EC-Council. Ethical Hacking and Countermeasures (version 8) (Exam )

Transcription

1 EC-Cuncil Ethical Hacking and Cuntermeasures (versin 8) Duratin: 5 Days Curse Descriptin: This class will immerse the students int an interactive envirnment where they will be shwn hw t scan, test, hack and secure their wn systems. The lab intensive envirnment gives each student indepth knwledge and practical experience with the current essential security systems. Students will begin by understanding hw perimeter defenses wrk and then be lead int scanning and attacking their wn netwrks, n real netwrk is harmed. Students then learn hw intruders escalate privileges and what steps can be taken t secure a system. Students will als learn abut Intrusin Detectin, Plicy Creatin, Scial Engineering, DDS Attacks, Buffer Overflws and Virus Creatin. When a student leaves this intensive 5 day class they will have hands n understanding and experience in Ethical Hacking. This curse prepares yu fr EC-Cuncil ANSI accredited Certified Ethical Hacker exam Wh Shuld Attend: This curse will significantly benefit security fficers, auditrs, security prfessinals, site administratrs, and anyne wh is cncerned abut the integrity f the netwrk infrastructure. Certificatin The Certified Ethical Hacker exam may be taken n the last day f the training (ptinal). Students need t pass the nline Prmetric/VUE exam t receive CEH certificatin. Curse Tpics 01 Intrductin t Ethical Hacking 02 Ftprinting and Recnnaissance 03 Scanning Netwrks 04 Enumeratin 05 System Hacking 06 Trjans and Backdrs 07 Viruses and Wrms 08 Sniffers 09 Scial Engineering 10 Denial f Service 11 Sessin Hijacking 12 Hacking Webservers 13 Hacking Web Applicatins 14 SQL Injectin 15 Hacking Wireless Netwrks 16 Hacking Mbile Platfrms 17 Evading IDS, Firewalls, and Hneypts 18 Buffer Overflw 19 Cryptgraphy 20 Penetratin Testing Page 1

2 EC-Cuncil Curse Outline Mdule 01: Intrductin t Ethical Hacking Infrmatin Security Overview Internet Crime Current Reprt: IC3 Data Breach Investigatins Reprt Essential Terminlgy Elements f Infrmatin Security The Security, Functinality, and Usability Triangle Infrmatin Security Threats and Attack Vectrs Tp Infrmatin Security Attack Vectrs Mtives, Gals, and Objectives f Infrmatin Security Attacks Infrmatin Security Threats Infrmatin Warfare IPv6 Security Threats Hacking Cncepts Hacking vs. Ethical Hacking Effects f Hacking n Business Wh Is a Hacker? Hacker Classes Hacktivism Hacking Phases Types f Attacks Types f Attacks n a System Operating System Attacks Miscnfiguratin Attacks Applicatin-Level Attacks Examples f Applicatin-Level Attacks Shrink Wrap Cde Attacks Infrmatin Security Cntrls Why Ethical Hacking is Necessary Scpe and Limitatins f Ethical Hacking Skills f an Ethical Hacker Defense in Depth Incident Management Prcess Infrmatin Security Plicies Page 2

3 EC-Cuncil Classificatin f Security Plicies Structure and Cntents f Security Plicies Types f Security Plicies Steps t Create and Implement Security Plicies Examples f Security Plicies Vulnerability Research Vulnerability Research Websites What Is Penetratin Testing? Why Penetratin Testing Penetratin Testing Methdlgy Mdule 02: Ftprinting and Recnnaissance Ftprinting Cncepts Ftprinting Terminlgy What is Ftprinting? Why Ftprinting? Objectives f Ftprinting Ftprinting Threats Ftprinting Threats Ftprinting Methdlgy Ftprinting thrugh Search Engines Finding Cmpany s External and Internal URLs Public and Restricted Websites Cllect Lcatin Infrmatin Peple Search Peple Search Online Services Peple Search n Scial Netwrking Services Gather Infrmatin frm Financial Services Ftprinting thrugh Jb Sites Mnitring Target Using Alerts Website Ftprinting Mirrring Entire Website Website Mirrring Tls Extract Website Infrmatin frm Mnitring Web Updates Using Website Watcher Page 3

4 EC-Cuncil Ft printing Tracking Cmmunicatins Cllecting Infrmatin frm Header Tracking Tls Cmpetitive Intelligence Cmpetitive Intelligence Gathering Cmpetitive Intelligence - When Did this Cmpany Begin? Hw Did it Develp? Cmpetitive Intelligence - What Are the Cmpany's Plans? Cmpetitive Intelligence - What Expert Opinins Say Abut the Cmpany Ftprinting using Ggle Ftprint Using Ggle Hacking Techniques What a Hacker can d with Ggle Hacking? Ggle Advance Search Operatrs Finding Resurces Using Ggle Advance Operatr Ggle Hacking Tl: Ggle Hacking Database (GHDB) Ggle Hacking Tls WHOIS Ftprinting WHOIS Lkup WHOIS Lkup Result Analysis WHOIS Lkup Tl: SmartWhis WHOIS Lkup Tls WHOIS Lkup Online Tls DNS Ftprinting Extracting DNS Infrmatin DNS Interrgatin Tls Netwrk Ftprinting Lcate the Netwrk Range Determine the Operating System Tracerute Tracerute Analysis Tracerute Tls Ftprinting thrugh Scial Engineering Ftprinting thrugh Scial Engineering Cllect Infrmatin Using Eavesdrpping, Shulder Surfing, and Dumpster Diving Ftprinting thrugh Scial Netwrking Sites Page 4

5 EC-Cuncil Cllect Infrmatin thrugh Scial Engineering n Scial Netwrking Sites Infrmatin Available n Scial Netwrking Sites Cllecting Facebk Infrmatin Cllecting Twitter Infrmatin Cllecting Linkedin Infrmatin Cllecting Yutube Infrmatin Tracking Users n Scial Netwrking Sites Ftprinting Tls Ftprinting Tl: Malteg Ftprinting Tl: Dmain Name Analyzer Pr Ftprinting Tl: Web Data Extractr Additinal Ftprinting Tls Ftprinting Cuntermeasures Ftprinting Penetratin Testing Ftprinting Pen Testing Ftprinting Pen Testing Reprt Templates Mdule 03: Scanning Netwrks Overview f Netwrk Scanning CEH Scanning Methdlgy Check fr Live Systems Checking fr Live Systems - ICMP Scanning Ping Sweep Ping Sweep Tls Check fr Open Prts Three-Way Handshake TCP Cmmunicatin Flags Create Custm Packet Using TCP Flags Create Custm Packet Using TCP Flags Scanning IPv6 Netwrk Scanning Tl: Nmap Hping2 / Hping3 Hping Cmmands Scanning Techniques TCP Cnnect / Full Open Scan Page 5

6 EC-Cuncil Stealth Scan (Half-pen Scan) Stealth Scan (Half-pen Scan) Xmas Scan FIN Scan NULL Scan IDLE Scan IDLE Scan: Step 1 IDLE Scan: Step 2 and 3 ICMP Ech Scanning/List Scan UDP Scanning Inverse TCP Flag Scanning ACK Flag Scanning Scanning Tl: NetScan Tls Pr Scanning Tls D Nt Scan These IP Addresses (Unless yu want t get int truble) Prt Scanning Cuntermeasures Scanning Beynd IDS IDS Evasin Techniques SYN/FIN Scanning Using IP Fragments Banner Grabbing Banner Grabbing Tls Banner Grabbing Cuntermeasures: Disabling r Changing Banner Hiding File Extensins frm Web Pages Scan fr Vulnerability Vulnerability Scanning Vulnerability Scanning Tl: Nessus Vulnerability Scanning Tl: GAFI LanGuard Vulnerability Scanning Tl: SAINT Netwrk Vulnerability Scanners Draw Netwrk Diagrams Drawing Netwrk Diagrams Netwrk Discvery Tl: LANsurveyr Netwrk Discvery Tl: OpManager Netwrk Discvery Tl: NetwrkView Netwrk Discvery Tl: The Dude Page 6

7 EC-Cuncil Netwrk Discvery and Mapping Tls Prepare Prxies Prxy Servers Why Attackers Use Prxy Servers? Use f Prxies fr Attack Prxy Chaining Prxy Tl: Prxy Wrkbench Prxy Tl: Prxifier Prxy Tl: Prxy Switcher Prxy Tl: ScksChain Prxy Tl: TOR (The Onin Ruting) Prxy Tls Free Prxy Servers HTTP Tunneling Techniques Why d I Need HTTP Tunneling HTTP Tunneling Tl: Super Netwrk Tunnel HTTP Tunneling Tl: HTTP-Tunnel SSH Tunneling SSH Tunneling Tl: Bitvise Annymizers Case: Blggers Write Text Backwards t Bypass Web Filters in China Censrship Circumventin Tl: Psiphn Censrship Circumventin Tl: Yur-Freedm Hw t Check if Yur Website is Blcked in China r Nt? G-Zapper Annymizers Spfing IP Address IP Spfing Detectin Techniques: Direct TTL Prbes IP Spfing Detectin Techniques: IP Identificatin Number IP Spfing Detectin Techniques: TCP Flw Cntrl Methd IP Spfing Cuntermeasures Scanning Pen Testing Page 7

8 EC-Cuncil Mdule 04: Enumeratin Enumeratin Cncepts What is Enumeratin? Techniques fr Enumeratin Services and Prts t Enumerate NetBIOS Enumeratin NetBIOS Enumeratin NetBIOS Enumeratin Tl: SuperScan NetBIOS Enumeratin Tl: Hyena NetBIOS Enumeratin Tl: Winfingerprint NetBIOS Enumeratin Tl: NetBIOS Enumeratr Enumerating User Accunts Enumerate Systems Using Default Passwrds SNMP Enumeratin SNMP (Simple Netwrk Management Prtcl) Enumeratin Wrking f SNMP Management Infrmatin Base (MIB) SNMP Enumeratin Tl: OpUtils SNMP Enumeratin Tl: SlarWind s IP Netwrk Brwser SNMP Enumeratin Tls UNIX/Linux Enumeratin UNIX/Linux Enumeratin Cmmands Linux Enumeratin Tl: Enum4linux LDAP Enumeratin LDAP Enumeratin LDAP Enumeratin Tl: Sfterra LDAP Administratr LDAP Enumeratin Tls NTP Enumeratin NTP Enumeratin NTP Enumeratin Cmmands SMTP Enumeratin SMTP Enumeratin SMTP Enumeratin Tl: NetScanTls Pr DNS Enumeratin DNS Zne Transfer Enumeratin Using NSLkup Enumeratin Cuntermeasures Page 8

9 EC-Cuncil SMB Enumeratin Cuntermeasures Enumeratin Pen Testing Mdule 05: System Hacking Infrmatin at Hand Befre System Hacking Stage System Hacking: Gals CEH Hacking Methdlgy (CHM) CEH System Hacking Steps CrackingPasswrds Passwrd Cracking Passwrd Cmplexity Passwrd Cracking Techniques Types f Passwrd Attacks Passive Online Attack: Wire Sniffing Passive Online Attack: Eavesdrpping Passive Online Attacks: Man-in-the-Middle and Replay Attack Active Online Attack: Passwrd Guessing Active Online Attack: Trjan/Spyware/Keylgger Active Online Attack: Hash Injectin Attack Offline Attack: Rainbw Attacks Tls t Create Rainbw Tables: Winrtgen and rtgen Distributed Netwrk Attack Elcmsft Distributed Passwrd Recvery Nn-Electrnic Attacks Default Passwrds Manual Passwrd Cracking (Guessing) Autmatic Passwrd Cracking Algrithm Stealing Passwrds Using USB Drive Stealing Passwrds Using Keylggers Micrsft Authenticatin Hw Hash Passwrds Are Stred in Windws SAM? What Is LAN Manager Hash? LM Hash Generatin LM, NTLMv1, and NTLMv2 Page 9

10 EC-Cuncil NTLM Authenticatin Prcess Kerbers Authenticatin Salting PWdump7 and Fgdump L0phtCrack Ophcrack Cain & Abel RainbwCrack Passwrd Cracking Tls LM Hash Backward Cmpatibility Hw t Disable LM HASH Hw t Defend against Passwrd Cracking Implement and Enfrce Strng Security Plicy CEH System Hacking Steps Escalating Privileges Privilege Escalatin Privilege Escalatin Tl: Active@ Passwrd Changer Privilege Escalatin Tls Hw t Defend Against Privilege Escalatin Executing Applicatins Executing Applicatins Executing Applicatins: RemteExec Executing Applicatins: PDQ Deply Executing Applicatins: DameWare NT Utilities Keylgger Types f Keystrke Lggers Methdlgy f Attacker in Using Remte Keylgger Acustic/CAM Keylgger Keylggers Keylgger: Spytech SpyAgent Keylgger: All In One Keylgger Keylggers fr Windws Keylgger fr Mac: Amac Keylgger fr Mac Keylggers fr MAC Page 10

11 EC-Cuncil Hardware Keylggers Spyware What Des the Spyware D? Types f Spywares Desktp Spyware Desktp Spyware: Activity Mnitr Desktp Spyware and Internet Spyware and Internet Spyware: Pwer Spy Internet and Spyware Child Mnitring Spyware Child Mnitring Spyware: Net Nanny Hme Suite Child Mnitring Spyware Screen Capturing Spyware Screen Capturing Spyware: SftActivity TS Mnitr Screen Capturing Spyware USB Spyware USB Spyware: USBSpy USB Spyware Audi Spyware Audi Spyware: Spy Vice Recrder and Sund Snper Vide Spyware Vide Spyware: WebCam Recrder Vide Spyware Print Spyware Print Spyware: Printer Activity Mnitr Print Spyware Telephne/Cellphne Spyware Cellphne Spyware: Mbile Spy Telephne/Cellphne Spyware GPS Spyware GPS Spyware: SPYPhne GPS Spyware Hw t Defend Against Keylggers Page 11

12 EC-Cuncil Anti-Keylgger Anti-Keylgger: Zemana AntiLgger Anti-Keylgger Hw t Defend Against Spyware Anti-Spyware: PC Tls Spyware Dctr Anti-Spywares Hiding Files Rtkits Types f Rtkits Hw Rtkit Wrks Rtkit: Fu Rtkit: KBeast Rtkit: Hacker Defender HxDef Rtkit Detecting Rtkits Steps fr Detecting Rtkits Hw t Defend against Rtkits Anti-Rtkit: Stinger Anti-Rtkit: UnHackMe Anti-Rtkits NTFS Data Stream Hw t Create NTFS Streams NTFS Stream Manipulatin Hw t Defend against NTFS Streams NTFS Stream Detectr: StreamArmr NTFS Stream Detectrs What Is Stegangraphy? Applicatin f Stegangraphy Classificatin f Stegangraphy Technical Stegangraphy Linguistic Stegangraphy Stegangraphy Techniques Hw Stegangraphy Wrks Types f Stegangraphy Whitespace Stegangraphy Tl: SNOW Page 12

13 EC-Cuncil Image Stegangraphy Least Significant Bit Insertin Masking and Filtering Algrithms and Transfrmatin Image Stegangraphy: QuickSteg Image Stegangraphy Tls Dcument Stegangraphy: wbsteg Dcument Stegangraphy Tls Vide Stegangraphy Vide Stegangraphy: OmniHide PRO Vide Stegangraphy Tls Audi Stegangraphy AudiA Stegangraphy Methds Audi Stegangraphy: DeepSund Audi Stegangraphy Tls Flder Stegangraphy: Invisible Secrets 4 Flder Stegangraphy Tls Spam/ Stegangraphy: Spam Mimic Natural Text Stegangraphy: Sams Big G Play Maker Issues in Infrmatin Hiding Steganalysis Steganalysis Methds/Attacks n Stegangraphy Detecting Text and Image Stegangraphy Detecting Audi and Vide Stegangraphy Stegangraphy Detectin Tl: Gargyle Investigatr Frensic Pr Stegangraphy Detectin Tls Cvering Tracks Why Cver Tracks? Cvering Tracks Ways t Clear Online Tracks Disabling Auditing: Auditpl Cvering Tracks Tl: CCleaner Cvering Tracks Tl: MRU-Blaster Track Cvering Tls Page 13

14 EC-Cuncil Penetratin Testing Passwrd Cracking Privilege Escalatin Executing Applicatins Hiding Files Cvering Tracks Mdule 06: Trjans and Backdrs Trjan Cncepts What is a Trjan? Cmmunicatin Paths: Overt and Cvert Channels Purpse f Trjans What D Trjan Creatrs Lk Fr Indicatins f a Trjan Attack Cmmn Prts used by Trjans Trjan Infectin Hw t Infect Systems Using a Trjan Wrappers Wrapper Cvert Prgrams Different Ways a Trjan can Get int a System Hw t Deply a Trjan Evading Anti-Virus Techniques Types f Trjans Cmmand Shell Trjans Cmmand Shell Trjan: Netcat GUI Trjan: MSucker GUI Trjan: Jumper and Bidx Dcument Trjans Trjans Trjans: RemteByMail Defacement Trjans Defacement Trjans: Restratr Btnet Trjans Btnet Trjan: Illusin Bt and NetBt Attacker Prxy Server Trjans Page 14

15 EC-Cuncil Prxy Server Trjan: W3bPrOxy Tr0j4nCr34t0r (Funny Name) FTP Trjans VNC Trjans VNC Trjans: WinVNC and VNC Stealer HTTP/HTTPS Trjans HTTP Trjan: HTTP RAT Shttpd Trjan - HTTPS (SSL) ICMP Tunneling Remte Access Trjans Remte Access Trjan: RAT DarkCmet and Apcalypse Cvert Channel Trjan: CCTT E-banking Trjans Banking Trjan Analysis E-banking Trjan: ZeuS and SpyEye Destructive Trjans: M4sT3r Trjan Ntificatin Trjans Credit Card Trjans Data Hiding Trjans (Encrypted Trjans) OS X Trjan: Crisis MAC OS X Trjan: DNSChanger Mac OS X Trjan: Hell Raiser Trjan Analysis: Flame Flame C&C Server Analysis Trjan Analysis: SpyEye Trjan Analysis: ZerAccess Trjan Analysis: Duqu Trjan Analysis: Duqu Framewrk Trjan Analysis: Event Driven Framewrk Trjan Detectin Hw t Detect Trjans Scanning fr Suspicius Prts Prt Mnitring Tls: TCPView and CurrPrts Scanning fr Suspicius Prcesses Prt Mnitring Tls: TCPView and CurrPrts Page 15

16 EC-Cuncil Scanning fr Suspicius Prcesses Prcess Mnitring Tl: What's Running Prcess Mnitring Tls Scanning fr Suspicius Registry Entries Registry Entry Mnitring Tl: PC Tls Registry Mechanic Registry Entry Mnitring Tls Scanning fr Suspicius Device Drivers Device Drivers Mnitring Tl: DriverView Device Drivers Mnitring Tls Scanning fr Suspicius Windws Services Windws Services Mnitring Tl: Windws Service Manager (SrvMan) Windws Services Mnitring Tls Scanning fr Suspicius Startup Prgrams Windws8 Startup Registry Entries Startup Prgrams Mnitring Tl: Starter Startup Prgrams Mnitring Tl: Security AutRun Startup Prgrams Mnitring Tls Scanning fr Suspicius Files and Flders Files and Flder Integrity Checker: FastSum and WinMD5 Files and Flder Integrity Checker Scanning fr Suspicius Netwrk Activities Detecting Trjans and Wrms with Capsa Netwrk Analyzer Cuntermeasures Trjan Cuntermeasures Backdr Cuntermeasures Trjan Hrse Cnstructin Kit Anti-Trjan Sftware Anti-Trjan Sftware: TrjanHunter Anti-Trjan Sftware: Emsisft Anti-Malware Anti-Trjan Sftwares Pen Testing fr Trjans and Backdrs Page 16

17 EC-Cuncil Mdule 07: Viruses and Wrms Virus and Wrms Cncepts Intrductin t Viruses Virus and Wrm Statistics Stages f Virus Life Wrking f Viruses: Infectin Phase Wrking f Viruses: Attack Phase Why D Peple Create Cmputer Viruses Indicatins f Virus Attack Hw des a Cmputer Get Infected by Viruses Cmmn Techniques Used t Distribute Malware n the Web Virus Haxes and Fake Antiviruses Virus Analysis: DNSChanger Types f Viruses System r Bt Sectr Viruses File and Multipartite Viruses Macr Viruses Cluster Viruses Stealth/Tunneling Viruses Encryptin Viruses Plymrphic Cde Metamrphic Viruses File Overwriting r Cavity Viruses Sparse Infectr Viruses Cmpanin/Camuflage Viruses Shell Viruses File Extensin Viruses Add-n and Intrusive Viruses Transient and Terminate and Stay Resident Viruses Writing a Simple Virus Prgram Terabit Virus Maker JPS Virus Maker and DELmE's Batch Virus Maker Cmputer Wrms Hw Is a Wrm Different frm a Virus? Page 17

18 EC-Cuncil Wrm Analysis: Stuxnet Wrm Maker: Internet Wrm Maker Thing Malware Analysis What is Sheep Dip Cmputer? Anti-Virus Sensrs Systems Malware Analysis Prcedure: Preparing Testbed Malware Analysis Prcedure Virus Analysis Tl: IDA Pr Online Malware Testing: VirusTtal Online Malware Analysis Services Cunter-measures Virus Detectin Methds Virus and Wrms Cuntermeasures Cmpanin Antivirus: Immunet Anti-virus Tls Penetratin Testing fr Virus Mdule 08: Sniffers Sniffing Cncepts Wiretapping Lawful Interceptin Packet Sniffing Sniffing Threats Hw a Sniffer Wrks Types f Sniffing Attacks Types f Sniffing: Passive Sniffing Types f Sniffing: Active Sniffing Prtcls Vulnerable t Sniffing Tie t Data Link Layer in OSI Mdel IPv6 Addresses IPv4 and IPv6 Header Cmparisn Hardware Prtcl Analyzers SPAN Prt MAC Attacks MAC Flding Page 18

19 EC-Cuncil MAC Address/CAM Table Hw CAM Wrks What Happens When CAM Table Is Full? Mac Flding Switches with macf MAC Flding Tl: Yersinia Hw t Defend against MAC Attacks DHCP Attacks Hw DHCP Wrks DHCP Request/Reply Messages IPv4 DHCP Packet Frmat DHCP Starvatin Attack DHCP Starvatin Attack Tls Rgue DHCP Server Attack Hw t Defend Against DHCP Starvatin and Rgue Server Attack ARP Pisning What Is Address Reslutin Prtcl (ARP)? ARP Spfing Techniques ARP Spfing Attack Hw Des ARP Spfing Wrk Threats f ARP Pisning ARP Pisning Tl: Cain & Abel ARP Pisning Tl: WinArpAttacker ARP Pisning Tl: Ufasft Snif Hw t Defend Against ARP Pisning Cnfiguring DHCP Snping and Dynamic ARP Inspectin n Cisc Switches ARP Spfing Detectin: XArp Spfing Attack Spfing Attack Threats MAC Spfing/Duplicating MAC Spfing Technique: Windws MAC Spfing Tl: SMAC IRDP Spfing Hw t Defend Against MAC Spfing DNS Pisning DNS Pisning Techniques Page 19

20 EC-Cuncil Intranet DNaS Spfing Internet DNS Spfing Prxy Server DNS Pisning DNS Cache Pisning Hw t Defend Against DNS Spfing Sniffing Tls Sniffing Tl: Wireshark Fllw TCP Stream in Wireshark Display Filters in Wireshark Additinal Wireshark Filters Sniffing Tl: Cascade Pilt Sniffing Tl: Tcpdump/Windump Packet Sniffing Tl: Capsa Netwrk Analyzer Netwrk Packet Analyzer: OmniPeek Netwrk Analyzer Netwrk Packet Analyzer: Observer Netwrk Packet Analyzer: Sniff-O-Matic Netwrk Packet Analyzer: JitBit Netwrk Sniffer Chat Message Sniffer: MSN Sniffer 2 TCP/IP Packet Crafter: Clasft Packet Builder Additinal Sniffing Tls Hw an Attacker Hacks the Netwrk Using Sniffers Cunter measures Hw t Defend Against Sniffing Hw t Detect Sniffing Sniffer Detectin Technique: Ping Methd Sniffer Detectin Technique: ARP Methd Sniffer Detectin Technique: DNS Methd Prmiscuus Detectin Tl: PrmqryUI Sniffing Pen Testing Mdule 09: Scial Engineering Scial Engineering Cncepts What is Scial Engineering? Behavirs Vulnerable t Attacks Factrs that Make Cmpanies Vulnerable t Attacks Page 20

21 EC-Cuncil Why Is Scial Engineering Effective? Warning Signs f an Attack Phases in a Scial Engineering Attack Impact n the Organizatin Rebecca and Jessica Cmmn Targets f Scial Engineering Cmmn Targets f Scial Engineering: Office Wrkers Scial Engineering Techniques Types f Scial Engineering Human-based Scial Engineering Technical Supprt Example Authrity Supprt Example Human-based Scial Engineering: Eavesdrpping and Shulder Surfing Human-based Scial Engineering: Dumpster Diving Human-based Scial Engineering Watch these Mvies Watch this Mvie Cmputer-based Scial Engineering Cmputer-based Scial Engineering: Pp-Ups Cmputer-based Scial Engineering: Phishing Cmputer-based Scial Engineering: Spear Phishing Mbile-based Scial Engineering: Publishing Malicius Apps Mbile-based Scial Engineering: Repackaging Legitimate Apps Mbile-based Scial Engineering: Fake Security Applicatins Mbile-based Scial Engineering: Using SMS Insider Attack Disgruntled Emplyee Preventing Insider Threats Cmmn Scial Engineering Targets and Defense Strategies Impers-natin n Scial Netwrking Sites Scial Engineering Thrugh Impersnatin n Scial Netwrking Sites Scial Engineering n Facebk Scial Engineering Example: LinkedIn Prfile Scial Engineering n Twitter Page 21

22 EC-Cuncil Risks f Scial Netwrking t Crprate Netwrks Identity Theft Identity Theft Statistics 2011 Identify Theft Hw t Steal an Identity STEP 1 STEP 2 Cmparisn STEP 3 Real Steven Gets Huge Credit Card Statement Identity Theft - Serius Prblem Scial Engineering Cuntermeasures Hw t Detect Phishing s Anti-Phishing Tlbar: Netcraft Anti-Phishing Tlbar: PhishTank Identity Theft Cuntermeasures Scial Engineering Pen Testing Scial Engineering Pen Testing: Using s Scial Engineering Pen Testing: Using Phne Scial Engineering Pen Testing: In Persn Scial Engineering Pen Testing: Scial Engineering Tlkit (SET) Mdule 10: Denial f Service DS/DDS Cncepts What is a Denial f Service Attack? What Are Distributed Denial f Service Attacks? Hw Distributed Denial f Service Attacks Wrk Symptms f a DS Attack Cyber Criminals Organized Cyber Crime: Organizatinal Chart DS Attack Techniques Bandwidth Attacks Service Request Flds SYN Attack SYN Flding ICMP Fld Attack Page 22

23 EC-Cuncil Peer-t-Peer Attacks Permanent Denial-f-Service Attack Applicatin Level Fld Attacks Btnet Btnet Prpagatin Technique Btnet Ecsystem Btnet Trjan: Shark Pisn Ivy: Btnet Cmmand Cntrl Center Btnet Trjan: PlugBt Btnet Trjans: Illusin Bt and NetBt Attacker DDS Case Study DDS Attack DDS Attack Tl: LOIC Hackers Advertise Links t Dwnlad Btnet DS Attack Tls Cunter-measures Detectin Techniques Activity Prfiling Wavelet Analysis Sequential Change-Pint Detectin DS/DDS Cuntermeasure Strategies DDS Attack Cuntermeasures DS/DDS Cuntermeasures: Prtect Secndary Victims DS/DDS Cuntermeasures: Detect and Neutralize Handlers DS/DDS Cuntermeasures: Detect Ptential Attacks DS/DDS Cuntermeasures: Deflect Attacks DS/DDS Cuntermeasures: Mitigate Attacks Pst-Attack Frensics Techniques t Defend against Btnets DS/DDS Cuntermeasures DS/DDS Prtectin at ISP Level Enabling TCP Intercept n Cisc IOS Sftware Advanced DDS Prtectin Appliances DS/DDS Prtectin Tls DS/DDS Prtectin Tl: D-Guard Anti-DDS Firewall Page 23

24 EC-Cuncil DS/DDS Prtectin Tls Denial-f-Service (DS) Attack Penetratin Testing Mdule 11: Sessin Hijacking Sessin Hijacking Cncepts What is Sessin Hijacking? Dangers Psed by Hijacking Why Sessin Hijacking is Successful? Key Sessin Hijacking Techniques Brute Frcing Attack Spfing vs. Hijacking Sessin Hijacking Prcess Packet Analysis f a Lcal Sessin Hijack Types f Sessin Hijacking Sessin Hijacking in OSI Mdel Applicatin Level Sessin Hijacking Sessin Sniffing Predictable Sessin Tken Hw t Predict a Sessin Tken Man-in-the-Middle Attack Man-in-the-Brwser Attack Steps t Perfrm Man-in-the-Brwser Attack Client-side Attacks Crss-site Script Attack Sessin Fixatin Sessin Fixatin Attack Netwrk-level Sessin Hijacking The 3-Way Handshake Sequence Numbers Sequence Numbers Predictin TCP/IP Hijacking IP Spfing: Surce Ruted Packets RST Hijacking Blind Hijacking Man-in-the-Middle Attack Using Packet Sniffer Page 24

25 EC-Cuncil UDP Hijacking Sessin Hijacking Tls Sessin Hijacking Tl: Zaprxy Sessin Hijacking Tl: Burp Suite Sessin Hijacking Tl: JHijack Sessin Hijacking Tls Cunter-measures Prtecting against Sessin Hijacking Methds t Prevent Sessin Hijacking: T be Fllwed by Web Develpers Methds t Prevent Sessin Hijacking: T be Fllwed by Web Users IPSec Mdes f IPsec IPsec Architecture IPsec Authenticatin and Cnfidentiality Cmpnents f IPsec IPsec Implementatin Sessin Hijacking Pen Testing Mdule 12: Hacking Webservers Webserver Cncepts Webserver Market Shares Open Surce Webserver Architecture IIS Webserver Architecture Website Defacement Why Web Servers are Cmprmised? Impact f Webserver Attacks Webserver Attacks Webserver Miscnfiguratin Webserver Miscnfiguratin Example Directry Traversal Attacks HTTP Respnse Splitting Attack Web Cache Pisning Attack HTTP Respnse Hijacking SSH Brutefrce Attack Man-in-the-Middle Attack Page 25

26 EC-Cuncil Webserver Passwrd Cracking Webserver Passwrd Cracking Techniques Web Applicatin Attacks Attack Methdlgy Webserver Attack Methdlgy Webserver Attack Methdlgy: Infrmatin Gathering Webserver Attack Methdlgy: Webserver Ftprinting Webserver Ftprinting Tls Webserver Attack Methdlgy: Mirrring a Website Webserver Attack Methdlgy: Vulnerability Scanning Webserver Attack Methdlgy: Sessin Hijacking Webserver Attack Methdlgy: Hacking Web Passwrds Webserver Attack Tls Webserver Attack Tls: Metasplit Metasplit Architecture Metasplit Explit Mdule Metasplit Paylad Mdule Metasplit Auxiliary Mdule Metasplit NOPS Mdule Webserver Attack Tls: Wfetch Web Passwrd Cracking Tl: Brutus Web Passwrd Cracking Tl: THC-Hydra Web Passwrd Cracking Tl: Internet Passwrd Recvery Tlbx Cunter-measures Cuntermeasures: Patches and Updates Cuntermeasures: Prtcls Cuntermeasures: Accunts Cuntermeasures: Files and Directries Hw t Defend Against Web Server Attacks Hw t Defend against HTTP Respnse Splitting and Web Cache Pisning Patch Management Patches and Htfixes What Is Patch Management? Identifying Apprpriate Surces fr Updates and Patches Installatin f a Patch Page 26

27 EC-Cuncil Implementatin and Verificatin f a Security Patch r Upgrade Patch Management Tl: Micrsft Baseline Security Analyzer (MBSA) Patch Management Tls Webserver Security Tls Web Applicatin Security Scanner: Syhunt Dynamic Web Applicatin Security Scanner: N-Stalker Web Applicatin Security Scanner Web Server Security Scanner: Wikt Web Server Security Scanner: Acunetix Web Vulnerability Scanner Web Server Malware Infectin Mnitring Tl: HackAlert Web Server Malware Infectin Mnitring Tl: QualysGuard Malware Detectin Webserver Security Tls Webserver Pen Testing Web Server Pen Testing Tl: CORE Impact Pr Web Server Pen Testing Tl: Immunity CANVAS Web Server Pen Testing Web Server Penetratin Testing Mdule 13: Hacking Web Applicatins Web App Cncepts Web Applicatin Security Statistics Intrductin t Web Applicatins Web Applicatin Cmpnents Hw Web Applicatins Wrk? Web Applicatin Architecture Web 2.0 Applicatins Vulnerability Stack Web Attack Vectrs Web App Threats Web Applicatin Threats - 1 Web Applicatin Threats - 2 Unvalidated Input Parameter/Frm Tampering Directry Traversal Security Miscnfiguratin Injectin Flaws Page 27

28 EC-Cuncil SQL Injectin Attacks Cmmand Injectin Attacks Cmmand Injectin Attacks Cmmand Injectin Example File Injectin Attack What is LDAP Injectin? Hw LDAP Injectin Wrks? Hidden Field Manipulatin Attack Crss-Site Scripting (XSS) Attacks Hw XSS Attacks Wrk? Crss-Site Scripting Attack Scenari: Attack via XSS Example: Attack via XSS Example: Stealing Users' Ckies XSS Example: Sending an Unauthrized Request XSS Attack in Blg Psting XSS Attack in Cmment Field XSS Cheat Sheet Crss-Site Request Frgery (CSRF) Attack Hw CSRF Attacks Wrk? Web Applicatin Denial-f-Service (DS) Attack Denial f Service (DS) Examples Buffer Overflw Attacks Ckie/Sessin Pisning Hw Ckie Pisning Wrks? Sessin Fixatin Attack Insufficient Transprt Layer Prtectin Imprper Errr Handling Insecure Cryptgraphic Strage Brken Authenticatin and Sessin Management Unvalidated Redirects and Frwards Web Services Architecture Web Services Attack Web Services Ftprinting Attack Web Services XML Pisning Page 28

29 EC-Cuncil Web App Hacking Methdlgy Ftprint Web Infrastructure Ftprint Web Infrastructure: Server Discvery Ftprint Web Infrastructure: Service Discvery Ftprint Web Infrastructure: Server Identificatin/Banner Grabbing Ftprint Web Infrastructure: Hidden Cntent Discvery Web Spidering Using Burp Suite Web Spidering Using Mzenda Web Agent Builder Attack Web Servers Hacking Web Servers Web Server Hacking Tl: WebInspect Analyze Web Applicatins Analyze Web Applicatins: Identify Entry Pints fr User Input Analyze Web Applicatins: Identify Server-Side Technlgies Analyze Web Applicatins: Identify Server-Side Functinality Analyze Web Applicatins: Map the Attack Surface Attack Authenticatin Mechanism Username Enumeratin Passwrd Attacks: Passwrd Functinality Explits Passwrd Attacks: Passwrd Guessing Passwrd Attacks: Brute-frcing Sessin Attacks: Sessin ID Predictin/ Brute-frcing Ckie Explitatin: Ckie Pisning Authrizatin Attack Schemes Authrizatin Attack HTTP Request Tampering Authrizatin Attack: Ckie Parameter Tampering Attack Sessin Management Mechanism Sessin Management Attack Attacking Sessin Tken Generatin Mechanism Attacking Sessin Tkens Handling Mechanism: Sessin Tken Sniffing Perfrm Injectin Attacks Injectin Attacks Attack Data Cnnectivity Cnnectin String Injectin Page 29

30 EC-Cuncil Cnnectin String Parameter Pllutin (CSPP) Attacks Cnnectin Pl DS Attack Web App Client Attack Web Services Web Services Prbing Attacks Web Service Attacks: SOAP Injectin Web Service Attacks: XML Injectin Web Services Parsing Attacks Web Service Attack Tl: sapui Web Service Attack Tl: XMLSpy Web Applicatin Hacking Tls Web Applicatin Hacking Tl: Burp Suite Prfessinal Web Applicatin Hacking Tls: CkieDigger Web Applicatin Hacking Tls: WebScarab Web Applicatin Hacking Tls Cuntermeasures Encding Schemes Hw t Defend Against SQL Injectin Attacks? Hw t Defend Against Cmmand Injectin Flaws? Hw t Defend Against XSS Attacks? Hw t Defend Against DS Attack? Hw t Defend Against Web Services Attack? Web Applicatin Cuntermeasures Hw t Defend Against Web Applicatin Attacks? Security Tls Web Applicatin Security Tl: Acunetix Web Vulnerability Scanner Web Applicatin Security Tl: Watcher Web Security Tl Web Applicatin Security Scanner: Netsparker Web Applicatin Security Tl: N-Stalker Web Applicatin Security Scanner Web Applicatin Security Tl: VampireScan Web Applicatin Security Tls Web Applicatin Firewall: dtdefender Web Applicatin Firewall: ServerDefender VP Web Applicatin Firewall Web App Pen Testing Page 30

31 EC-Cuncil Web Applicatin Pen Testing Infrmatin Gathering Cnfiguratin Management Testing Authenticatin Testing Sessin Management Testing Authrizatin Testing Data Validatin Testing Denial f Service Testing Web Services Testing AJAX Testing Mdule 14: SQL Injectin SQL Injectin Cncepts SQL Injectin Scenari SQL Injectin is the Mst Prevalent Vulnerability in 2012 SQL Injectin Threats What is SQL Injectin? SQL Injectin Attacks Hw Web Applicatins Wrk? Server Side Technlgies HTTP Pst Request Example 1: Nrmal SQL Query Example 1: SQL Injectin Query Example 1: Cde Analysis Example 2: BadPrductList.aspx Example 2: Attack Analysis Example 3: Updating Table Example 4: Adding New Recrds Example 5: Identifying the Table Name Example 6: Deleting a Table Testing fr SQL Injectin SQL Injectin Detectin SQL Injectin Errr Messages SQL Injectin Attack Characters Page 31

32 EC-Cuncil Additinal Methds t Detect SQL Injectin SQL Injectin Black Bx Pen Testing Testing fr SQL Injectin Types f SQL Injectin Simple SQL Injectin Attack Unin SQL Injectin Example SQL Injectin Errr Based Blind SQL Injectin What is Blind SQL Injectin? N Errr Messages Returned Blind SQL Injectin: WAITFOR DELAY YES r NO Respnse Blind SQL Injectin Explitatin (MySQL) Blind SQL Injectin - Extract Database User Blind SQL Injectin - Extract Database Name Blind SQL Injectin - Extract Clumn Name Blind SQL Injectin - Extract Data frm ROWS SQL Injectin Methdlgy Advanced SQL Injectin Infrmatin Gathering Extracting Infrmatin thrugh Errr Messages Understanding SQL Query Bypass Website Lgins Using SQL Injectin Database, Table, and Clumn Enumeratin Advanced Enumeratin Features f Different DBMSs Creating Database Accunts Passwrd Grabbing Grabbing SQL Server Hashes Extracting SQL Hashes (In a Single Statement) Transfer Database t Attacker s Machine Interacting with the Operating System Interacting with the FileSystem Netwrk Recnnaissance Using SQL Injectin Netwrk Recnnaissance Full Query SQL Injectin Tls Page 32

33 EC-Cuncil SQL Injectin Tls: BSQLHacker SQL Injectin Tls: Marathn Tl SQL Injectin Tls: SQL Pwer Injectr SQL Injectin Tls: Havij SQL Injectin Tls Evasin Techniques Evading IDS Types f Signature Evasin Techniques Evasin Technique: Sphisticated Matches Evasin Technique: Hex Encding Evasin Technique: Manipulating White Spaces Evasin Technique: In-line Cmment Evasin Technique: Char Encding Evasin Technique: String Cncatenatin Evasin Technique: Obfuscated Cdes Cunter-measures Hw t Defend Against SQL Injectin Attacks? Hw t Defend Against SQL Injectin Attacks: Use Type-Safe SQL Parameters Hw t Defend Against SQL Injectin Attacks SQL Injectin Detectin Tl: Micrsft Surce Cde Analyzer SQL Injectin Detectin Tl: Micrsft UrlScan Filter SQL Injectin Detectin Tl: dtdefender SQL Injectin Detectin Tl: IBM Security AppScan SQL Injectin Detectin Tl: WebCruiser Snrt Rule t Detect SQL Injectin Attacks SQL Injectin Detectin Tls Mdule 15: Hacking Wireless Netwrks Wireless Cncepts Wireless Netwrks 2010 vs Wi-Fi Device Type Cmparisn Wi-Fi Netwrks at Hme and Public Places Types f Wireless Netwrks Wireless Standards Service Set Identifier (SSID) Page 33

34 EC-Cuncil Wi-Fi Authenticatin Mdes Wi-Fi Authenticatin Prcess Using a Centralized Authenticatin Server Wireless Terminlgies Wi-Fi Chalking Wi-Fi Chalking Symbls Types f Wireless Antenna Parablic Grid Antenna Wireless Encryptin Types f Wireless Encryptin WEP Encryptin Hw WEP Wrks? What is WPA? Hw WPA Wrks? Tempral Keys What is WPA2? Hw WPA2 Wrks? WEP vs. WPA vs. WPA2 WEP Issues Weak Initializatin Vectrs (IV) Hw t Break WEP Encryptin? Hw t Break WPA/WPA2 Encryptin? Hw t Defend Against WPA Cracking? Wireless Threats Wireless Threats: Access Cntrl Attacks Wireless Threats: Integrity Attacks Wireless Threats: Cnfidentiality Attacks Wireless Threats: Availability Attacks Wireless Threats: Authenticatin Attacks Rgue Access Pint Attack Client Mis-assciatin Miscnfigured Access Pint Attack Unauthrized Assciatin Ad Hc Cnnectin Attack HneySpt Access Pint Attack Page 34

35 EC-Cuncil AP MAC Spfing Denial-f-Service Attack Jamming Signal Attack Wi-Fi Jamming Devices Wireless Hacking Methdlgy Wi-Fi Discvery Ftprint the Wireless Netwrk Attackers Scanning fr Wi-Fi Netwrks Find Wi-Fi Netwrks t Attack Wi-Fi Discvery Tl: inssider Wi-Fi Discvery Tl: NetSurveyr Wi-Fi Discvery Tl: NetStumbler Wi-Fi Discvery Tl: Vistumbler Wi-Fi Discvery Tl: WirelessMn Mbile-based Wi-Fi Discvery Tl Wi-Fi Discvery Tls GPS Mapping GPS Mapping Tl: WIGLE GPS Mapping Tl: Skyhk Wi-Fi Htspt Finder: jiwire Wi-Fi Htspt Finder: WeFi Hw t Discver Wi-Fi Netwrk Using Wardriving? Wireless Traffic Analysis Wireless Cards and Chipsets Wi-Fi USB Dngle: AirPcap Wi-Fi Packet Sniffer: Wireshark with AirPcap Wi-Fi Packet Sniffer: Cascade Pilt Wi-Fi Packet Sniffer: OmniPeek Wi-Fi Packet Sniffer: CmmView fr Wi-Fi What is Spectrum Analysis? Wi-Fi Packet Sniffers Launch Wireless Attacks Aircrack-ng Suite Hw t Reveal Hidden SSIDs Fragmentatin Attack Page 35

36 EC-Cuncil Hw t Launch MAC Spfing Attack? Denial f Service: Deauthenticatin and Disassciatin Attacks Man-in-the-Middle Attack MITM Attack Using Aircrack-ng Wireless ARP Pisning Attack Rgue Access Pint Evil Twin Hw t Set Up a Fake Htspt (Evil Twin)? Crack Wi-Fi Encryptin Hw t Crack WEP Using Aircrack? Hw t Crack WEP Using Aircrack? Screensht 1/2 Hw t Crack WEP Using Aircrack? Screensht 2/2 Hw t Crack WPA-PSK Using Aircrack? WPA Cracking Tl: KisMAC WEP Cracking Using Cain & Abel WPA Brute Frcing Using Cain & Abel WPA Cracking Tl: Elcmsft Wireless Security Auditr WEP/WPA Cracking Tls Wireless Hacking Tls Wi-Fi Sniffer: Kismet Wardriving Tls RF Mnitring Tls Wi-Fi Traffic Analyzer Tls Wi-Fi Raw Packet Capturing and Spectrum Analyzing Tls Bluetth Hacking Bluetth Stack Bluetth Threats Hw t BlueJack a Victim? Bluetth Hacking Tl: Super Bluetth Hack Bluetth Hacking Tl: PhneSnp Bluetth Hacking Tl: BlueScanner Bluetth Hacking Tls Cunter-measures Hw t Defend Against Bluetth Hacking? Hw t Detect and Blck Rgue AP? Page 36

37 EC-Cuncil Wireless Security Layers Hw t Defend Against Wireless Attacks? Wireless Security Tls Wireless Intrusin Preventin Systems Wireless IPS Deplyment Wi-Fi Security Auditing Tl: AirMagnet WiFi Analyzer Wi-Fi Security Auditing Tl: AirDefense Wi-Fi Security Auditing Tl: Adaptive Wireless IPS Wi-Fi Security Auditing Tl: Aruba RFPrtect WIPS Wi-Fi Intrusin Preventin System Wi-Fi Predictive Planning Tls Wi-Fi Vulnerability Scanning Tls Wi-Fi Pen Testing Wireless Penetratin Testing Wireless Penetratin Testing Framewrk Wi-Fi Pen Testing Framewrk Pen Testing LEAP Encrypted WLAN Pen Testing WPA/WPA2 Encrypted WLAN Pen Testing WEP Encrypted WLAN Pen Testing Unencrypted WLAN Mdule 16: Hacking Mbile Platfrms Mbile Platfrm Attack Vectrs Mbile Threat Reprt Q Terminlgy Mbile Attack Vectrs Mbile Platfrm Vulnerabilities and Risks Security Issues Arising frm App Stres Threats f Mbile Malware App Sandbxing Issues Hacking Andrid OS Andrid OS Andrid OS Architecture Andrid Device Administratin API Andrid Vulnerabilities Page 37

38 EC-Cuncil Andrid Rting Rting Andrid Phnes using SuperOneClick Rting Andrid Phnes Using Superbt Andrid Rting Tls Sessin Hijacking Using DridSheep Andrid-based Sniffer: FaceNiff Andrid Trjan: ZitM (ZeuS-in-the-Mbile) Andrid Trjan: GingerBreak Andrid Trjan: AcnetSteal and Cawitt Andrid Trjan: Frgnal and Gamex Andrid Trjan: KabStamper and Mania Andrid Trjan: PremiumSMS and SmsSpy Andrid Trjan: DridLive SMS and UpdtKiller Andrid Trjan: FakeTken Securing Andrid Devices Ggle Apps Device Plicy Remte Wipe Service: Remte Wipe Andrid Security Tl: DridSheep Guard Andrid Vulnerability Scanner: X-Ray Andrid Penetratin Testing Tl: Andrid Netwrk Tlkit - Anti Andrid Device Tracking Tls Hacking ios Security News Apple ios Jailbreaking ios Types f Jailbreaking Jailbreaking Techniques App Platfrm fr Jailbraken Devices: Cydia Jailbreaking Tls: Redsn0w and Absinthe Tethered Jailbreaking f ios 6 Using RedSn0w Jailbreaking Tls: Sn0wbreeze and PwnageTl Jailbreaking Tls: LimeRa1n and Jailbreakme.cm Jailbreaking Tls: Blackra1n and Spirit Guidelines fr Securing ios Devices Page 38

39 EC-Cuncil ios Device Tracking Tls Hacking Windws Phne OS Windws Phne 8 Windws Phne 8 Architecture Secure Bt Prcess Windws Phne 8 Vulnerabilities Guidelines fr Securing Windws OS Devices Hacking BlackBerry BlackBerry Operating System BlackBerry Enterprise Slutin Architecture Blackberry Attack Vectrs Malicius Cde Signing JAD File Explits and Memry/ Prcesses Manipulatins Shrt Message Service (SMS) Explits Explits PIM Data Attacks and TCP/IP Cnnectins Vulnerabilities Telephny Attacks Blackberry Spyware: FinSpy Mbile BlackBerry Ruter Prtcl Guidelines fr Securing BlackBerry Devices Mbile Device Management (MDM) MDM Lgical Architecture MDM Slutin: MaaS360 Mbile Device Management (MDM) MDM Slutins Mbile Security Guidelines and Tls General Guidelines fr Mbile Platfrm Security Mbile Device Security Guidelines fr Administratr Mbile Prtectin Tl: BullGuard Mbile Security Mbile Prtectin Tl: Lkut Mbile Prtectin Tl: WISeID Mbile Prtectin Tls Mbile Pen Testing Andrid Phne Pen Testing iphne Pen Testing Windws Phne Pen Testing Page 39

40 EC-Cuncil BlackBerry Pen Testing Mdule 17: Evading IDS, Firewalls, and Hneypts IDS, Firewall and Hneypt Cncepts Intrusin Detectin Systems (IDS) and their Placement Hw IDS Wrks? Ways t Detect an Intrusin Types f Intrusin Detectin Systems System Integrity Verifiers (SIV) General Indicatins f Intrusins General Indicatins f System Intrusins Firewall Firewall Architecture DeMilitarized Zne (DMZ) Types f Firewall Packet Filtering Firewall Circuit-Level Gateway Firewall Applicatin-Level Firewall Stateful Multilayer Inspectin Firewall Firewall Identificatin: Prt Scanning Firewall Identificatin: Firewalking Firewall Identificatin: Banner Grabbing Hneypt Types f Hneypts Hw t Set Up a Hneypt? IDS, Firewall and Hneypt System Intrusin Detectin Tl: Snrt Hw Snrt Wrks Snrt Rules Snrt Rules : Rule Actins and IP Prtcls Snrt Rules : The Directin Operatr and IP Addresses Snrt Rules : Prt Numbers Intrusin Detectin Systems: Tipping Pint Intrusin Detectin Tls Firewall: ZneAlarm PRO Firewall Page 40

41 EC-Cuncil Firewalls Hneypt Tl: KFSensr Hneypt Tl: SPECTER Hneypt Tls Evading IDS Insertin Attack Evasin Denial-f-Service Attack (DS) Obfuscating False Psitive Generatin Sessin Splicing Unicde Evasin Technique Fragmentatin Attack Overlapping Fragments Time-T-Live Attacks Invalid RST Packets Urgency Flag Plymrphic Shellcde ASCII Shellcde Applicatin-Layer Attacks Desynchrnizatin - Pre Cnnectin SYN Desynchrnizatin - Pst Cnnectin SYN Other Types f Evasin Evading Firewalls IP Address Spfing Surce Ruting Tiny Fragments Bypass Blcked Sites Using IP Address in Place f URL Bypass Blcked Sites Using Annymus Website Surfing Sites Bypass a Firewall using Prxy Server Bypassing Firewall thrugh ICMP Tunneling Methd Bypassing Firewall thrugh ACK Tunneling Methd Bypassing Firewall thrugh HTTP Tunneling Methd Bypassing Firewall thrugh External Systems Page 41

42 EC-Cuncil Bypassing Firewall thrugh MITM Attack Detecting Hneypts Detecting Hneypts Hneypt Detecting Tl: Send-Safe Hneypt Hunter Firewall Evading Tls Firewall Evasin Tl: Traffic IQ Prfessinal Firewall Evasin Tl: tcp-ver-dns Firewall Evasin Tls Packet Fragment Generatrs Cuntermeasures Penetratin Testing Firewall/IDS Penetratin Testing Firewall Penetratin Testing IDS Penetratin Testing Mdule 18: Buffer Overflw Buffer Overflw Cncepts Buffer Overflws Why Are Prgrams and Applicatins Vulnerable t Buffer Overflws? Understanding Stacks Stack-Based Buffer Overflw Understanding Heap Heap-Based Buffer Overflw Stack Operatins Shellcde N Operatins (NOPs) Buffer Overflw Methdlgy Knwledge Required t Prgram Buffer Overflw Explits Buffer Overflw Steps Attacking a Real Prgram Frmat String Prblem Overflw using Frmat String Smashing the Stack Once the Stack is Smashed... Buffer Overflw Examples Simple Uncntrlled Overflw Page 42

43 EC-Cuncil Simple Buffer Overflw in C: Cde Analysis Expliting Semantic Cmments in C (Anntatins) Hw t Mutate a Buffer Overflw Explit? Buffer Overflw Detectin Identifying Buffer Overflws Hw t Detect Buffer Overflws in a Prgram? Testing fr Heap Overflw Cnditins: heap.exe Steps fr Testing fr Stack Overflw in OllyDbg Debugger Testing fr Stack Overflw in OllyDbg Debugger Testing fr Frmat String Cnditins using IDA Pr BF Detectin Tl: Immunity CANVAS BF Detectin Tls Buffer Overflw Cunter-measures Defense Against Buffer Overflws Preventing BF Attacks Prgramming Cuntermeasures Data Executin Preventin (DEP) Enhanced Mitigatin Experience Tlkit (EMET) EMET System Cnfiguratin Settings EMET Applicatin Cnfiguratin Settings Buffer Overflw Security Tls /GS BF Security Tl: BufferShield BF Security Tls Buffer Overflw Penetratin Testing Mdule 19: Cryptgraphy Cryptgraphy Cncepts Cryptgraphy Types f Cryptgraphy Gvernment Access t Keys (GAK) Encryptin Algrithms Ciphers Advanced Encryptin Standard (AES) Data Encryptin Standard (DES) RC4, RC5, RC6 Algrithms Page 43

44 EC-Cuncil The DSA and Related Signature Schemes RSA (Rivest Shamir Adleman) Example f RSA Algrithm The RSA Signature Scheme Message Digest (One-way Hash) Functins Message Digest Functin: MD5 Secure Hashing Algrithm (SHA) What is SSH (Secure Shell)? Cryptgraphy Tls MD5 Hash Calculatrs: HashCalc, MD5 Calculatr and HashMyFiles Cryptgraphy Tl: Advanced Encryptin Package Cryptgraphy Tl: BCTextEncder Cryptgraphy Tls Public Key Infrastructure(PKI) Public Key Infrastructure (PKI) Certificatin Authrities Encryptin Digital Signature SSL (Secure Sckets Layer) Transprt Layer Security (TLS) Disk Encryptin Disk Encryptin Tl: TrueCrypt Disk Encryptin Tl: GiliSft Full Disk Encryptin Disk Encryptin Tls Cryptgraphy Attacks Cde Breaking Methdlgies Brute-Frce Attack Meet-in-the-Middle Attack n Digital Signature Schemes Cryptanalysis Tls Cryptanalysis Tl: CrypTl Cryptanalysis Tls Online MD5 Decryptin Tl Page 44

45 EC-Cuncil Mdule 20: Penetratin Testing Pen Testing Cncepts Security Assessments Security Audit Vulnerability Assessment Limitatins f Vulnerability Assessment Intrductin t Penetratin Testing Penetratin Testing Why Penetratin Testing? Cmparing Security Audit, Vulnerability Assessment, and Penetratin Testing What Shuld be Tested? What Makes a Gd Penetratin Test? ROI n Penetratin Testing Testing Pints Testing Lcatins Types f Pen Testing Types f Penetratin Testing External Penetratin Testing Internal Security Assessment Black-bx Penetratin Testing Grey-bx Penetratin Testing White-bx Penetratin Testing Annunced / Unannunced Testing Autmated Testing Manual Testing Pen Testing Techniques Cmmn Penetratin Testing Techniques Using DNS Dmain Name and IP Address Infrmatin Enumerating Infrmatin abut Hsts n Publicly-Available Netwrks Pen Testing Phases Phases f Penetratin Testing Pre-Attack Phase: Define Rules f Engagement (ROE) Pre-Attack Phase: Understand Custmer Requirements Pre-Attack Phase: Create a Checklist f the Testing Requirements Pre-Attack Phase: Define the Pen-Testing Scpe Page 45

46 EC-Cuncil Pre-Attack Phase: Sign Penetratin Testing Cntract Pre-Attack Phase: Sign Cnfidentiality and Nn-Disclsure (NDA) Agreements Pre-Attack Phase: Infrmatin Gathering Attack Phase Activity: Perimeter Testing Enumerating Devices Activity: Acquiring Target Activity: Escalating Privileges Activity: Execute, Implant, and Retract Pst-Attack Phase and Activities Penetratin Testing Deliverable Templates Pen Testing Radmap Penetratin Testing Methdlgy Applicatin Security Assessment Web Applicatin Testing - I Web Applicatin Testing - II Web Applicatin Testing - III Netwrk Security Assessment Wireless/Remte Access Assessment Wireless Testing Telephny Security Assessment Scial Engineering Testing Netwrk-Filtering Devices Denial f Service Emulatin Outsurcing Pen Testing Services Outsurcing Penetratin Testing Services Terms f Engagement Prject Scpe Pentest Service Level Agreements Penetratin Testing Cnsultants Page 46