Certified Ethical Hacker (Saturday Sessions)

This course is already delivered, please contact us for the next available session tel:+357 22 44 14 92
Course Outline in PDF

Overview:

This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems

Who Should Attend:

This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Outline:
 
Module 1: Introduction to Ethical Hacking


•Internet Crime Current Report: IC3
•Data Breach Investigations Report
•Types of Data Stolen From the Organizations
•Essential Terminologies
•Elements of Information Security
•Authenticity and Non-Repudiation
•Effects of Hacking
•Who is a Hacker?
•Hacker Classes
•What Does a Hacker Do?
•Types of Attacks on a System
•Why Ethical Hacking is Necessary?
•Defense in Depth
•Scope and Limitations of Ethical Hacking
•What Do Ethical Hackers Do?
•Skills of an Ethical Hacker
•Vulnerability Research

Module 2: Footprinting and Reconnaissance

•Footprinting Terminologies
•What is Footprinting?
•Objectives of Footprinting
•Footprinting Threats
•Locate Internal URL
•Public and Restricted Websites
•Search for Company’s Information
•Gather Information from Financial
•Footprinting Through Job Sites
•Monitoring Target Using Alerts
•Competitive Intelligence Gathering
•WHOIS Lookup
•Locate the Network Range
•Traceroute
•Mirroring Entire Website
•Extract Website Information from http://www.archive.org
•Monitoring Web Updates Using Website Watcher
•Google Hacking Tool: Google Hacking Database (GHDB)
•Google Hacking Tools
•Additional Footprinting Tools

Module 3: Scanning Networks

•Network Scanning
•Types of Scanning
•Ping Sweep
•Scanning: IDS Evasion Techniques
•IP Fragmentation Tools
•Scanning Tool: Nmap
•War Dialing
•Why War Dialing?
•War Dialing Tools
•Banner Grabbing Tool: ID Serve
•GET REQUESTS
•Banner Grabbing Tool: Net craft
•Banner Grabbing Tools
•Network Vulnerability Scanners
•LANsurveyor
•Network Mappers
•Proxy Servers
•Proxy Workbench
•Proxifier Tool: Create Chain of Proxy Servers
•TOR (The Onion Routing)
•TOR Proxy Chaining Software
•Types of Anonymizers
•Case: Bloggers Write Text Backwards to Bypass Web Filters in China
•Text Conversion to Avoid Filters
•Censorship Circumvention
•IP Spoofing Detection Techniques: TCP Flow Control Method
•IP Spoofing Countermeasures
•Scanning Pen Testing

Module 4: Enumeration

•What is Enumeration
•Techniques for Enumeration
•Enumerating User Accounts
•Enumerate Systems Using Default Passwords
•UNIX/Linux Enumeration
•LDAP Enumeration
•NTP Enumeration
•SMTP Enumeration
•Enumeration Countermeasures

Module 5: System Hacking

•Information at Hand Before System Hacking Stage
•System Hacking: Goals
•CEH Hacking Methodology (CHM)
•Password Cracking
•Microsoft Authentication
•How Hash Passwords are Stored in Windows SAM?
•What is LAN Manager Hash?
•Salting
•PWdump7 and Fgdum
•Password Cracking Tools
•Active@ Password Changer
•Privilege Escalation Tools
•How to Defend against Privilege Escalation?
•Executing Applications
•Keylogger
•Types of Keystroke Loggers
•Acoustic/CAM Keylogger
•Rootkits
•Types of Rootkits
•How Rootkit Works
•What is Steganography and types
•Image Steganography & Document

Module 6: Trojans & Backdoors

•What is a Trojan and the purpose
•What Do Trojan Creators Look For?
•Indications of a Trojan Attack
•Common Ports used by Trojans
•How to Infect Systems Using a Trojan?
•Wrappers
•Different Ways a Trojan can Get into a System
•How to Deploy a Trojan?
•Evading Anti-Virus Techniques
•Types of Trojans
•Destructive Trojans
•Notification Trojans
•Credit Card Trojans
•How to Detect Trojans?
•Trojan Countermeasures
•Backdoor Countermeasures
•Trojan Horse Construction Kit

Module 7: Viruses & worm

•Introduction to Viruses
•Virus and Worm Statistics 2010
•Stages of Virus Life
•Working of  Viruses: Infection Phase
•Working of  Viruses: Attack Phase
•Why Do People Create Computer Viruses?
•Indications of Virus Attack
•How does a Computer get Infected by Viruses?
•Virus Hoaxes
•Virus Analysis:
•Types of Viruses
•Computer worms
•How is a Worm Different from a Virus?
•What is Sheep Dip Computer?
•Anti-Virus Sensors Systems
•Malware Analysis Procedure
•String Extracting Tool: Bintext
•Online Malware Analysis Services
•Virus Detection Methods
•Virus and Worms Countermeasures
•Companion Antivirus: Immunet Protect
•Anti-virus Tools

Module 8: Sniffers

•Wiretapping
•Sniffing Threats
•How a Sniffer Works?
•Hacker Attacking a Switch
•Types of Sniffing: Passive Sniffing
•Types of Sniffing: Active Sniffing
•Protocols Vulnerable to Sniffing
•Tie to Data Link Layer in OSI Model
•Hardware Protocol Analyzers
•SPAN Port
•How DHCP Works?
•What is Address Resolution Protocol (ARP)?
•Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
•MAC Spoofing/Duplicating
•DNS Poisoning Techniques
•Additional Wireshark Filters
•Sniffing Tool: CACE Pilot
•Discovery Tool: NetworkView
•Discovery Tool: The Dude Sniffer
•Password Sniffing Tool: Ace
•Additional Sniffing Tools
•How an Attacker Hacks the Network Using Sniffers?
•How to Defend Against Sniffing?
•Sniffing Prevention Techniques
•How to Detect Sniffing?

Module 9: Social Engineering

•What is Social Engineering?
•Behaviors Vulnerable to Attacks
•Why is Social Engineering Effective?
•Warning Signs of an Attack
•Phases in a Social Engineering Attack
•Impact on the Organization
•Types of Social Engineering
•Insider Attack
•Common Intrusion Tactics and Strategies for Prevention
•Social Engineering Through Impersonation on Social Networking
•Real Steven Gets Huge Credit Card Statement
•Identity Theft - Serious Problem
•Social Engineering Countermeasures: Policies
•Identity Theft Countermeasures
•Social Engineering Pen Testing

Module 10: Denial of service

•What is a Denial of Service Attack?
•What is Distributed Denial of Service
•Symptoms of a DoS Attack
•Cyber Criminals
•Internet Chat Query (ICQ)
•Internet Relay Chat (IRC)
•DoS Attack Techniques
•Botnet
•DoS Attack Tools
•Detection Techniques
•DoS/DDoS Countermeasure Strategies
•DDoS Attack Countermeasures
•Post-attack Forensics
•Techniques to Defend against Botnets
•DoS/DDoS Countermeasures
•DoS/DDoS Protection at ISP Level
•Enabling TCP Intercept on Cisco IOS Software
•DoS/DDoS Protection Tool

Module 11: Session Hijacking

•What is Session Hijacking?
•Dangers Posed by Hijacking
•Why Session Hijacking is Successful?
•Key Session Hijacking Techniques
•Brute Forcing
•HTTP Referrer Attack
•Session Hijacking Process
•Packet Analysis of a Local Session Hijack
•Types of Session Hijacking
•Man-in-the-Middle Attack
•Man-in-the-Browser Attack
•TCP/IP Hijacking
•IP Spoofing: Source Routed Packets
•RST Hijacking
•UDP Hijacking
•Session Hijacking Tools
•Countermeasures
•Methods to Prevent Session Hijacking: To be Followed by Web Developers & users
•Defending against Session Hijack Attacks
•Session Hijacking Remediation

Module 12: Hijacking Webservers

•Webserver Market Shares
•Open Source Webserver Architecture
•IIS Webserver Architecture
•Website Defacement
•Case Study
•Why Web Servers are Compromised?
•Impact of Webserver Attacks
•Webserver Misconfiguration
•Directory Traversal Attacks
•HTTP Response Splitting Attack
•Web Cache Poisoning Attack
•HTTP Response Hijacking
•SSH Bruteforce Attack
•Man-in-the-Middle Attack
•How to Defend Against Web Server Attacks?
•How to Defend against HTTP Response Splitting and Web Cache Poisoning?
•Patches and Hotfixes
•What is Patch Management?
•Identifying Appropriate Sources for Updates and Patches
•Installation of a Patch
•Web Server Security Scanner: Wikto
•Webserver Malware Infection Monitoring Tool: HackAlert
•Webserver Security Tools
•Web Server Penetration Testing

Module 13: Hacking Web Applications

•Web Application Security Statistics
•Introduction to Web Applications
•Web Application Components
•How Web Applications Work?
•Web Application Architecture
•Web 2.0 Applications
•Vulnerability Stack
•Web Attack Vectors
•Invalidated Input
•Parameter/Form Tampering
•Directory Traversal
•Security Misconfiguration
•Injection Flaws
•What is LDAP Injection?
•How LDAP Injection Works?
•Hidden Field Manipulation Attack
•Cross-Site Scripting (XSS) Attacks
•Session Fixation Attack
•Insufficient Transport Layer Protection
•Improper Error Handling
•Insecure Cryptographic Storage
•Broken Authentication and Session Management
•Web Services Architecture
•Analyze Web Applications
•Attack Authentication Mechanis
•Password Attacks: Password Guessing
•Password Attacks: Brute-forcing
•Session Attacks: Session ID Prediction/ Brute-forcing
•Cookie Exploitation: Cookie Poisoning
•Attack Web App Client
•Attack Web Services
•Web Services Probing Attacks
•Web Service Attack Tool: soapUI
•Web Service Attack Tool: XMLSpy
•Web Application Hacking Tool: Burp Suite Professional
•Web Application Hacking Tools: Cookie Digger
•Web Application Hacking Tools: Web Scarab
•Encoding Schemes
•Web Application Firewall:  dotDefender
•Web Application Firewall: IBM AppScan
•Web Application Pen Testing

Module 14: SQL Injection

•SQL Injection is the Most Prevalent Vulnerability in 2010
•SQL Injection Threats
•What is SQL Injection?
•SQL Injection Attacks
•How Web Applications Work?
•Server Side Technologies
•HTTP Post Request
•SQL Injection Detection
•Types of SQL Injection
•SQL Injection Methodology
•Information Gathering
•Features of Different DBMSs
•Password Grabbing
•Transfer Database to Attacker’s Machine
•Interacting with the Operating System
•Interacting with the FileSystem
•Network Reconnaissance Full Query

Module 15: Hacking Wireless Network

•Wireless Networks
•Wi-Fi Usage Statistics in the US
•Wi-Fi Hotspots at Public Places
•Wi-Fi Networks at Home
•Types of Wireless Networks
•Wireless Standards
•Service Set Identifier (SSID)
•Wi-Fi Authentication Modes
•Wireless Terminologies
•Wi-Fi Chalking
•Wi-Fi Hotspot Finder: jiwire.com
•Wi-Fi Hotspot Finder: WeFi.com
•Types of Wireless Antenna
•Parabolic Grid Antenna
•Types of Wireless Encryption
•WEP Encryption
•How to Defend Against WPA Cracking?
•Wireless Threats: Access Control Attacks
•Wireless Threats: Integrity Attacks
•Wireless Threats: Authentication Attacks
•Jamming Signal Attack
•Wi-Fi Jamming Devices
•Wireless Hacking Methodology
•Find Wi-Fi Networks to Attack
•How to Discover Wi-Fi Network Using Wardriving?
•Wireless Traffic Analysis
•Wireless Cards and Chipsets
•Wi-Fi USB Dongle: AirPcap
•Wi-Fi Packet Sniffer: Wi-Fi Pilot
•Wi-Fi Packet Sniffer: OmniPeek
•How to Reveal Hidden SSIDs
•Fragmentation Attack
•MITM Attack Using Aircrack-ng
•Wireless ARP Poisoning Attack
•Rogue Access Point

Module 16: Evading IDS Firewalls and Honeypots

•Intrusion Detection Systems (IDS) and its Placement
•How IDS Works?
•Ways to Detect an Intrusion
•Types of Intrusion Detection Systems
•System Integrity Verifiers (SIV)
•Firewall
•De Militarized Zone (DMZ)
•Types of Firewall
•Firewall Identification
•Honeypot
•How to Set Up a Honeypot?
•Intrusion Detection Tool
•Insertion Attack
•Evasion
•Denial-of-Service Attack (DoS)
•Obfuscating
•False Positive Generation
•Session Splicing
•Unicode Evasion Technique
•Fragmentation Attack
•Overlapping Fragments
•Time-To-Live Attacks
•ASCII Shellcode
•Application-Layer Attacks
•Pre Connection SYN
•Post Connection SYN
•Detecting Honeypots
•Honeypot Detecting Tool: Send-Safe Honeypot Hunter
•Firewall Evasion Tools

Module 17: Buffer Overflow

•Buffer Overflows
•Why are Programs And Applications Vulnerable?
•Understanding Stacks
•Stack-Based Buffer Overflow
•Understanding Heap
•Knowledge Required to Program Buffer Overflow Exploits
•Buffer Overflow Steps
•Simple Uncontrolled Overflow
•Simple Buffer Overflow in C
•Code Analysis
•Exploiting Semantic Comments in C (Annotations)
•How to Mutate a Buffer Overflow Exploit?
•Identifying Buffer Overflows
•How to Detect Buffer Overflows in a Program?
•Testing for Heap Overflow Conditions: heap.exe
•Steps for Testing for Stack Overflow in OllyDbg Debugger
•Data Execution Prevention (DEP)
•Enhanced Mitigation Experience Toolkit (EMET)

Module 18: Cryptography

•Cryptography
•Types of Cryptography
•Government Access to Keys (GAK)
•Ciphers
•Advanced Encryption Standard (AES)
•Data Encryption Standard (DES)
•Secure Hashing Algorithm (SHA)
•What is SSH (Secure Shell)?
•MD5 Hash Calculators: HashCalc, MD5 Calculator and HashMyFiles
•Cryptography Tool: Advanced Encryption Package
•Cryptography Tools
•Public Key Infrastructure (PKI)
•Certification Authorities
•Digital Signature
•Transport Layer Security (TLS)
•Disk Encryption
•Meet-in-the-Middle Attack on Digital Signature Schemes
•Cryptanalysis Tool: CrypTool
•Cryptanalysis Tools
•Online MD5 Decryption Tool

Module 19: Penetration Testing

•Introduction to Penetration Testing
•Security Assessments
•Vulnerability Assessment
•Penetration Testing
•Why Penetration Testing?
•What Should be Tested?
•What Makes a Good Penetration Test?
•Testing Locations
•Types of Penetration Testing
•Common Penetration Testing Techniques
•Using DNS Domain Name and IP Address Information
•Enumerating Information about Hosts on Publicly-Available Networks
•Phases of Penetration Testing
•Penetration Testing Methodology
•Outsourcing Penetration Testing Services
•Evaluating Different Types of Pentest Tools
•Telephony Security Assessment Tool
•Testing Network-Filtering Device Tool
sd sd sd sd sd sd sd sd sd sd sd sd