الجمعة، 21 مايو 2010

مكونات دورة الهاكرز الأخلاقى CEH v6 Ethical Hacking and Countermeasures

مواصفات الكورس
فى هذا الكورس سزف يكون الطالب فى بيئه تفاعليه حيث سوف يعرض عليه كيفية مسح وإختبار وقرصنه وتأمين الأنظمه الخاصه. وسوف يختبر يكتسب الطالب معرفه متمقه وخبره عمليه مع الأنظمه الأمنيه والأساسيه الحاله . وسوف يبدأ الطالب ومن خلال الدوره فهم كيفيه الدفاعات المحيطه بالعمل وبعد ذالك يقرر عمليه المسح ومهاجمه الشبكه المستهدفه .
ملاحظه :لا تضر أى شبكة حقيقيه .
يتعلم الطالب بعد ذالك كيفيه تصعيد الهجمات على الموقع المستهدف وما هى الخطوات التى يمكن اتخاذها لتأمين النظام
سوف يتعلم الطالب أيضا كيف يتسلل وسياسه الخلق والهندسه الإجتماعيه وهجمات منع الخدمه DDos وكيف يقوم بتخليق وإنشاء الفيروسات . عندما يتجاوز الطالب هذه الدورة المكثفه التى تمتد إلى 5 أيام سوف يكون على علم وفهم ما تعنيه دورة الهاكر الأخلاقى Ethical Hacking
هذه الدورة تؤهلك للحصول على شهادة المفوضيه الأوربيه ومجلس إمتحان الهكر الأخلاقى إمتحان exam 312-50

من هم المستفيدون من الدوره
سوف يستفيد منها ضباط الأمن ومراجعى الحسابا والمهتمين والمسؤلين عن أمن المواقع ولمن يشعر بالقلق على سلامه البنيه التحتيه للشبكة

مدة الدورة :
5 أيام من (9 صباحا الى 5 مساءا)
الشهادة
شهادة إمتحان الهكر الأخلاقى Ethical Hacker exam 312-50 يمكن أن تؤخذ فى آخر يوم من التدريب وسوف تمتحن فيه ( إختيارى )
على الطالب إجتياز الإمتحان كامل على الإنترنيت للحصول على شهادة معتمدة فى CEH
إتفاق قانونى
كورس الهكر الأخلاقى Ethical Hacking and Countermeasures مهمته بالطبع التثقيف وإدخال أدوات القرصنه hacking وشرح لأغراض الإختبار فقط وهذا للعلم قبل حضور الدوره
سوف يطلب منك التوقيع على إتفاقيه تنص على أنك لن تستخدم المهارات المكتسبه حديثا لهجمات غير مشروعه أو ضاره وأنك لن تستخدم هذهة الأدوات فى محاولة إختراق أى نظام حاسوبى وعليك تعويض المفوضيه الأوربيه والمجلس فيما إذا كنت إستخدمت هذه الأدوات بسؤ بعض النظر عن النوايا

ملاحظه هامه : لا يمكن لآى شخص ان يكون طالب فى هذا الكورس ويسجل فى مراكز التدريب المعتمدة (ATC) وسوف نتأكد على أن المتقدمين يعملون فى الشركات المشروعه فقط
مخطط تفصيلى لما سوف تدرسه فى دورة Ethical Hacking and Countermeasures الهاكر الأخلاقى إصدار 6.1
CEH v6 يتكون المنهج التدريبى وبقيادة المدرب والدراسه الذاتيه وسوف يقوم المدرب بإتاحة وتقديم وحدات تفصيليه للدراسه الذاتيه للطالب المتقدم

Module 1: Introduction to Ethical Hacking

* Problem Definition -Why Security?
* Essential Terminologies
* Elements of Security
* The Security, Functionality and Ease of Use Triangle
* Effect on Business
* Case Study
* What does a Malicious Hacker do?
o Phase1-Reconnaissaance
+ Reconnaissance Types
o Phase2-Scanning
o Phase3-Gaining Access
o Phase4-Maintaining Access
o Phase5-Covering Tracks
* Types of Hacker Attacks
o Operating System attacks
o Application-level attacks
o Shrink Wrap code attacks
o Misconfiguration attacks
* Hacktivism
* Hacker Classes
* Security News: Suicide Hacker
* Ethical Hacker Classes
* What do Ethical Hackers do
* Can Hacking be Ethical
* How to become an Ethical Hacker
* Skill Profile of an Ethical Hacker
* What is Vulnerability Research
o Why Hackers Need Vulnerability Research
o Vulnerability Research Tools
o Vulnerability Research Websites
+ National Vulnerability Database (nvd.nist.gov)
+ Securitytracker (www.securitytracker.com)
+ Securiteam (www.securiteam.com)
+ Secunia (www.secunia.com)
+ Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)
+ HackerWatch (www.hackerwatch.org)
+ SecurityFocus (www.securityfocus.com)
+ SecurityMagazine (www.securitymagazine.com)
+ SC Magazine (www.scmagazine.com)
+ MILWORM
* How to Conduct Ethical Hacking
* How Do They Go About It
* Approaches to Ethical Hacking
* Ethical Hacking Testing
* Ethical Hacking Deliverables
* Computer Crimes and Implications

Module 2: Hacking Laws

* U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
* Legal Perspective (U.S. Federal Law)
o 18 U.S.C. § 1029
+ Penalties
o 18 U.S.C. § 1030
+ Penalties
o 18 U.S.C. § 1362
o 18 U.S.C. § 2318
o 18 U.S.C. § 2320
o 18 U.S.C. § 1831
o 47 U.S.C. § 605, unauthorized publication or use of communications
o Washington:
+ RCW 9A.52.110
o Florida:
+ § 815.01 to 815.07
o Indiana:
+ IC 35-43
* United Kingdom’s Cyber Laws
* United Kingdom: Police and Justice Act 2006
* European Laws
* Japan’s Cyber Laws
* Australia : The Cybercrime Act 2001
* Indian Law: THE INFORMTION TECHNOLOGY ACT
* Argentina Laws
* Germany’s Cyber Laws
* Singapore’s Cyber Laws
* Belgium Law
* Brazilian Laws
* Canadian Laws
* France Laws
* German Laws
* Italian Laws
* MALAYSIA: THE COMPUTER CRIMES ACT 1997
* HONGKONG: TELECOMMUNICATIONS
* Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.
* Greece Laws
* Denmark Laws
* Netherlands Laws
* Norway
* ORDINANCE
* Mexico
* SWITZERLAND

Module 3: Footprinting

* Revisiting Reconnaissance
* Defining Footprinting
* Why is Footprinting Necessary
* Areas and Information which Attackers Seek
* Information Gathering Methodology
o Unearthing Initial Information
+ Finding Company’s URL
+ Internal URL
+ Extracting Archive of a Website
# www.archive.org
+ Google Search for Company’s Info
# People Search
# Yahoo People Search
# Satellite Picture of a Residence
# Best PeopleSearch
# People-Search-America.com
# Switchboard
# Anacubis
# Google Finance
# Yahoo Finance
+ Footprinting through Job Sites
+ Passive Information Gathering
+ Competitive Intelligence Gathering
# Why Do You Need Competitive Intelligence?
# Competitive Intelligence Resource
# Companies Providing Competitive Intelligence Services
# Carratu International
# CI Center
# Competitive Intelligence - When Did This Company Begin? How Did It Develop?
# Competitive Intelligence - Who Leads This Company
# Competitive Intelligence - What Are This Company's Plans
# Competitive Intelligence - What Does Expert Opinion Say About The Company
# Competitive Intelligence - Who Are The Leading Competitors?
# Competitive Intelligence Tool: Trellian
# Competitive Intelligence Tool: Web Investigator
+ Public and Private Websites
* Footprinting Tools
o Sensepost Footprint Tools
o Big Brother
o BiLE Suite
o Alchemy Network Tool
o Advanced Administrative Tool
o My IP Suite
o Wikto Footprinting Tool
o Whois Lookup
o Whois
o SmartWhois
o ActiveWhois
o LanWhois
o CountryWhois
o WhereIsIP
o Ip2country
o CallerIP
o Web Data Extractor Tool
o Online Whois Tools
o What is MyIP
o DNS Enumerator
o SpiderFoot
o Nslookup
o Extract DNS Information
+ Types of DNS Records
+ Necrosoft Advanced DIG
o Expired Domains
o DomainKing
o Domain Name Analyzer
o DomainInspect
o MSR Strider URL Tracer
o Mozzle Domain Name Pro
o Domain Research Tool (DRT)
o Domain Status Reporter
o Reggie
o Locate the Network Range
+ ARIN
+ Traceroute
# Traceroute Analysis
+ 3D Traceroute
+ NeoTrace
+ VisualRoute Trace
+ Path Analyzer Pro
+ Maltego
+ Layer Four Traceroute
+ Prefix WhoIs widget
+ Touchgraph
+ VisualRoute Mail Tracker
+ eMailTrackerPro
+ Read Notify
* E-Mail Spiders
o 1st E-mail Address Spider
o Power E-mail Collector Tool
o GEOSpider
o Geowhere Footprinting Tool
o Google Earth
o Kartoo Search Engine
o Dogpile (Meta Search Engine)
o Tool: WebFerret
o robots.txt
o WTR - Web The Ripper
o HTTrack Web Site Copier
o Website Watcher
* How to Create Fake Website
* Real and Fake Website
* Tool: Reamweaver
* Mirrored Fake Website
* Faking Websites using Man-in-the-Middle Phishing Kit
* Benefits to Fraudster
* Steps to Perform Footprinting

Module 4: Google Hacking

* What is Google hacking
* What a hacker can do with vulnerable site
* Anonymity with Caches
* Using Google as a Proxy Server
* Directory Listings
o Locating Directory Listings
o Finding Specific Directories
o Finding Specific Files
o Server Versioning
* Going Out on a Limb: Traversal Techniques
o Directory Traversal
o Incremental Substitution
* Extension Walking
* Site Operator
* intitle:index.of
* error | warning
* login | logon
* username | userid | employee.ID | “your username is”
* password | passcode | “your password is”
* admin | administrator
o admin login
* –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
* inurl:temp | inurl:tmp | inurl:backup | inurl:bak
* intranet | help.desk
* Locating Public Exploit Sites
o Locating Exploits Via Common Code Strings
+ Searching for Exploit Code with Nonstandard Extensions
+ Locating Source Code with Common Strings
* Locating Vulnerable Targets
o Locating Targets Via Demonstration Pages
+ “Powered by” Tags Are Common Query Fodder for Finding Web Applications
o Locating Targets Via Source Code
+ Vulnerable Web Application Examples
o Locating Targets Via CGI Scanning
+ A Single CGI Scan-Style Query
* Directory Listings
o Finding IIS 5.0 Servers
* Web Server Software Error Messages
o IIS HTTP/1.1 Error Page Titles
o “Object Not Found” Error Message Used to Find IIS 5.0
o Apache Web Server
+ Apache 2.0 Error Pages
* Application Software Error Messages
o ASP Dumps Provide Dangerous Details
o Many Errors Reveal Pathnames and Filenames
o CGI Environment Listings Reveal Lots of Information
* Default Pages
o A Typical Apache Default Web Page
o Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP
o Default Pages Query for Web Server
o Outlook Web Access Default Portal
* Searching for Passwords
o Windows Registry Entries Can Reveal Passwords
o Usernames, Cleartext Passwords, and Hostnames!
* Google Hacking Database (GHDB)
* SiteDigger Tool
* Gooscan
* Goolink Scanner
* Goolag Scanner
* Tool: Google Hacks
* Google Hack Honeypot
* Google Protocol
* Google Cartography

Module 5: Scanning

* Scanning: Definition
* Types of Scanning
* Objectives of Scanning
* CEH Scanning Methodology
o Checking for live systems - ICMP Scanning
+ Angry IP
+ Ping Sweep
+ Firewalk Tool
+ Firewalk Commands
+ Firewalk Output
+ Three Way Handshake
+ TCP Communication Flags
+ Nmap
+ Nmap: Scan Methods
+ NMAP Scan Options
+ NMAP Output Format
+ HPing2
+ Syn Stealth/Half Open Scan
+ Stealth Scan
+ Xmas Scan
+ Fin Scan
+ Null Scan
+ Idle Scan
+ ICMP Echo Scanning/List Scan
+ TCP Connect/Full Open Scan
+ SYN/FIN Scanning Using IP Fragments
+ UDP Scanning
+ Reverse Ident Scanning
+ Window Scan
+ Blaster Scan
+ Portscan Plus, Strobe
+ IPSec Scan
+ Netscan Tools Pro
+ WUPS – UDP Scanner
+ Superscan
+ IPScanner
+ Global Network Inventory Scanner
+ Net Tools Suite Pack
+ Floppy Scan
+ FloppyScan Steps
+ E-mail Results of FloppyScan
+ Atelier Web Ports Traffic Analyzer (AWPTA)
+ Atelier Web Security Port Scanner (AWSPS)
+ IPEye
+ ike-scan
+ Infiltrator Network Security Scanner
+ YAPS: Yet Another Port Scanner
+ Advanced Port Scanner
+ NetworkActiv Scanner
+ NetGadgets
+ P-Ping Tools
+ MegaPing
+ LanSpy
+ HoverIP
+ LANView
+ NetBruteScanner
+ SolarWinds Engineer’s Toolset
+ AUTAPF
+ OstroSoft Internet Tools
+ Advanced IP Scanner
+ Active Network Monitor
+ Advanced Serial Data Logger
+ Advanced Serial Port Monitor
+ WotWeb
+ Antiy Ports
+ Port Detective
+ Roadkil’s Detector
+ Portable Storage Explorer
* War Dialer Technique
o Why War Dialing
o Wardialing
o Phonesweep – War Dialing Tool
o THC Scan
o ToneLoc
o ModemScan
o War Dialing Countermeasures: Sandtrap Tool
* Banner Grabbing
o OS Fingerprinting
+ Active Stack Fingerprinting
+ Passive Fingerprinting
o Active Banner Grabbing Using Telnet
o GET REQUESTS
o P0f – Banner Grabbing Tool
o p0f for Windows
o Httprint Banner Grabbing Tool
o Tool: Miart HTTP Header
o Tools for Active Stack Fingerprinting
+ Xprobe2
+ Ringv2
+ Netcraft
o Disabling or Changing Banner
o IIS Lockdown Tool
o Tool: ServerMask
o Hiding File Extensions
o Tool: PageXchanger
* Vulnerability Scanning
o Bidiblah Automated Scanner
o Qualys Web Based Scanner
o SAINT
o ISS Security Scanner
o Nessus
o GFI Languard
o Security Administrator’s Tool for Analyzing Networks (SATAN)
o Retina
o Nagios
o PacketTrap's pt360 Tool Suite
o NIKTO
o SAFEsuite Internet Scanner, IdentTCPScan
* Draw Network Diagrams of Vulnerable Hosts
o Friendly Pinger
o LANsurveyor
o Ipsonar
o LANState
o Insightix Visibility
o IPCheck Server Monitor
o PRTG Traffic Grapher
* Preparing Proxies
o Proxy Servers
o Use of Proxies for Attack
o Free Proxy Servers
o SocksChain
o Proxy Workbench
o Proxymanager Tool
o Super Proxy Helper Tool
o Happy Browser Tool (Proxy Based)
o Multiproxy
o Tor Proxy Chaining Software
o Additional Proxy Tools
o Anonymizers
+ Surfing Anonymously
+ Primedius Anonymizer
+ StealthSurfer
+ Anonymous Surfing: Browzar
+ Torpark Browser
+ GetAnonymous
+ IP Privacy
+ Anonymity 4 Proxy (A4Proxy)
+ Psiphon
+ Connectivity Using Psiphon
+ Bloggers Write Text Backwards to Bypass Web Filters in China
+ Vertical Text Converter
+ How to Check If Your Website Is Blocked In China or Not
+ Mowser and Phonifier
+ AnalogX Proxy
+ NetProxy
+ Proxy+
+ ProxySwitcher Lite
+ JAP
+ Proxomitron
o Google Cookies
+ G-Zapper
o SSL Proxy Tool
o How to Run SSL Proxy
o HTTP Tunneling Techniques
+ Why Do I Need HTTP Tunneling
+ Httptunnel for Windows
+ How to Run Httptunnel
+ HTTP-Tunnel
+ HTTPort
o Spoofing IP Address
+ Spoofing IP Address Using Source Routing
+ Detection of IP Spoofing
+ Despoof Tool
* Scanning Countermeasures
* Tool: SentryPC

Module 6: Enumeration

* Overview of System Hacking Cycle
* What is Enumeration?
* Techniques for Enumeration
* NetBIOS Null Sessions
o So What's the Big Deal
o DumpSec Tool
o NetBIOS Enumeration Using Netview
+ Nbtstat Enumeration Tool
+ SuperScan
+ Enum Tool
o Enumerating User Accounts
+ GetAcct
o Null Session Countermeasure
* PS Tools
o PsExec
o PsFile
o PsGetSid
o PsKill
o PsInfo
o PsList
o PsLogged On
o PsLogList
o PsPasswd
o PsService
o PsShutdown
o PsSuspend
* Simple Network Management Protocol (SNMP) Enumeration
o Management Information Base (MIB)
o SNMPutil Example
o SolarWinds
o SNScan
o Getif SNMP MIB Browser
o UNIX Enumeration
o SNMP UNIX Enumeration
o SNMP Enumeration Countermeasures
* LDAP enumeration
o JXplorer
o LdapMiner
o Softerra LDAP Browser
* NTP enumeration
* SMTP enumeration
o Smtpscan
* Web enumeration
o Asnumber
o Lynx
* Winfingerprint
o Windows Active Directory Attack Tool
* How To Enumerate Web Application Directories in IIS Using DirectoryServices
* IP Tools Scanner
* Enumerate Systems Using Default Password
* Tools:
o NBTScan
o NetViewX
o FREENETENUMERATOR
o Terminal Service Agent
o TXNDS
o Unicornscan
o Amap
o Netenum
* Steps to Perform Enumeration

Module 7: System Hacking

* Part 1- Cracking Password
o CEH hacking Cycle
o Password Types
o Types of Password Attack
+ Passive Online Attack: Wire Sniffing
+ Passive Online Attack: Man-in-the-middle and replay attacks
+ Active Online Attack: Password Guessing
+ Offline Attacks
# Brute force Attack
# Pre-computed Hashes
# Syllable Attack/Rule-based Attack/ Hybrid attacks
# Distributed network Attack
# Rainbow Attack
+ Non-Technical Attacks
o Default Password Database
+ http://www.defaultpassword.com/
+ http://www.cirt.net/cgi-bin/passwd.pl
+ http://www.virus.org/index.php?
o PDF Password Cracker
o Abcom PDF Password Cracker
o Password Mitigation
o Permanent Account Lockout-Employee Privilege Abuse
o Administrator Password Guessing
+ Manual Password cracking Algorithm
+ Automatic Password Cracking Algorithm
o Performing Automated Password Guessing
+ Tool: NAT
+ Smbbf (SMB Passive Brute Force Tool)
+ SmbCrack Tool: Legion
+ Hacking Tool: LOphtcrack
o Microsoft Authentication
+ LM, NTLMv1, and NTLMv2
+ NTLM And LM Authentication On The Wire
+ Kerberos Authentication
+ What is LAN Manager Hash?
# LM “Hash” Generation
# LM Hash
+ Salting
+ PWdump2 and Pwdump3
+ Tool: Rainbowcrack
+ Hacking Tool: KerbCrack
+ Hacking Tool: John the Ripper
o Password Sniffing
o How to Sniff SMB Credentials?
o SMB Signing
o Tool: LCP
o Tool: SID&User
o Tool: Ophcrack 2
o Tool: Crack
o Tool: Access PassView
o Tool: Asterisk Logger
o Tool: CHAOS Generator
o Tool: Asterisk Key
o Password Recovery Tool: MS Access Database Password Decoder
o Password Cracking Countermeasures
o Do Not Store LAN Manager Hash in SAM Database
o LM Hash Backward Compatibility
o How to Disable LM HASH
o Password Brute-Force Estimate Tool
o Syskey Utility
o AccountAudit
* Part2-Escalating Privileges
o CEH Hacking Cycle
o Privilege Escalation
o Cracking NT/2000 passwords
o Active@ Password Changer
o Change Recovery Console Password - Method 1
o Change Recovery Console Password - Method 2
o Privilege Escalation Tool: x.exe
o Login Hack: Example
* Part3-Executing applications
o CEH Hacking Cycle
o Tool: psexec
o Tool: remoexec
o Ras N Map
o Tool: Alchemy Remote Executor
o Emsa FlexInfo Pro
o Keystroke Loggers
o E-mail Keylogger
o Revealer Keylogger Pro
o Handy Keylogger
o Ardamax Keylogger
o Powered Keylogger
o Quick Keylogger
o Spy-Keylogger
o Perfect Keylogger
o Invisible Keylogger
o Actual Spy
o SpyToctor FTP Keylogger
o IKS Software Keylogger
o Ghost Keylogger
o Hacking Tool: Hardware Key Logger
o What is Spyware?
o Spyware: Spector
o Remote Spy
o Spy Tech Spy Agent
o 007 Spy Software
o Spy Buddy
o Ace Spy
o Keystroke Spy
o Activity Monitor
o Hacking Tool: eBlaster
o Stealth Voice Recorder
o Stealth Keylogger
o Stealth Website Logger
o Digi Watcher Video Surveillance
o Desktop Spy Screen Capture Program
o Telephone Spy
o Print Monitor Spy Tool
o Stealth E-Mail Redirector
o Spy Software: Wiretap Professional
o Spy Software: FlexiSpy
o PC PhoneHome
o Keylogger Countermeasures
o Anti Keylogger
o Advanced Anti Keylogger
o Privacy Keyboard
o Spy Hunter - Spyware Remover
o Spy Sweeper
o Spyware Terminator
o WinCleaner AntiSpyware
* Part4-Hiding files
o CEH Hacking Cycle
o Hiding Files
o RootKits
+ Why rootkits
+ Hacking Tool: NT/2000 Rootkit
+ Planting the NT/2000 Rootkit
+ Rootkits in Linux
+ Detecting Rootkits
+ Steps for Detecting Rootkits
+ Rootkit Detection Tools
+ Sony Rootkit Case Study
+ Rootkit: Fu
+ AFX Rootkit
+ Rootkit: Nuclear
+ Rootkit: Vanquish
+ Rootkit Countermeasures
+ Patchfinder
+ RootkitRevealer
o Creating Alternate Data Streams
o How to Create NTFS Streams?
+ NTFS Stream Manipulation
+ NTFS Streams Countermeasures
+ NTFS Stream Detectors (ADS Spy and ADS Tools)
+ Hacking Tool: USB Dumper
o What is Steganography?
+ Steganography Techniques
# Least Significant Bit Insertion in Image files
# Process of Hiding Information in Image Files
# Masking and Filtering in Image files
# Algorithms and transformation
+ Tool: Merge Streams
+ Invisible Folders
+ Tool: Invisible Secrets
+ Tool : Image Hide
+ Tool: Stealth Files
+ Tool: Steganography
+ Masker Steganography Tool
+ Hermetic Stego
+ DCPP – Hide an Operating System
+ Tool: Camera/Shy
+ www.spammimic.com
+ Tool: Mp3Stego
+ Tool: Snow.exe
+ Steganography Tool: Fort Knox
+ Steganography Tool: Blindside
+ Steganography Tool: S- Tools
+ Steganography Tool: Steghide
+ Tool: Steganos
+ Steganography Tool: Pretty Good Envelop
+ Tool: Gifshuffle
+ Tool: JPHIDE and JPSEEK
+ Tool: wbStego
+ Tool: OutGuess
+ Tool: Data Stash
+ Tool: Hydan
+ Tool: Cloak
+ Tool: StegoNote
+ Tool: Stegomagic
+ Steganos Security Suite
+ C Steganography
+ Isosteg
+ FoxHole
+ Sams Big Playmaker
+ Video Steganography
+ Case Study: Al-Qaida members Distributing Propaganda to Volunteers using Steganography
+ Steganalysis
+ Steganalysis Methods/Attacks on Steganography
+ Stegdetect
+ SIDS
+ High-Level View
+ Tool: dskprobe.exe
+ Stego Watch- Stego Detection Tool
+ StegSpy
* Part5-Covering Tracks
o CEH Hacking Cycle
o Covering Tracks
o Disabling Auditing
o Clearing the Event Log
o Tool: elsave.exe
o Hacking Tool: Winzapper
o Evidence Eliminator
o Tool: Traceless
o Tool: Tracks Eraser Pro
o Armor Tools
o Tool: ZeroTracks

Module 8: Trojans and Backdoors

* What is a Trojan?
o Overt and Covert Channels
o Working of Trojans
o Different Types of Trojans
+ Remote Access Trojans
+ Data-Sending Trojans
+ Destructive Trojans
+ Denial-of-Service (DoS) Attack Trojans
+ Proxy Trojans
+ FTP Trojans
+ Security Software Disablers
o What do Trojan Creators Look for?
o Different Ways a Trojan can Get into a System
* Indications of a Trojan Attack
* Ports Used by Trojans
o How to Determine which Ports are Listening
* Classic Trojans
o Trojan: Tini
o Trojan: iCmd
o Trojan: NetBus
o Trojan: Netcat
o Netcat Client/Server
o Trojan: Beast
o MoSucker Trojan
o SARS Trojan Notification
o Proxy Server Trojan
o FTP Trojan - TinyFTPD
o VNC Trojan
o Wrappers
o Wrapper Covert Program
o Wrapping Tools
o One Exe Maker / YAB / Pretator Wrappers
o Packaging Tool: WordPad
o RemoteByMail
o Tool: Icon Plus
o Defacing Application: Restorator
o Tetris
* Stealth Trojans
o HTTP Trojans
o Trojan Attack through Http
o HTTP Trojan (HTTP RAT)
o Shttpd Trojan - HTTP Server
o Tool: BadLuck Destructive Trojan
o Loki
o Loki Countermeasures
o Atelier Web Remote Commander
o Trojan Horse Construction Kit
o ICMP Tunneling
o ICMP Backdoor Trojan
* Reverse Connecting Trojans
o Reverse Connecting Trojans
o Nuclear RAT Trojan (Reverse Connecting)
o Reverse Tunnel
o Covert Channel Tunneling Tool (cctt)
o Windows Reverse Shell
o perl-reverse-shell
o php-reverse-shell
o XSS Shell Tunnel
o winarp_mim
* Miscellaneous Trojans
o Backdoor.Theef (AVP)
o T2W (TrojanToWorm)
o Biorante RAT
o DownTroj
o Turkojan
o Trojan.Satellite-RAT
o Yakoza
o DarkLabel B4
o Trojan.Hav-Rat
o Poison Ivy
o Rapid Hacker
o SharK
o HackerzRat
o TYO
o 1337 Fun Trojan
o Criminal Rat Beta
o VicSpy
o Optix PRO
o ProAgent
o OD Client
o AceRat
o Mhacker-PS
o RubyRAT Public
o SINner
o ConsoleDevil
o ZombieRat
o Webcam Trojan
o DJI RAT
o Skiddie Rat
o Biohazard RAT
o Troya
o ProRat
o Dark Girl
o DaCryptic
o Net-Devil
o PokerStealer.A
o Hovdy.a
* How to Detect Trojans?
o Netstat
o fPort
o TCPView
o CurrPorts Tool
o Process Viewer
o Delete Suspicious Device Drivers
o Check for Running Processes: What’s on My Computer
o Super System Helper Tool
o Inzider-Tracks Processes and Ports
o Tool: What’s Running
o MS Configuration Utility
o Autoruns
o Hijack This (System Checker)
o Startup List
* Anti-Trojan Software
o TrojanHunter
o Comodo BOClean
o Trojan Remover: XoftspySE
o Trojan Remover: Spyware Doctor
o SPYWAREfighter
* Evading Anti-Virus Techniques
* Sample Code for Trojan Client/Server
* Evading Anti-Trojan/Anti-Virus using Stealth Tools
* Backdoor Countermeasures
* Tripwire
* System File Verification
* MD5 Checksum.exe
* Microsoft Windows Defender
* How to Avoid a Trojan Infection

Module 9: Viruses and Worms

* Virus History
* Characteristics of Virus
* Working of Virus
o Infection Phase
o Attack Phase
* Why people create Computer Viruses
* Symptoms of a Virus-like Attack
* Virus Hoaxes
* Chain Letters
* Worms
* How is a Worm Different from a Virus
* Indications of a Virus Attack
* Virus Damage
o Mode of Virus Infection
* Stages of Virus Life
* Types of Virus
o Virus Classification
o How Does a Virus Infect?
o Storage Patterns of Virus
+ System Sector virus
+ Stealth Virus
+ Bootable CD-Rom Virus
# Self -Modification
# Encryption with a Variable Key
+ Polymorphic Code
+ Metamorphic Virus
+ Cavity Virus
+ Sparse Infector Virus
+ Companion Virus
+ File Extension Virus
* Famous Viruses and Worms
o Famous Virus/Worms – I Love You Virus
o Famous Virus/Worms – Melissa
o Famous Virus/Worms – JS/Spth
o Klez Virus Analysis
o Slammer Worm
o Spread of Slammer Worm – 30 min
o MyDoom.B
o SCO Against MyDoom Worm
* Latest Viruses
o Latest Viruses
o Top 10 Viruses- 2008
+ Virus: Win32.AutoRun.ah
+ Virus:W32/Virut
+ Virus:W32/Divvi
+ Worm.SymbOS.Lasco.a
+ Disk Killer
+ Bad Boy
+ HappyBox
+ Java.StrangeBrew
+ MonteCarlo Family
+ PHP.Neworld
+ W32/WBoy.a
+ ExeBug.d
+ W32/Voterai.worm.e
+ W32/Lecivio.worm
+ W32/Lurka.a
+ W32/Vora.worm!p2p
* Writing Virus Program
o Writing a Simple Virus Program
o Virus Construction Kits
* Virus Detection Methods
o Virus Detection Methods
o Virus Incident Response
o What is Sheep Dip?
o Virus Analysis – IDA Pro Tool
o Online Virus Testing: http://www.virustotal.com/
o Prevention is better than Cure
* Anti-Virus Software
o Anti-Virus Software
o AVG Antivirus
o Norton Antivirus
o McAfee
o Socketsheild
o BitDefender
o ESET Nod32
o CA Anti-Virus
o F-Secure Anti-Virus
o Kaspersky Anti-Virus
o F-Prot Antivirus
o Panda Antivirus Platinum
o avast! Virus Cleaner
o ClamWin
o Norman Virus Control
* Popular Anti-Virus Packages
* Virus Databases
* Snopes.com

Module 10: Sniffers

* Definition: Sniffing
* Types of Sniffing
* Protocols Vulnerable to Sniffing
* Passive Sniffing
* Active Sniffing
* Switched Port Analyzer (SPAN)
* SPAN Port
* Lawful Intercept
* Benefits of Lawful Intercept
* Network Components Used for Lawful Intercept
* Ready to Sniff?
* Tool: Network View – Scans the Network for Devices
* The Dude Sniffer
* Look@LAN
* Wireshark
* Display Filters in Wireshark
* Following the TCP Stream in Wireshark
* Pilot
* Tcpdump
* Tcpdump Commands
* Features of Sniffing Tools
* What is Address Resolution Protocol (ARP)
* ARP Spoofing Attack
* How Does ARP Spoofing Work
* ARP Poisoning
* Threats of ARP Poisoning
* MAC Flooding
* Mac Duplicating
* Mac Duplicating Attack
* Tools for ARP Spoofing
o Ettercap
o ArpSpyX
o Cain and Abel
+ Steps to Perform ARP Poisoning using Cain and Abel
o IRS – ARP Attack Tool
o ARPWorks Tool
* DHCP Starvation Attack
* DNS Poisoning Techniques
o 1. Intranet DNS Spoofing (Local Network)
o 2. Internet DNS Spoofing (Remote Network)
o 3. Proxy Server DNS Poisoning
o 4. DNS Cache Poisoning
* Tools for MAC Flooding
o Linux Tool: Macof
o Windows Tool: EtherFlood
* Sniffing Tools
o Interactive TCP Relay
o Interactive Replay Attacks
o Tool: Nemesis
o HTTP Sniffer: EffeTech
o HTTP Sniffer: EffeTech
o Ace Password Sniffer
o Win Sniffer
o MSN Sniffer
o SmartSniff
o Session Capture Sniffer: NetWitness
o Packet Crafter Craft Custom TCP/IP Packets
o Engage Packet Builder
o SMAC
o NetSetMan Tool
o Ntop
o EtherApe
o EtherApe Features
o Network Probe
o Maa Tec Network Analyzer
o Tool: Snort
o Tool: Windump
o Tool: Etherpeek
o NetIntercept
o Colasoft EtherLook
o AW Ports Traffic Analyzer
o Colasoft Capsa Network Analyzer
o CommView
o Sniffem
o NetResident
o IP Sniffer
o Sniphere
o IE HTTP Analyzer
o BillSniff
o URL Snooper
o EtherDetect Packet Sniffer
o EffeTech HTTP Sniffer
o AnalogX Packetmon
o Colasoft MSN Monitor
o IPgrab
o EtherScan Analyzer
o InfoWatch Traffic Monitor
* Linux Sniffing Tools (dsniff package)
o Linux Tool: Arpspoof
o Linux Tool: Dnsspoof
o Linux Tool: Dsniff
o Linux Tool: Filesnarf
o Linux Tool: Mailsnarf
o Linux Tool: Msgsnarf
o Linux Tool: Sshmitm
o Linux Tool: Tcpkill
o Linux Tool: Tcpnice
o Linux Tool: Urlsnarf
o Linux Tool: Webspy
o Linux Tool: Webmitm
* Hardware Protocol Analyzers
o Hardware Protocol Analyzers Vendors List
o Agilent Hardware Protocol Analyzers http://www.home.agilent.com/
o RADCOM Hardware Protocol Analyzers http://www.radcom.com/
o FLUKE Networks Hardware Protocol Analyzers http://www.flukenetworks.com/
o NETWORK INSTRUMENTS Hardware Protocol Analyzer http://www.netinst.com/
* How to Detect Sniffing
o Countermeasures
o AntiSniff Tool
o ArpWatch Tool
o PromiScan
o proDETECT
o Network Packet Analyzer CAPSA

Module 11: Social Engineering

* What is Social Engineering?
* Human Weakness
* “Rebecca” and “Jessica”
* Office Workers
* Types of Social Engineering
o Human-Based Social Engineering
+ Technical Support Example
+ More Social Engineering Examples
+ Human-Based Social Engineering: Eavesdropping
+ Human-Based Social Engineering: Shoulder Surfing
+ Human-Based Social Engineering: Dumpster Diving
+ Dumpster Diving Example
+ Oracle Snoops Microsoft’s Trash Bins
+ Movies to Watch for Reverse Engineering
o Computer Based Social Engineering
o Insider Attack
o Disgruntled Employee
o Preventing Insider Threat
o Common Targets of Social Engineering
* Social Engineering Threats and Defenses
o Online Threats
o Telephone-Based Threats
o Personal approaches
o Defenses Against Social Engineering Threats
* Factors that make Companies Vulnerable to Attacks
* Why is Social Engineering Effective
* Warning Signs of an Attack
* Tool : Netcraft Anti-Phishing Toolbar
* Phases in a Social Engineering Attack
* Behaviors Vulnerable to Attacks
* Impact on the Organization
* Countermeasures
* Policies and Procedures
* Security Policies - Checklist
* Impersonating Orkut, Facebook, MySpace
* Orkut
* Impersonating on Orkut
* MW.Orc worm
* Facebook
* Impersonating on Facebook
* MySpace
* Impersonating on MySpace
* How to Steal Identity
* Comparison
* Original
* Identity Theft
* http://www.consumer.gov/idtheft/

Module 12: Phishing

* Phishing
* Introduction
* Reasons for Successful Phishing
* Phishing Methods
* Process of Phishing
* Types of Phishing Attacks
o Man-in-the-Middle Attacks
o URL Obfuscation Attacks
o Cross-site Scripting Attacks
o Hidden Attacks
o Client-side Vulnerabilities
o Deceptive Phishing
o Malware-Based Phishing
o DNS-Based Phishing
o Content-Injection Phishing
o Search Engine Phishing
* Phishing Statistics: March 2008
* Anti-Phishing
* Anti-Phishing Tools
o PhishTank SiteChecker
o NetCraft
o GFI MailEssentials
o SpoofGuard
o Phishing Sweeper Enterprise
o TrustWatch Toolbar
o ThreatFire
o GralicWrap
o Spyware Doctor
o Track Zapper Spyware-Adware Remover
o AdwareInspector
o Email-Tag.com

Module 13: Hacking Email Accounts

* Introduction
o Ways for Getting Email Account Information
o Stealing Cookies
o Social Engineering
o Password Phishing
o Fraudulent e-mail Messages
* Vulnerabilities
o Web Email
o Reaper Exploit
* Email Hacking Tools
o Tool: Advanced Stealth Email Redirector
o Tool: Mail PassView
o Tool: Email Password Recovery Master
o Tool: Mail Password
o Email Finder Pro
o Email Spider Easy
o Kernel Hotmail MSN Password Recovery
o Retrieve Forgotten Yahoo Password
o MegaHackerZ
o Hack Passwords
* Securing Email Accounts
o Creating Strong Passwords
o Creating Strong Passwords: Change Password
o Creating Strong Passwords: Trouble Signing In
o Sign-in Seal
o Alternate Email Address
o Keep Me Signed In/ Remember Me
o Tool: Email Protector
o Tool: Email Security
o Tool: EmailSanitizer
o Tool: Email Protector
o Tool: SuperSecret

Module 14: Denial-of-Service

* Real World Scenario of DoS Attacks
* What are Denial-of-Service Attacks
* Goal of DoS
* Impact and the Modes of Attack
* Types of Attacks
* DoS Attack Classification
o Smurf Attack
o Buffer Overflow Attack
o Ping of Death Attack
o Teardrop Attack
o SYN Attack
o SYN Flooding
o DoS Attack Tools
o DoS Tool: Jolt2
o DoS Tool: Bubonic.c
o DoS Tool: Land and LaTierra
o DoS Tool: Targa
o DoS Tool: Blast
o DoS Tool: Nemesy
o DoS Tool: Panther2
o DoS Tool: Crazy Pinger
o DoS Tool: SomeTrouble
o DoS Tool: UDP Flood
o DoS Tool: FSMax
* Bot (Derived from the Word RoBOT)
* Botnets
* Uses of Botnets
* Types of Bots
* How Do They Infect? Analysis Of Agabot
* How Do They Infect
* Tool: Nuclear Bot
* What is DDoS Attack
* Characteristics of DDoS Attacks
* Is DDOS Unstoppable?
* Agent Handler Model
* DDoS IRC based Model
* DDoS Attack Taxonomy
* Amplification Attack
* Reflective DNS Attacks
* Reflective DNS Attacks Tool: ihateperl.pl
* DDoS Tools
o DDoS Tool: Tribal Flood Network
o DDoS Tool: TFN2K
o DDoS Tool: Shaft
o DDoS Tool: Trinity
o DDoS Tool: Knight and Kaiten
o DDoS Tool: Mstream
* How to Conduct a DDoS Attack
* The Reflected DoS Attacks
* Reflection of the Exploit
* Countermeasures for Reflected DoS
* DDoS Countermeasures
* Taxonomy of DDoS Countermeasures
* Preventing Secondary Victims
* Detect and Neutralize Handlers
* Detect Potential Attacks
* DoSHTTP Tool
* Mitigate or Stop the Effects of DDoS Attacks
* Deflect Attacks
* Post-attack Forensics
* Packet Traceback

Module 15: Session Hijacking

* What is Session Hijacking?
* Understanding Session Hijacking
* Spoofing v Hijacking
* Steps in Session Hijacking
* Types of Session Hijacking
* Session Hijacking Levels
* Network Level Hijacking
* The 3-Way Handshake
* TCP Concepts 3-Way Handshake
* Sequence Numbers
* Sequence Number Prediction
* TCP/IP hijacking
* IP Spoofing: Source Routed Packets
* RST Hijacking
o RST Hijacking Tool: hijack_rst.sh
* Blind Hijacking
* Man in the Middle Attack using Packet Sniffer
* UDP Hijacking
* Application Level Hijacking
* Programs that Performs Session Hacking
o TTY-Watcher
o IP watcher
o Remote TCP Session Reset Utility (SOLARWINDS)
o Paros HTTP Session Hijacking Tool
o Dnshijacker Tool
o Hjksuite Tool
* Dangers Posed by Hijacking
* Protecting against Session Hijacking
* Countermeasure: IPSec

Module 16: Hacking Web Servers

* How Web Servers Work
* How are Web Servers Compromised
* Web Server Defacement
o How are Servers Defaced
* Apache Vulnerability
* Attacks against IIS
o IIS7 Components
* Unicode
o Unicode Directory Traversal Vulnerability
o IIS Directory Traversal (Unicode) Attack
* Hacking Tool
o Hacking Tool: IISxploit.exe
o Msw3prt IPP Vulnerability
o RPC DCOM Vulnerability
o ASP Trojan
o IIS Logs
o Network Tool: Log Analyzer
o Hacking Tool: CleanIISLog
o IIS Security Tool: Server Mask
o ServerMask ip100
o Tool: CacheRight
o Tool: CustomError
o Tool: HttpZip
o Tool: LinkDeny
o Tool: ServerDefender AI
o Tool: ZipEnable
o Tool: w3compiler
o Yersinia
* Tool: Metasploit Framework
* KARMA
o Karmetasploit
o Prerequisites for Karmetasploit
o Running Karmetasploit
* Tool: Immunity CANVAS Professional
* Tool: Core Impact
* Tool: MPack
* Tool: Neosploit
* Patch Management
o Hotfixes and Patches
o What is Patch Management
+ Solution: UpdateExpert
+ Patch Management Tool: qfecheck
+ Patch Management Tool: HFNetChk
+ cacls.exe utility
* Vulnerability Scanners
o Online Vulnerability Search Engine
o Network Tool: Whisker
o Network Tool: N-Stealth HTTP Vulnerability Scanner
o Hacking Tool: WebInspect
o Network Tool: Shadow Security Scanner
o Secure IIS
+ ServersCheck Monitoring
+ GFI Network Server Monitor
+ Servers Alive
+ Webserver Stress Tool
+ Monitoring Tool: Secunia PSI
* Countermeasures
* Increasing Web Server Security
* Web Server Protection Checklist

Module 17: Web Application Vulnerabilities

* Web Application
* Web application Hacking
* Anatomy of an Attack
* Web Application Threats
* Cross-Site Scripting/XSS Flaws
o An Example of XSS
o Countermeasures
* SQL Injection
* Command Injection Flaws
o Countermeasures
* Cookie/Session Poisoning
o Countermeasures
* Parameter/Form Tampering
* Hidden Field at
* Buffer Overflow
o Countermeasures
* Directory Traversal/Forceful Browsing
o Countermeasures
* Cryptographic Interception
* Cookie Snooping
* Authentication Hijacking
o Countermeasures
* Log Tampering
* Error Message Interception
* Attack Obfuscation
* Platform Exploits
* DMZ Protocol Attacks
o Countermeasures
* Security Management Exploits
o Web Services Attacks
o Zero-Day Attacks
o Network Access Attacks
* TCP Fragmentation
* Hacking Tools
o Instant Source
o Wget
o WebSleuth
o BlackWidow
o SiteScope Tool
o WSDigger Tool – Web Services Testing Tool
o CookieDigger Tool
o SSLDigger Tool
o SiteDigger Tool
o WindowBomb
o Burp: Positioning Payloads
o Burp: Configuring Payloads and Content Enumeration
o Burp: Password Guessing
o Burp Proxy
o Burpsuite
o Hacking Tool: cURL
o dotDefender
o Acunetix Web Scanner
o AppScan – Web Application Scanner
o AccessDiver
o Tool: Falcove Web Vulnerability Scanner
o Tool: NetBrute
o Tool: Emsa Web Monitor
o Tool: KeepNI
o Tool: Parosproxy
o Tool: WebScarab
o Tool: Watchfire AppScan
o Tool: WebWatchBot
o Tool: Ratproxy
o Tool: Mapper

Module 18: Web-Based Password Cracking Techniques

* Authentication
o Authentication - Definition
o Authentication Mechanisms
+ HTTP Authentication
# Basic Authentication
# Digest Authentication
+ Integrated Windows (NTLM) Authentication
+ Negotiate Authentication
+ Certificate-based Authentication
+ Forms-based Authentication
+ RSA SecurID Token
+ Biometrics Authentication
# Types of Biometrics Authentication
* Fingerprint-based Identification
* Hand Geometry- based Identification
* Retina Scanning
* Afghan Woman Recognized After 17 Years
* Face Recognition
* Face Code: WebCam Based Biometrics Authentication System
o Bill Gates at the RSA Conference 2006
* Password Cracking
o How to Select a Good Password
o Things to Avoid in Passwords
o Changing Your Password
o Protecting Your Password
o Examples of Bad Passwords
o The “Mary Had A Little Lamb” Formula
o How Hackers Get Hold of Passwords
o Windows XP: Remove Saved Passwords
o What is a Password Cracker
o Modus Operandi of an Attacker Using a Password Cracker
o How Does a Password Cracker Work
o Attacks - Classification
+ Password Guessing
+ Query String
+ Cookies
+ Dictionary Maker
* Password Cracking Tools
o Password Crackers Available
+ L0phtCrack (LC4)
+ John the Ripper
+ Brutus
+ ObiWaN
+ Authforce
+ Hydra
+ Cain & Abel
+ RAR
+ Gammaprog
+ WebCracker
+ Munga Bunga
+ PassList
+ SnadBoy
+ MessenPass
+ Wireless WEP Key Password Spy
+ RockXP
+ Password Spectator Pro
+ Passwordstate
+ Atomic Mailbox Password Cracker
+ Advanced Mailbox Password Recovery (AMBPR)
+ Tool: Network Password Recovery
+ Tool: Mail PassView
+ Tool: Messenger Key
+ Tool: SniffPass
o Security Tools
+ WebPassword
+ Password Administrator
+ Password Safe
+ Easy Web Password
+ PassReminder
+ My Password Manager
* Countermeasures

Module 19: SQL Injection

* SQL Injection: Introduction
o What is SQL Injection
o Exploiting Web Applications
o Steps for performing SQL injection
o What You Should Look For
o What If It Doesn’t Take Input
o OLE DB Errors
o Input Validation Attack
o SQL injection Techniques
o How to Test for SQL Injection Vulnerability
o How Does It Work
o BadLogin.aspx.cs
o BadProductList.aspx.cs
o Executing Operating System Commands
o Getting Output of SQL Query
o Getting Data from the Database Using ODBC Error Message
o How to Mine all Column Names of a Table
o How to Retrieve any Data
o How to Update/Insert Data into Database
o SQL Injection in Oracle
o SQL Injection in MySql Database
o Attacking Against SQL Servers
o SQL Server Resolution Service (SSRS)
o Osql -L Probing
* SQL Injection Tools
o SQL Injection Automated Tools
o Automated SQL Injection Tool: AutoMagic SQL
o Absinthe Automated SQL Injection Tool
+ Hacking Tool: SQLDict
+ Hacking Tool: SQLExec
+ SQL Server Password Auditing Tool: sqlbf
+ Hacking Tool: SQLSmack
+ Hacking Tool: SQL2.exe
+ sqlmap
+ sqlninja
+ SQLIer
+ Automagic SQL Injector
+ Absinthe
* Blind SQL Injection
o Blind SQL Injection: Countermeasure
* SQL Injection Countermeasures
o Preventing SQL Injection Attacks
o GoodLogin.aspx.cs
* SQL Injection Blocking Tool: SQL Block
* Acunetix Web Vulnerability Scanner

Module 20: Hacking Wireless Networks

* Introduction to Wireless Networking
o Wireless Networking
o Wired Network vs. Wireless Network
o Effects of Wireless Attacks on Business
o Types of Wireless Network
o Advantages and Disadvantages of a Wireless Network
* Wireless Standards
o Wireless Standard: 802.11a
o Wireless Standard: 802.11b – “WiFi”
o Wireless Standard: 802.11g
o Wireless Standard: 802.11i
o Wireless Standard: 802.11n
o Wireless Standard:802.15 (Bluetooth)
o Wireless Standard:802.16 (WiMax)
+ WiMax Featured Companies
+ WiMax Equipment Vendors
* Wireless Concepts
o Related Technology and Carrier Networks
o SSID
o Is the SSID a Secret
o Authentication and Association
o Authentication Modes
o The 802.1X Authentication Process
o 802.11 Specific Vulnerabilities
o Authentication and (Dis) Association Attacks
o MAC Sniffing and AP Spoofing
o Defeating MAC Address Filtering in Windows
* Wireless Devices
o Antennas
o Cantenna – www.cantenna.com
o Wireless Access Points
o Beacon Frames
o Phone Jammers
+ Phone Jamming Devices
* WEP
o Wired Equivalent Privacy (WEP)
o WEP Issues
o WEP - Authentication Phase
o WEP - Shared Key Authentication
o WEP - Association Phase
o WEP Flaws
* WPA
o What is WPA
o WPA Vulnerabilities
o WEP, WPA, and WPA2
o Wi-Fi Protected Access 2 (WPA2)
o Attacking WPA Encrypted Networks
o Evil Twin: Attack
* TKIP and LEAP
o Temporal Key Integrity Protocol (TKIP)
+ Working of TKIP
+ Changes from WEP to TKIP
o LEAP: The Lightweight Extensible Authentication Protocol
o LEAP Attacks
o LEAP Attack Tool: ASLEAP
+ Working of ASLEAP
* Hacking Methods
o Techniques to Detect Open Wireless Networks
o Steps for Hacking Wireless Networks
+ Step 1: Find Networks to Attack
+ Step 2: Choose the Network to Attack
+ Step 3: Analyzing the Network
+ Step 4: Cracking the WEP Key
+ Step 5: Sniffing the Network
o Bluejacking
o Super Bluetooth Hack
o Man-in-the-Middle Attack (MITM)
o Denial-of-Service Attacks
o Hijacking and Modifying a Wireless Network
* Cracking WEP
o Cracking WEP
o Weak Keys (a.k.a. Weak IVs)
o Problems with WEP’s Key Stream and Reuse
o Automated WEP Crackers
o Pad-Collection Attacks
o XOR Encryption
o Stream Cipher
o WEP Tool: Aircrack
o Tool: AirPcap
o Tool: Cain & Abel
o Scanning Tool: Kismet
* Rogue Access Point
o Rogue Access Points
o Tools to Generate Rogue Access Points: Fake AP
o Tools to Detect Rogue Access Points: Netstumbler
o Tools to Detect Rogue Access Points: MiniStumbler
o Airsnarf: A Rogue AP Setup Utility
o Cloaked Access Point
* Scanning Tools
o Scanning Tool: Prismstumbler
o Scanning Tool: MacStumbler
o Scanning Tool: Mognet
o Scanning Tool: WaveStumbler
o Scanning Tool: Netchaser for Palm Tops
o Scanning Tool: AP Scanner
o Scanning Tool: Wavemon
o Scanning Tool: Wireless Security Auditor (WSA)
o Scanning Tool: AirTraf
o Scanning Tool: WiFi Finder
o Scanning Tool: WifiScanner
o eEye Retina WiFI
o Simple Wireless Scanner
o wlanScanner
* Sniffing Tools
o Sniffing Tool: AiroPeek
o Sniffing Tool: NAI Wireless Sniffer
o MAC Sniffing Tool: WireShark
o Sniffing Tool: vxSniffer
o Sniffing Tool: Etherpeg
o Sniffing Tool: Drifnet
o Sniffing Tool: AirMagnet
o Sniffing Tool: WinDump
o Multiuse Tool: THC-RUT
o Microsoft Network Monitor
* Wireless Security Tools
o WLAN Diagnostic Tool: CommView for WiFi PPC
o WLAN Diagnostic Tool: AirMagnet Handheld Analyzer
o AirDefense Guard (www.AirDefense.com)
o Google Secure Access
o Tool: RogueScanner

Module 21: Physical Security

* Security Facts
* Understanding Physical Security
* Physical Security
* What Is the Need for Physical Security
* Who Is Accountable for Physical Security
* Factors Affecting Physical Security
* Physical Security Checklist
o Physical Security Checklist -Company surroundings
o Gates
o Security Guards
o Physical Security Checklist: Premises
o CCTV Cameras
o Reception
o Server
o Workstation Area
o Wireless Access Point
o Other Equipments
o Access Control
+ Biometric Devices
+ Biometric Identification Techniques
# Biometric Hacking: Biologger
+ Authentication Mechanisms
+ Authentication Mechanism Challenges: Biometrics
+ Faking Fingerprints
+ Smart cards
+ Security Token
+ Computer Equipment Maintenance
+ Wiretapping
+ Remote Access
+ Lapse of Physical Security
+ Locks
# Lock Picking
# Lock Picking Tools
* Information Security
* EPS (Electronic Physical Security)
* Wireless Security
* Laptop Theft Statistics for 2007
* Statistics for Stolen and Recovered Laptops
* Laptop Theft
* Laptop theft: Data Under Loss
* Laptop Security Tools
* Laptop Tracker - XTool Computer Tracker
* Tools to Locate Stolen Laptops
* Stop's Unique, Tamper-proof Patented Plate
* Tool: TrueCrypt
* Laptop Security Countermeasures
* Mantrap
* TEMPEST
* Challenges in Ensuring Physical Security
* Spyware Technologies
* Spying Devices
* Physical Security: Lock Down USB Ports
* Tool: DeviceLock
* Blocking the Use of USB Storage Devices
* Track Stick GPS Tracking Device

Module 22: Linux Hacking

* Why Linux
* Linux Distributions
* Linux Live CD-ROMs
* Basic Commands of Linux: Files & Directories
* Linux Basic
o Linux File Structure
o Linux Networking Commands
* Directories in Linux
* Installing, Configuring, and Compiling Linux Kernel
* How to Install a Kernel Patch
* Compiling Programs in Linux
* GCC Commands
* Make Files
* Make Install Command
* Linux Vulnerabilities
* Chrooting
* Why is Linux Hacked
* How to Apply Patches to Vulnerable Programs
* Scanning Networks
* Nmap in Linux
* Scanning Tool: Nessus
* Port Scan Detection Tools
* Password Cracking in Linux: John the Ripper
* Firewall in Linux: IPTables
* IPTables Command
* Basic Linux Operating System Defense
* SARA (Security Auditor's Research Assistant)
* Linux Tool: Netcat
* Linux Tool: tcpdump
* Linux Tool: Snort
* Linux Tool: SAINT
* Linux Tool: Wireshark
* Linux Tool: Abacus Port Sentry
* Linux Tool: DSniff Collection
* Linux Tool: Hping2
* Linux Tool: Sniffit
* Linux Tool: Nemesis
* Linux Tool: LSOF
* Linux Tool: IPTraf
* Linux Tool: LIDS
* Hacking Tool: Hunt
* Tool: TCP Wrappers
* Linux Loadable Kernel Modules
* Hacking Tool: Linux Rootkits
* Rootkits: Knark & Torn
* Rootkits: Tuxit, Adore, Ramen
* Rootkit: Beastkit
* Rootkit Countermeasures
* ‘chkrootkit’ detects the following Rootkits
* Linux Tools: Application Security
* Advanced Intrusion Detection Environment (AIDE)
* Linux Tools: Security Testing Tools
* Linux Tools: Encryption
* Linux Tools: Log and Traffic Monitors
* Linux Security Auditing Tool (LSAT)
* Linux Security Countermeasures
* Steps for Hardening Linux

Module 23: Evading IDS, Firewalls and Detecting Honey Pots

* Introduction to Intrusion Detection System
* Terminologies
* Intrusion Detection System (IDS)
o IDS Placement
o Ways to Detect an Intrusion
o Types of Instruction Detection Systems
o System Integrity Verifiers (SIVS)
o Tripwire
o Cisco Security Agent (CSA)
o True/False, Positive/Negative
o Signature Analysis
o General Indications of System Intrusions
o General Indications of File System Intrusions
o General Indication of Network Intrusions
o Intrusion Detection Tools
+ Snort
+ Running Snort on Windows 2003
+ Snort Console
+ Testing Snort
+ Configuring Snort (snort.conf)
+ Snort Rules
+ Set up Snort to Log to the Event Logs and to Run as a Service
+ Using EventTriggers.exe for Eventlog Notifications
+ SnortSam
o Steps to Perform after an IDS detects an attack
o Evading IDS Systems
+ Ways to Evade IDS
+ Tools to Evade IDS
# IDS Evading Tool: ADMutate
# Packet Generators
* Intrusion Prevention System
o Intrusion Prevention Strategies
o IPS Deployment Risks
o Types of IPS
o Host Based IPS (HIPS)
o Network Based IPS (NIPS)
+ Content Based IPS (CIPS)
+ Rate Based IPS (RIPS)
o Information Flow in IDS and IPS
o IDS vs. IPS
o IPS Vendors and Products
* What is a Firewall?
o What Does a Firewall Do
o Packet Filtering
o What can’t a firewall do
o How does a Firewall work
o Firewall Operations
o Hardware Firewall
o Software Firewall
o Types of Firewall
+ Packet Filtering Firewall
+ IP Packet Filtering Firewall
+ Circuit-Level Gateway
+ TCP Packet Filtering Firewall
+ Application Level Firewall
+ Application Packet Filtering Firewall
+ Stateful Multilayer Inspection Firewall
o Packet Filtering Firewall
o Firewall Identification
o Firewalking
o Banner Grabbing
o Breaching Firewalls
o Bypassing a Firewall using HTTPTunnel
o Placing Backdoors through Firewalls
o Hiding Behind a Covert Channel: LOKI
o Tool: NCovert
o ACK Tunneling
o Tools to breach firewalls
* Common Tool for Testing Firewall and IDS
o IDS Testing Tool: Traffic IQ Professional
o IDS Tool: Next-Generation Intrusion Detection Expert System (NIDES)
o IDS Tool: SecureHost
o IDS Tool: Snare
o IDS Testing Tool: TCPOpera
o IDS testing tool: Firewall Informer
o Atelier Web Firewall Tester
* What is Honeypot?
o The Honeynet Project
o Types of Honeypots
+ Low-interaction honeypot
+ Medium-interaction honeypot
+ High-interaction honeypot
o Advantages and Disadvantages of a Honeypot
o Where to place Honeypots
o Honeypots
+ Honeypot-SPECTER
+ Honeypot - honeyd
+ Honeypot – KFSensor
+ Sebek
o Physical and Virtual Honeypots
* Tools to Detect Honeypots
* What to do when hacked

Module 24: Buffer Overflows

* Buffer Overflow Concepts
o Why are Programs/Applications Vulnerable
o Buffer Overflows
o Reasons for Buffer Overflow Attacks
o Knowledge Required to Program Buffer Overflow Exploits
o Understanding Stacks
o Understanding Heaps
o Types of Buffer Overflows: Stack-based Buffer Overflow
o Types of Buffer Overflows: Heap-Based Buffer Overflow
o Understanding Assembly Language
o Shellcode
* Attacking a Real Program
* NOPs
* How to Mutate a Buffer Overflow Exploit
* Once the Stack is Smashed
* Examples of Buffer Overflow
o Simple Uncontrolled Overflow of the Stack
o Heap Memory Buffer Overflow Bug
o Simple Buffer Overflow in C
+ Code Analysis
* Tools
o Tool to Defend Buffer Overflow: Return Address Defender (RAD)
o Tool to Defend Buffer Overflow: StackGuard
o Insure++
o Comodo Memory Firewall
o DefencePlus
o BufferShield
o Hardware Level Prevention Of Buffer Overflow
* How to Detect Buffer Overflows in a Program
* Defense Against Buffer Overflows

Module 25: Cryptography

* Public-key Cryptography
* Working of Encryption
* Digital Signature
* RSA (Rivest Shamir Adleman)
o Example of RSA Algorithm
* RC4, RC5, RC6, Blowfish
* Algorithms and Security
* Brute-Force Attack
* RSA Attacks
* Message Digest Functions
o One-way Bash Functions
o MD5
* SHA (Secure Hash Algorithm)
* SSL (Secure Sockets Layer)
o RC5
* What is SSH
* Government Access to Keys (GAK)
* RSA Challenge
* distributed.net
* Code Breaking: Methodologies
* Cryptography Attacks
* Disk Encryption
* Magic Lantern
* WEPCrack
* Cracking S/MIME Encryption Using Idle CPU Time
* Cryptography Tools
o Cleversafe Grid Builder
o PGP (Pretty Good Privacy)
o CypherCalc
o Command Line Scriptor
o CryptoHeaven
o Microsoft Cryptography Tools

Module 26: Penetration Testing

* Introduction to Penetration Testing (PT)
* Categories of security assessments
* Vulnerability Assessment
* Limitations of Vulnerability Assessment
* Testing
o Penetration Testing
o Types of Penetration Testing
o Risk Management
o Do-It-Yourself Testing
o Outsourcing Penetration Testing Services
o Terms of Engagement
o Project Scope
o Pentest Service Level Agreements
o Testing points
o Testing Locations
o Automated Testing
o Manual Testing
o Using DNS Domain Name and IP Address Information
o Enumerating Information about Hosts on Publicly Available Networks
o Testing Network-filtering Devices
o Enumerating Devices
o Denial-of-Service Emulation
* Penetration Testing Tools
o Pentest using Appscan
o HackerShield
o Pen-Test Using Cerberus Internet Scanner
o Pen-Test Using Cybercop Scanner
o Pen-Test Using FoundScan Hardware Appliances
o Pen-Test Using Nessus
o Pen-Test Using NetRecon
o Pen-Test Using SAINT
o Pen-Test Using SecureNet Pro
o Pen-Test Using SecureScan
o Pen-Test Using SATAN, SARA and Security Analyzer
o Pen-Test Using STAT Analyzer
o Pentest Using VigilENT
o Pentest Using WebInspect
o Pentest Using CredDigger
o Pentest Using Nsauditor
o Evaluating Different Types of Pen-Test Tools
o Asset Audit
o Fault Tree and Attack Trees
o GAP Analysis
* Threat
o Business Impact of Threat
o Internal Metrics Threat
o External Metrics Threat
o Calculating Relative Criticality
o Test Dependencies
* Other Tools Useful in Pen-Test
o Defect Tracking Tools: Bug Tracker Server
o Disk Replication Tools
o DNS Zone Transfer Testing Tools
o Network Auditing Tools
o Trace Route Tools and Services
o Network Sniffing Tools
o Denial of Service Emulation Tools
o Traditional Load Testing Tools
o System Software Assessment Tools
o Operating System Protection Tools
o Fingerprinting Tools
o Port Scanning Tools
o Directory and File Access Control Tools
o File Share Scanning Tools
o Password Directories
o Password Guessing Tools
o Link Checking Tools
o Web-Testing Based Scripting tools
o Buffer Overflow protection Tools
o File Encryption Tools
o Database Assessment Tools
o Keyboard Logging and Screen Reordering Tools
o System Event Logging and Reviewing Tools
o Tripwire and Checksum Tools
o Mobile-code Scanning Tools
o Centralized Security Monitoring Tools
o Web Log Analysis Tools
o Forensic Data and Collection Tools
o Security Assessment Tools
o Multiple OS Management Tools
* Phases of Penetration Testing
* Pre-attack Phase
* Best Practices
* Results that can be Expected
* Passive Reconnaissance
* Active Reconnaissance
* Attack Phase
o Activity: Perimeter Testing
o Activity: Web Application Testing
o Activity: Wireless Testing
o Activity: Acquiring Target
o Activity: Escalating Privileges
o Activity: Execute, Implant and Retract
* Post Attack Phase and Activities
* Penetration Testing Deliverables Templates

Module 27: Covert Hacking

* Insider Attacks
* What is Covert Channel?
* Security Breach
* Why Do You Want to Use Covert Channel?
* Motivation of a Firewall Bypass
* Covert Channels Scope
* Covert Channel: Attack Techniques
* Simple Covert Attacks
* Advanced Covert Attacks
* Standard Direct Connection
* Reverse Shell (Reverse Telnet)
* Direct Attack Example
* In-Direct Attack Example
* Reverse Connecting Agents
* Covert Channel Attack Tools
o Netcat
o DNS Tunneling
o Covert Channel Using DNS Tunneling
o DNS Tunnel Client
o DNS Tunneling Countermeasures
o Covert Channel Using SSH
o Covert Channel using SSH (Advanced)
o HTTP/S Tunneling Attack
* Covert Channel Hacking Tool: Active Port Forwarder
* Covert Channel Hacking Tool: CCTT
* Covert Channel Hacking Tool: Firepass
* Covert Channel Hacking Tool: MsnShell
* Covert Channel Hacking Tool: Web Shell
* Covert Channel Hacking Tool: NCovert
o Ncovert - How it works
* Covert Channel Hacking via Spam E-mail Messages
* Hydan

Module 28: Writing Virus Codes

* Introduction of Virus
* Types of Viruses
* Symptoms of a Virus Attack
* Prerequisites for Writing Viruses
* Required Tools and Utilities
* Virus Infection Flow Chart
o Virus Infection: Step I
+ Directory Traversal Method
+ Example Directory Traversal Function
+ “dot dot” Method
+ Example Code for a “dot dot” Method
o Virus Infection: Step II
o Virus Infection: Step III
+ Marking a File for Infection
o Virus Infection: Step IV
o Virus Infection: Step V
* Components of Viruses
o Functioning of Replicator part
o Writing Replicator
o Writing Concealer
o Dispatcher
o Writing Bomb/Payload
+ Trigger Mechanism
+ Bombs/Payloads
+ Brute Force Logic Bombs
* Testing Virus Codes
* Tips for Better Virus Writing

Module 29: Assembly Language Tutorial

* Base 10 System
* Base 2 System
* Decimal 0 to 15 in Binary
* Binary Addition (C stands for Canary)
* Hexadecimal Number
* Hex Example
* Hex Conversion
* nibble
* Computer memory
* Characters Coding
* ASCII and UNICODE
* CPU
* Machine Language
* Compilers
* Clock Cycle
* Original Registers
* Instruction Pointer
* Pentium Processor
* Interrupts
* Interrupt handler
* External interrupts and Internal interrupts
* Handlers
* Machine Language
* Assembly Language
* Assembler
* Assembly Language Vs High-level Language
* Assembly Language Compilers
* Instruction operands
* MOV instruction
* ADD instruction
* SUB instruction
* INC and DEC instructions
* Directive
* preprocessor
* equ directive
* %define directive
* Data directives
* Labels
* Input and output
* C Interface
* Call
* Creating a Program
* Why should anyone learn assembly at all?
o First.asm
* Assembling the code
* Compiling the C code
* Linking the object files
* Understanding an assembly listing file
* Big and Little Endian Representation
* Skeleton File
* Working with Integers
* Signed integers
* Signed Magnitude
* Two’s Compliment
* If statements
* Do while loops
* Indirect addressing
* Subprogram
* The Stack
* The SS segment
* ESP
* The Stack Usage
* The CALL and RET Instructions
* General subprogram form
* Local variables on the stack
* General subprogram form with local variables
* Multi-module program
* Saving registers
* Labels of functions
* Calculating addresses of local variables

Module 30: Exploit Writing

* Exploits Overview
* Prerequisites for Writing Exploits and Shellcodes
* Purpose of Exploit Writing
* Types of Exploits
* Stack Overflow
* Heap Corruption
o Format String
o Integer Bug Exploits
o Race Condition
o TCP/IP Attack
* The Proof-of-Concept and Commercial Grade Exploit
* Converting a Proof of Concept Exploit to Commercial Grade Exploit
* Attack Methodologies
* Socket Binding Exploits
* Tools for Exploit Writing
o LibExploit
o Metasploit
o CANVAS
* Steps for Writing an Exploit
* Differences Between Windows and Linux Exploits
* Shellcodes
* NULL Byte
* Types of Shellcodes
* Tools Used for Shellcode Development
o NASM
o GDB
o objdump
o ktrace
o strace
o readelf
* Steps for Writing a Shellcode
* Issues Involved With Shellcode Writing
o Addressing problem
o Null byte problem
o System call implementation

Module 31: Smashing the Stack for Fun and Profit

* What is a Buffer?
* Static Vs Dynamic Variables
* Stack Buffers
* Data Region
* Memory Process Regions
* What Is A Stack?
* Why Do We Use A Stack?
* The Stack Region
* Stack frame
* Stack pointer
* Procedure Call (Procedure Prolog)
* Compiling the code to assembly
* Call Statement
* Return Address (RET)
* Word Size
* Stack
* Buffer Overflows
* Error
* Why do we get a segmentation violation?
* Segmentation Error
* Instruction Jump
* Guess Key Parameters
* Calculation
* Shell Code
o The code to spawn a shell in C
* Lets try to understand what is going on here. We'll start by studying main:
* execve()
o execve() system call
* exit.c
o List of steps with exit call
* The code in Assembly
* JMP
* Code using indexed addressing
* Offset calculation
* shellcodeasm.c
* testsc.c
* Compile the code
* NULL byte
* shellcodeasm2.c
* testsc2.c
* Writing an Exploit
* overflow1.c
* Compiling the code
* sp.c
* vulnerable.c
* NOPs
o Using NOPs
o Estimating the Location

Module 32: Windows Based Buffer Overflow Exploit Writing

* Buffer Overflow
* Stack overflow
* Writing Windows Based Exploits
* Exploiting stack based buffer overflow
* OpenDataSource Buffer Overflow Vulnerability Details
* Simple Proof of Concept
* Windbg.exe
* Analysis
* EIP Register
o Location of EIP
o EIP
* Execution Flow
* But where can we jump to?
* Offset Address
* The Query
* Finding jmp esp
* Debug.exe
* listdlls.exe
* Msvcrt.dll
* Out.sql
* The payload
* ESP
* Limited Space
* Getting Windows API/function absolute address
* Memory Address
* Other Addresses
* Compile the program
* Final Code

Module 33: Reverse Engineering

* Positive Applications of Reverse Engineering
* Ethical Reverse Engineering
* World War Case Study
* DMCA Act
* What is Disassembler?
* Why do you need to decompile?
* Professional Disassembler Tools
* Tool: IDA Pro
* Convert Machine Code to Assembly Code
* Decompilers
* Program Obfuscation
* Convert Assembly Code to C++ code
* Machine Decompilers
* Tool: dcc
* Machine Code of compute.exe Prorgam
* Assembly Code of compute.exe Program
* Code Produced by the dcc Decompiler in C
* Tool: Boomerang
* What Boomerang Can Do?
* Andromeda Decompiler
* Tool: REC Decompiler
* Tool: EXE To C Decompiler
* Delphi Decompilers
* Tools for Decompiling .NET Applications
* Salamander .NET Decompiler
* Tool: LSW DotNet-Reflection-Browser
* Tool: Reflector
* Tool: Spices NET.Decompiler
* Tool: Decompilers.NET
* .NET Obfuscator and .NET Obfuscation
* Java Bytecode Decompilers
* Tool: JODE Java Decompiler
* Tool: JREVERSEPRO
* Tool: SourceAgain
* Tool: ClassCracker
* Python Decompilers
* Reverse Engineering Tutorial
* OllyDbg Debugger
* How Does OllyDbg Work?
* Debugging a Simple Console Application

Module 34: Macintosh Hacking

* Introduction to MAC OS
* Vulnerabilities in MAC
o Buffer Overflow Vulnerability
o Local Privilege Escalation Vulnerabilities
o DiskManagement BOM Local Privilege Escalation Vulnerability
o HFS+ do_hfs_truncate() Denial of Service Vulnerability
o ATPsndrsp() Heap Buffer Overflow Vulnerability
o UFS ufs_lookup() Denial of Service Vulnerability
o Other Vulnerabilities in MAC
* How a Malformed Installer Package Can Crack Mac OS X
* Worm and Viruses in MAC
o OSX/Leap-A
o Inqtana.A
o Macro Viruses
* MAC OS X Trojans
o Termite
o Sub7ME
o WinJack
o Xover
o Hell Raiser 2.5b
* Anti-Viruses in MAC
o VirusBarrier
o McAfee Virex for Macintosh
o Sophos Endpoint Security and Control
o Norton Internet Security
* Mac Security Tools
o MacScan
o ClamXav
o IPNetsentryx
o FileGuard
* Countermeasures

Module 35: Hacking Routers, cable Modems and Firewalls

* Network Devices
* Identifying a Router
o SING: Tool for Identifying the Router
* HTTP Configuration Arbitrary Administrative Access Vulnerability
* ADMsnmp
* Solarwinds MIB Browser
* Brute-Forcing Login Services
* Hydra
* Analyzing the Router Config
* Cracking the Enable Password
* Tool: Cain and Abel
* Implications of a Router Attack
* Types of Router Attacks
* Router Attack Topology
* Denial of Service (DoS) Attacks
* Packet “Mistreating” Attacks
* Routing Table Poisoning
* Hit-and-run Attacks vs. Persistent Attacks
* Cisco Router
o Finding a Cisco Router
o How to Get into Cisco Router
o Breaking the Password
o Is Anyone Here
o Covering Tracks
o Looking Around
* Eigrp-tool
* Tool: Zebra
* Tool: Yersinia for HSRP, CDP, and other layer 2 attacks
* Tool: Cisco Torch
* Monitoring SMTP(port25) Using SLcheck
* Monitoring HTTP(port 80)
* Cable Modem Hacking
o OneStep: ZUP
* www.bypassfirewalls.net
* Waldo Beta 0.7 (b)

Module 36: Hacking Mobile Phones, PDA and Handheld Devices

* Different OS in Mobile Phone
* Different OS Structure in Mobile Phone
* Evolution of Mobile Threat
* Threats
* What Can A Hacker Do
* Vulnerabilities in Different Mobile Phones
* Malware
* Spyware
o Spyware: SymbOS/Htool-SMSSender.A.intd
o Spyware: SymbOS/MultiDropper.CG
o Best Practices against Malware
* Blackberry
o Blackberry Attacks
o Blackberry Attacks: Blackjacking
o BlackBerry Wireless Security
o BlackBerry Signing Authority Tool
o Countermeasures
* PDA
o PDA Security Issues
o ActiveSync attacks
o HotSync Attack
o PDA Virus: Brador
o PDA Security Tools: TigerSuite PDA
o Security Policies for PDAs
* iPod
o Misuse of iPod
o Jailbreaking
+ Tool for Jailbreaking: iDemocracy
+ Tool for Jailbreaking: iActivator
+ Tool for Jailbreaking: iNdependence
+ Tools for jailbreaking: iFuntastic
o Prerequisite for iPhone Hacking
o Step by Step iPhone Hacking using iFuntastic
o Step by step iPhone Hacking
o AppSnapp
+ Steps for AppSnapp
o Tool to Unlock iPhone: iPhoneSimFree
o Tool to Unlock iPhone: anySIM
o Steps for Unlocking your iPhone using AnySIM
o Activate the Voicemail Button on your Unlocked iPhone
o Podloso Virus
o Security tool: Icon Lock-iT XP
* Mobile: Is It a Breach to Enterprise Security?
o Threats to Organizations Due to Mobile Devices
o Security Actions by Organizations
* Viruses
o Skulls
o Duts
o Doomboot.A: Trojan
* Antivirus
o Kaspersky Antivirus Mobile
o Airscanner
o BitDefender Mobile Security
o SMobile VirusGuard
o Symantec AntiVirus
o F-Secure Antivirus for Palm OS
o BullGuard Mobile Antivirus
* Security Tools
o Sprite Terminator
o Mobile Security Tools: Virus Scan Mobile
* Defending Cell Phones and PDAs Against Attack
* Mobile Phone Security Tips

Module 37: Bluetooth Hacking

* Bluetooth Introduction
* Security Issues in Bluetooth
* Security Attacks in Bluetooth Devices
o Bluejacking
o Tools for Bluejacking
o BlueSpam
o Blue snarfing
o BlueBug Attack
o Short Pairing Code Attacks
o Man-In-Middle Attacks
o OnLine PIN Cracking Attack
o BTKeylogging attack
o BTVoiceBugging attack
o Blueprinting
o Bluesmacking - The Ping of Death
o Denial-of-Service Attack
o BlueDump Attack
* Bluetooth hacking tools
o BTScanner
o Bluesnarfer
o Bluediving
o Transient Bluetooth Environment Auditor
o BTcrack
o Blooover
o Hidattack
* Bluetooth Viruses and Worms
o Cabir
o Mabir
o Lasco
* Bluetooth Security tools
o BlueWatch
o BlueSweep
o Bluekey
o BlueFire Mobile Security Enterprise Edition
o BlueAuditor
o Bluetooth Network Scanner
* Countermeasures

Module 38: VoIP Hacking

* What is VoIP
* VoIP Hacking Steps
* Footprinting
o Information Sources
o Unearthing Information
o Organizational Structure and Corporate Locations
o Help Desk
o Job Listings
o Phone Numbers and Extensions
o VoIP Vendors
o Resumes
o WHOIS and DNS Analysis
o Steps to Perform Footprinting
* Scanning
o Host/Device Discovery
o ICMP Ping Sweeps
o ARP Pings
o TCP Ping Scans
o SNMP Sweeps
o Port Scanning and Service Discovery
o TCP SYN Scan
o UDP Scan
o Host/Device Identification
* Enumeration
o Steps to Perform Enumeration
o Banner Grabbing with Netcat
o SIP User/Extension Enumeration
+ REGISTER Username Enumeration
+ INVITE Username Enumeration
+ OPTIONS Username Enumeration
+ Automated OPTIONS Scanning with sipsak
+ Automated REGISTER, INVITE and OPTIONS Scanning with SIPSCAN against SIP server
+ Automated OPTIONS Scanning Using SIPSCAN against SIP Phones
o Enumerating TFTP Servers
o SNMP Enumeration
o Enumerating VxWorks VoIP Devices
* Steps to Exploit the Network
o Denial-of-Service (DoS)
o Distributed Denial-of-Service (DDoS) Attack
o Internal Denial-of-Service Attack
o DoS Attack Scenarios
o Eavesdropping
o Packet Spoofing and Masquerading
o Replay Attack
o Call Redirection and Hijacking
o ARP Spoofing
o ARP Spoofing Attack
o Service Interception
o H.323-Specific Attacks
o SIP Security Vulnerabilities
o SIP Attacks
o Flooding Attacks
o DNS Cache Poisoning
o Sniffing TFTP Configuration File Transfers
o Performing Number Harvesting and Call Pattern Tracking
o Call Eavesdropping
o Interception through VoIP Signaling Manipulation
o Man-In-The-Middle (MITM) Attack
o Application-Level Interception Techniques
+ How to Insert Rogue Application
+ SIP Rogue Application
+ Listening to/Recording Calls
+ Replacing/Mixing Audio
+ Dropping Calls with a Rogue SIP Proxy
+ Randomly Redirect Calls with a Rogue SIP Proxy
+ Additional Attacks with a Rogue SIP Proxy
o What is Fuzzing
+ Why Fuzzing
+ Commercial VoIP Fuzzing tools
o Signaling and Media Manipulation
+ Registration Removal with erase_registrations Tool
+ Registration Addition with add_registrations Tool
o VoIP Phishing
* Covering Tracks

Module 39: RFID Hacking

* RFID- Definition
* Components of RFID Systems
* RFID Collisions
* RFID Risks
o Business Process Risk
o Business Intelligence Risk
o Privacy Risk
o Externality Risk
+ Hazards of Electromagnetic Radiation
+ Computer Network Attacks
* RFID and Privacy Issues
* Countermeasures
* RFID Security and Privacy Threats
o Sniffing
o Tracking
o Spoofing
o Replay attacks
o Denial-of-service
* Protection Against RFID Attacks
* RFID Guardian
* RFID Malware
o How to Write an RFID Virus
o How to Write an RFID Worm
o Defending Against RFID Malware
* RFID Exploits
* Vulnerabilities in RFID-enabled Credit Cards
o Skimming Attack
o Replay Attack
o Eavesdropping Attack
* RFID Hacking Tool: RFDump
* RFID Security Controls
o Management Controls
o Operational Controls
o Technical Controls
* RFID Security

Module 40: Spamming

* Introduction
* Techniques used by Spammers
* How Spamming is performed
* Ways of Spamming
* Spammer: Statistics
* Worsen ISP: Statistics
* Top Spam Effected Countries: Statistics
* Types of Spam Attacks
* Spamming Tools
o Farelogic Worldcast
o 123 Hidden Sender
o YL Mail Man
o Sendblaster
o Direct Sender
o Hotmailer
o PackPal Bulk Email Server
o IEmailer
* Anti-Spam Techniques
* Anti- Spamming Tools
o AEVITA Stop SPAM Email
o SpamExperts Desktop
o SpamEater Pro
o SpamWeasel
o Spytech SpamAgent
o AntispamSniper
o Spam Reader
o Spam Assassin Proxy (SA) Proxy
o MailWasher Free
o Spam Bully
* Countermeasures

Module 41: Hacking USB Devices

* Introduction to USB Devices
* Electrical Attack
* Software Attack
* USB Attack on Windows
* Viruses and Worms
o W32/Madang-Fam
o W32/Hasnot-A
o W32/Fujacks-AK
o W32/Fujacks-E
o W32/Dzan-C
o W32/SillyFD-AA
o W32/SillyFDC-BK
o W32/LiarVB-A
o W32/Hairy-A
o W32/QQRob-ADN
o W32/VBAut-B
o HTTP W32.Drom
* Hacking Tools
o USB Dumper
o USB Switchblade
o USB Hacksaw
* USB Security Tools
o MyUSBonly
o USBDeview
o USB-Blocker
o USB CopyNotify
o Remora USB File Guard
o Advanced USB Pro Monitor
o Folder Password Expert USB
o USBlyzer
o USB PC Lock Pro
o Torpark
o Virus Chaser USB
* Countermeasures

Module 42: Hacking Database Servers

* Hacking Database server: Introduction
* Hacking Oracle Database Server
o Attacking Oracle
o Security Issues in Oracle
o Types of Database Attacks
o How to Break into an Oracle Database and Gain DBA Privileges
o Oracle Worm: Voyager Beta
o Ten Hacker Tricks to Exploit SQL Server Systems
* Hacking SQL Server
o How SQL Server is Hacked
o Query Analyzer
o odbcping Utility
o Tool: ASPRunner Professional
o Tool: FlexTracer
* Security Tools
* SQL Server Security Best Practices: Administrator Checklist
* SQL Server Security Best Practices: Developer Checklist

Module 43: Cyber Warfare- Hacking, Al-Qaida and Terrorism

* Cyber Terrorism Over Internet
* Cyber-Warfare Attacks
* 45 Muslim Doctors Planned US Terror Raids
* Net Attack
* Al-Qaeda
* Why Terrorists Use Cyber Techniques
* Cyber Support to Terrorist Operations
* Planning
* Recruitment
* Research
* Propaganda
* Propaganda: Hizballah Website
* Cyber Threat to the Military
* Russia ‘hired botnets’ for Estonia Cyber-War
* NATO Threatens War with Russia
* Bush on Cyber War: ‘a subject I can learn a lot about’
* E.U. Urged to Launch Coordinated Effort Against Cybercrime
* Budget: Eye on Cyber-Terrorism Attacks
* Cyber Terror Threat is Growing, Says Reid
* Terror Web 2.0
* Table 1: How Websites Support Objectives of terrorist/Extremist Groups
* Electronic Jihad
* Electronic Jihad' App Offers Cyber Terrorism for the Masses
* Cyber Jihad – Cyber Firesale
* http://internet-haganah.com/haganah/

Module 44: Internet Content Filtering Techniques

* Introduction to Internet Filter
* Key Features of Internet Filters
* Pros and Cons of Internet Filters
* Internet Content Filtering Tools
o iProtectYou
o Tool: Block Porn
o Tool: FilterGate
o Tool: Adblock
o Tool: AdSubtract
o Tool: GalaxySpy
o Tool: AdsGone Pop Up Killer
o Tool: Anti­PopUp
o Tool: Pop Up Police
o Tool: Super Ad Blocker
o Tool: Anti-AD Guard
o Net Nanny
o CyberSieve
o BSafe Internet Filter
o Tool: Stop-the-Pop-Up Lite
o Tool: WebCleaner
o Tool: AdCleaner
o Tool: Adult Photo Blanker
o Tool: LiveMark Family
o Tool: KDT Site Blocker
o Internet Safety Guidelines for Children

Module 45: Privacy on the Internet

* Internet privacy
* Proxy privacy
* Spyware privacy
* Email privacy
* Cookies
* Examining Information in Cookies
* How Internet Cookies Work
* How Google Stores Personal Information
* Google Privacy Policy
* Web Browsers
* Web Bugs
* Downloading Freeware
* Internet Relay Chat
* Pros and Cons of Internet Relay Chat
* Electronic Commerce
* Internet Privacy Tools: Anonymizers
o Anonymizer Anonymous Surfing
o Anonymizer Total Net Shield
o Anonymizer Nyms
o Anonymizer Anti-Spyware
o Anonymizer Digital Shredder Lite
o Steganos Internet Anonym
o Invisible IP Map
o NetConceal Anonymity Shield
o Anonymous Guest
o ViewShield
o IP Hider
o Mask Surf Standard
o VIP Anonymity
o SmartHide
o Anonymity Gateway
o Hide My IP
o Claros Anonymity
o Max Internet Optimizer
o Hotspot Shield
o Anonymous Browsing Toolbar
o Invisible Browsing
o Real Time Cleaner
o Anonymous Web Surfing
o Anonymous Friend
o Easy Hide IP
* Internet Privacy Tools: Firewall Tools
o Agnitum firewall
o Firestarter
o Sunbelt Personal Firewall
o Netdefender
* Internet Privacy Tools: Others
o Privacy Eraser
o CookieCop
o Cookiepal
o Historykill
o Tracks eraser
* Best Practices
o Protecting Search Privacy
o Tips for Internet Privacy
* Counter measures

Module 46: Securing Laptop Computers

* Statistics for Stolen and Recovered Laptops
* Statistics on Security
* Percentage of Organizations Following the Security Measures
* Laptop threats
* Laptop Theft
* Fingerprint Reader
* Protecting Laptops Through Face Recognition
* Bluetooth in Laptops
* Tools
o Laptop Security
o Laptop Security Tools
o Laptop Alarm
o Flexysafe
o Master Lock
o eToken
o STOP-Lock
o True Crypt
o PAL PC Tracker
o Cryptex
o Dekart Private Disk Multifactor
o Laptop Anti-Theft
o Inspice Trace
o ZTRACE GOLD
o SecureTrieve Pro
o XTool Laptop Tracker
o XTool Encrypted Disk
o XTool Asset Auditor
o XTool Remote Delete
* Securing from Physical Laptop Thefts
* Hardware Security for Laptops
* Protecting the Sensitive Data
* Preventing Laptop Communications from Wireless Threats
* Protecting the Stolen Laptops from Being Used
* Security Tips

Module 47: Spying Technologies

* Spying
* Motives of Spying
* Spying Devices
o Spying Using Cams
o Video Spy
o Video Spy Devices
o Tiny Spy Video Cams
o Underwater Video Camera
o Camera Spy Devices
o Goggle Spy
o Watch Spy
o Pen Spy
o Binoculars Spy
o Toy Spy
o Spy Helicopter
o Wireless Spy Camera
o Spy Kit
o Spy Scope: Spy Telescope and Microscope
o Spy Eye Side Telescope
o Audio Spy Devices
o Eavesdropper Listening Device
o GPS Devices
o Spy Detectors
o Spy Detector Devices
* Vendors Hosting Spy Devices
o Spy Gadgets
o Spy Tools Directory
o Amazon.com
o Spy Associates
o Paramountzone
o Surveillance Protection
* Spying Tools
o Net Spy Pro-Computer Network Monitoring and Protection
o SpyBoss Pro
o CyberSpy
o Spytech SpyAgent
o ID Computer Spy
o e-Surveiller
o KGB Spy Software
o O&K Work Spy
o WebCam Spy
o Golden Eye
* Anti-Spying Tools
o Internet Spy Filter
o Spybot - S&D
o SpyCop
o Spyware Terminator
o XoftSpySE

Module 48: Corporate Espionage- Hacking Using Insiders

* Introduction To Corporate Espionage
* Information Corporate Spies Seek
* Insider Threat
* Different Categories of Insider Threat
* Privileged Access
* Driving Force behind Insider Attack
* Common Attacks carried out by Insiders
* Techniques Used for Corporate Espionage
* Process of Hacking
* Former Forbes Employee Pleads Guilty
* Former Employees Abet Stealing Trade Secrets
* California Man Sentenced For Hacking
* Federal Employee Sentenced for Hacking
* Facts
* Key Findings from U.S Secret Service and CERT Coordination Center/SEI study on Insider Threat
* Tools
o NetVizor
o Privatefirewall w/Pest Patrol
* Countermeasures
o Best Practices against Insider Threat
o Countermeasures

Module 49: Creating Security Policies

* Security policies
* Key Elements of Security Policy
* Defining the Purpose and Goals of Security Policy
* Role of Security Policy
* Classification of Security Policy
* Design of Security Policy
* Contents of Security Policy
* Configurations of Security Policy
* Implementing Security Policies
* Types of Security Policies
o Promiscuous Policy
o Permissive Policy
o Prudent Policy
o Paranoid Policy
o Acceptable-Use Policy
o User-Account Policy
o Remote-Access Policy
o Information-Protection Policy
o Firewall-Management Policy
o Special-Access Policy
o Network-Connection Policy
o Business-Partner Policy
o Other Important Policies
* Policy Statements
* Basic Document Set of Information Security Policies
* E-mail Security Policy
o Best Practices for Creating E-mail Security Policies
o User Identification and Passwords Policy
* Software Security Policy
* Software License Policy
* Points to Remember While Writing a Security Policy
* Sample Policies
o Remote Access Policy
o Wireless Security Policy
o E-mail Security Policy
o E-mail and Internet Usage Policies
o Personal Computer Acceptable Use Policy
o Firewall Management policy
o Internet Acceptable Use Policy
o User Identification and Password Policy
o Software License Policy

Module 50: Software Piracy and Warez

* Software Activation: Introduction
o Process of Software Activation
* Piracy
o Piracy Over Internet
o Abusive Copies
o Pirated Copies
o Cracked Copies
o Impacts of piracy
o Software Piracy Rate in 2006
o Piracy Blocking
* Software Copy Protection Backgrounders
o CD Key Numbers
o Dongles
o Media Limited Installations
o Protected Media
o Hidden Serial Numbers
o Digital Right Management (DRM)
o Copy protection for DVD
* Warez
o Warez
o Types of Warez
o Warez Distribution
o Distribution Methods
* Tool: Crypkey
* Tool: EnTrial
* EnTrial Tool: Distribution File
* EnTrial Tool: Product & Package Initialization Dialog
* EnTrial Tool: Add Package GUI
* Tool: DF_ProtectionKit
* Tool: Crack Killer
* Tool: Logic Protect
* Tool: Software License Manager
* Tool: Quick License Manager
* Tool: WTM CD Protect

Module 51: Hacking and Cheating Online Games

* Online Games
* Basics of Game Hacking
* Online Gaming Exploits
* Types of Exploits
* Online Gaming Risks
* Threats in Online Gaming
* Online Gaming Theft
* How Passwords for Online Games are Stolen
* Social Engineering and Phishing
* An Example of a Phishing Email
* Exploiting Game Server Vulnerabilities
* Vulnerability in-game chat in Lineage 2
* Using Malware
* Malicious Programs and Malware
* Email-Worm.Win32.Lewor.a
* Part of a file infected by Virus.Win32.Alman.a
* Online Gaming Malware from 1997-2007
* How Modern Attacks are Conducted
* Geographical Considerations
* Statistics
* Best Practices for Secure Online Gaming

Module 52: Hacking RSS and Atom

* Introduction
* Areas Where RSS and Atom is Used
* Building a Feed Aggregator
* Routing Feeds to the Email Inbox
* Monitoring the Server with Feeds
* Tracking Changes in Open Source Projects
* Risks by Zone
o Remote Zone risk
o Local Zone Risk
* Reader Specific Risks
* Utilizing the Web Feeds Vulnerabilities
* Example for Attacker to Attack the Feeds
* Tools
o Perseptio FeedAgent
o RssFeedEater
o Thingamablog
o RSS Builder
o RSS Submit
o FeedDemon
o FeedForAll
o FeedExpress
o RSS and Atom Security

Module 53: Hacking Web Browsers

* Introduction
* How Web Browsers Work
* How Web Browsers Access HTML Documents
* Protocols for an URL
* Hacking Firefox
o Firefox Proof of Concept Information Leak Vulnerability
o Firefox Spoofing Vulnerability
o Password Vulnerability
o Concerns With Saving Form Or Login Data
o Cleaning Up Browsing History
o Cookies
o Internet History Viewer: Cookie Viewer
* Firefox Security
o Blocking Cookies Options
o Tools For Cleaning Unwanted Cookies
o Tool: CookieCuller
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data
o Mozilla Firefox Security Features
* Hacking Internet Explorer
o Redirection Information Disclosure Vulnerability
o Window Injection Vulnerability
* Internet Explorer Security
o Getting Started
o Security Zones
o Custom Level
o Trusted Sites Zone
o Privacy
o Overwrite Automatic Cookie Handling
o Per Site Privacy Actions
o Specify Default Applications
o Internet Explorer Security Features
* Hacking Opera
o JavaScript Invalid Pointer Vulnerability
o BitTorrent Header Parsing Vulnerability
o Torrent File Handling Buffer Overflow Vulnerability
* Security Features of Opera
o Security and Privacy Features
* Hacking Safari
o Safari Browser Vulnerability
o iPhone Safari Browser Memory Exhaustion Remote Dos Vulnerability
* Securing Safari
o Getting started
o Preferences
o AutoFill
o Security Features
* Hacking Netscape
o Netscape Navigator Improperly Validates SSL Sessions
o Netscape Navigator Security Vulnerability
* Securing Netscape
o Getting Started
o Privacy Settings
o Security Settings
o Content Settings
o Clear Private Data

Module 54: Proxy Server Technologies

* Introduction: Proxy Server
* Working of Proxy Server
* Types of Proxy Server
* Socks Proxy
* Free Proxy Servers
* Use of Proxies for Attack
* Tools
o WinGate
o UserGate Proxy Server
o Advanced FTP Proxy Server
o Trilent FTP Proxy
o SafeSquid
o AllegroSurf
o ezProxy
o Proxy Workbench
o ProxyManager Tool
o Super Proxy Helper Tool
o MultiProxy
* How Does MultiProxy Work
* TOR Proxy Chaining Software
* TOR Proxy Chaining Software
* AnalogX Proxy
* NetProxy
* Proxy+
* ProxySwitcher Lite
* Tool: JAP
* Proxomitron
* SSL Proxy Tool
* How to Run SSL Proxy

Module 55: Data Loss Prevention

* Introduction: Data Loss
* Causes of Data Loss
* How to Prevent Data Loss
* Impact Assessment for Data Loss Prevention
* Tools
o Security Platform
o Check Point Software: Pointsec Data Security
o Cisco (IronPort)
o Content Inspection Appliance
o CrossRoads Systems: DBProtector
o Strongbox DBProtector Architecture
o DeviceWall
o Exeros Discovery
o GFi Software: GFiEndPointSecurity
o GuardianEdge Data Protection Platform
o ProCurve Identity Driven Manager (IDM)
o Imperva: SecureSphere
o MailMarshal
o WebMarshal
o Marshal EndPoint
o Novell ZENworks Endpoint Security Management
o Prism EventTracker
o Proofpoint Messaging Security Gateway
o Proofpoint Platform Architecture
o Summary Dashboard
o End-user Safe/Block List
o Defiance Data Protection System
o Sentrigo: Hedgehog
o Symantec Database Security
o Varonis: DataPrivilege
o Verdasys: Digital Guardian
o VolumeShield AntiCopy
o Websense Content Protection Suite

Module 56: Hacking Global Positioning System (GPS)

* Global Positioning System (GPS)
* Terminologies
* GPS Devices Manufacturers
* Gpsd-GPS Service Daemon
* Sharing Waypoints
* Wardriving
* Areas of Concern
* Sources of GPS Signal Errors
* Methods to Mitigate Signal Loss
* GPS Secrets
o GPS Hidden Secrets
o Secret Startup Commands in Garmin
o Hard Reset/ Soft Reset
* Firmware Hacking
o Firmware
o Hacking GPS Firmware: Bypassing the Garmin eTrex Vista Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Legend Startup Screen
o Hacking GPS Firmware: Bypassing the Garmin eTrex Venture Startup Screen
* GPS Tools
o Tool: GPS NMEA LOG
o Tool: GPS Diagnostic
o Tool: RECSIM III
o Tool: G7toWin
o Tool: G7toCE
o Tool: GPS Security Guard
o GPS Security Guard Functions
o UberTracker

Module 57: Computer Forensics and Incident Handling

* Computer Forensics
o What is Computer Forensics
o Need for Computer Forensics
o Objectives of Computer Forensics
o Stages of Forensic Investigation in Tracking Cyber Criminals
o Key Steps in Forensic Investigations
o List of Computer Forensics Tools
* Incident Handling
o Present Networking Scenario
o What is an Incident
o Category of Incidents: Low Level
o Category of Incidents: Mid Level
o Category of Incidents: High Level
o How to Identify an Incident
o How to Prevent an Incident
o Defining the Relationship between Incident Response, Incident Handling, and Incident Management
o Incident Response Checklist
o Handling Incidents
o Procedure for Handling Incident
+ Stage 1: Preparation
+ Stage 2: Identification
+ Stage 3: Containment
+ Stage 4: Eradication
+ Stage 5: Recovery
+ Stage 6: Follow-up
* Incident Management
* Why don’t Organizations Report Computer Crimes
* Estimating Cost of an Incident
* Whom to Report an Incident
* Incident Reporting
* Vulnerability Resources
* What is CSIRT
o CSIRT: Goals and Strategy
o Why an Organization needs an Incident Response Team
o CSIRT Case Classification
o Types of Incidents and Level of Support
o Incident Specific Procedures-I (Virus and Worm Incidents)
o Incident Specific Procedures-II (Hacker Incidents)
o Incident Specific Procedures-III (Social Incidents, Physical Incidents)
o How CSIRT Handles Case: Steps
o Example of CSIRT
o Best Practices for Creating a CSIRT
+ Step 1: Obtain Management Support and Buy-in
+ Step 2: Determine the CSIRT Development Strategic Plan
+ Step 3: Gather Relevant Information
+ Step 4: Design your CSIRT Vision
+ Step 5: Communicate the CSIRT Vision
+ Step 6: Begin CSIRT Implementation
+ Step 7: Announce the CSIRT
* World CERTs http://www.trusted-introducer.nl/teams/country.html
* http://www.first.org/about/organization/teams/
* IRTs Around the World

Module 58: Credit Card Frauds

* E-Crime
* Statistics
* Credit Card
o Credit Card Fraud
o Credit Card Fraud Over Internet
o Net Credit/Debit Card Fraud In The US After Gross Charge-Offs
* Credit Card Generators
o Credit Card Generator
o RockLegend’s !Credit Card Generator
* Credit Card Fraud Detection
o Credit Card Fraud Detection Technique: Pattern Detection
o Credit Card Fraud Detection Technique: Fraud Screening
o XCART: Online fraud Screening Service
o Card Watch
o MaxMind Credit Card Fraud Detection
o 3D Secure
o Limitations of 3D Secure
o FraudLabs
o www.pago.de
o Pago Fraud Screening Process
o What to do if you are a Victim of a Fraud
o Facts to be Noted by Consumers
* Best Practices: Ways to Protect Your Credit Cards

Module 59: How to Steal Passwords

* Password Stealing
* How to Steal Passwords
* Password Stealing Techniques
* Password Stealing Trojans
o MSN Hotmail Password Stealer
o AOL Password Stealer
o Trojan-PSW.Win32.M2.14.a
o CrazyBilets
o Dripper
o Fente
o GWGhost
o Kesk
o MTM Recorded pwd Stealer
o Password Devil
* Password Stealing Tools
o Password Thief
o Remote Password Stealer
o POP3 Email Password Finder
o Instant Password Finder
o MessenPass
o PstPassword
o Remote Desktop PassView
o IE PassView
o Yahoo Messenger Password
* Recommendations for Improving Password Security
* Best Practices

Module 60: Firewall Technologies

* Firewalls: Introduction
* Hardware Firewalls
o Hardware Firewall
o Netgear Firewall
o Personal Firewall Hardware: Linksys
o Personal Firewall Hardware: Cisco’s PIX
o Cisco PIX 501 Firewall
o Cisco PIX 506E Firewall
o Cisco PIX 515E Firewall
o CISCO PIX 525 Firewall
o CISCO PIX 535 Firewall
o Check Point Firewall
o Nortel Switched Firewall
* Software Firewalls
o Software Firewall
* Windows Firewalls
o Norton Personal Firewall
o McAfee Personal Firewall
o Symantec Enterprise Firewall
o Kerio WinRoute Firewall
o Sunbelt Personal Firewall
o Xeon Firewall
o InJoy Firewall
o PC Tools Firewall Plus
o Comodo Personal Firewall
o ZoneAlarm
o Linux Firewalls
o KMyFirewall
o Firestarter
o Guarddog
o Firewall Builder
* Mac OS X Firewalls
o Flying Buttress
o DoorStop X Firewall
o Intego NetBarrier X5
o Little Snitch

Module 61: Threats and Countermeasures

Module 62: Case Studies

Module 63: Botnets

* What Is a Botnet?
* The Botnet Life Cycle
* Uses of Botnets
* How to Identify Whether Your Computer is a Botnet
* Common Botnets
o SDBot
o RBot
o Agobot
o Spybot
o Mytob
* Botnet Detection: Tools and Techniques
o Abuse E-mail
o Network Infrastructure: Tools and Techniques
o Intrusion Detection
o Darknets, Honeypots, and Other Snares
o Forensics Techniques and Tools for Botnet Detection
* Tool: Ourmon
o How Ourmon Works
* Anomaly Detection
o TCP Anomaly Detection by Ourmon
o UDP Anomaly Detection by Ourmon
o Detecting E-mail Anomalies using Ourmon
* IRC Protocol
o Ourmon’s RRDTOOL Statistics and IRC Reports
* Detecting an IRC Client Botnet
* Detecting an IRC Botnet Server
* Automated Packet Capture
* Ourmon Event Log
o DNS and C&C Technology
o Tricks for Searching the Ourmon Logs
* Sniffing IRC Messages
* Sandboxes
* CWSandbox
o Operations Revealed by CWSandbox
* Automated Analysis Suite (AAS)
* Responding to Botnets

Module 64: Economic Espionage

* Economic Espionage
* Who are Behind This?
* Motives
* Economic Intelligence
* Trade Secrets
* How Foreign Competitors Get the Information
* Methods of Acquiring Trade Secrets
* How Economic Espionage Increases
* Difference Between Industrial Espionage and Economic Espionage
* Competitive Intelligence
o Competitive Intelligence Is Not Corporate Espionage
* The Economic Espionage Act of 1996, 18 U.S.C. §§ 1831-1839
* Methods for Economic Espionage Protection

Module 65: Patch Management

* Hotfixes and Patches
* What is Patch Management
* Patch Testing
* Understanding Patch Monitoring and Management
* Types of Patches Defined by Microsoft
* Opsware Server Automation System (SAS)
o Tool: UpdateExpert
o Tool: Qfecheck
o Tool: HFNetChk
o cacls.exe Utility
o Tool: Shavlik NetChk Protect
o Tool: Kaseya Patch Management
o Tool: IBM Tivoli Configuration Manager
o Tool: LANDesk Patch Manager
o Tool: ConfigureSoft Enterprise Configuration Manager (ECM)
o Tool: BladeLogic Configuration Manager
o Tool: Microsoft Baseline Security Analyzer (MBSA)
+ MBSA: Scanning Updates in GUI Mode
+ MBSA: Scanning Updates in Command-line Version
o Tool: QChain
o Tool: BigFix Enterprise Suite (BFS)
o Tool: Shavlik NetChk Protect
o Tool: PatchLink Update
o Tool: SecureCentral PatchQuest
o Tool: Patch Authority Ultimate
o Tool: ZENworks Patch Management
o Tool: Ecora Patch Manager
o Tool: Service Pack Manager
o Tool: Altiris Patch Management Solution
o Tool: BMC Patch Manager
o Tool: Hotfix Reporter
o Tool: Numara Patch Manager
o Tool: TrueUpdate
o Tool: FlashUpdate
o Tool: Microsoft Software Update Services (SUS)
o Tool: Prism Patch Manager
o Tool: Patch-Magic
* Patch Management Checklist
* Best Practices for Patch Management

Module 66: Security Convergence

* Security Convergence
* Challenges Confronting an Effective Security Convergence Policy
* Benefits of Using Risk Management in Planning IT Security Administration
* RAMCAP
* Open Security Exchange (OSE)
* CISO (Chief Information Security Officer)
* Elements of Building Secure Operations
* Enterprise Security Management (ESM)
o ESM Deployment Strategies
* Convergence of Network Operations and Security Operations
* Log Collection
* Log Normalization
* Log Severity
* Log Time Correction
* Log Categorization
* Event Storage
* Discovering and Interacting with Patterns
o Discovering and Interacting with Patterns: Data Sources
* Intelligent Platform Management Interface (IPMI) Standard

Appendix

* Trojan: Phatbot
* Trojan: Amitis
* Trojan: Senna Spy
* Trojan: QAZ
* Trojan: Back Orifice
* Trojan: Back Oriffice 2000
* Back Oriffice Plug-ins
* Trojan: SubSeven
* Trojan: CyberSpy Telnet Trojan
* Trojan: Subroot Telnet Trojan
* Trojan: Let Me Rule! 2.0 BETA 9
* Trojan: Donald Dick
* Trojan: RECUB

2 التعليقات:

  1. I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. wahabtech.net I hope to have many more entries or so from you.
    Very interesting blog.
    ClamXAV Crack

    ردحذف

Bookmark and Share

أقسام المدونة

2015 (1) أبراج (44) اتصالات (113) أحياء (1) اخبار (136) اخطاء (1) ادسنس (2) ادعيه (7) أزواق (1) إستخراج (1) إسرائيل (7) اسرار (1) أعشاب (19) أعياد (1) أغانى (7) أفريقيا (1) أفكار (2) أفلام (4) إقتصاد (19) الأردن (2) الأرض (12) الاسره (1) الأطفال (33) الإلكترونيه (3) الألوان (1) الأنبياء (1) البحرين (1) البشرة الدهنيه (1) البيئة (14) الترتيب (1) الجزائر (2) الجن (1) الربح (7) الرجل (40) الرسول (12) الزواج وأنواعه (31) السعوديه (10) الشبكة (9) الشعر (30) الشمس (6) الشوربات (19) الشيطان (2) الصيف (1) الصين (2) ألعاب (3) العالم (19) العراق (3) العنكبوتيه (1) الفراسه (6) القمر (4) القنوات الأجنبية (3) الكويت (1) الله (20) ألمانيا (2) المرأه (96) المغرب (2) المنصورة (2) الهجرة (7) الهند (2) الهيدروجين (1) أمثال (1) أمراض_الجسم​ (1) أمريكا (10) إنجلترا (1) أوراكل (4) أوروبا (1) إيران (2) إيميلات (5) باكستان (1) بترول (1) بحث (4) برامج (29) برمجة (6) بريطانيا (2) بسكلته (5) بشرتك (10) بطاقات (1) بناء (1) بنوك (2) بورصة (23) تاريخ (45) تحب (3) تحضير (1) تخسيس​ (1) ترددات (15) تركيا (1) تركيب (1) تساقط (8) تطوير المواقع (29) تعريفات (16) تعليم (43) تفاحة​ (1) تفاحة_فى_اليوم​ (1) تكنولوجيا (44) تلوث (3) توقعات (12) تونس (1) تونس. سفارات (1) ثورة (1) جمال (4) جوال (1) جوجل (19) حذف الباتش (1) حساسية (2) حشرات (1) حقائق (1) حقيقه ام خيال (23) حقيقه_وخيال​ (1) حكم (1) حيوانات (5) خضروات (8) خلق (2) دبى (2) دليل (2) دورات أمن المعلومات (19) دورة (4) ديكور (1) دين (120) ذهب (2) رسائل (1) رمز (1) رمضان (9) روسيا (3) رياضه (14) زراعه (9) زيادة (1) سامسونج (1) سفارات (5) سلامة (1) سندوتشات (2) سوريا (1) سويسرا (1) سيارة (6) شخصيات (64) شخصيتك (18) شركات (32) شعر (5) شمس (3) صحتك (289) صلصه (5) صناعة (1) صور (11) طائرات (2) طاقة (3) طاقه المستقبل (1) طاقه حره (2) طب (1) طب_ولا_عك​ (1) طيور (18) عسكرى (25) عسل (1) علاج (70) علم البصريات (6) علماء (1) علوم (18) عيد (1) عيون (17) غاز (2) فتاوى (1) فرنسا (2) فضاء (16) فلسطين (12) فلك (12) فليسطين (3) فوائد (10) فواكة (8) فواكة_وخضروات​ (1) فودافون (4) فوركس (3) فيديو (9) فيس بوك (2) قاعدة البيانات (2) قتال (6) قصص (12) قطر (4) قمر العربسات (2) قيام الليل (1) كاريكتير (3) كتب (12) كربوهيردات​ (1) كمال اجسام (1) كمبيوتر (84) كوبا (1) كوريا (1) كيتو​ (1) كيمياء (23) لغة (1) لهجات (1) ليبيا (1) لينكس (2) مجموعة (1) محرك (4) مسجات (1) مشروعات (4) مصر (111) مطبخك (214) معادن (1) معلومات (29) مقاتلات (1) مقالات (31) مكونات (2) منتجات زراعيه (1) مهارات (1) مواقع (61) موبايل (1) موضه (2) مياه (4) نشيد (1) نصائح (8) نظم (6) نكت (8) نوكيا (15) هندسه (5) هواتف (54) وصايا (1) وظائف (9) ويندوز (3) يوتيوب (5) AdSense (4) AdWords (1) call center (2) ebay (2) Egypt (1) HSPA (2) ORACLE (2) qmax (1) search (1) seo (3) Wikipedia (2)

 
;