ETHICAL HACKING. By REAL TIME FACULTY

Transcription

1 w w ẉ s u n m ar s ṣ n et ETHICAL HACKING Duration : 1 Month Timings : 4.30 p.m. to 6.00 p.m. By REAL TIME FACULTY # 407, 4 th Floor, New HUDA MYTHRI VIHAR, Beside Aditya Trade Centre, Ameerpet, Hyd Ph.: ,

2 ETHICAL HACKING & COUNTER MEASURES INTRODUCTION TO ETHICAL HACKING : Terminology Hackers, Crackers, and Other Related Terms Hactivism Threats Hacking History Ethical Hacking Objectives and Motivations Steps in Malicious Hacking Reconnaissance Scanning Acquiring Access Maintaining Access Covering, Clearing Tracks, and Installing Back Doors Hacker and Ethical Hacker Characteristics & Operations Skills Needed by an Ethical Hacker LEGALITY AND ETHICS : Law and Legal Systems Administrative Law Common Law Organization Statutory Law U.S. Common Law System Categories Computer Security Crime Laws Privacy Principles and Laws Computer Crime Penalties Ethics PENETRATION TESTING FOR BUSINESS : Penetration Testing from a Business Perspective Penetration Test Approach and Results Valuating Assets Penetration Testing Steps Summarized Selecting a Penetration Testing Consulting Organization Justification of Penetration Testing through Risk Analysis Risk Analysis Process Typical Threats and Attacks Impact Determination Management Responsibilities in Risk Analysis Relating to Penetration Testing FOOTPRINTING : Gathering Information Whois Nslookup Open Source Searching Locating the Network Range 2

3 Determining the Network Range with ARIN Traceroute and TTL Tracking Programs SCANNING : Identifying Active Machines Ping Ping Sweeps Ping Tools Identifying Open Ports and Available Services Port Scanning: TCP/UDP Scanning Types Determining the Operating System Scanning Tools Vulnerable Ports Port Scanning Issues Fingerprinting: Passive Fingerprinting Mapping the Network ENUMERATING : Protection Rings Windows Architecture Windows Security Elements SAM Database Local Security Authority Subsystem Service NetBIOS Active Directory (AD) Enumerating Techniques for Windows NetBIOS Enumerating Net View NBTSTAT DNS Zone Transfer Active Directory Enumeration Countermeasures NetBIOS Null Sessions SNMP Enumeration Countermeasures DNS Zone Transfer Countermeasures SYSTEM HACKING TECHNIQUES : Password Guessing Automated Password Guessing Password Sniffing KerbCrack Alternate Means Keystroke Loggers Hardware Keyloggers Software Keyloggers Keylogging Tools Privilege Escalation Password Cracking Password Cracking Techniques Dictionary Attack Brute Force Attack Hybrid Attack 3

4 Rainbow Attack Stealing SAM Cracking Tools Covering Tracks Disabling Auditing Clearing the Event Log Planting Rootkits File Hiding Countermeasures TROJANS, BACKDOORS, AND SNIFFERS : Trojans and Backdoors Trojan Types Remote Access Trojans (RATs) Trojan Attack Vectors Wrappers Covert Communication Trusted Computer System Evaluation Criteria (TCSEC) Covert Storage Channel Covert Timing Channel Covert Communication Tools Port Redirection NetCat Reverse Telnet Other Notables Anti-Trojan Software and Countermeasures Windows File Protection (WFP) Tripwire Fport TCPView Process Viewer Sniffers Sniffing Exploits ARP Spoofing MAC Flooding DNS Spoofing or Poisoning Sniffing Tools Snort Dsniff Ethereal MAC Flooding Tools ARP Poisoning Tools Other Sniffing Tools DENIAL OF SERVICE ATTACKS AND SESSION HIJACKING : Denial of Service/Distributed Denial of Service (DoS/DDoS) DOS Attacks DDoS Attacks Prevention of DoS Attacks Prevention of DDoS Attacks Session Hijacking The TCP/IP Protocol Stack Layered Protocol Roles Sequence Numbers Session Hijacking Steps Tools for Session Hijacking Protecting Against Session Hijacking 4

5 PENETRATION TESTING STEPS : Penetration Testing Overview Legal and Ethical Implications The Three Pretest Phases Footprinting Scanning Enumerating Penetration Testing Tools and Techniques Port Scanners Vulnerability Scanners Password Crackers Trojan Horses Buffer Overflows SQL Injection Attack Wireless Network Penetration Testing MAC Address Vulnerabilities Wireless Scanning Tools Social Engineering Intrusion Detection System (IDS) LINUX HACKING TOOLS : Linux History Scanning Networks with Linux Tools NMap Nessus Cheops and Cheops-ng Linux Hacking Tools John the Ripper SARA Sniffit HPing Linux Rootkits Linux Security Tools Linux Firewalls IPChains IPTables Linux Application Security Tools Linux Intrusion Detection Systems (IDS) Linux Encryption Tools Linux Log and Traffic Monitors Port Scan Detection Tools SOCIAL ENGINEERING AND PHYSICAL SECURITY : Social Engineering Human-Based (Person-to- Person) Social Engineering Computer-Based Social Engineering Example Social Engineering Attacks Motivations for Individuals to Respond to Social Engineers Reverse Social Engineering Phishing Hidden Frames URL Obfuscation HTML Image Mapping 5

6 Identity Theft Defending Against Social Engineering Attacks Physical Security Physical Security Implementation Company Facility Controls and Issues Company Personnel Controls Environmental Controls Heating, Ventilation, and Air Conditioning (HVAC) Fire Safety Controls Access Controls Fax Machines Physical Facility Controls WEB SERVER HACKING AND WEB APPLICATION VULNERABILITIES : Web Server Hacking Client to Server Data Exchange Web Servers Web Server Security Issues ISAPI and DLL IIS Attacks Apache Attacks Hacking Tools Patch Management Web Application Vulnerabilities Related Hacking Tools Netcat Black Widow Instant Source Wget Websleuth Nikto Wikto Nessus Network Utilities Countermeasures SQL INJECTION VULNERABILITIES : SQL Injection Testing and Attacks Preparing for an Attack Conducting an Attack Lack of Strong Typing Union Select Statements Acquiring Table Column Names Stored Procedures Extended Stored Procedures Server System Tables SQL Injection Prevention and Remediation Automated SQL Injection Tools CRYPTOGRAPHY : Symmetric Key Cryptography Symmetric Key Encipherment Substitution Cipher Vernam Cipher (One-Time Pad) Transposition (Permutation) Cipher 6

7 The Exclusive Or (XOR) Function Symmetric Key Cryptography Characteristics Data Encryption Standard (DES) Triple DES The Advanced Encryption Standard (AES) The Blowfish Algorithm The Twofish Algorithm The IDEA Cipher RC5/RC6 Public Key Cryptosystems One-Way Functions Public Key Algorithms RSA El Gamal Elliptic Curve (EC) Summaries of Public Key Cryptosystem Approaches Digital Signatures Hash Function Developing the Digital Signature The U.S. Digital Signature Standard (DSS) MD5 Public Key Certificates Digital Certificates Public Key Infrastructure (PKI) Cryptanalysis Managing Encryption Keys Security Electronic Transaction Security Wireless Security Disk Encryption Hacking Tools CRACKING WEB PASSWORDS : Authentication Authentication Methods Basic Authentication Digest Authentication NTLM (NT LAN Manager) Authentication Negotiate Authentication Certificate Based Authentication Forms-Based Authentication Password Considerations & Issues Selecting Passwords Protecting Passwords Password Cracking Computer Password Cracking and Support Tools Web Password Cracking Tools Countermeasures WIRELESS NETWORK ATTACKS AND COUNTERMEASURES : Wireless Technology The Cellular Phone Network Worldwide Cellular via LEO Satellites 7

8 Cellular Network Elements Global Wireless Transmission Systems WLAN Threats Denial of Service Attacks SSID Problems The Broadcast Bubble War Driving Rogue Access Points MAC Spoofing Wireless Hacking Tools NetStumbler AiroPeek AirSnort Kismet WEPCrack Other WLAN Tools Securing WLANs Standards and Policy Solutions MAC Address Filtering SSID Solutions Antenna Placement VLANS Wireless VPNs Wireless RADIUS Dynamic WEP Keys Enable WEP, WPA2, EAP, and 802.1x Site Surveys and IDS FIREWALLS, INTRUSION DETECTION SYSTEMS, AND HONEYPOTS : Firewalls Firewall Types Proxy Firewall Packet Level Filtering Firewall Stateful Inspection Firewalls Hardware and Software Firewalls Firewall Architectures Packet-Filtering Routers Dual-Homed Hosts Screened Host Screened-Subnet Firewalls Firewall Identification Banner Grabbing Port Scanning Firewall Ports Scanning with TCP Scanning with UDP Firewalking Breaching and Bypassing Firewalls Hping Traceroute Covert Channeling ACK Tunneling HTTP Tunneling Firewall Backdoors Firewall Informer 8

9 Intrusion Detection and Response Host-Based ID Systems Network-Based ID systems IDS Detection Methods Statistical Anomaly Detection Pattern Matching Detection Protocol Detection IDS Responses Using an IDS in a Switched Environment Evading IDSs Tools for Evading and Testing IDSs Intrusion Prevention Systems SNORT 2.x Cisco Security Agent Incident Handling Computer Incident Response Team Incident Notification Honeypots Honeypot Applications Discovering Honeypots VIRUSES, WORMS, AND BUFFER OVERFLOWS : Viruses The Virus Lifecycle Macro Viruses Polymorphic Viruses Stealth Viruses Spyware Web Bugs Spambots Pop-Up Downloads Drive-By Downloads Bogus Spyware Removal Programs Multistage and Blended Threats Worms Virus and Worm Examples Chernobyl Explore.Zip LoveLetter Melissa Virus Nimda Virus Pretty Park BugBear Klez SirCam Worm Code Red Worm Other Worms of Interest Buffer Overflows Preventing Malicious Code and Buffer Overflows Virus Scanners Virus Prevention Virus Detection Defending Against Buffer Overflows 9

10 OTHER COURSES OFFERED 10