssider Wi-Fi Discvery Tl: NetSurveyr Wi-Fi Discvery Tl: NetStumbler Wi-Fi Discvery Tl: Vistumbler Wi-Fi Discvery Tl: WirelessMn Mbile-based Wi-Fi Discvery Tl Wi-Fi Discvery Tls GPS Mapping GPS Mapping Tl: WIGLE GPS Mapping Tl: Skyhk Wi-Fi Htspt Finder: jiwire Wi-Fi Htspt Finder: WeFi Hw t Discver Wi-Fi Netwrk Using Wardriving? Wireless Traffic Analysis Wireless Cards and Chipsets Wi-Fi USB Dngle: AirPcap Wireless Hacking Tls Wi-Fi Sniffer: Kismet Wardriving Tls RF Mnitring Tls Wi-Fi Traffic Analyzer Tls Wi-Fi Raw Packet Capturing and Spectrum Analyzing Tls Bluetth Hacking Bluetth Stack Bluetth Threats Hw t BlueJack a Victim? Bluetth Hacking Tl: Super Bluetth Hack Bluetth Hacking Tl: PhneSnp Bluetth Hacking Tl: BlueScanner Bluetth Hacking Tls Cunter-measures Hw t Defend Against Bluetth Hacking? Hw t Detect and Blck Rgue AP? Wireless Security Layers Hw t Defend Against Wireless Attacks? Wireless Security Tls Wireless Intrusin Preventin Systems Wireless IPS Deplyment Wi-Fi Security Auditing Tl: AirMagnet WiFi Analyzer Wi-Fi Security Auditing Tl: AirDefense Wi-Fi Security Auditing Tl: Adaptive Wireless IPS Wi-Fi Security Auditing Tl: Aruba RFPrtect WIPS Wi-Fi Intrusin Preventin System Wi-Fi Predictive Planning Tls Wi-Fi Vulnerability Scanning Tls Wi-Fi Pen Testing Wireless Penetratin Testing Wireless Penetratin Testing Framewrk Wi-Fi Pen Testing Framewrk Pen Testing LEAP Encrypted WLAN Pen Testing WPA/WPA2 Encrypted WLAN Pen Testing WEP Encrypted WLAN Pen Testing Unencrypted WLAN Wi-Fi Packet Sniffer: Wireshark with AirPcap Wi-Fi Packet Sniffer: Cascade Pilt Wi-Fi Packet Sniffer: OmniPeek Wi-Fi Packet Sniffer: CmmView fr Wi-Fi What is Spectrum Analysis? Wi-Fi Packet Sniffers Empwering Peple & Business Page 16 f 20

17 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Launch Wireless Attacks Aircrack-ng Suite Hw t Reveal Hidden SSIDs Fragmentatin Attack Hw t Launch MAC Spfing Attack? Denial f Service: Deauthenticatin and Disassciatin Attacks Man-in-the-Middle Attack MITM Attack Using Aircrack-ng Wireless ARP Pisning Attack Rgue Access Pint Evil Twin Hw t Set Up a Fake Htspt (Evil Twin)? Crack Wi-Fi Encryptin Hw t Crack WEP Using Aircrack? Hw t Crack WEP Using Aircrack? Screensht 1/2 Hw t Crack WEP Using Aircrack? Screensht 2/2 Hw t Crack WPA-PSK Using Aircrack? WPA Cracking Tl: KisMAC WEP Cracking Using Cain & Abel WPA Brute Frcing Using Cain & Abel WPA Cracking Tl: Elcmsft Wireless Security Auditr WEP/WPA Cracking Tls Mdule 16: Hacking Mbile Platfrms Mbile Platfrm Attack Vectrs Mbile Threat Reprt Q Terminlgy Mbile Attack Vectrs Mbile Platfrm Vulnerabilities and Risks Security Issues Arising frm App Stres Threats f Mbile Malware App Sandbxing Issues Hacking Andrid OS Andrid OS Andrid OS Architecture Andrid Device Administratin API Andrid Vulnerabilities Andrid Rting Rting Andrid Phnes using SuperOneClick Rting Andrid Phnes Using Superbt Andrid Rting Tls Sessin Hijacking Using DridSheep Andrid-based Sniffer: FaceNiff Andrid Trjan: ZitM (ZeuS-in-the-Mbile) Andrid Trjan: GingerBreak Andrid Trjan: AcnetSteal and Cawitt Andrid Trjan: Frgnal and Gamex Andrid Trjan: KabStamper and Mania Andrid Trjan: PremiumSMS and SmsSpy Andrid Trjan: DridLive SMS and UpdtKiller Andrid Trjan: FakeTken Securing Andrid Devices Ggle Apps Device Plicy Remte Wipe Service: Remte Wipe Andrid Security Tl: DridSheep Guard Andrid Vulnerability Scanner: X-Ray Andrid Penetratin Testing Tl: Andrid Netwrk Tlkit - Anti Andrid Device Tracking Tls Hacking ios Security News Apple ios Jailbreaking ios Types f Jailbreaking Jailbreaking Techniques App Platfrm fr Jailbrken Devices: Cydia Jailbreaking Tls: Redsn0w and Absinthe Tethered Jailbreaking f ios 6 Using RedSn0w Jailbreaking Tls: Sn0wbreeze and PwnageTl Jailbreaking Tls: LimeRa1n and Jailbreakme.cm Jailbreaking Tls: Blackra1n and Spirit Guidelines fr Securing ios Devices ios Device Tracking Tls Hacking Windws Phne OS Windws Phne 8 Windws Phne 8 Architecture Secure Bt Prcess Windws Phne 8 Vulnerabilities Guidelines fr Securing Windws OS Devices Empwering Peple & Business Page 17 f 20

18 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Hacking BlackBerry BlackBerry Operating System BlackBerry Enterprise Slutin Architecture Blackberry Attack Vectrs JAD File Explits and Memry/ Prcesses Manipulatins Shrt Message Service (SMS) Explits Explits PIM Data Attacks and TCP/IP Cnnectins Vulnerabilities Telephny Attacks Blackberry Spyware: FinSpy Mbile BlackBerry Ruter Prtcl Guidelines fr Securing BlackBerry Devices Mbile Device Management (MDM) MDM Lgical Architecture MDM Slutin: MaaS360 Mbile Device Management (MDM) MDM Slutins Mbile Security Guidelines and Tls General Guidelines fr Mbile Platfrm Security Mbile Device Security Guidelines fr Administratr Mbile Prtectin Tl: BullGuard Mbile Security Mbile Prtectin Tl: Lkut Mbile Prtectin Tl: WISeID Mbile Prtectin Tls Mbile Pen Testing Andrid Phne Pen Testing iphne Pen Testing Windws Phne Pen Testing BlackBerry Pen Testing Mdule 17: Evading IDS, Firewalls, and Hneypts IDS, Firewall and Hneypt Cncepts Intrusin Detectin Systems (IDS) and their Placement Hw IDS Wrks? Ways t Detect an Intrusin Types f Intrusin Detectin Systems System Integrity Verifiers (SIV) General Indicatins f Intrusins General Indicatins f System Intrusins Firewall Firewall Architecture DeMilitarized Zne (DMZ) Types f Firewall Packet Filtering Firewall Circuit-Level Gateway Firewall Applicatin-Level Firewall Applicatin-Level Firewall Stateful Multilayer Inspectin Firewall Firewall Identificatin: Prt Scanning Firewall Identificatin: Firewalking Firewall Identificatin: Banner Grabbing Hneypt Types f Hneypts Hw t Set Up a Hneypt IDS, Firewall and Hneypt System Intrusin Detectin Tl: Snrt Hw Snrt Wrks Snrt Rules Snrt Rules : Rule Actins and IP Prtcls Snrt Rules : The Directin Operatr and IP Addresses Snrt Rules : Prt Numbers Intrusin Detectin Systems: Tipping Pint Intrusin Detectin Tls Firewall: ZneAlarm PRO Firewall Firewalls Hneypt Tl: KFSensr Hneypt Tl: SPECTER Hneypt Tls Evading IDS Insertin Attack Evasin Denial-f-Service Attack (DS) Obfuscating False Psitive Generatin Sessin Splicing Unicde Evasin Technique Fragmentatin Attack Overlapping Fragments Time-T-Live Attacks Invalid RST Packets Urgency Flag Plymrphic Shellcde ASCII Shellcde Applicatin-Layer Attacks Desynchrnizatin - Pre Cnnectin SYN Desynchrnizatin - Pst Cnnectin SYN Other Types f Evasin Evading Firewalls IP Address Spfing Surce Ruting Tiny Fragments Bypass Blcked Sites Using IP Address in Place f URL Bypass Blcked Sites Using Annymus Website Surfing Sites Bypass a Firewall using Prxy Server Empwering Peple & Business Page 18 f 20

19 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Bypassing Firewall thrugh ICMP Tunneling Methd Malicius Cde Signing Types f Hneypts Hw t Set Up a Hneypt? Bypassing Firewall thrugh ACK Tunneling Methd Bypassing Firewall thrugh HTTP Tunneling Methd Bypassing Firewall thrugh External Systems Bypassing Firewall thrugh MITM Attack Detecting Hneypts Detecting Hneypts Hneypt Detecting Tl: Send-Safe Hneypt Hunter Firewall Evading Tls Firewall Evasin Tl: Traffic IQ Prfessinal Firewall Evasin Tl: tcp-ver-dns Firewall Evasin Tls Packet Fragment Generatrs Cuntermeasures Penetratin Testing Firewall/IDS Penetratin Testing Firewall Penetratin Testing IDS Penetratin Testing Mdule 18: Buffer Overflw Buffer Overflw Cncepts Buffer Overflws Why Are Prgrams and Applicatins Vulnerable t Buffer Overflws? Understanding Stacks Stack-Based Buffer Overflw Understanding Heap Heap-Based Buffer Overflw Stack Operatins Shellcde N Operatins (NOPs) Buffer Overflw Methdlgy Knwledge Required t Prgram Buffer Overflw Explits Buffer Overflw Steps Attacking a Real Prgram Frmat String Prblem Overflw using Frmat String Smashing the Stack Once the Stack is smashed... Buffer Overflw Examples Simple Uncntrlled Overflw Simple Buffer Overflw in C: Cde Analysis Expliting Semantic Cmments in C (Anntatins) Hw t Mutate a Buffer Overflw Explit? Buffer Overflw Detectin Identifying Buffer Overflws Hw t Detect Buffer Overflws in a Prgram? Testing fr Heap Overflw Cnditins: heap.exe Steps fr Testing fr Stack Overflw in OllyDbg Debugger Testing fr Stack Overflw in OllyDbg Debugger Testing fr Frmat String Cnditins using IDA Pr BF Detectin Tl: Immunity CANVAS BF Detectin Tls Buffer Overflw Cunter-measures Defense Against Buffer Overflws Preventing BF Attacks Prgramming Cuntermeasures Data Executin Preventin (DEP) Enhanced Mitigatin Experience Tlkit (EMET) EMET System Cnfiguratin Settings EMET Applicatin Cnfiguratin Settings Buffer Overflw Security Tls /GS BF Security Tl: BufferShield BF Security Tls Buffer Overflw Penetratin Testing Mdule 19: Cryptgraphy Cryptgraphy Cncepts Cryptgraphy Types f Cryptgraphy Gvernment Access t Keys (GAK) Encryptin Algrithms Ciphers Advanced Encryptin Standard (AES) Data Encryptin Standard (DES) RC4, RC5, RC6 Algrithms The DSA and Related Signature Schemes RSA (Rivest Shamir Adleman) Example f RSA Algrithm The RSA Signature Scheme Message Digest (One-way Hash) Functins Message Digest Functin: MD5 Secure Hashing Algrithm (SHA) What is SSH (Secure Shell)? Empwering Peple & Business Page 19 f 20

20 Hackers will hit yu frm anywhere Outline: Certtified Ethical Hacker (CEH) versin 8 Cryptgraphy Tls MD5 Hash Calculatrs: HashCalc, MD5 Calculatr and HashMyFiles Cryptgraphy Tl: Advanced Encryptin Package Cryptgraphy Tl: BCTextEncder Cryptgraphy Tls Public Key Infrastructure(PKI) Public Key Infrastructure (PKI) Certificatin Authrities Encryptin Digital Signature SSL (Secure Sckets Layer) Transprt Layer Security (TLS) Disk Encryptin Disk Encryptin Tl: TrueCrypt Disk Encryptin Tl: GiliSft Full Disk Encryptin Disk Encryptin Tls Cryptgraphy Attacks Cde Breaking Methdlgies Brute-Frce Attack Meet-in-the-Middle Attack n Digital Signature Schemes Cryptanalysis Tls Cryptanalysis Tl: CrypTl Cryptanalysis Tls Online MD5 Decryptin Tl Mdule 20: Penetratin Testing Pen Testing Cncepts Security Assessments Security Audit Vulnerability Assessment Limitatins f Vulnerability Assessment Intrductin t Penetratin Testing Penetratin Testing Cmparing Security Audit, Vulnerability Assessment, and Penetratin Testing What shuld be tested? What Makes a Gd Penetratin Test? ROI n Penetratin Testing Testing Pints Testing Lcatins Types f Pen Testing Types f Penetratin Testing External Penetratin Testing Internal Security Assessment Black-bx Penetratin Testing Grey-bx Penetratin Testing White-bx Penetratin Testing Annunced / Unannunced Testing Autmated Testing Manual Testing Pen Testing Techniques Cmmn Penetratin Testing Techniques Using DNS Dmain Name and IP Address Infrmatin Enumerating Infrmatin abut Hsts n Publicly-Available Netwrks Pen Testing Phases Phases f Penetratin Testing Pre-Attack Phase: Define Rules f Engagement (ROE) Pre-Attack Phase: Understand Custmer Requirements Pre-Attack Phase: Create a Checklist f the Testing Requirements Pre-Attack Phase: Define the Pen-Testing Scpe Why Penetratin Testing? Pre-Attack Phase: Sign Penetratin Testing Cntract Pre-Attack Phase: Sign Cnfidentiality and Nn-Disclsure (NDA) Agreements Pre-Attack Phase: Infrmatin Gathering Attack Phase Activity: Perimeter Testing Enumerating Devices Activity: Acquiring Target Activity: Escalating Privileges Activity: Execute, Implant, and Retract Pst-Attack Phase and Activities Penetratin Testing Deliverable Templates Pen Testing Radmap Penetratin Testing Methdlgy Applicatin Security Assessment Web Applicatin Testing - I Web Applicatin Testing - II Web Applicatin Testing - III Netwrk Security Assessment Wireless/Remte Access Assessment Wireless Testing Telephny Security Assessment Scial Engineering Testing Netwrk-Filtering Devices Denial f Service Emulatin Outsurcing Pen Testing Services Outsurcing Penetratin Testing Services Terms f Engagement Prject Scpe Pentest Service Level Agreements Penetratin Testing Cnsultants Empwering Peple & Business Page 20 f 20