Module 1: Introduction to Ethical Hacking
-
Problem
Definition -Why Security?
-
Essential Terminologies
-
Elements of Security
-
The
Security, Functionality and Ease of Use Triangle
-
Case
Study
-
What
does a Malicious Hacker do?
o
Phase1-Reconnaissaance
·
Reconnaissance Types
o
Phase2-Scanning
o
Phase3-Gaining Access
o
Phase4-Maintaining Access
o
Phase5-Covering Tracks
o
Operating
System attacks
o
Application-level attacks
o
Shrink Wrap
code attacks
o
Misconfiguration attacks
-
Hacktivism
-
Hacker
Classes
-
Security News: Suicide Hacker
-
Ethical
Hacker Classes
-
What do
Ethical Hackers do
-
Can
Hacking be Ethical
-
How to
become an Ethical Hacker
-
Skill
Profile of an Ethical Hacker
-
What is
Vulnerability Research
o
Why Hackers
Need Vulnerability Research
o
Vulnerability Research Tools
o
Vulnerability Research Websites
·
National
Vulnerability Database (nvd.nist.gov)
·
Securitytracker (www.securitytracker.com)
·
Securiteam
(www.securiteam.com)
·
Secunia
(www.secunia.com)
·
Hackerstorm
Vulnerability Database Tool (www.hackerstrom.com)
·
HackerWatch
(www.hackerwatch.org)
·
MILWORM
-
How to
Conduct Ethical Hacking
-
How Do
They Go About It
-
Approaches to Ethical Hacking
-
Ethical
Hacking Testing
-
Ethical
Hacking Deliverables
-
Computer Crimes and Implications
Module 2: Hacking Laws
§
U.S.
Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)
§
Legal
Perspective (U.S. Federal Law)
o
18 U.S.C. §
1029
·
Penalties
o
18 U.S.C. §
1030
·
Penalties
o
18 U.S.C. § 1362
o
18 U.S.C. § 2318
o
18 U.S.C. § 2320
o
18 U.S.C. § 1831
o
47 U.S.C. § 605,
unauthorized publication or use of
communications
o
Washington:
·
RCW
9A.52.110
o
Florida:
·
§ 815.01 to
815.07
o
Indiana:
·
IC 35-43
§
Federal
Managers Financial Integrity Act of 1982
§
The Freedom
of Information Act 5 U.S.C. § 552
§
Federal
Information Security Management Act (FISMA)
§
The Privacy
Act Of 1974 5 U.S.C. § 552a
§
USA Patriot
Act of 2001
§
United
Kingdom’s Cyber Laws
§
United
Kingdom: Police and Justice Act 2006
§
European
Laws
§
Japan’s
Cyber Laws
§
Australia :
The Cybercrime Act 2001
§
Indian Law:
THE INFORMTION TECHNOLOGY ACT
§
Argentina
Laws
§
Germany’s
Cyber Laws
§
Singapore’s
Cyber Laws
§
Belgium
Law
§
Brazilian
Laws
§
Canadian
Laws
§
France Laws
§
German Laws
§
Italian
Laws
§
MALAYSIA: THE COMPUTER CRIMES ACT 1997
§
HONGKONG: TELECOMMUNICATIONS
§
Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK
UTILIZATION AND INFORMATION PROTECTION, ETC.
§
Greece Laws
§
Denmark
Laws
§
Netherlands
Laws
§
Norway
§
ORDINANCE
§
Mexico
§
SWITZERLAND
Module 3: Footprinting
-
Revisiting Reconnaissance
-
Defining Footprinting
-
Why is
Footprinting Necessary
-
Areas
and Information which Attackers Seek
-
Information Gathering Methodology
o
Unearthing
Initial Information
·
Finding
Company’s URL
·
Internal
URL
·
Extracting
Archive of a Website
§
www.archive.org
·
Google
Search for Company’s Info
·
People
Search
§
Yahoo
People Search
§
Satellite
Picture of a Residence
§
Best
PeopleSearch
§
People-Search-America.com
§
Switchboard
§
Anacubis
§
Google
Finance
§
Yahoo
Finance
·
Footprinting through Job Sites
·
Passive
Information Gathering
·
Competitive
Intelligence Gathering
§
Why Do You
Need Competitive Intelligence?
§
Competitive
Intelligence Resource
§
Companies
Providing Competitive Intelligence Services
§
Carratu
International
§
CI Center
§
Competitive
Intelligence - When Did This Company Begin? How Did It Develop?
§
Competitive
Intelligence - Who Leads This Company
§
Competitive
Intelligence - What Are This Company's Plans
§
Competitive
Intelligence - What Does Expert Opinion Say About The Company
§
Competitive
Intelligence - Who Are The Leading Competitors?
§
Competitive
Intelligence Tool: Trellian
§
Competitive
Intelligence Tool: Web Investigator
·
Public and
Private Websites
o
Sensepost
Footprint Tools
o
Big Brother
o
BiLE Suite
o
Alchemy
Network Tool
o
Advanced
Administrative Tool
o
My IP Suite
o
Wikto
Footprinting Tool
o
Whois
Lookup
o
Whois
o
SmartWhois
o
ActiveWhois
o
LanWhois
o
CountryWhois
o
WhereIsIP
o
Ip2country
o
CallerIP
o
Web Data
Extractor Tool
o
Online
Whois Tools
o
What is
MyIP
o
DNS
Enumerator
o
SpiderFoot
o
Nslookup
o
Extract DNS
Information
-
Types of DNS Records
-
Necrosoft Advanced DIG
o
Expired
Domains
o
DomainKing
o
Domain Name
Analyzer
o
DomainInspect
o
MSR Strider
URL Tracer
o
Mozzle
Domain Name Pro
o
Domain
Research Tool (DRT)
o
Domain
Status Reporter
o
Reggie
o
Locate the
Network Range
·
ARIN
·
Traceroute
§
Traceroute
Analysis
·
3D
Traceroute
·
NeoTrace
·
VisualRoute
Trace
·
Path
Analyzer Pro
·
Maltego
·
Layer Four
Traceroute
·
Prefix
WhoIs widget
·
Touchgraph
·
VisualRoute
Mail Tracker
·
eMailTrackerPro
·
Read Notify
o
1st
E-mail Address Spider
o
Power
E-mail Collector Tool
o
GEOSpider
o
Geowhere
Footprinting Tool
o
Google
Earth
o
Kartoo
Search Engine
o
Dogpile
(Meta Search Engine)
o
Tool:
WebFerret
o
robots.txt
o
WTR - Web
The Ripper
o
Website
Watcher
-
Steps
to Create Fake Login Pages
-
How to
Create Fake Login Pages
-
Faking
Websites using Man-in-the-Middle Phishing Kit
-
Benefits to Fraudster
-
Steps
to Perform Footprinting
Module 4: Google Hacking
§
What is Google hacking
§
What a hacker can do with vulnerable site
§
Anonymity
with Caches
§
Using
Google as a Proxy Server
§
Directory
Listings
o
Locating
Directory Listings
o
Finding
Specific Directories
o
Finding
Specific Files
o
Server
Versioning
§
Going Out
on a Limb: Traversal Techniques
o
Directory
Traversal
o
Incremental
Substitution
§
Extension
Walking
-
Site
Operator
-
intitle:index.of
-
error |
warning
-
login |
logon
-
username | userid | employee.ID | “your username is”
-
password | passcode | “your password is”
-
admin |
administrator
o
admin login
-
–ext:html –ext:htm –ext:shtml –ext:asp –ext:php
-
inurl:temp | inurl:tmp | inurl:backup | inurl:bak
-
intranet | help.desk
-
Locating Public Exploit Sites
o
Locating
Exploits Via Common Code Strings
-
Searching for Exploit Code with Nonstandard Extensions
-
Locating Source Code with Common Strings
-
Locating Vulnerable Targets
o
Locating
Targets Via Demonstration Pages
-
“Powered by” Tags Are Common Query Fodder for Finding Web
Applications
o
Locating
Targets Via Source Code
-
Vulnerable Web Application Examples
o
Locating
Targets Via CGI Scanning
-
A Single CGI Scan-Style Query
-
Directory Listings
o
Finding IIS
5.0 Servers
-
Web
Server Software Error Messages
o
IIS HTTP/1.1 Error Page Titles
o
“Object Not Found” Error Message
Used to Find IIS 5.0
o
Apache Web
Server
-
Application Software Error Messages
o
ASP Dumps
Provide Dangerous Details
o
Many Errors
Reveal Pathnames and Filenames
o
CGI
Environment Listings Reveal Lots of Information
o
A Typical
Apache Default Web Page
o
Locating
Default Installations of IIS 4.0 on Windows NT 4.0/OP
o
Default
Pages Query for Web Server
o
Outlook Web
Access Default Portal
o
Windows
Registry Entries Can Reveal Passwords
o
Usernames,
Cleartext Passwords, and Hostnames!
-
Google
Hacking Database (GHDB)
-
SiteDigger Tool
-
Gooscan
-
Goolink
Scanner
-
Goolag
Scanner
-
Tool:
Google Hacks
-
Google
Hack Honeypot
-
Google
Protocol
-
Google
Cartography
Module 5: Scanning
-
Scanning: Definition
-
Types
of Scanning
-
Objectives of Scanning
-
CEH
Scanning Methodology
o
Checking
for live systems - ICMP Scanning
·
Angry IP
·
HPing2
·
Ping Sweep
·
Firewalk
Tool
·
Firewalk
Commands
·
Firewalk
Output
·
Nmap
·
Nmap: Scan
Methods
·
NMAP Scan
Options
·
NMAP Output
Format
·
TCP
Communication Flags
·
Three Way
Handshake
o
Syn
Stealth/Half Open Scan
o
Stealth
Scan
o
Xmas Scan
o
Fin Scan
o
Null Scan
o
Idle Scan
o
ICMP Echo
Scanning/List Scan
o
TCP
Connect/Full Open Scan
o
FTP Bounce
Scan
·
Ftp Bounce
Attack
o
SYN/FIN
Scanning Using IP Fragments
o
UDP
Scanning
o
Reverse
Ident Scanning
o
RPC Scan
o
Window Scan
o
Blaster
Scan
o
Portscan
Plus, Strobe
o
IPSec Scan
o
Netscan
Tools Pro
o
WUPS – UDP
Scanner
o
Superscan
o
IPScanner
o
Global
Network Inventory Scanner
o
Net Tools
Suite Pack
o
Floppy Scan
o
FloppyScan
Steps
o
E-mail
Results of FloppyScan
o
Atelier Web
Ports Traffic Analyzer (AWPTA)
o
Atelier Web Security Port Scanner (AWSPS)
o
IPEye
o
ike-scan
o
Infiltrator Network Security Scanner
o
YAPS: Yet Another Port Scanner
o
Advanced Port Scanner
o
NetworkActiv Scanner
o
NetGadgets
o
P-Ping Tools
o
MegaPing
o
LanSpy
o
HoverIP
o
LANView
o
NetBruteScanner
o
SolarWinds Engineer’s Toolset
o
AUTAPF
o
OstroSoft Internet Tools
o
Advanced IP Scanner
o
Active Network Monitor
o
Advanced Serial Data Logger
o
Advanced Serial Port Monitor
o
WotWeb
o
Antiy Ports
o
Port Detective
o
Roadkil’s Detector
o
Portable Storage Explorer
o
Why War
Dialing
o
Wardialing
o
Phonesweep
– War Dialing Tool
o
THC Scan
o
ToneLoc
o
ModemScan
o
War Dialing
Countermeasures: Sandtrap Tool
o
OS
Fingerprinting
·
Active
Stack Fingerprinting
·
Passive
Fingerprinting
o
Active
Banner Grabbing Using Telnet
o
GET
REQUESTS
o
P0f –
Banner Grabbing Tool
o
p0f for
Windows
o
Httprint
Banner Grabbing Tool
o
Tool: Miart
HTTP Header
o
Tools for
Active Stack Fingerprinting
·
Xprobe2
·
Ringv2
·
Netcraft
o
Disabling
or Changing Banner
o
IIS
Lockdown Tool
o
Tool:
ServerMask
o
Hiding File
Extensions
o
Tool:
PageXchanger
o
Bidiblah
Automated Scanner
o
Qualys Web
Based Scanner
o
SAINT
o
ISS
Security Scanner
o
Nessus
o
GFI
Languard
o
Security
Administrator’s Tool for Analyzing Networks (SATAN)
o
Retina
o
Nagios
o
PacketTrap's pt360 Tool Suite
o
NIKTO
§
SAFEsuite
Internet Scanner, IdentTCPScan
-
Draw
Network Diagrams of Vulnerable Hosts
o
Cheops
o
Friendly
Pinger
o
LANsurveyor
o
Ipsonar
o
LANState
§
Insightix
Visibility
§
IPCheck
Server Monitor
§
PRTG
Traffic Grapher
o
Proxy
Servers
o
Free Proxy
Servers
o
Use of
Proxies for Attack
o
SocksChain
o
Proxy
Workbench
o
Proxymanager Tool
o
Super Proxy
Helper Tool
o
Happy
Browser Tool (Proxy Based)
o
Multiproxy
o
Tor Proxy
Chaining Software
o
Additional
Proxy Tools
o
Anonymizers
·
Surfing Anonymously
·
Primedius
Anonymizer
·
StealthSurfer
·
Anonymous
Surfing: Browzar
·
Torpark
Browser
·
GetAnonymous
·
IP Privacy
·
Anonymity 4
Proxy (A4Proxy)
·
Psiphon
·
Connectivity Using Psiphon
·
AnalogX
Proxy
·
NetProxy
·
Proxy+
·
ProxySwitcher Lite
·
JAP
·
Proxomitron
o
Google
Cookies
·
G-Zapper
o
SSL Proxy
Tool
o
How to Run
SSL Proxy
o
HTTP
Tunneling Techniques
·
Why Do I
Need HTTP Tunneling
·
Httptunnel
for Windows
·
How to Run
Httptunnel
·
HTTP-Tunnel
·
HTTPort
o
Spoofing IP
Address
·
Spoofing IP
Address Using Source Routing
·
Detection
of IP Spoofing
·
Despoof
Tool
-
Scanning Countermeasures
-
Tool:
SentryPC
Module 6: Enumeration
-
Overview of System Hacking Cycle
-
What is
Enumeration?
-
Techniques for Enumeration
-
NetBIOS
Null Sessions
o
So What's
the Big Deal
o
DumpSec
Tool
o
NetBIOS
Enumeration Using Netview
·
Nbtstat
Enumeration Tool
·
SuperScan
·
Enum Tool
o
Enumerating
User Accounts
·
GetAcct
o
Null
Session Countermeasure
o
PsExec
o
PsFile
o
PsGetSid
o
PsKill
o
PsInfo
o
PsList
o
PsLogged On
o
PsLogList
o
PsPasswd
o
PsService
o
PsShutdown
o
PsSuspend
-
Simple
Network Management Protocol (SNMP) Enumeration
o
Management
Information Base (MIB)
o
SNMPutil
Example
o
SolarWinds
o
SNScan
o
Getif SNMP
MIB Browser
o
UNIX
Enumeration
o
SNMP UNIX
Enumeration
o
SNMP
Enumeration Countermeasures
o
LDAP
enumeration
o
JXplorer
o
LdapMiner
o
Softerra
LDAP Browser
o
NTP
enumeration
o
SMTP
enumeration
o
Smtpscan
o
Web
enumeration
o
Asnumber
o
Lynx
o
Windows
Active Directory Attack Tool
o
How To Enumerate Web Application Directories in IIS Using DirectoryServices
-
IP
Tools Scanner
-
Enumerate Systems Using Default Password
§
Tools:
o
NBTScan
o
NetViewX
o
FREENETENUMERATOR
o
Terminal Service Agent
o
TXNDS
o
Unicornscan
o
Amap
o
Netenum
-
Steps
to Perform Enumeration
Module 7: System Hacking
-
Part 1-
Cracking Password
o
CEH hacking
Cycle
o
Password
Types
o
Types of
Password Attack
·
Passive
Online Attack: Wire Sniffing
·
Passive
Online Attack: Man-in-the-middle and replay attacks
·
Active
Online Attack: Password
Guessing
·
Offline
Attacks
Ø
Brute force
Attack
Ø
Pre-computed Hashes
Ø
Syllable
Attack/Rule-based Attack/ Hybrid attacks
Ø
Distributed
network Attack
Ø
Rainbow
Attack
·
Non-Technical Attacks
o
Default
Password Database
§
http://www.defaultpassword.com/
§
http://www.cirt.net/cgi-bin/passwd.pl
§
http://www.virus.org/index.php?
o
PDF
Password Cracker
o
Abcom PDF
Password Cracker
o
Password
Mitigation
o
Permanent
Account Lockout-Employee Privilege Abuse
o
Administrator Password Guessing
·
Manual
Password cracking Algorithm
·
Automatic
Password Cracking Algorithm
o
Performing
Automated Password Guessing
·
Tool: NAT
·
Smbbf (SMB
Passive Brute Force Tool)
·
SmbCrack
Tool: Legion
·
Hacking
Tool: LOphtcrack
o
Microsoft
Authentication
·
LM, NTLMv1,
and NTLMv2
·
NTLM And LM
Authentication On The Wire
·
Kerberos
Authentication
·
What is LAN
Manager Hash?
Ø
LM “Hash”
Generation
Ø
LM Hash
·
Salting
·
PWdump2 and
Pwdump3
·
Tool:
Rainbowcrack
·
Hacking
Tool: KerbCrack
·
Hacking
Tool: NBTDeputy
·
NetBIOS DoS
Attack
·
Hacking
Tool: John the Ripper
o
Password
Sniffing
o
How to
Sniff SMB Credentials?
o
SMB Replay
Attacks
o
Replay
Attack Tool: SMBProxy
o
SMB Signing
o
Tool: LCP
o
Tool:
SID&User
o
Tool:
Ophcrack 2
o
Tool: Crack
o
Tool:
Access PassView
o
Tool:
Asterisk Logger
o
Tool: CHAOS
Generator
o
Tool:
Asterisk Key
o
Password
Recovery Tool:
MS Access Database Password Decoder
o
Password
Cracking Countermeasures
o
Do Not
Store LAN Manager Hash in SAM Database
o
LM Hash
Backward Compatibility
o
How to
Disable LM HASH
o
Password
Brute-Force Estimate Tool
o
Syskey
Utility
o
AccountAudit
-
Part2-Escalating Privileges
o
CEH Hacking
Cycle
o
Privilege
Escalation
o
Cracking
NT/2000 passwords
o
Active@
Password Changer
·
Change
Recovery Console Password -
Method 1
·
Change
Recovery Console Password -
Method 2
o
Privilege
Escalation Tool: x.exe
-
Part3-Executing applications
o
CEH Hacking
Cycle
o
Tool:
psexec
o
Tool:
remoexec
o
Ras N Map
o
Tool:
Alchemy Remote Executor
o
Emsa
FlexInfo Pro
o
Keystroke
Loggers
o
E-mail
Keylogger
o
Revealer
Keylogger Pro
o
Handy
Keylogger
o
Ardamax
Keylogger
o
Powered
Keylogger
o
Quick
Keylogger
o
Spy-Keylogger
o
Perfect
Keylogger
o
Invisible
Keylogger
o
Actual Spy
o
SpyToctor
FTP Keylogger
o
IKS
Software Keylogger
o
Ghost
Keylogger
o
Hacking
Tool: Hardware Key Logger
o
What is
Spyware?
o
Spyware:
Spector
o
Remote Spy
o
Spy Tech
Spy Agent
o
007 Spy
Software
o
Spy Buddy
o
Ace Spy
o
Keystroke
Spy
o
Activity
Monitor
o
Hacking
Tool: eBlaster
o
Stealth
Voice Recorder
o
Stealth
Keylogger
o
Stealth
Website Logger
o
Digi
Watcher Video Surveillance
o
Desktop Spy
Screen Capture Program
o
Telephone
Spy
o
Print
Monitor Spy Tool
o
Stealth
E-Mail Redirector
o
Spy
Software: Wiretap Professional
o
Spy
Software: FlexiSpy
o
PC
PhoneHome
o
Keylogger
Countermeasures
o
Anti
Keylogger
o
Advanced
Anti Keylogger
o
Privacy
Keyboard
o
Spy Hunter
- Spyware Remover
o
Spy Sweeper
o
Spyware
Terminator
o
WinCleaner
AntiSpyware
o
CEH Hacking
Cycle
o
Hiding
Files
o
RootKits
·
Why
rootkits
·
Hacking
Tool: NT/2000 Rootkit
·
Planting
the NT/2000 Rootkit
·
Rootkits in
Linux
·
Detecting
Rootkits
·
Steps for
Detecting Rootkits
·
Rootkit
Detection Tools
·
Sony
Rootkit Case Study
·
Rootkit: Fu
·
AFX Rootkit
·
Rootkit:
Nuclear
·
Rootkit:
Vanquish
·
Rootkit
Countermeasures
·
Patchfinder
·
RootkitRevealer
o
Creating
Alternate Data Streams
o
How to
Create NTFS Streams?
·
NTFS Stream
Manipulation
·
NTFS
Streams Countermeasures
·
NTFS Stream
Detectors (ADS Spy and ADS Tools)
·
Hacking
Tool: USB Dumper
o
What is
Steganography?
·
Steganography Techniques
§
Least
Significant Bit Insertion in Image files
§
Process of
Hiding Information in Image Files
§
Masking and
Filtering in Image files
§
Algorithms
and transformation
·
Tool: Merge
Streams
·
Invisible
Folders
·
Tool:
Invisible Secrets
·
Tool :
Image Hide
·
Tool:
Stealth Files
·
Tool:
Steganography
·
Masker
Steganography Tool
·
Hermetic
Stego
·
DCPP – Hide
an Operating System
·
Tool:
Camera/Shy
·
www.spammimic.com
·
Tool:
Mp3Stego
·
Tool:
Snow.exe
·
Steganography Tool: Fort Knox
·
Steganography Tool: Blindside
·
Steganography Tool: S- Tools
·
Steganography Tool: Steghide
·
Tool:
Steganos
·
Steganography Tool: Pretty Good Envelop
·
Tool:
Gifshuffle
·
Tool:
JPHIDE and JPSEEK
·
Tool:
wbStego
·
Tool:
OutGuess
·
Tool: Data
Stash
·
Tool: Hydan
·
Tool: Cloak
·
Tool:
StegoNote
·
Tool:
Stegomagic
·
Steganos
Security Suite
·
C
Steganography
·
Isosteg
·
FoxHole
·
Video
Steganography
·
Case Study:
Al-Qaida members Distributing Propaganda to Volunteers
using Steganography
·
Steganalysis
·
Steganalysis Methods/Attacks on Steganography
·
Stegdetect
·
SIDS
·
High-Level
View
·
Tool:
dskprobe.exe
·
Stego
Watch- Stego Detection Tool
·
StegSpy
o
CEH Hacking
Cycle
o
Covering
Tracks
o
Disabling
Auditing
o
Clearing
the Event Log
o
Tool:
elsave.exe
o
Hacking
Tool: Winzapper
o
Evidence
Eliminator
o
Tool:
Traceless
o
Tool:
Tracks Eraser Pro
o
Armor Tools
o
Tool:
ZeroTracks
o
PhatBooster
Module 8: Trojans and Backdoors
-
Effect
on Business
-
What is
a Trojan?
o
Overt and
Covert Channels
o
Working of
Trojans
o
Different
Types of Trojans
§
Remote
Access Trojans
§
Data-Sending Trojans
§
Destructive
Trojans
§
Denial-of-Service (DoS) Attack Trojans
§
Proxy
Trojans
§
FTP Trojans
§
Security
Software Disablers
o
What do
Trojan Creators Look for?
o
Different
Ways a Trojan can Get into a System
-
Indications of a Trojan Attack
-
Ports
Used by Trojans
o
How to
Determine which Ports are Listening
o
Trojan:
iCmd
o
MoSucker
Trojan
o
Proxy
Server Trojan
o
SARS Trojan
Notification
o
Wrappers
o
Wrapper
Covert Program
o
Wrapping
Tools
o
One Exe
Maker / YAB / Pretator Wrappers
o
Packaging
Tool: WordPad
o
RemoteByMail
o
Tool: Icon
Plus
o
Defacing
Application: Restorator
o
Tetris
o
HTTP
Trojans
o
Trojan
Attack through Http
o
HTTP Trojan
(HTTP RAT)
o
Shttpd
Trojan - HTTP Server
o
Reverse
Connecting Trojans
o
Nuclear RAT
Trojan (Reverse Connecting)
o
Tool:
BadLuck Destructive Trojan
o
ICMP
Tunneling
o
ICMP
Backdoor Trojan
o
Microsoft
Network Hacked by QAZ Trojan
o
Backdoor.Theef (AVP)
o
T2W
(TrojanToWorm)
o
Biorante
RAT
o
DownTroj
o
Turkojan
o
Trojan.Satellite-RAT
o
Yakoza
o
DarkLabel
B4
o
Trojan.Hav-Rat
o
Poison Ivy
o
Rapid
Hacker
o
SharK
o
HackerzRat
o
TYO
o
1337 Fun
Trojan
o
Criminal
Rat Beta
o
VicSpy
o
Optix PRO
o
ProAgent
o
OD Client
o
AceRat
o
Mhacker-PS
o
RubyRAT
Public
o
SINner
o
ConsoleDevil
o
ZombieRat
o
FTP Trojan
- TinyFTPD
o
VNC Trojan
o
Webcam
Trojan
o
DJI RAT
o
Skiddie Rat
o
Biohazard
RAT
o
Troya
o
ProRat
o
Dark Girl
o
DaCryptic
o
Net-Devil
-
Classic
Trojans Found in the Wild
o
Trojan:
Tini
o
Trojan:
NetBus
o
Trojan:
Netcat
o
Netcat
Client/Server
o
Netcat
Commands
o
Trojan:
Beast
o
Trojan:
Phatbot
o
Trojan:
Amitis
o
Trojan:
Senna Spy
o
Trojan: QAZ
o
Trojan:
Back Orifice
o
Trojan:
Back Oriffice 2000
o
Back
Oriffice Plug-ins
o
Trojan:
SubSeven
o
Trojan:
CyberSpy Telnet Trojan
o
Trojan:
Subroot Telnet Trojan
o
Trojan: Let
Me Rule! 2.0 BETA 9
o
Trojan:
Donald Dick
-
Hacking
Tool: Loki
-
Loki
Countermeasures
-
Atelier
Web Remote Commander
-
Trojan
Horse Construction Kit
-
How to
Detect Trojans?
o
Netstat
o
fPort
o
TCPView
o
CurrPorts
Tool
o
Process
Viewer
o
Delete
Suspicious Device Drivers
o
Check for
Running Processes: What’s on My Computer
o
Super
System Helper Tool
o
Inzider-Tracks Processes and Ports
o
Tool:
What’s Running
o
MS
Configuration Utility
o
Registry-
What’s Running
o
Autoruns
o
Hijack This
(System Checker)
o
Startup
List
§
TrojanHunter
§
Comodo
BOClean
§
Trojan
Remover: XoftspySE
§
Trojan
Remover: Spyware Doctor
§
SPYWAREfighter
-
Evading
Anti-Virus Techniques
-
Sample
Code for Trojan Client/Server
-
Evading
Anti-Trojan/Anti-Virus using Stealth Tools
-
Backdoor Countermeasures
-
Tripwire
-
System
File Verification
-
MD5
Checksum.exe
-
Microsoft Windows Defender
-
How to
Avoid a Trojan Infection
Module 9: Viruses and Worms
-
Virus
History
-
Characteristics of Virus
-
Working
of Virus
o
Infection
Phase
o
Attack
Phase
-
Why
people create Computer Viruses
-
Symptoms of a Virus-like Attack
-
Virus
Hoaxes
-
Chain
Letters
-
How is
a Worm Different from a Virus
-
Indications of a Virus Attack
-
Hardware Threats
-
Software Threats
-
Virus
Damage
§
Mode of
Virus Infection
-
Stages
of Virus Life
-
Virus
Classification
-
How
Does a Virus Infect?
-
Storage
Patterns of Virus
o
System
Sector virus
o
Stealth
Virus
o
Bootable
CD-Rom Virus
·
Self
-Modification
·
Encryption
with a Variable Key
o
Polymorphic
Code
o
Metamorphic
Virus
o
Cavity
Virus
o
Sparse
Infector Virus
o
Companion
Virus
o
File
Extension Virus
-
Famous
Virus/Worms – I Love You Virus
-
Famous
Virus/Worms – Melissa
-
Famous
Virus/Worms – JS/Spth
-
Klez
Virus Analysis
-
Latest
Viruses
-
Top 10
Viruses- 2008
o
Virus:
Win32.AutoRun.ah
o
Virus:W32/Virut
o
Virus:W32/Divvi
o
Worm.SymbOS.Lasco.a
o
Disk Killer
o
Bad Boy
o
HappyBox
o
Java.StrangeBrew
o
MonteCarlo
Family
o
PHP.Neworld
o
W32/WBoy.a
o
ExeBug.d
o
W32/Voterai.worm.e
o
W32/Lecivio.worm
o
W32/Lurka.a
o
W32/Vora.worm!p2p
-
Writing
a Simple Virus Program
-
Virus
Construction Kits
-
Virus
Detection Methods
-
Virus
Incident Response
-
What is
Sheep Dip?
-
Virus
Analysis – IDA Pro Tool
-
Prevention is better than Cure
-
Anti-Virus Software
o
AVG
Antivirus
o
Norton
Antivirus
o
McAfee
o
Socketsheild
o
BitDefender
o
ESET Nod32
o
CA
Anti-Virus
o
F-Secure
Anti-Virus
o
Kaspersky
Anti-Virus
o
F-Prot
Antivirus
o
Panda
Antivirus Platinum
o
avast!
Virus Cleaner
o
ClamWin
o
Norman
Virus Control
-
Popular
Anti-Virus Packages
-
Virus
Databases
Module 10: Sniffers
-
Definition - Sniffing
-
Protocols Vulnerable to Sniffing
-
Tool:
Network View – Scans the Network for Devices
-
The
Dude Sniffer
-
Wireshark
-
Display
Filters in Wireshark
-
Following the TCP Stream in Wireshark
-
Cain
and Abel
-
Tcpdump
-
Tcpdump
Commands
-
Types
of Sniffing
o
Passive
Sniffing
o
Active
Sniffing
o
ARP
Spoofing Attack
o
How does
ARP Spoofing Work
o
ARP Poising
o
MAC
Duplicating
o
MAC
Duplicating Attack
o
Tools for
ARP Spoofing
·
Ettercap
·
ArpSpyX
o
MAC
Flooding
·
Tools for
MAC Flooding
Ø
Linux Tool:
Macof
Ø
Windows
Tool: Etherflood
o
Threats of
ARP Poisoning
o
Irs-Arp
Attack Tool
o
ARPWorks
Tool
o
Tool:
Nemesis
o
IP-based sniffing
-
Linux
Sniffing Tools (dsniff package)
o
Linux tool:
Arpspoof
o
Linux Tool:
Dnssppoof
o
Linux Tool:
Dsniff
o
Linux Tool:
Filesnarf
o
Linux Tool:
Mailsnarf
o
Linux Tool:
Msgsnarf
o
Linux Tool:
Sshmitm
o
Linux Tool:
Tcpkill
o
Linux Tool:
Tcpnice
o
Linux Tool:
Urlsnarf
o
Linux Tool:
Webspy
o
Linux Tool:
Webmitm
o
Intranet
DNS Spoofing (Local Network)
o
Internet
DNS Spoofing (Remote Network)
o
Proxy
Server DNS Poisoning
o
DNS Cache
Poisoning
-
Interactive TCP Relay
-
Interactive Replay Attacks
-
Raw
Sniffing Tools
-
Features of Raw Sniffing Tools
o
HTTP
Sniffer: EffeTech
o
Ace
Password Sniffer
o
Win Sniffer
o
MSN Sniffer
o
SmartSniff
o
Session
Capture Sniffer: NetWitness
o
Session
Capture Sniffer: NWreader
o
Packet
Crafter Craft Custom TCP/IP Packets
o
SMAC
o
NetSetMan
Tool
o
Ntop
o
EtherApe
o
Network
Probe
o
Maa Tec
Network Analyzer
o
Tool: Snort
o
Tool:
Windump
o
Tool:
Etherpeek
o
NetIntercept
o
Colasoft
EtherLook
o
AW Ports
Traffic Analyzer
o
Colasoft
Capsa Network Analyzer
o
CommView
o
Sniffem
o
NetResident
o
IP Sniffer
o
Sniphere
o
IE HTTP
Analyzer
o
BillSniff
o
URL Snooper
o
EtherDetect
Packet Sniffer
o
EffeTech
HTTP Sniffer
o
AnalogX
Packetmon
o
Colasoft
MSN Monitor
o
IPgrab
o
EtherScan
Analyzer
-
How to
Detect Sniffing
-
Countermeasures
o
Antisniff
Tool
o
Arpwatch
Tool
o
PromiScan
o
proDETECT
Module 11: Social Engineering
-
What is
Social Engineering?
-
Human
Weakness
-
“Rebecca” and “Jessica”
-
Office
Workers
-
Types
of Social Engineering
o
Human-Based
Social Engineering
·
Technical
Support Example
·
More Social
Engineering Examples
·
Human-Based
Social Engineering: Eavesdropping
·
Human-Based
Social Engineering: Shoulder Surfing
·
Human-Based
Social Engineering: Dumpster Diving
·
Dumpster
Diving Example
·
Oracle
Snoops Microsoft’s Trash Bins
·
Movies to
Watch for Reverse Engineering
o
Computer
Based Social Engineering
o
Insider
Attack
o
Disgruntled
Employee
o
Preventing
Insider Threat
o
Common
Targets of Social Engineering
§
Social Engineering Threats
o
Online
o
Telephone
o
Personal approaches
o
Defenses Against Social Engineering Threats
§
Factors that make Companies Vulnerable to Attacks
§
Why is Social Engineering Effective
§
Warning Signs of an Attack
§
Tool : Netcraft Anti-Phishing Toolbar
§
Phases in a
Social Engineering Attack
§
Behaviors
Vulnerable to Attacks
§
Impact on
the Organization
§
Countermeasures
§
Policies
and Procedures
§
Security
Policies - Checklist
§
Impersonating Orkut, Facebook, MySpace
§
Orkut
§
Impersonating on Orkut
§
MW.Orc worm
§
Facebook
§
Impersonating on Facebook
§
MySpace
§
Impersonating on MySpace
§
How to
Steal Identity
§
Comparison
§
Original
§
Identity
Theft
§
http://www.consumer.gov/idtheft/
Module 12: Phishing
§
Phishing
§
Introduction
§
Reasons for
Successful Phishing
§
Phishing
Methods
§
Process of
Phishing
§
Types of
Phishing Attacks
o
Man-in-the-Middle Attacks
o
URL
Obfuscation Attacks
o
Cross-site
Scripting Attacks
o
Hidden
Attacks
o
Client-side
Vulnerabilities
o
Deceptive
Phishing
o
Malware-Based Phishing
o
DNS-Based
Phishing
o
Content-Injection Phishing
o
Search
Engine Phishing
§
Phishing
Statistics: Feb’ 2008
§
Anti-Phishing
§
Anti-Phishing Tools
o
PhishTank
SiteChecker
o
NetCraft
o
GFI
MailEssentials
o
SpoofGuard
o
Phishing
Sweeper Enterprise
o
TrustWatch
Toolbar
o
ThreatFire
o
GralicWrap
o
Spyware
Doctor
o
Track
Zapper Spyware-Adware Remover
o
AdwareInspector
o
Email-Tag.com
Module 13: Hacking Email Accounts
-
Ways
for Getting Email Account Information
-
Stealing Cookies
-
Social
Engineering
-
Password Phishing
-
Fraudulent e-mail Messages
-
Vulnerabilities
-
Tool:
Advanced Stealth Email Redirector
-
Tool:
Mail PassView
-
Tool:
Email Password Recovery Master
-
Tool:
Mail Password
-
Email
Finder Pro
-
Email
Spider Easy
-
Kernel
Hotmail MSN Password Recovery
-
Retrieve Forgotten Yahoo Password
-
MegaHackerZ
-
Hack
Passwords
-
Creating Strong Passwords
-
Creating Strong Passwords: Change Password
-
Creating Strong Passwords: Trouble Signing In
-
Sign-in
Seal
-
Alternate Email Address
-
Keep Me
Signed In/ Remember Me
-
Tool:
Email Protector
-
Tool:
Email Security
-
Tool:
EmailSanitizer
-
Tool:
Email Protector
-
Tool:
SuperSecret
Module 14: Denial-of-Service
-
Real
World Scenario of DoS Attacks
-
What
are Denial-of-Service Attacks
-
Goal of
DoS
-
Impact
and the Modes of Attack
-
Types
of Attacks
-
DoS
Attack Classification
o
Smurf
Attack
o
Buffer
Overflow Attack
o
Ping of
Death Attack
o
Teardrop
Attack
o
SYN Attack
o
SYN
Flooding
o
DoS Attack
Tools
o
DoS Tool:
Jolt2
o
DoS Tool:
Bubonic.c
o
DoS Tool:
Land and LaTierra
o
DoS Tool:
Targa
o
DoS Tool:
Blast
o
DoS Tool:
Nemesy
o
DoS Tool:
Panther2
o
DoS Tool:
Crazy Pinger
o
DoS Tool:
SomeTrouble
o
DoS Tool:
UDP Flood
o
DoS Tool:
FSMax
-
Bot
(Derived from the Word RoBOT)
-
Botnets
-
Uses of
Botnets
-
Types
of Bots
-
How Do
They Infect? Analysis Of Agabot
-
How Do
They Infect
-
Tool:
Nuclear Bot
-
What is
DDoS Attack
-
Characteristics of DDoS Attacks
-
DDOS
Unstoppable
-
Agent
Handler Model
-
DDoS
IRC based Model
-
DDoS Attack Taxonomy
-
Amplification Attack
-
Reflective DNS Attacks
-
Reflective DNS Attacks Tool: ihateperl.pl
-
DDoS
Tools
o
DDoS Tool:
Trinoo
o
DDoS Tool:
Tribal Flood Network
o
DDoS Tool:
TFN2K
o
DDoS Tool:
Stacheldraht
o
DDoS Tool:
Shaft
o
DDoS Tool:
Trinity
o
DDoS Tool:
Knight and Kaiten
o
DDoS Tool:
Mstream
-
Worms
-
Slammer
Worm
-
Spread
of Slammer Worm – 30 min
-
MyDoom.B
-
SCO
Against MyDoom Worm
-
How to
Conduct a DDoS Attack
-
The
Reflected DoS Attacks
-
Reflection of the Exploit
-
Countermeasures for Reflected DoS
-
DDoS
Countermeasures
-
Taxonomy of DDoS Countermeasures
-
Preventing Secondary Victims
-
Detect
and Neutralize Handlers
-
Detect
Potential Attacks
-
DoSHTTP
Tool
-
Mitigate or Stop the Effects of DDoS Attacks
-
Deflect
Attacks
-
Post-attack Forensics
-
Packet
Traceback
Module
15: Session Hijacking
-
What is
Session Hijacking?
-
Spoofing v Hijacking
-
Steps
in Session Hijacking
-
Types
of Session Hijacking
-
Session
Hijacking Levels
-
Network
Level Hijacking
-
The
3-Way Handshake
-
TCP
Concepts 3-Way Handshake
-
Sequence Numbers
-
Sequence Number Prediction
-
TCP/IP
hijacking
-
IP
Spoofing: Source Routed Packets
-
RST
Hijacking
o
RST
Hijacking Tool: hijack_rst.sh
-
Blind
Hijacking
-
Man in
the Middle: Packet Sniffer
-
UDP
Hijacking
-
Application Level Hijacking
-
Programs that Performs Session Hacking
o
Juggernaut
o
Hunt
o
TTY-Watcher
o
IP watcher
o
Session
Hijacking Tool: T-Sight
o
Remote TCP
Session Reset Utility (SOLARWINDS)
o
Paros HTTP
Session Hijacking Tool
o
Dnshijacker
Tool
o
Hjksuite
Tool
-
Dangers
that hijacking Pose
-
Protecting against Session Hijacking
-
Countermeasures: IPSec
Module 16: Hacking Web Servers
-
How Web
Servers Work
-
How are
Web Servers Compromised
-
Web
Server Defacement
o
How are
Servers Defaced
-
Apache
Vulnerability
-
Attacks
against IIS
o
IIS
Components
o
IIS
Directory Traversal (Unicode) Attack
o
Unicode
Directory Traversal Vulnerability
o
Hacking
Tool: IISxploit.exe
o
Msw3prt IPP
Vulnerability
o
RPC DCOM
Vulnerability
o
ASP Trojan
o
IIS Logs
o
Network
Tool: Log Analyzer
o
Hacking
Tool: CleanIISLog
o
IIS
Security Tool: Server Mask
o
ServerMask
ip100
o
Tool:
CacheRight
o
Tool:
CustomError
o
Tool:
HttpZip
o
Tool:
LinkDeny
o
Tool:
ServerDefender AI
o
Tool:
ZipEnable
o
Tool:
w3compiler
o
Yersinia
-
Tool:
Metasploit Framework
-
Tool:
Immunity CANVAS Professional
-
Tool:
Core Impact
-
Tool:
MPack
-
Tool:
Neosploit
-
Hotfixes and Patches
-
What is
Patch Management
-
Patch
Management Checklist
o
Solution:
UpdateExpert
o
Patch
Management Tool: qfecheck
o
Patch
Management Tool: HFNetChk
o
cacls.exe
utility
o
Shavlik
NetChk Protect
o
Kaseya
Patch Management
o
IBM Tivoli
Configuration Manager
o
LANDesk
Patch Manager
o
BMC Patch
Manager
o
ConfigureSoft Enterprise Configuration Manager (ECM)
o
BladeLogic
Configuration Manager
o
Opsware
Server Automation System (SAS)
o
Best
Practices for Patch Management
-
Vulnerability Scanners
-
Online
Vulnerability Search Engine
-
Network
Tool: Whisker
-
Network
Tool: N-Stealth HTTP Vulnerability Scanner
-
Hacking
Tool: WebInspect
-
Network
Tool: Shadow Security Scanner
-
Secure
IIS
o
ServersCheck Monitoring
o
GFI Network
Server Monitor
o
Servers
Alive
o
Webserver
Stress Tool
o
Monitoring
Tool: Secunia PSI
-
Countermeasures
-
Increasing Web Server Security
-
Web
Server Protection Checklist
Module 17: Web Application Vulnerabilities
-
Web
Application Setup
-
Web
application Hacking
-
Anatomy
of an Attack
-
Web
Application Threats
-
Cross-Site Scripting/XSS Flaws
o
An Example
of XSS
o
Countermeasures
-
SQL
Injection
-
Command
Injection Flaws
o
Countermeasures
o
Countermeasures
-
Parameter/Form Tampering
-
Hidden
Field at
-
Buffer
Overflow
o
Countermeasures
-
Directory Traversal/Forceful Browsing
o
Countermeasures
-
Cryptographic Interception
-
Cookie
Snooping
-
Authentication Hijacking
o
Countermeasures
-
Log
Tampering
-
Error
Message Interception
-
Attack
Obfuscation
-
Platform Exploits
-
DMZ
Protocol Attacks
o
Countermeasures
-
Security Management Exploits
o
Web
Services Attacks
o
Zero-Day
Attacks
o
Network
Access Attacks
-
TCP
Fragmentation
-
Hacking
Tools
o
Instant
Source
o
Wget
o
WebSleuth
o
BlackWidow
o
SiteScope
Tool
o
WSDigger
Tool – Web Services Testing Tool
o
CookieDigger Tool
o
SSLDigger
Tool
o
SiteDigger
Tool
o
WindowBomb
o
Burp:
Positioning Payloads
o
Burp:
Configuring Payloads and Content Enumeration
o
Burp:
Password Guessing
o
Burp Proxy
o
Burpsuite
o
Hacking
Tool: cURL
o
dotDefender
o
Acunetix
Web Scanner
o
AppScan –
Web Application Scanner
o
AccessDiver
o
Tool:
Falcove Web Vulnerability Scanner
o
Tool:
NetBrute
o
Tool: Emsa
Web Monitor
o
Tool:
KeepNI
o
Tool:
Parosproxy
o
Tool:
WebScarab
o
Tool:
Watchfire AppScan
o
Tool:
WebWatchBot
o
Tool:
Mapper
Module 18:
Web-Based Password Cracking Techniques
-
Authentication - Definition
-
Authentication Mechanisms
o
HTTP
Authentication
·
Basic
Authentication
·
Digest
Authentication
o
Integrated
Windows (NTLM) Authentication
o
Negotiate
Authentication
o
Certificate-based Authentication
o
Forms-based
Authentication
o
RSA SecurID
Token
o
Biometrics
Authentication
·
Types of
Biometrics Authentication
Ø
Fingerprint-based Identification
Ø
Hand
Geometry- based Identification
Ø
Retina
Scanning
Ø
Afghan
Woman Recognized After 17 Years
Ø
Face
Recognition
Ø
Face Code:
WebCam Based Biometrics Authentication System
-
Bill
Gates at the RSA Conf