SONDRA SCHNEIDER JOHN NUNES

Transcription

1 TECHNOLOGY TRANSFER PRESENTS SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM THE ONLY WAY TO STOP A HACKER IS TO THINK LIKE ONE MAY 21-25, 2007 VISCONTI PALACE HOTEL - VIA FEDERICO CESI, 37 ROME (ITALY) info@technologytransfer.it

2 CERTIFIED ETHICAL HACKER TM ABOUT THIS SEMINAR Scan, test, hack and secure your systems. Security Hacking for Professionals. Certified Ethical Hacking 5- Day Class certifies students in the specific network security discipline of Ethical Hacking. The lab intensive environment gives each student in-depth knowledge and practical experience of perimeter defenses, scanning and attacking lab net escalating privileges on a system and how to secure a system. No real network is harmed. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. Class Tuition and Bonuses Instruction and review with an experienced master of Ethical Hacking CEH Certification Exam on site last day of class Access to Security University s IT Professional Reference Library of targeted pre-class reading, with: - Free CD of Linux & Free 2-CD set containing over 300 up-to-date Hacking tools and exploits - Labs times are 8-9 am, 5-7 pm. - Class book, lab handouts Certified Ethical Hacker, CEH Certification, tests on the following 22 domains: 1. Ethics and Legal Issues 2. Footprinting 3. Scanning 4. Enumeration 5. System Hacking 6. Trojans and Backdoors 7. Sniffers 8. Denial of Service 9. Social Engineering 10. Session Hijacking 11. Hacking Web Servers 12. Web Application Vulnerabilities 13. Web Based Password Cracking Techniques 14. SQL Injection 15. Hacking Wireless Net 16. Virus and Worms 17. Physical Security 18. Linux Hacking 19. IDS, Firewalls and Honeypots 20. Buffer Overflows 21. Cryptography 22. Penetration Testing Methodologies The partecipants are kindly requested to bring their laptop with wireless connection capability. CEH Certification Exam on site last day of class.

3 CERTIFIED ETHICAL HACKER TM OUTLINE 1. Ethics and Legality Understand Ethical Hacking terminology Define the Job role of an Ethical Hacker Understand the different phases involved in Ethical Hacking Identify different types of Hacking technologies List the 5 stages of Ethical Hacking? What is hacktivism? List different types of Hacker classes Define the skills required to become an Ethical Hacker What is vulnerability research? Describe the ways in conducting Ethical Hacking Understand the Legal implications of Hacking 2. Footprinting Define the term Footprinting Describe information gathering methodology Describe competitive intelligence Understand DNS enumeration Understand Whois, ARIN lookup Identify different types of DNS records Understand how traceroute is used in Footprinting Understand how tracking Understand how Web spiders work 3. Scanning Define the term port scanning, network scanning and vulnerability scanning Understand the CEH scanning methodology Understand Ping Sweep Understand nmap command switches Understand SYN, Stealth, XMAS, NULL, IDLE and FIN scans List TCP communication flag types Understand War dialing Understand banner grabbing and OF fingerprinting Understand how proxy servers are used in launching an attack How does anonymizers work Understand HTTP tunneling Understand IP spoofing 4. Enumeration What is Enumeration? What is meant by null sessions What is SNMP Enumeration? What are the steps involved in performing Enumeration? 5. System Hacking Understanding password cracking Understanding different types of passwords Identifying various password cracking tools Understand Escalating privileges Understanding keyloggers and other spyware technologies Understand how to Hide files Understanding rootkits Understand Steganography technologies Understand how to covering your tracks and erase evidences 6. Trojans and Backdoors What is a Trojan? What is meant by overt and covert channels? List the different types of Trojans What are the indications of a Trojan attack? Understand how Netcat Trojan What is meant by wrapping How does reverse connecting Trojans work? What are the countermeasure in preventing Trojans? Understand Trojan evading 7. Sniffers Understand the protocol susceptible to sniffing Understand active and passive sniffing Understand ARP poisoning Understand ethereal capture and display filters Understand MAC flooding Understand DNS spoofing Describe sniffing countermeasures 8. Denial of Service Understand the types of DoS Attacks Understand how DDoS attack Understand how BOTs/BOT- NETS work What is smurf attack What is SYN flooding Describe the DoS/DDoS countermeasures 9. Social Engineering What is Social Engineering? What are the Common Types of Attacks Understand Dumpster Diving Understand Reverse Social Engineering Understand Insider attacks Understand Identity Theft Describe Phishing Attacks Understand Online Scams Understand URL obfuscation Social Engineering countermeasures

4 10. Session Hijacking Understand Spoofing vs Hijacking List the types of Session Hijacking Understand Sequence Prediction What are the steps in performing Session Hijacking Describe how you would prevent Session Hijacking 11. Hacking Web Servers List the types of Web Server vulnerabilities Understand the attacks Against Web Servers Understand IIS Unicode exploits Understand patch Management Understand Web Application Scanner What is Metasploit Framework? Describe Web Server hardening methods 12. Web Application Vulnerabilities Understanding how Web Application Objectives of Web Application Hacking Anatomy of an attack Web Application threats Understand Google Hacking Understand Web Application Countermeasures 13. Web Based Password Cracking Techniques List the Authentication types What is a Password Cracker? How does a Password Cracker work? Understand Password Attacks - Classification Understand Password Cracking Countermeasures 14. SQL Injection What is SQL injection? Understand the Steps to conduct SQL injection Understand SQL Server vulnerabilities Describe SQL injection countermeasures 15. Wireless Hacking Overview of WEP, WPA authentication systems and cracking Overview of wireless Sniffers and SSID, MAC Spoofing Understand Rogue Access Points Understand Wireless Hacking Describe the methods in securing Wireless Net 16. Virus and Worms Understand the difference between an Virus and a Worm Understand the types of Viruses How a Virus spreads and infects the system Understand antivirus evasion Understand Virus detection methods 17. Physical Security Physical security breach incidents Understanding physical security What is the need for physical security? Who is accountable for physical security? Factors affecting physical security 18. Linux Hacking Understand how to compile a Linux Kernel Understand GCC compilation commands Understand how to install LKM modules Understand Linux hardening methods 19. Evading IDS, Honeypots and Firewalls List the types of Intrusion Detection Systems and evasion List firewall and honeypot evasion 20. Buffer Overflows Overview of stack based buffer overflows Identify the different types of buffer overflows and methods of detection Overview of buffer overflow mutation 21. Cryptography Overview of cryptography and encryption Describe how public and private keys are generated Overview of MD5, SHA, RC4, RC5, Blowfish algorithms 22. Penetration Testing Methodologies Overview of Penetration Testing methodologies List the Penetration Testing steps Overview of the Pen-Test legal framework Overview of the Pen-Test deliverables List the automated Penetration Testing tools

5 INFORMATION PARTICIPATION FEE 2600 The fee includes all seminar documentation, luncheon and coffee breaks. VENUE Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) SEMINAR TIMETABLE 9.30 am pm 2.00 pm pm HOW TO REGISTER You must send the registration form with the receipt of the payment to: TECHNOLOGY TRANSFER S.r.l. Piazza Cavour, Rome (Italy) Fax within May 7, 2007 PAYMENT Wire transfer to: Technology Transfer S.r.l. Banca Intesa Sanpaolo S.p.A. Agenzia 3 di Roma Iban Code: IT-34-Y GENERAL CONDITIONS If anyone registered to participate is unable to attend, a substitute may participate in their place. A full refund is given for any cancellation received more than 15 days before the seminar starts. Cancellations less than 15 days prior the event are liable for 50% of the fee. Cancellations less than one week prior to the event are liable for the full fees as invoiced. In case of cancellation of the seminar, Technology Transfer s responsibility only applies to the refund of the participation fees which have already been forwarded. SONDRA SCHNEIDER JOHN NUNES CERTIFIED ETHICAL HACKER TM first name... surname... May 21-25, 2007 Visconti Palace Hotel Via Federico Cesi, 37 Rome (Italy) Registration fee: 2600 job title... organisation... address... postcode... Stamp and signature city... country... If registered participants are unable to attend, or in case of cancellation of the seminar, the general conditions mentioned before are applicable. telephone... fax Send your registration form with the receipt of the payment to: Technology Transfer S.r.l. Piazza Cavour, Rome (Italy) Tel Fax info@technologytransfer.it

6 SPEAKERS Sondra Schneider is an 20-year industry veteran. She is Senior Director of Security University, an Advanced Information Security Training University. For the past five years Ms. Schneider has been traveling internationally training network Professionals in Advanced Network Security Technologies. She has been a frequent speaker at security industry events and closely with the vendor community to provide training and feedback. Ms. Schneider is a pioneer in security technology, specializing in network perimeter security, vulnerability auditing, intrusion detection, advanced authentication and PKI systems, and broad band net. Prior to founding Security University, she was a partner in a New York-based Information security firm. She was previously Northeast Director of Business development for the WheelGroup Corporation, where she was responsible for the introduction and implementation of the CISCO/WheelGroup NetRanger and NetSonar product line with large customers and VARs. Capitalizing on her earlier product experience, she brought Real-Time Intrusion Detection systems and tools to telcos, healthcare, financial institutions and Fortune 500 customers. Before joining WheelGroup, Ms. Schneider was a Senior Data Network Engineer and Internet Specialist for AT&T. John Nunes is the Director of Qualified Information Security Professional for Security University and is based out of the Washington DC area. With an extensive Computer Security background, Mr. Nunes has 13 years of Penetration Testing experience most recently as an independent consultant and previously Internet Security Systems (ISS). He has written both Penetration Testing and Wireless Security and Wireless Hacking courses along with numerous white papers and Case Studies and performed Wireless Security assessments and Penetration Tests. John Nunes is a former Naval Cryptologist and Computer Security Specialist with 12 years of military service. He has assisted and trained various U.S. Government agencies as well as local and Federal law enforcement. Prior to joining Security University, Mr. Nunes taught a number of Hacking and Intrusion Detection courses worldwide and provides security assessments to small and midsize companies.