Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Open Source Toolkit. Penetration Tester's. Jeremy Faircloth. Third Edition. Fryer, Neil. Technical Editor SYNGRESS. Syngrcss is an imprint of Elsevier"

Transcription

1 Penetration Tester's Open Source Toolkit Third Edition Jeremy Faircloth Neil Fryer, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE SYDNEY TOKYO SYNGRESS Syngrcss is an imprint of Elsevier

2 Contents Acknowledgments Introduction About the Author About the Technical Editor xiii xv xxi xxi CHAPTER 1 Tools of the Trade i 1.1 Objectives Approach Core technologies LiveCDs ISO images Bootable USB drives Creating a persistent LiveCD Open source tools Tools for building LiveCDs Penetration testing toolkits Penetration testing targets Case study: the tools in action Hands-on challenge 27 Summary 27 Endnote CHAPTER 2 Reconnaissance Objective A methodology for reconnaissance Intelligence gathering Core technologies Approach Open source tools Intelligence gathering summary Footprinting Core technologies Approach Open source tools Footprinting summary Human recon Core technologies Open source tools Human recon summary 74 vii

3 viii Contents 2.6 Verification Core technologies Approach Open source tools Verification summary Case study: the tools in action Intelligence gathering, footprinting, and verification of an Internet-connected network Case study summary Hands-on challenge 92 Summary 93 Endnotes 93 CHAPTER 3 Scanning and Enumeration Objectives Before you start Why do scanning and enumeration? Scanning Approach Core technology Open source tools Enumeration Approach Core technology Open source tools Case studies: the tools in action External Internal Stealthy Noisy (IDS) testing Hands-on challenge 138 Summary 138 CHAPTER 4 Client-Side Attacks and Human Weaknesses Objective Phishing Approaches Core technologies Open source tools Social network attacks Approach Core technologies Open source tools 164

4 Contents ix 4.4 Custom malware Approach Core technologies Open source tools Case study, the tools in action Hands-on challenge 187 Summary 187 Endnote 188 CHAPTER 5 Hacking Database Services Objective Core technologies Basic terminology Database installation Communication Resources and auditing Microsoft SQL Server Microsoft SQL Server users SQL Server roles and permissions SQL Server stored procedures Open source tools Oracle database management system Oracle users Oracle roles and privileges Oracle stored procedures Open source tools Case study: the tools in action Hands-on challenge 215 Summary 216 CHAPTER 6 Web Server and Web Application Testing Objective Web server vulnerabilities: a short history Web applications: the new challenge Approach Web server testing CGI and default pages testing Web application testing Core technologies Web server exploit basics CGI and default page exploitation Web application assessment 231

5 X Contents 6.4 Open source tools WAFWOOF Nikto Grendel-Scan fimap SQLiX sqlmap DirBuster Case study: the tools in action Hands-on challenge 255 Summary 256 Endnote 257 CHAPTER 7 Network Devices Objectives Approach Core technologies Switches Routers Firewalls IPv Open source tools Footprinting tools Scanning tools Enumeration tools Exploitation tools Case study: the tools in action Hands-on challenge 289 Summary 290 CHAPTER 8 Enterprise Application Testing Objective Core technologies What is an enterprise application? Multi-tier architecture Integrations Approach Open source tools Nmap Netstat sapyto soapui Metasploit 313

6 Contents xi 8.5 Case study: the tools in action Hands-on challenge 317 Summary 318 CHAPTER 9 Wireless Penetration Testing Objective Approach Core technologies Understanding WLAN vulnerabilities Evolution of WLAN vulnerabilities Wireless penetration testing tools Open source tools Information-gathering tools Footprinting tools Enumeration tool Vulnerability assessment tool Exploitation tools Bluetooth vulnerabilities Case study: the tools in action Hands-on challenge 369 Summary 370 CHAPTER 10 Building Penetration Test Labs Objectives Approach Designing your lab Building your lab Running your lab Core technologies Defining virtualization Virtualization and penetration testing Virtualization architecture Open source tools Xen VirtualBox GNS3/Dynagen/Dynamips Other tools Case study: the tools in action Hands-on challenge 400 Summary 401 Index 403

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor

Network Security. Windows 2012 Server. Securing Your Windows. Infrastructure. Network Systems and. Derrick Rountree. Richard Hicks, Technical Editor Windows 2012 Server Network Security Securing Your Windows Network Systems and Infrastructure Derrick Rountree Richard Hicks, Technical Editor AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso

Cyber Attacks. Protecting National Infrastructure Student Edition. Edward G. Amoroso Cyber Attacks Protecting National Infrastructure Student Edition Edward G. Amoroso ELSEVIER. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER

Securing the Cloud. Cloud Computer Security Techniques and Tactics. Vic (J.R.) Winkler. Technical Editor Bill Meine ELSEVIER Securing the Cloud Cloud Computer Security Techniques and Tactics Vic (J.R.) Winkler Technical Editor Bill Meine ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO

Computing. Federal Cloud. Service Providers. The Definitive Guide for Cloud. Matthew Metheny ELSEVIER. Syngress is NEWYORK OXFORD PARIS SAN DIEGO Federal Cloud Computing The Definitive Guide for Cloud Service Providers Matthew Metheny ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER

Securing SQL Server. Protecting Your Database from. Second Edition. Attackers. Denny Cherry. Michael Cross. Technical Editor ELSEVIER Securing SQL Server Second Edition Protecting Your Database from Attackers Denny Cherry Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON ELSEVIER NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Network Security: A Practical Approach. Jan L. Harrington

Network Security: A Practical Approach. Jan L. Harrington Network Security: A Practical Approach Jan L. Harrington ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of

More information

Customer Relationship Management

Customer Relationship Management Customer Relationship Management Concepts and Technologies Second edition Francis Buttle xlloillvlcjx. AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

Managing Data in Motion

Managing Data in Motion Managing Data in Motion Data Integration Best Practice Techniques and Technologies April Reeve ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker

CONTENTS AT A GMi#p. Chapter I Ethical Hacking Basics I Chapter 2 Cryptography. Chapter 3 Reconnaissance: Information Gathering for the Ethical Hacker ALL ElNis ONE CEH Certified Ethical Hacker EXAM GUIDE Matt Walker Mc Grain/ New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph

Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph Big Data Analytics From Strategie Planning to Enterprise Integration with Tools, Techniques, NoSQL, and Graph David Loshin ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN

More information

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN

IMPROVEMENT THE PRACTITIONER'S GUIDE TO DATA QUALITY DAVID LOSHIN i I I I THE PRACTITIONER'S GUIDE TO DATA QUALITY IMPROVEMENT DAVID LOSHIN ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann

More information

Metrics and Methods for Security Risk Management

Metrics and Methods for Security Risk Management Metrics and Methods for Security Risk Management Carl S. Young ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Syngress is an imprint of

More information

Virtualization and Forensics

Virtualization and Forensics Virtualization and Forensics A Digital Forensic Investigator's Guide to Virtual Environments Diane Barrett Gregory Kipper Technical Editor Samuel Liles ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON

Cloud Computing. Theory and Practice. Dan C. Marinescu. Morgan Kaufmann is an imprint of Elsevier HEIDELBERG LONDON AMSTERDAM BOSTON Cloud Computing Theory and Practice Dan C. Marinescu AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO M< Morgan Kaufmann is an imprint of Elsevier

More information

Risk Analysis and the Security Survey

Risk Analysis and the Security Survey Risk Analysis and the Security Survey Fourth Edition James F. Broder Eugene Tucker ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Butterworth-Heinemann

More information

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON

Fixed/Mobile Convergence and Beyond AMSTERDAM BOSTON. HEIDELBERG LONDON Fixed/Mobile Convergence and Beyond Unbounded Mobile Communications Richard Watson AMSTERDAM BOSTON. HEIDELBERG LONDON NEW YORK. OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY. TOKYO ELSEVIER

More information

Supply Chain Strategies

Supply Chain Strategies Supply Chain Strategies Customer-driven and customer-focused Tony Hines ELSEVIER BUTTERWORTH HEINEMANN AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY

More information

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish

CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish CHAINED EXPLOITS Advanced Hacking Attacks from Start to Finish Andrew Whitaker Keatron Evans Jack B.Voth TT r\ Addison-Wesley Upper Saddle River, NJ Boston Indianapolis San Francisco New York Toronto Montreal

More information

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management

Configuration. Management for. Senior Managers. Essential Product Configuration. and Lifecycle Management Configuration Management for Senior Managers Essential Product Configuration and Lifecycle Management for Manufacturing Frank B. Watts ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee.

Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING. Anestis Bechtsoudis. http://bechtsoudis.com abechtsoudis (at) ieee. Aiming at Higher Network Security Levels Through Extensive PENETRATION TESTING Anestis Bechtsoudis http://bechtsoudis.com abechtsoudis (at) ieee.org Athena Summer School 2011 Course Goals Highlight modern

More information

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts)

Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Duration: 80Hrs. Course Fee: INR 7000 + 1999 (Certification Lab Exam Cost 2 Attempts) Course Module: 1. Introduction to Ethical Hacking 2. Footprinting a. SAM Spade b. Nslookup c. Nmap d. Traceroute

More information

Data Warehousing in the Age of Big Data

Data Warehousing in the Age of Big Data Data Warehousing in the Age of Big Data Krish Krishnan AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD * PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Morgan Kaufmann is an imprint of Elsevier

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

CYBERTRON NETWORK SOLUTIONS

CYBERTRON NETWORK SOLUTIONS CYBERTRON NETWORK SOLUTIONS CybertTron Certified Ethical Hacker (CT-CEH) CT-CEH a Certification offered by CyberTron @Copyright 2015 CyberTron Network Solutions All Rights Reserved CyberTron Certified

More information

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access The Best First for Beginners who want to become Penetration Testers PTSv2 in pills: Self-paced, online, flexible access 900+ interactive slides and 3 hours of video material Interactive and guided learning

More information

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?"^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli.

SharePoint 2010. Overview, Governance, and Planning. (^Rll^^fc^ i ip?^biifiis:'iissiipi. Scott Jamison. Susan Hanley Mauro Cardarelli. Ec,V$%fMM SharePoint 2010 i ip?"^biifiis:'iissiipi Overview, Governance, (^Rll^^fc^ and Planning Ipft^'" Scott Jamison Susan Hanley Mauro Cardarelli Upper Saddle River, NJ Boston Indianapolis San Francisco

More information

Information Security

Information Security Information Security Level II Office of the Vice President for Information Technology Mr. Corbett Consolvo, IT Security Analyst Ms. Lori McElroy, IT Security Officer Iffat Jabeen, IT Security GRA Agenda

More information

If you know the enemy and know yourself, you need not fear the result of a hundred battles.

If you know the enemy and know yourself, you need not fear the result of a hundred battles. Rui Pereira,B.Sc.(Hons),CIPS ISP/ITCP,CISSP,CISA,CWNA/CWSP,CPTE/CPTC Principal Consultant, WaveFront Consulting Group ruiper@wavefrontcg.com 1 (604) 961-0701 If you know the enemy and know yourself, you

More information

Measuring Data Quality for Ongoing Improvement

Measuring Data Quality for Ongoing Improvement Measuring Data Quality for Ongoing Improvement A Data Quality Assessment Framework Laura Sebastian-Coleman ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

ITEC441- IS Security. Chapter 15 Performing a Penetration Test

ITEC441- IS Security. Chapter 15 Performing a Penetration Test 1 ITEC441- IS Security Chapter 15 Performing a Penetration Test The PenTest A penetration test (pentest) simulates methods that intruders use to gain unauthorized access to an organization s network and

More information

Eleventh Hour Security+

Eleventh Hour Security+ Eleventh Hour Security+ Exam SYO-201 Study Guide I do Dubrawsky Technical Editor Michael Cross AMSTERDAM BOSTON HEIDELBERG LONDON NEWYORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO SYNGRESS.

More information

Contents. Foreword. Acknowledgments Introduction

Contents. Foreword. Acknowledgments Introduction The Manager's Handbook for Corporate Security Establishing and Managing a Successful Assets Protection Program Dr. Gerald L Kovacich Edward P. Halibozek ilu TTERWORTH I N E M A N N An imprint of Elsevier

More information

PowerShell for Penetration Testers

PowerShell for Penetration Testers Training: PowerShell for Penetration Testers Dates of the training: March 14-15,2016 in Heidelberg, Germany Book Now using the code: TR16HMTRAINING and save an additional 10% of the current valid rate!

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO DW2.0 The Architecture for the Next Generation of Data Warehousing W. H. Inmon Forest Rim Technology Derek Strauss Gavroshe Genia Neushloss Gavroshe AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS

More information

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM Course Description This is the Information Security Training program. The Training provides you Penetration Testing in the various field of cyber world.

More information

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus

National Cyber League Certified Ethical Hacker (CEH) TM Syllabus National Cyber League Certified Ethical Hacker (CEH) TM Syllabus Note to Faculty This NCL Syllabus is intended as a supplement to courses that are based on the EC- Council Certified Ethical Hacker TM (CEHv8)

More information

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier

AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic Press is an imprint of Elsevier Trading and Money Management in a Student-Managed Portfolio Brian Bruce Jason Greene ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Academic

More information

Implementing Database Security and Auditing

Implementing Database Security and Auditing Implementing Database Security and Auditing A guide for DBAs, information security administrators and auditors Ron Ben Natan ELSEVIER DIGITAL PRESS Amsterdam Boston Heidelberg London New York Oxford P

More information

Practical Intrusion Analysis

Practical Intrusion Analysis Practical Intrusion Analysis PREVENTION AND DETECTION FOR THE TWENTY-FIRST CENTURY Ryan Trost TT Ar Addison-Wesley Upper Saddle River, NJ Boston Indianapolis * San Francisco New York Toronto Montreal London

More information

CRYPTUS DIPLOMA IN IT SECURITY

CRYPTUS DIPLOMA IN IT SECURITY CRYPTUS DIPLOMA IN IT SECURITY 6 MONTHS OF TRAINING ON ETHICAL HACKING & INFORMATION SECURITY COURSE NAME: CRYPTUS 6 MONTHS DIPLOMA IN IT SECURITY Course Description This is the Ethical hacking & Information

More information

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York

ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA. ( r öc) CRC Press VV J Taylor & Francis Group ^ ^ Boca Raton London New York ANDROID SECURITY ATTACKS AND DEFENSES ABHISHEK DUBEY I ANMOL MISRA ( r öc) CRC Press VV J Taylor & Francis Group ^ "^ Boca Raton London New York CRC Press is an imprint of the Taylor & Francis Croup, an

More information

Penetration Testing. Presented by

Penetration Testing. Presented by Penetration Testing Presented by Roadmap Introduction to Pen Testing Types of Pen Testing Approach and Methodology Side Effects Demonstration Questions Introduction and Fundamentals Penetration Testing

More information

Digital Forensics with Open Source Tools

Digital Forensics with Open Source Tools Digital Forensics with Open Source Tools Cory Altheide Harlan Carvey Technical Editor Ray Davidson AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO

More information

for the Entire Organization

for the Entire Organization Enterprise Risk Management A Common Framework for the Entire Organization Philip E. J. Green ELSEVIER AMSTERDAM. BOSTON. HEIDELBERG. LONDON NEW YORK OXFORD. PARIS. SAN DIEGO SAN FRANCISCO. SINGAPORE. SYDNEY.

More information

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON

Audio Over IP. Building Pro AolP Systems. with Livewire. Skip Pizzi. Steve Church. Focal. Press ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON Audio Over IP Building Pro AolP Systems with Livewire Steve Church Skip Pizzi ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Focal press

More information

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process

Job Hazard Analysis. A Guide for Voluntary Compliance and Beyond. From Hazard to Risk: Transforming the JHA from a Tool to a Process Job Hazard Analysis A Guide for Voluntary Compliance and Beyond From Hazard to Risk: Transforming the JHA from a Tool to a Process James E. Roughton Nathan Crutchfield E L S E V I E R AMSTERDAM. BOSTON.

More information

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison

Certified Ethical Hacker Exam 312-50 Version Comparison. Version Comparison CEHv8 vs CEHv7 CEHv7 CEHv8 19 Modules 20 Modules 90 Labs 110 Labs 1700 Slides 1770 Slides Updated information as per the latest developments with a proper flow Classroom friendly with diagrammatic representation

More information

External Vulnerability Assessment. -Executive Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Executive Summary- ABC ORGANIZATION External Vulnerability Assessment -Executive Summary- Prepared for: ABC ORGANIZATION On March 9, 2008 Prepared by: AOS Security Solutions 1 of 5 Table of Contents Executive Summary... 3 Immediate Focus

More information

Rapid System Prototyping with FPGAs

Rapid System Prototyping with FPGAs Rapid System Prototyping with FPGAs By R.C. Coferand Benjamin F. Harding AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO Newnes is an imprint of

More information

EC-Council Certified Security Analyst (ECSA)

EC-Council Certified Security Analyst (ECSA) EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for

More information

Vinny Hoxha Vinny Hoxha 12/08/2009

Vinny Hoxha Vinny Hoxha 12/08/2009 Ethical Hacking and Penetration Testing Vinny Hoxha Vinny Hoxha 12/08/2009 What is Ethical Hacking? Types of Attacks Testing Approach Vulnerability Assessments vs. Penetration Testing Testing Methodology

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) Course Number: CEH Length: 5 Day(s) Certification Exam This course will help you prepare for the following exams: Exam 312 50: Certified Ethical Hacker Course Overview The

More information

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler

Agile Development & Business Goals. The Six Week Solution. Joseph Gee. George Stragand. Tom Wheeler Agile Development & Business Goals The Six Week Solution Bill Holtsnider Tom Wheeler George Stragand Joseph Gee AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

by Penetration Testing

by Penetration Testing BackTrack 4: Assuring Security by Penetration Testing Master the art of penetration testing with BackTrack Shakeel Ali Tedi Heriyanto rpafktl Pen I I llv. I\ 1 J community expe PUBLISHING- - BIRMINGHAM

More information

Training Guide: Configuring Windows8 8

Training Guide: Configuring Windows8 8 Training Guide: Configuring Windows8 8 Scott D. Lowe Derek Schauland Rick W. Vanover Introduction System requirements Practice setup instructions Acknowledgments Errata & book support We want to hear from

More information

Footprinting and Reconnaissance Tools

Footprinting and Reconnaissance Tools Footprinting and Reconnaissance Tools Topic 1: Common Port Scanning Techniques Do some research on computer ports that are most often scanned by hackers. Identify a port scanning exploit that is interesting

More information

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking.

When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Ethical Hacking and Countermeasures Course Description: This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Data Model ing Essentials

Data Model ing Essentials Data Model ing Essentials Third Edition Graeme C. Simsion and Graham C. Witt MORGAN KAUFMANN PUBLISHERS AN IMPRINT OF ELSEVIER AMSTERDAM BOSTON LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE

More information

Private Equity and Venture Capital in Europe

Private Equity and Venture Capital in Europe Private Equity and Venture Capital in Europe Markets, Techniques, and Deals Stefano Caselli AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SINGAPORE SYDNEY TOKYO ELSEVIER

More information

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Professional Penetration Testing Techniques and Vulnerability Assessment ... Course Introduction Today Hackers are everywhere, if your corporate system connects to internet that means your system might be facing with hacker. This five days course Professional Vulnerability Assessment

More information

McAfee Certified Assessment Specialist Network

McAfee Certified Assessment Specialist Network McAfee Certified Assessment Specialist Network Exam preparation guide Table of Contents Introduction 3 Becoming McAfee Certified 3 Exam Details 4 Recommended Exam Preparation 4 Exam Objectives 4 Sample

More information

Hackers are here. Where are you?

Hackers are here. Where are you? 1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.

More information

INTERNATIONAL MONEY AND FINANCE

INTERNATIONAL MONEY AND FINANCE INTERNATIONAL MONEY AND FINANCE EIGHTH EDITION MICHAEL MELVIN AND STEFAN C. NORRBIN ELSEVIER Amsterdam Boston Heidelberg London New york Oxford Paris San Diego San Francisco Singapore Sydney Tokyo Academic

More information

Master Data Management

Master Data Management Master Data Management David Loshin AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO Ик^И V^ SAN FRANCISCO SINGAPORE SYDNEY TOKYO W*m k^ MORGAN KAUFMANN PUBLISHERS IS AN IMPRINT OF ELSEVIER

More information

Important Notice 1-2. All contents of this document are copyright 2014 HT s.r.l. All rights reserved.

Important Notice 1-2. All contents of this document are copyright 2014 HT s.r.l. All rights reserved. Trainings Important Notice HT s.r.l. shall bear no responsibility or liability to a client or to any person or entity with respect to liability, loss or damage caused or alleged to be caused directly or

More information

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i.

Schneps, Leila; Colmez, Coralie. Math on Trial : How Numbers Get Used and Abused in the Courtroom. New York, NY, USA: Basic Books, p i. New York, NY, USA: Basic Books, 2013. p i. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=2 New York, NY, USA: Basic Books, 2013. p iii. http://site.ebrary.com/lib/mcgill/doc?id=10665296&ppg=4 New

More information

Build Your Own Security Lab

Build Your Own Security Lab Build Your Own Security Lab A Field Guide for Network Testing Michael Gregg WILEY Wiley Publishing, Inc. Contents Acknowledgments Introduction XXI xxiii Chapter 1 Hardware and Gear Why Build a Lab? Hackers

More information

Penetration Testing: Advanced Oracle Exploitation Page 1

Penetration Testing: Advanced Oracle Exploitation Page 1 Penetration Testing: Advanced Oracle Exploitation Page 1 Course Index:: Day 1 Oracle RDBMS and the Oracle Network Architecture... 3» Introduction and Oracle Review...3» Service Information Enumeration:...3»

More information

Engineering DOCUMENTATION CONTROL HANDBOOK

Engineering DOCUMENTATION CONTROL HANDBOOK Engineering DOCUMENTATION CONTROL HANDBOOK CONFIGURATION MANAGEMENT AND PRODUCT LIFECYCLE MANAGEMENT FOURTH EDITION FRANK B. WATTS Amsterdam Boston Heidelberg London New York Oxford Paris San Diego San

More information

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill

CompTIA Security+ Certification Study Guide. (Exam SYO-301) Glen E. Clarke. Gravu Hill CompTIA Security+ Certification Study Guide (Exam SYO-301) Glen E. Clarke McGraw-Hill is an independent entity from CompTIA,This publication and CD may be used in assisting students to prepare for the

More information

Digital Pathways. Penetration Testing

Digital Pathways. Penetration Testing Penetration Testing inftouch@digitalpathwyas.co.uk Penetration testing, vulnerability tests, assurance projects, ethical hacking it all means broadly the same thing; testing a corporate network to determine

More information

Service Operations Management

Service Operations Management Third Edition Robert Johnston and Graham Clark Service Operations Management Improving Service Delivery Prentice Hall FINANCIAL TIMES An imprint of Pearson Education Harlow, England London New York Boston

More information

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION Prepared for the NRC Fuel Cycle Cyber Security Threat Conference Presented by: Jon Chugg, Ken Rohde Organization(s): INL Date: May 30, 2013 Disclaimer

More information

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box

Penetration Testing. Types Black Box. Methods Automated Manual Hybrid. oless productive, more difficult White Box Penetration Testing Penetration Testing Types Black Box oless productive, more difficult White Box oopen, team supported, typically internal osource available Gray Box (Grey Box) omixture of the two Methods

More information

INCIDENT RESPONSE CHECKLIST

INCIDENT RESPONSE CHECKLIST INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER

NETWORK PENETRATION TESTS FOR EHR MANAGEMENT SOLUTIONS PROVIDER A C a s e s t u d y o n h o w Z e n Q h a s h e l p e d a L e a d i n g K - 1 2 E d u c a t i o n & L e a r n i n g S o l u t i o n s P r o v i d e r i n U S g a u g e c a p a c i t y o f t h e i r f l

More information

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015

PHILADELPHIA GAS WORKS Information Security Assessment and Testing Services RFP#30198 Questions & Answers December 4, 2015 QUESTIONS ANSWERS Q1 What is the goal of testing? A1 We engage in this type of testing to promote our own best practices and ensure our security posture is as it should be. Q2 No of active IP s (internal):

More information

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2)

Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Computer Forensics Training - Digital Forensics and Electronic Discovery (Mile2) Course number: CFED Length: 5 days Certification Exam This course will help you prepare for the following exams: CCE --

More information

Ethical Hacking Course Layout

Ethical Hacking Course Layout Ethical Hacking Course Layout Introduction to Ethical Hacking o What is Information Security? o Problems faced by the Corporate World o Why Corporate needs Information Security? Who is a Hacker? o Type

More information

June 2014 WMLUG Meeting Kali Linux

June 2014 WMLUG Meeting Kali Linux June 2014 WMLUG Meeting Kali Linux "the quieter you become, the more you are able to hear" Patrick TenHoopen Kali Linux Kali Linux is a free and open source penetration testing Linux distribution designed

More information

Practical Web Analytics for User Experience

Practical Web Analytics for User Experience Practical Web Analytics for User Experience How Analytics Can Help You Understand Your Users Michael Beasley UX Designer, ITHAKA Ypsilanti, Michigan, USA üf IBs fmij ELSEVIER Amsterdam Boston Heidelberg

More information

Critical Controls for Cyber Security. www.infogistic.com

Critical Controls for Cyber Security. www.infogistic.com Critical Controls for Cyber Security www.infogistic.com Understanding Risk Asset Threat Vulnerability Managing Risks Systematic Approach for Managing Risks Identify, characterize threats Assess the vulnerability

More information

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) Page 1 of 6 Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits) TNCC Cybersecurity Program web page: http://tncc.edu/programs/cyber-security Course Description: Encompasses

More information

Looking at the SANS 20 Critical Security Controls

Looking at the SANS 20 Critical Security Controls Looking at the SANS 20 Critical Security Controls Mapping the SANS 20 to NIST 800-53 to ISO 27002 by Brad C. Johnson The SANS 20 Overview SANS has created the 20 Critical Security Controls as a way of

More information

Department of Computer Science and Technology, UTU 2014

Department of Computer Science and Technology, UTU 2014 M.Sc. (CA) Semester 3 Course Name & Code: Penetration Testing (040020305) Tedi Heriyanto, Shakeel Ali, BackTrack 4: Assuring Security By Penetration Testing, Shroff/Packt Publishing is abbreviated as ST,

More information

Real World Web Service Testing For Web Hackers

Real World Web Service Testing For Web Hackers Real World Web Service Testing For Web Hackers TOM ESTON» Senior Security Consultant SecureState» Web Application / Network Penetration Tester» Founder of SocialMediaSecurity.com» Previous Security Research

More information

Page: Designed & Executed By: Presents Cyber Security Training

Page: Designed & Executed By: Presents Cyber Security Training Page: 1 Designed & Executed By: TM S I v8 RAINNVESTIGATOR Cyber Security Training Presents T CCE TechBharat Certified Cyber Expert TechBharat Certified Cyber Expert EC-Council Computer Hacking Forensic

More information

Vulnerability Assessment and Penetration Testing

Vulnerability Assessment and Penetration Testing Vulnerability Assessment and Penetration Testing Module 1: Vulnerability Assessment & Penetration Testing: Introduction 1.1 Brief Introduction of Linux 1.2 About Vulnerability Assessment and Penetration

More information

A Biologically Inspired Approach to Network Vulnerability Identification

A Biologically Inspired Approach to Network Vulnerability Identification A Biologically Inspired Approach to Network Vulnerability Identification Evolving CNO Strategies for CND Todd Hughes, Aron Rubin, Andrew Cortese,, Harris Zebrowitz Senior Member, Engineering Staff Advanced

More information

Security Posture Assessment(SPA)

Security Posture Assessment(SPA) Security Posture Assessment(SPA) Headquarters: Ofisgate Sdn Bhd (610820-A), 2-15 Jalan Jalil Perkasa 13 Aked Esplanad, Bukit Jalil, 57000 Kuala Lumpur, Malaysia Regional Office: Ofisgate (s) Pte Ltd, 205B

More information

Computer Security Literacy

Computer Security Literacy Computer Security Literacy Staying Safe in a Digital World Douglas Jacobson and Joseph Idziorek CRC Press Taylor & Francis Group Boca Raton London New York CRC Press is an imprint of the Taylor & Francis

More information

Private Cloud Computing

Private Cloud Computing Private Cloud Computing Consolidation, Virilization, and Service-Oriented Infrastructure Stephen R. Smoot Nam K. Tan ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO M< SAN FRANCISCO

More information

IDS and Penetration Testing Lab ISA656 (Attacker)

IDS and Penetration Testing Lab ISA656 (Attacker) IDS and Penetration Testing Lab ISA656 (Attacker) Ethics Statement Network Security Student Certification and Agreement I,, hereby certify that I read the following: University Policy Number 1301: Responsible

More information

A New Era. A New Edge. Phishing within your company

A New Era. A New Edge. Phishing within your company Phishing within your company Learning Objectives What is phishing and how to minimize its impact Obtain a basic understanding of how to use virtual machines Use BackTrack, a tool used by many security

More information

CONTENTS. Hacking Wireless Technology

CONTENTS. Hacking Wireless Technology CONTENTS Foreword........................................................ xvii Acknowledgments................................................ xix Introduction......................................................

More information

Human Performance Improvement

Human Performance Improvement Human Performance Improvement Building Practitioner Competence Second Edition William J. Rothwell Carolyn K. Hohne Stephen B. King ELoEVIElx AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN

More information