Course Description
This class will immerse the student into an interactive environment where they will be shown how to scan, test, hack and secure their own systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking their own networks, no real network is harmed. Students then learn how intruders escalate privileges and what steps can be taken to secure a system. Students will also learn about Intrusion Detection, Policy Creation, Social Engineering, DDoS Attacks, Buffer Overflows and Virus Creation. When a student leaves this intensive 5 day class they will have hands on understanding and experience in Ethical Hacking. This course prepares you for EC-Council Certified Ethical Hacker exam 312-50

Who Should Attend
This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure.

Duration:
5 days (9:00 – 5:00)

Certification
The Certified Ethical Hacker exam 312-50 may be taken on the last day of the training (optional). Students need to pass the online Prometric exam to receive CEH certification.

Legal Agreement
Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify EC-Council with respect to the use or misuse of these tools, regardless of intent.

Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for legitimate companies.

Course Outline Version 6

CEHv6 Curriculum consists of instructor-led training and self-study. The Instructor will provide the details of self-study modules to the students beginning of the class.

Module 1: Introduction to Ethical Hacking

  • Problem Definition -Why Security?
  • Essential Terminologies
  • Elements of Security
  • The Security, Functionality and Ease of Use Triangle
  • Case Study
  • What does a Malicious Hacker do?

o    Phase1-Reconnaissaance

·         Reconnaissance Types

o    Phase2-Scanning

o    Phase3-Gaining Access

o    Phase4-Maintaining Access

o    Phase5-Covering Tracks

  • Types of Hacker Attacks

o    Operating System attacks

o    Application-level attacks

o    Shrink Wrap code attacks

o    Misconfiguration attacks

  • Hacktivism
  • Hacker Classes
  • Security News: Suicide Hacker
  • Ethical Hacker Classes
  • What do Ethical Hackers do
  • Can Hacking be Ethical
  • How to become an Ethical Hacker
  • Skill Profile of an Ethical Hacker
  • What is Vulnerability Research

o    Why Hackers Need Vulnerability Research

o    Vulnerability Research Tools

o    Vulnerability Research Websites

·         National Vulnerability Database (nvd.nist.gov)

·         Securitytracker (www.securitytracker.com)

·         Securiteam (www.securiteam.com)

·         Secunia (www.secunia.com)

·         Hackerstorm Vulnerability Database Tool (www.hackerstrom.com)

·   HackerWatch (www.hackerwatch.org)

·   MILWORM

  • How to Conduct Ethical Hacking
  • How Do They Go About It
  • Approaches to Ethical Hacking
  • Ethical Hacking Testing
  • Ethical Hacking Deliverables
  • Computer Crimes and Implications

Module 2: Hacking Laws

§  U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT)

§  Legal Perspective (U.S. Federal Law)

o    18 U.S.C. § 1029

·         Penalties

o    18 U.S.C. § 1030

·         Penalties

o    18 U.S.C. § 1362

o    18 U.S.C. § 2318

o    18 U.S.C. § 2320

o    18 U.S.C. § 1831

o    47 U.S.C. § 605, unauthorized publication or use of communications

o    Washington:

·         RCW 9A.52.110

o    Florida:

·         § 815.01 to 815.07

o    Indiana:

·         IC 35-43

§  Federal Managers Financial Integrity Act of 1982

§  The Freedom of Information Act 5 U.S.C. § 552

§  Federal Information Security Management Act (FISMA)

§  The Privacy Act Of 1974 5 U.S.C. § 552a

§  USA Patriot Act of 2001

§  United Kingdom’s Cyber Laws

§  United Kingdom: Police and Justice Act 2006

§  European Laws

§  Japan’s Cyber Laws

§  Australia : The Cybercrime Act 2001

§  Indian Law: THE INFORMTION TECHNOLOGY ACT

§  Argentina Laws

§  Germany’s Cyber Laws

§  Singapore’s Cyber Laws

§  Belgium  Law

§  Brazilian Laws

§  Canadian Laws

§  France Laws

§  German Laws

§  Italian Laws

§  MALAYSIA: THE COMPUTER CRIMES ACT 1997

§  HONGKONG: TELECOMMUNICATIONS

§  Korea: ACT ON PROMOTION OF INFORMATION AND COMMUNICATIONS NETWORK UTILIZATION AND INFORMATION PROTECTION, ETC.

§  Greece Laws

§  Denmark Laws

§  Netherlands Laws

§  Norway

§  ORDINANCE

§  Mexico

§  SWITZERLAND

Module 3: Footprinting

  • Revisiting Reconnaissance
  • Defining Footprinting
  • Why is Footprinting Necessary
  • Areas and Information which Attackers Seek
  • Information Gathering Methodology

o    Unearthing Initial Information

·         Finding Company’s URL

·         Internal URL

·         Extracting Archive of a Website

§  www.archive.org

·         Google Search for Company’s Info

·         People Search

§  Yahoo People Search

§  Satellite Picture of a Residence

§  Best PeopleSearch

§  People-Search-America.com

§  Switchboard

§  Anacubis

§  Google Finance

§  Yahoo Finance

·         Footprinting through Job Sites 

·         Passive Information Gathering

·         Competitive Intelligence Gathering

§  Why Do You Need Competitive Intelligence?

§  Competitive Intelligence Resource

§  Companies Providing Competitive Intelligence Services

§  Carratu International

§  CI Center

§  Competitive Intelligence - When Did This Company Begin? How Did It Develop?

§  Competitive Intelligence - Who Leads This Company

§  Competitive Intelligence - What Are This Company's Plans

§  Competitive Intelligence - What Does Expert Opinion Say About The Company

§  Competitive Intelligence - Who Are The Leading Competitors?

§  Competitive Intelligence Tool: Trellian

§  Competitive Intelligence Tool: Web Investigator

·         Public and Private Websites

  • Footprinting Tools

o    Sensepost Footprint Tools

o    Big Brother

o    BiLE Suite

o    Alchemy Network Tool

o    Advanced Administrative Tool

o    My IP Suite

o    Wikto Footprinting Tool

o    Whois Lookup

o    Whois

o    SmartWhois

o    ActiveWhois

o    LanWhois

o    CountryWhois

o    WhereIsIP

o    Ip2country

o    CallerIP

o    Web Data Extractor Tool

o    Online Whois Tools

o    What is MyIP

o  DNS Enumerator

o  SpiderFoot

o  Nslookup

o  Extract DNS Information

    • Types of DNS Records
    • Necrosoft Advanced DIG

o    Expired Domains

o    DomainKing

o    Domain Name Analyzer

o    DomainInspect

o    MSR Strider URL Tracer

o    Mozzle Domain Name Pro

o    Domain Research Tool (DRT)

o    Domain Status Reporter

o    Reggie

o    Locate the Network Range

·   ARIN

·   Traceroute

§    Traceroute Analysis

·   3D Traceroute

·   NeoTrace

·   VisualRoute Trace

·   Path Analyzer Pro

·   Maltego

·   Layer Four Traceroute

·   Prefix WhoIs widget

·   Touchgraph

·   VisualRoute Mail Tracker

·   eMailTrackerPro

·   Read Notify

  • E-Mail Spiders

o    1st E-mail Address Spider

o    Power E-mail Collector Tool

o    GEOSpider

o    Geowhere Footprinting Tool

o    Google Earth

o    Kartoo Search Engine

o    Dogpile (Meta Search Engine)

o    Tool: WebFerret

o    robots.txt

o    WTR - Web The Ripper

o    Website Watcher

  • Steps to Create Fake Login Pages
  • How to Create Fake Login Pages
  • Faking Websites using Man-in-the-Middle Phishing Kit
  • Benefits to Fraudster
  • Steps to Perform Footprinting

Module 4: Google Hacking

§  What is Google hacking

§  What a hacker can do with vulnerable site

§  Anonymity with Caches

§  Using Google as a Proxy Server

§  Directory Listings

o    Locating Directory Listings

o    Finding Specific Directories

o    Finding Specific Files

o    Server Versioning 

§  Going Out on a Limb: Traversal Techniques

o    Directory Traversal

o    Incremental Substitution 

§  Extension Walking

  • Site Operator
  • intitle:index.of
  • error | warning
  • login | logon
  • username | userid | employee.ID | “your username is”
  • password | passcode | “your password is”
  • admin | administrator

o    admin login

  • –ext:html –ext:htm –ext:shtml –ext:asp –ext:php
  • inurl:temp | inurl:tmp | inurl:backup | inurl:bak
  • intranet | help.desk
  • Locating Public Exploit Sites

o    Locating Exploits Via Common Code Strings

      • Searching for Exploit Code with Nonstandard Extensions
      • Locating Source Code with Common Strings
  • Locating Vulnerable Targets

o    Locating Targets Via Demonstration Pages

      • “Powered by” Tags Are Common Query Fodder for Finding Web Applications

o    Locating Targets Via Source Code

      • Vulnerable Web Application Examples

o    Locating Targets Via CGI Scanning

      • A Single CGI Scan-Style Query
  • Directory Listings

o    Finding IIS 5.0 Servers

  • Web Server Software Error Messages

o    IIS HTTP/1.1 Error Page Titles

o     “Object Not Found” Error Message Used to Find IIS 5.0

o    Apache Web Server

      • Apache 2.0 Error Pages
  • Application Software Error Messages

o    ASP Dumps Provide Dangerous Details

o    Many Errors Reveal Pathnames and Filenames

o    CGI Environment Listings Reveal Lots of Information

  • Default Pages

o    A Typical Apache Default Web Page

o    Locating Default Installations of IIS 4.0 on Windows NT 4.0/OP

o    Default Pages Query for Web Server

o    Outlook Web Access Default Portal

  • Searching for Passwords

o    Windows Registry Entries Can Reveal Passwords

o    Usernames, Cleartext Passwords, and Hostnames!

  • Google Hacking Database (GHDB)
  • SiteDigger Tool
  • Gooscan
  • Goolink Scanner
  • Goolag Scanner
  • Tool: Google Hacks
  • Google Hack Honeypot
  • Google Protocol
  • Google Cartography

Module 5: Scanning

  • Scanning: Definition
  • Types of Scanning
  • Objectives of Scanning
  • CEH Scanning Methodology

o    Checking for live systems - ICMP Scanning

·         Angry IP

·         HPing2

·         Ping Sweep

·         Firewalk Tool

·         Firewalk Commands

·         Firewalk Output

·         Nmap

·         Nmap: Scan Methods

·         NMAP Scan Options

·         NMAP Output Format

·         TCP Communication Flags

·         Three Way Handshake

o    Syn Stealth/Half Open Scan

o    Stealth Scan

o    Xmas Scan

o    Fin Scan

o    Null Scan

o    Idle Scan

o    ICMP Echo Scanning/List Scan

o    TCP Connect/Full Open Scan

o    FTP Bounce Scan

·         Ftp Bounce Attack

o    SYN/FIN Scanning Using IP Fragments

o    UDP Scanning

o    Reverse Ident Scanning

o    RPC Scan

o    Window Scan

o    Blaster Scan

o    Portscan Plus, Strobe

o    IPSec Scan

o    Netscan Tools Pro

o    WUPS – UDP Scanner

o    Superscan

o    IPScanner

o    Global Network Inventory Scanner

o    Net Tools Suite Pack

o    Floppy Scan

o    FloppyScan Steps

o    E-mail Results of FloppyScan

o    Atelier Web Ports Traffic Analyzer (AWPTA)

o    Atelier Web Security Port Scanner (AWSPS)

o    IPEye

o    ike-scan

o    Infiltrator Network Security Scanner

o    YAPS: Yet Another Port Scanner

o    Advanced Port Scanner

o    NetworkActiv Scanner

o    NetGadgets

o    P-Ping Tools

o    MegaPing

o    LanSpy

o    HoverIP

o    LANView

o    NetBruteScanner

o    SolarWinds Engineer’s Toolset

o    AUTAPF

o    OstroSoft Internet Tools

o    Advanced IP Scanner

o    Active Network Monitor

o    Advanced Serial Data Logger

o    Advanced Serial Port Monitor

o    WotWeb

o    Antiy Ports

o    Port Detective

o    Roadkil’s Detector

o    Portable Storage Explorer

  • War Dialer Technique

o    Why War Dialing

o    Wardialing 

o    Phonesweep – War Dialing Tool

o    THC Scan

o    ToneLoc

o    ModemScan

o    War Dialing Countermeasures: Sandtrap Tool

  • Banner Grabbing

o    OS Fingerprinting

·         Active Stack Fingerprinting

·         Passive Fingerprinting

o    Active Banner Grabbing Using Telnet

o    GET REQUESTS

o    P0f – Banner Grabbing Tool

o    p0f for Windows

o    Httprint Banner Grabbing Tool

o    Tool: Miart HTTP Header

o    Tools for Active Stack Fingerprinting

·         Xprobe2

·         Ringv2

·         Netcraft

o    Disabling or Changing Banner

o    IIS Lockdown Tool

o    Tool: ServerMask

o    Hiding File Extensions

o    Tool: PageXchanger

  • Vulnerability Scanning

o    Bidiblah Automated Scanner

o    Qualys Web Based Scanner

o    SAINT

o    ISS Security Scanner

o    Nessus

o    GFI Languard

o    Security Administrator’s Tool for Analyzing Networks (SATAN)

o    Retina

o    Nagios

o    PacketTrap's pt360 Tool Suite

o    NIKTO

§  SAFEsuite Internet Scanner, IdentTCPScan

  • Draw Network Diagrams of Vulnerable Hosts

o    Cheops

o    Friendly Pinger

o    LANsurveyor

o    Ipsonar

o    LANState

§  Insightix Visibility

§  IPCheck Server Monitor

§  PRTG Traffic Grapher

  • Preparing Proxies

o    Proxy Servers

o    Free Proxy Servers

o    Use of Proxies for Attack

o    SocksChain

o    Proxy Workbench

o    Proxymanager Tool

o    Super Proxy Helper Tool

o    Happy Browser Tool (Proxy Based)

o    Multiproxy

o    Tor Proxy Chaining Software

o    Additional Proxy Tools

o    Anonymizers

·         Surfing Anonymously

·         Primedius Anonymizer

·         StealthSurfer

·         Anonymous Surfing: Browzar

·         Torpark Browser

·         GetAnonymous

·         IP Privacy

·         Anonymity 4 Proxy (A4Proxy)

·         Psiphon

·         Connectivity Using Psiphon

·         AnalogX Proxy

·         NetProxy

·         Proxy+

·         ProxySwitcher Lite

·         JAP

·         Proxomitron

o    Google Cookies

·         G-Zapper

o    SSL Proxy Tool

o    How to Run SSL Proxy

o    HTTP  Tunneling Techniques

·         Why Do I Need HTTP Tunneling

·         Httptunnel for Windows

·         How to Run Httptunnel

·         HTTP-Tunnel

·         HTTPort

o    Spoofing IP Address

·         Spoofing IP Address Using Source Routing

·         Detection of IP Spoofing

·         Despoof Tool

  • Scanning Countermeasures
  • Tool: SentryPC

Module 6: Enumeration

  • Overview of System Hacking Cycle
  • What is Enumeration?
  • Techniques for Enumeration
  • NetBIOS Null Sessions

o    So What's the Big Deal

o    DumpSec Tool

o    NetBIOS Enumeration Using Netview

·         Nbtstat Enumeration Tool

·         SuperScan

·         Enum Tool

o    Enumerating User Accounts

·         GetAcct

o    Null Session Countermeasure

  • PS Tools

o    PsExec

o    PsFile

o    PsGetSid

o    PsKill

o    PsInfo

o    PsList

o    PsLogged On

o    PsLogList

o    PsPasswd

o    PsService

o    PsShutdown

o    PsSuspend

  • Simple Network Management Protocol (SNMP) Enumeration

o    Management Information Base (MIB)

o    SNMPutil Example

o    SolarWinds

o    SNScan

o    Getif SNMP MIB Browser

o    UNIX Enumeration

o    SNMP UNIX Enumeration

o    SNMP Enumeration Countermeasures

o    LDAP enumeration

o    JXplorer

o    LdapMiner

o    Softerra LDAP Browser

o    NTP enumeration

o    SMTP enumeration

o    Smtpscan

o    Web enumeration

o    Asnumber  

o    Lynx

  • Winfingerprint

o    Windows Active Directory Attack Tool

o    How To Enumerate Web Application Directories in IIS Using DirectoryServices

  • IP Tools Scanner
  • Enumerate Systems Using Default Password

§  Tools:

o    NBTScan

o    NetViewX

o    FREENETENUMERATOR

o    Terminal Service Agent

o    TXNDS

o    Unicornscan

o    Amap

o    Netenum

  • Steps to Perform Enumeration

Module 7: System Hacking

  • Part 1- Cracking Password

o     CEH hacking Cycle

o    Password Types

o    Types of Password Attack

·         Passive Online Attack: Wire Sniffing

·         Passive Online Attack: Man-in-the-middle and replay attacks

·         Active Online Attack:  Password Guessing

·         Offline Attacks

Ø  Brute force Attack

Ø  Pre-computed Hashes

Ø  Syllable Attack/Rule-based Attack/ Hybrid attacks

Ø  Distributed network  Attack

Ø  Rainbow Attack

·         Non-Technical Attacks

o    Default Password Database

§  http://www.defaultpassword.com/

§  http://www.cirt.net/cgi-bin/passwd.pl

§  http://www.virus.org/index.php?

o    PDF Password Cracker

o    Abcom PDF Password Cracker

o    Password Mitigation

o    Permanent Account Lockout-Employee Privilege Abuse

o    Administrator Password Guessing

·         Manual Password cracking Algorithm

·         Automatic Password Cracking Algorithm

o    Performing Automated Password Guessing

·         Tool: NAT

·         Smbbf (SMB Passive Brute Force Tool)

·         SmbCrack Tool: Legion

·         Hacking Tool: LOphtcrack

o    Microsoft Authentication

·         LM, NTLMv1, and NTLMv2

·         NTLM And LM Authentication On The Wire

·         Kerberos Authentication

·         What is LAN Manager Hash?

Ø  LM “Hash” Generation

Ø  LM Hash

·         Salting

·         PWdump2 and Pwdump3

·         Tool: Rainbowcrack

·         Hacking Tool: KerbCrack

·         Hacking Tool: NBTDeputy

·         NetBIOS DoS Attack

·         Hacking Tool: John the Ripper

o    Password Sniffing

o    How to Sniff SMB Credentials?

o    SMB Replay Attacks

o    Replay Attack Tool: SMBProxy

o    SMB Signing

o    Tool: LCP

o    Tool: SID&User

o    Tool: Ophcrack 2

o    Tool: Crack

o    Tool: Access PassView

o    Tool: Asterisk Logger

o    Tool: CHAOS Generator

o    Tool: Asterisk Key

o    Password Recovery Tool: MS Access Database Password Decoder

o    Password Cracking Countermeasures

o    Do Not Store LAN Manager Hash in SAM Database

o    LM Hash Backward Compatibility

o    How to Disable LM HASH

o    Password Brute-Force Estimate Tool

o    Syskey Utility

o    AccountAudit

  • Part2-Escalating Privileges

o    CEH Hacking Cycle

o    Privilege Escalation

o    Cracking NT/2000 passwords

o    Active@ Password Changer

·         Change Recovery Console Password  - Method 1

·         Change Recovery Console Password -  Method 2

o    Privilege Escalation Tool: x.exe

  • Part3-Executing applications

o    CEH Hacking Cycle

o    Tool: psexec

o    Tool: remoexec

o    Ras N Map

o    Tool: Alchemy Remote Executor

o    Emsa FlexInfo Pro

o    Keystroke Loggers

o    E-mail Keylogger

o    Revealer Keylogger Pro

o    Handy Keylogger

o    Ardamax Keylogger

o    Powered Keylogger

o    Quick Keylogger

o    Spy-Keylogger

o    Perfect Keylogger

o    Invisible Keylogger

o    Actual Spy

o    SpyToctor FTP Keylogger

o    IKS Software Keylogger

o    Ghost Keylogger

o    Hacking Tool: Hardware Key Logger

o    What is Spyware?

o    Spyware: Spector

o    Remote Spy

o    Spy Tech Spy Agent

o    007 Spy Software

o    Spy Buddy

o    Ace Spy

o    Keystroke Spy

o    Activity Monitor

o    Hacking Tool: eBlaster

o    Stealth Voice Recorder

o    Stealth Keylogger

o    Stealth Website Logger

o    Digi Watcher Video Surveillance

o    Desktop Spy Screen Capture Program

o    Telephone Spy

o    Print Monitor Spy Tool

o    Stealth E-Mail Redirector

o    Spy Software: Wiretap Professional

o    Spy Software: FlexiSpy

o    PC PhoneHome

o    Keylogger Countermeasures

o    Anti Keylogger

o    Advanced Anti Keylogger

o    Privacy Keyboard

o    Spy Hunter - Spyware Remover

o    Spy Sweeper

o    Spyware Terminator

o    WinCleaner AntiSpyware

  • Part4-Hiding files

o    CEH Hacking Cycle

o    Hiding Files

o    RootKits

·         Why rootkits

·         Hacking Tool:  NT/2000 Rootkit

·         Planting the NT/2000 Rootkit

·         Rootkits in Linux

·         Detecting Rootkits

·         Steps for Detecting Rootkits

·         Rootkit Detection Tools

·         Sony Rootkit Case Study

·         Rootkit: Fu

·         AFX Rootkit

·         Rootkit: Nuclear

·         Rootkit: Vanquish

·         Rootkit Countermeasures

·         Patchfinder

·         RootkitRevealer

o    Creating Alternate Data Streams

o    How to Create NTFS Streams?

·         NTFS Stream Manipulation

·         NTFS Streams Countermeasures

·         NTFS Stream Detectors (ADS Spy and ADS Tools)

·         Hacking Tool: USB Dumper

o    What is Steganography?

·         Steganography Techniques

§ Least Significant Bit Insertion in Image files

§ Process of Hiding Information in Image Files

§ Masking and Filtering in Image files

§ Algorithms and transformation

·         Tool: Merge Streams

·         Invisible Folders

·         Tool: Invisible Secrets

·         Tool : Image Hide

·         Tool: Stealth Files

·         Tool: Steganography

·         Masker Steganography Tool

·         Hermetic Stego

·         DCPP – Hide an Operating System

·         Tool: Camera/Shy

·         www.spammimic.com

·         Tool: Mp3Stego

·         Tool: Snow.exe

·         Steganography Tool: Fort Knox

·         Steganography Tool: Blindside

·         Steganography Tool: S- Tools

·         Steganography Tool: Steghide

·         Tool: Steganos

·         Steganography Tool: Pretty Good Envelop

·         Tool: Gifshuffle

·         Tool: JPHIDE and JPSEEK

·         Tool: wbStego

·         Tool: OutGuess

·         Tool: Data Stash

·         Tool: Hydan

·         Tool: Cloak

·         Tool: StegoNote

·         Tool: Stegomagic

·         Steganos Security Suite

·         C Steganography

·         Isosteg

·         FoxHole

·         Video Steganography

·         Case Study: Al-Qaida members Distributing Propaganda to Volunteers    using Steganography

·         Steganalysis

·         Steganalysis Methods/Attacks on Steganography

·         Stegdetect

·         SIDS

·         High-Level View

·         Tool: dskprobe.exe

·         Stego Watch- Stego Detection Tool

·         StegSpy

  • Part5-Covering Tracks

o    CEH Hacking Cycle

o    Covering Tracks

o    Disabling Auditing

o    Clearing the Event Log

o    Tool: elsave.exe

o    Hacking Tool: Winzapper

o    Evidence Eliminator

o    Tool: Traceless

o    Tool: Tracks Eraser Pro

o    Armor Tools

o    Tool: ZeroTracks

o    PhatBooster

Module 8: Trojans and Backdoors

  • Effect on Business
  • What is a Trojan?

o    Overt and Covert Channels

o    Working of Trojans

o    Different Types of Trojans

§  Remote Access Trojans

§  Data-Sending Trojans

§  Destructive Trojans

§  Denial-of-Service (DoS) Attack Trojans

§  Proxy Trojans

§  FTP Trojans

§  Security Software Disablers

o    What do Trojan Creators Look for?

o    Different Ways a Trojan can Get into a System

  • Indications of a Trojan Attack
  • Ports Used by Trojans

o    How to Determine which Ports are Listening

  • Trojans

o    Trojan: iCmd

o  MoSucker Trojan

o  Proxy Server Trojan

o  SARS Trojan Notification

o  Wrappers

o  Wrapper Covert Program

o  Wrapping Tools

o  One Exe Maker / YAB / Pretator Wrappers

o  Packaging Tool: WordPad

o  RemoteByMail

o  Tool: Icon Plus

o  Defacing Application: Restorator

o  Tetris

o  HTTP Trojans

o  Trojan Attack through Http

o  HTTP Trojan (HTTP RAT)

o  Shttpd Trojan - HTTP Server

o  Reverse Connecting Trojans

o  Nuclear RAT Trojan (Reverse Connecting)

o  Tool: BadLuck Destructive Trojan

o  ICMP Tunneling

o  ICMP Backdoor Trojan

o  Microsoft Network Hacked by QAZ Trojan

o  Backdoor.Theef (AVP)

o  T2W (TrojanToWorm)

o  Biorante RAT

o  DownTroj

o  Turkojan

o  Trojan.Satellite-RAT

o  Yakoza

o  DarkLabel B4

o  Trojan.Hav-Rat

o  Poison Ivy

o  Rapid Hacker

o  SharK

o  HackerzRat

o  TYO

o  1337 Fun Trojan

o  Criminal Rat Beta

o  VicSpy

o    Optix PRO

o    ProAgent

o    OD Client

o    AceRat

o    Mhacker-PS

o    RubyRAT Public

o    SINner

o    ConsoleDevil

o    ZombieRat

o    FTP Trojan - TinyFTPD

o    VNC Trojan

o    Webcam Trojan

o    DJI RAT

o    Skiddie Rat

o    Biohazard RAT

o    Troya

o    ProRat

o    Dark Girl

o    DaCryptic

o    Net-Devil

  • Classic Trojans Found in the Wild

o    Trojan: Tini

o    Trojan: NetBus

o    Trojan: Netcat

o    Netcat Client/Server

o    Netcat Commands

o    Trojan: Beast

o    Trojan: Phatbot

o    Trojan: Amitis

o    Trojan: Senna Spy

o    Trojan: QAZ

o    Trojan: Back Orifice 

o    Trojan: Back Oriffice 2000

o    Back Oriffice Plug-ins

o    Trojan: SubSeven 

o    Trojan: CyberSpy Telnet Trojan

o    Trojan: Subroot Telnet Trojan

o    Trojan: Let Me Rule! 2.0 BETA 9

o    Trojan: Donald Dick

    • Trojan: RECUB 
  • Hacking Tool: Loki
  • Loki Countermeasures
  • Atelier Web Remote Commander
  • Trojan Horse Construction Kit
  • How to Detect Trojans?

o    Netstat

o    fPort

o    TCPView

o    CurrPorts Tool

o    Process Viewer

o    Delete Suspicious Device Drivers

o    Check for Running Processes: What’s on My Computer

o    Super System Helper Tool

o    Inzider-Tracks Processes and Ports

o    Tool: What’s Running

o    MS Configuration Utility

o    Registry- What’s Running

o    Autoruns

o    Hijack This (System Checker)

o    Startup List

  • Anti-Trojan Software

§  TrojanHunter

§  Comodo BOClean

§  Trojan Remover: XoftspySE

§  Trojan Remover: Spyware Doctor

§  SPYWAREfighter

  • Evading Anti-Virus Techniques
  • Sample Code for Trojan Client/Server
  • Evading Anti-Trojan/Anti-Virus using Stealth Tools
  • Backdoor Countermeasures
  • Tripwire
  • System File Verification
  • MD5 Checksum.exe
  • Microsoft Windows Defender
  • How to Avoid a Trojan Infection

Module 9: Viruses and Worms

  • Virus History
  • Characteristics of Virus
  • Working of Virus

o    Infection Phase

o    Attack Phase

  • Why people create Computer Viruses
  • Symptoms of a Virus-like Attack
  • Virus Hoaxes
  • Chain Letters
  • How is a Worm Different from a Virus
  • Indications of a Virus Attack
  • Hardware Threats
  • Software Threats
  • Virus Damage

§  Mode of Virus Infection

  • Stages of Virus Life
  • Virus Classification
  • How Does a Virus Infect?
  • Storage Patterns of Virus

o    System Sector virus

o    Stealth Virus

o    Bootable CD-Rom Virus

·         Self -Modification

·         Encryption with a Variable Key

o    Polymorphic Code

o    Metamorphic Virus

o    Cavity Virus

o    Sparse Infector Virus

o    Companion Virus

o    File Extension Virus

  • Famous Virus/Worms – I Love You Virus
  • Famous Virus/Worms – Melissa
  • Famous Virus/Worms – JS/Spth
  • Klez Virus Analysis
  • Latest Viruses
  • Top 10 Viruses- 2008

o    Virus: Win32.AutoRun.ah

o    Virus:W32/Virut

o    Virus:W32/Divvi

o    Worm.SymbOS.Lasco.a

o    Disk Killer

o    Bad Boy

o    HappyBox

o    Java.StrangeBrew

o    MonteCarlo Family

o    PHP.Neworld

o    W32/WBoy.a

o    ExeBug.d

o    W32/Voterai.worm.e

o    W32/Lecivio.worm

o    W32/Lurka.a

o    W32/Vora.worm!p2p

  • Writing a Simple Virus Program
  • Virus Construction Kits
  • Virus Detection Methods
  • Virus Incident Response
  • What is Sheep Dip?
  • Virus Analysis – IDA Pro Tool
  • Prevention is better than Cure
  • Anti-Virus Software

o    AVG Antivirus

o    Norton Antivirus

o    McAfee

o    Socketsheild

o    BitDefender

o    ESET Nod32

o    CA Anti-Virus

o    F-Secure Anti-Virus

o    Kaspersky Anti-Virus

o    F-Prot Antivirus

o    Panda Antivirus Platinum

o    avast! Virus Cleaner

o    ClamWin

o    Norman Virus Control

  • Popular Anti-Virus Packages
  • Virus Databases

Module 10: Sniffers

  • Definition - Sniffing
  • Protocols Vulnerable to Sniffing
  • Tool: Network View – Scans the Network for Devices
  • The Dude Sniffer
  • Wireshark
  • Display Filters in Wireshark
  • Following the TCP Stream in Wireshark
  • Cain and Abel
  • Tcpdump
  • Tcpdump Commands
  • Types of Sniffing

o    Passive Sniffing

o    Active Sniffing

  • What is ARP

o    ARP Spoofing Attack

o    How does ARP Spoofing Work

o    ARP Poising

o    MAC Duplicating

o    MAC Duplicating Attack

o    Tools for ARP Spoofing

·         Ettercap

·         ArpSpyX

o    MAC Flooding

·         Tools for MAC Flooding

Ø  Linux Tool: Macof

Ø  Windows Tool: Etherflood

o    Threats of ARP Poisoning

o    Irs-Arp Attack Tool

o    ARPWorks Tool

o    Tool: Nemesis

o    IP-based sniffing

  • Linux Sniffing Tools (dsniff package)

o    Linux tool: Arpspoof

o    Linux Tool: Dnssppoof

o    Linux Tool: Dsniff

o    Linux Tool: Filesnarf

o    Linux Tool: Mailsnarf

o    Linux Tool: Msgsnarf

o    Linux Tool: Sshmitm

o    Linux Tool: Tcpkill

o    Linux Tool: Tcpnice

o    Linux Tool: Urlsnarf

o    Linux Tool: Webspy

o    Linux Tool: Webmitm

  • DNS Poisoning Techniques

o    Intranet DNS Spoofing (Local Network)

o    Internet DNS Spoofing (Remote Network)

o    Proxy Server DNS Poisoning

o    DNS Cache Poisoning

  • Interactive TCP Relay
  • Interactive Replay Attacks
  • Raw Sniffing Tools
  • Features of Raw Sniffing Tools

o    HTTP Sniffer: EffeTech

o    Ace Password Sniffer

o    Win Sniffer

o    MSN Sniffer

o    SmartSniff

o    Session Capture Sniffer: NetWitness

o    Session Capture Sniffer: NWreader

o    Packet Crafter Craft Custom TCP/IP Packets

o    SMAC

o    NetSetMan Tool

o    Ntop

o    EtherApe

o    Network Probe

o    Maa Tec Network Analyzer

o    Tool: Snort

o    Tool: Windump

o    Tool: Etherpeek

o    NetIntercept

o    Colasoft EtherLook

o    AW Ports Traffic Analyzer

o    Colasoft Capsa Network Analyzer

o    CommView

o    Sniffem

o    NetResident

o    IP Sniffer

o    Sniphere

o    IE HTTP Analyzer

o    BillSniff

o    URL Snooper

o    EtherDetect Packet Sniffer

o    EffeTech HTTP Sniffer

o    AnalogX Packetmon

o    Colasoft MSN Monitor

o    IPgrab

o    EtherScan Analyzer

  • How to Detect Sniffing
  • Countermeasures

o    Antisniff Tool

o    Arpwatch Tool

o    PromiScan

o    proDETECT

Module 11: Social Engineering

  • What is Social Engineering?
  • Human Weakness
  • “Rebecca” and “Jessica”
  • Office Workers
  • Types of Social Engineering

o    Human-Based Social Engineering

·         Technical Support Example

·         More Social Engineering Examples

·         Human-Based Social Engineering: Eavesdropping

·         Human-Based Social Engineering: Shoulder Surfing

·         Human-Based Social Engineering: Dumpster Diving

·         Dumpster Diving Example

·         Oracle Snoops Microsoft’s Trash Bins

·         Movies to Watch for Reverse Engineering

o    Computer Based Social Engineering

o    Insider Attack

o    Disgruntled Employee

o    Preventing Insider Threat

o    Common Targets of Social Engineering

§  Social Engineering Threats

o    Online

o    Telephone

o    Personal approaches

o    Defenses Against Social Engineering Threats

§  Factors that make Companies Vulnerable to Attacks

§  Why is Social Engineering Effective

§  Warning Signs of an Attack

§  Tool : Netcraft Anti-Phishing Toolbar

§  Phases in a Social Engineering Attack

§  Behaviors Vulnerable to Attacks

§  Impact on the Organization

§  Countermeasures

§  Policies and Procedures

§  Security Policies - Checklist

§  Impersonating Orkut, Facebook, MySpace

§  Orkut

§  Impersonating on Orkut

§  MW.Orc worm

§  Facebook

§  Impersonating on Facebook

§  MySpace

§  Impersonating on MySpace

§  How to Steal Identity

§  Comparison

§  Original

§  Identity Theft

§  http://www.consumer.gov/idtheft/

Module 12: Phishing

§  Phishing

§  Introduction

§  Reasons for Successful Phishing

§  Phishing Methods

§  Process of Phishing

§  Types of Phishing Attacks

o    Man-in-the-Middle Attacks

o    URL Obfuscation Attacks

o    Cross-site Scripting Attacks

o    Hidden Attacks

o    Client-side Vulnerabilities

o    Deceptive Phishing

o    Malware-Based Phishing

o    DNS-Based Phishing

o    Content-Injection Phishing

o    Search Engine Phishing

§  Phishing Statistics: Feb’ 2008

§  Anti-Phishing

§  Anti-Phishing Tools

o    PhishTank SiteChecker

o    NetCraft

o    GFI MailEssentials

o    SpoofGuard

o    Phishing Sweeper Enterprise

o    TrustWatch Toolbar

o    ThreatFire

o    GralicWrap

o    Spyware Doctor

o    Track Zapper Spyware-Adware Remover

o    AdwareInspector

o    Email-Tag.com

Module 13: Hacking Email Accounts

  • Ways for Getting Email Account Information
  • Stealing Cookies
  • Social Engineering
  • Password Phishing
  • Fraudulent e-mail Messages
  • Vulnerabilities
    • Web Email
    • Reaper Exploit
  • Tool: Advanced Stealth Email Redirector
  • Tool: Mail PassView
  • Tool: Email Password Recovery Master
  • Tool: Mail Password
  • Email Finder Pro
  • Email Spider Easy
  • Kernel Hotmail MSN Password Recovery
  • Retrieve Forgotten Yahoo Password
  • MegaHackerZ
  • Hack Passwords
  • Creating Strong Passwords
  • Creating Strong Passwords: Change Password
  • Creating Strong Passwords: Trouble Signing In
  • Sign-in Seal
  • Alternate Email Address
  • Keep Me Signed In/ Remember Me
  • Tool: Email Protector    
  • Tool: Email Security
  • Tool: EmailSanitizer
  • Tool: Email Protector
  • Tool: SuperSecret

Module 14: Denial-of-Service

  • Real World Scenario of DoS Attacks
  • What are Denial-of-Service Attacks
  • Goal of DoS
  • Impact and the Modes of Attack
  • Types of Attacks
  • DoS Attack Classification

o    Smurf Attack

o    Buffer Overflow Attack

o    Ping of Death Attack

o    Teardrop Attack

o    SYN Attack

o    SYN Flooding

o    DoS Attack Tools

o    DoS Tool: Jolt2

o    DoS Tool: Bubonic.c

o    DoS Tool: Land and LaTierra

o    DoS Tool: Targa

o    DoS Tool: Blast

o    DoS Tool: Nemesy

o    DoS Tool: Panther2

o    DoS Tool: Crazy Pinger

o    DoS Tool: SomeTrouble

o    DoS Tool: UDP Flood

o    DoS Tool: FSMax

  • Bot (Derived from the Word RoBOT)
  • Botnets
  • Uses of Botnets
  • Types of Bots
  • How Do They Infect? Analysis Of Agabot
  • How Do They Infect
  • Tool: Nuclear Bot
  • What is DDoS Attack
  • Characteristics of DDoS Attacks
  • DDOS Unstoppable
  • Agent Handler Model
  • DDoS IRC based Model
  •  DDoS Attack Taxonomy
  • Amplification Attack
  • Reflective DNS Attacks
  • Reflective DNS Attacks Tool: ihateperl.pl
  • DDoS Tools

o    DDoS Tool: Trinoo

o    DDoS Tool: Tribal Flood Network

o    DDoS Tool: TFN2K

o    DDoS Tool: Stacheldraht

o    DDoS Tool: Shaft

o    DDoS Tool: Trinity

o    DDoS Tool: Knight and Kaiten

o    DDoS Tool: Mstream

  • Worms
  • Slammer Worm
  • Spread of Slammer Worm – 30 min
  • MyDoom.B
  • SCO Against MyDoom Worm
  • How to Conduct a DDoS Attack
  • The Reflected DoS Attacks
  • Reflection of the Exploit
  • Countermeasures for Reflected DoS
  • DDoS Countermeasures
  • Taxonomy of DDoS Countermeasures
  • Preventing Secondary Victims
  • Detect and Neutralize Handlers
  • Detect Potential Attacks
  • DoSHTTP Tool
  • Mitigate or Stop the Effects of DDoS Attacks
  • Deflect Attacks
  • Post-attack Forensics
  • Packet Traceback

 Module 15: Session Hijacking

  • What is Session Hijacking?
  • Spoofing v Hijacking
  • Steps in Session Hijacking
  • Types of Session Hijacking
  • Session Hijacking Levels
  • Network Level Hijacking
  • The 3-Way Handshake
  • TCP Concepts 3-Way Handshake
  • Sequence Numbers
  • Sequence Number Prediction
  • TCP/IP hijacking
  • IP Spoofing: Source Routed Packets
  • RST Hijacking

o    RST Hijacking Tool: hijack_rst.sh

  • Blind Hijacking
  • Man in the Middle: Packet Sniffer
  • UDP Hijacking
  • Application Level Hijacking
  • Programs that Performs Session Hacking

o    Juggernaut

o    Hunt

o    TTY-Watcher

o    IP watcher

o    Session Hijacking Tool: T-Sight

o    Remote TCP Session Reset Utility (SOLARWINDS)

o    Paros HTTP Session Hijacking Tool

o    Dnshijacker Tool

o    Hjksuite Tool

  • Dangers that hijacking Pose
  • Protecting against Session Hijacking
  • Countermeasures: IPSec

Module 16: Hacking Web Servers

  • How Web Servers Work
  • How are Web Servers Compromised
  • Web Server Defacement

o    How are Servers Defaced

  • Apache Vulnerability
  • Attacks against IIS

o    IIS Components

o    IIS Directory Traversal (Unicode) Attack

  • Unicode

o    Unicode Directory Traversal Vulnerability

  • Hacking Tool

o    Hacking Tool: IISxploit.exe

o    Msw3prt IPP Vulnerability

o    RPC DCOM Vulnerability

o    ASP Trojan

o    IIS Logs

o    Network Tool: Log Analyzer

o    Hacking Tool: CleanIISLog

o    IIS Security Tool: Server Mask 

o    ServerMask ip100

o    Tool: CacheRight

o    Tool: CustomError

o    Tool: HttpZip

o    Tool: LinkDeny

o    Tool: ServerDefender AI

o    Tool: ZipEnable

o    Tool: w3compiler

o    Yersinia

  • Tool: Metasploit Framework
  • Tool: Immunity CANVAS Professional
  • Tool: Core Impact
  • Tool: MPack
  • Tool: Neosploit
  • Hotfixes and Patches
  • What is Patch Management
  • Patch Management Checklist

o    Solution: UpdateExpert

o    Patch Management Tool: qfecheck

o    Patch Management Tool: HFNetChk

o    cacls.exe utility

o    Shavlik NetChk Protect

o    Kaseya Patch Management

o    IBM Tivoli Configuration Manager

o    LANDesk Patch Manager

o    BMC Patch Manager

o    ConfigureSoft Enterprise Configuration Manager (ECM)

o    BladeLogic Configuration Manager

o    Opsware Server Automation System (SAS)

o    Best Practices for Patch Management

  • Vulnerability Scanners
  • Online Vulnerability Search Engine
  • Network Tool: Whisker
  • Network Tool: N-Stealth HTTP Vulnerability Scanner
  • Hacking Tool: WebInspect
  • Network Tool: Shadow Security Scanner
  • Secure IIS

o    ServersCheck Monitoring

o    GFI Network Server Monitor

o    Servers Alive

o    Webserver Stress Tool

o    Monitoring Tool: Secunia PSI

  • Countermeasures
  • Increasing Web Server Security
  • Web Server Protection Checklist

Module 17: Web Application Vulnerabilities

  • Web Application Setup
  • Web application Hacking
  • Anatomy of an Attack
  • Web Application Threats
  • Cross-Site Scripting/XSS Flaws

o    An Example of XSS

o    Countermeasures

  • SQL Injection
  • Command Injection Flaws

o    Countermeasures

  • Cookie/Session Poisoning

o    Countermeasures

  • Parameter/Form Tampering
  • Hidden Field at
  • Buffer Overflow

o    Countermeasures

  • Directory Traversal/Forceful Browsing

o  Countermeasures

  • Cryptographic Interception
  • Cookie Snooping
  • Authentication Hijacking

o    Countermeasures

  • Log Tampering
  • Error Message Interception
  • Attack Obfuscation
  • Platform Exploits
  • DMZ Protocol Attacks

o    Countermeasures

  • Security Management Exploits

o    Web Services Attacks

o    Zero-Day Attacks

o    Network Access Attacks

  • TCP Fragmentation
  • Hacking Tools

o    Instant Source

o    Wget

o    WebSleuth

o    BlackWidow

o    SiteScope Tool

o    WSDigger Tool – Web Services Testing Tool

o    CookieDigger Tool

o    SSLDigger Tool

o    SiteDigger Tool

o    WindowBomb

o    Burp: Positioning Payloads

o    Burp: Configuring Payloads and Content Enumeration

o    Burp: Password Guessing

o    Burp Proxy

o    Burpsuite

o    Hacking Tool: cURL

o    dotDefender

o    Acunetix Web Scanner

o    AppScan – Web Application Scanner

o    AccessDiver

o    Tool: Falcove Web Vulnerability Scanner

o    Tool: NetBrute

o    Tool: Emsa Web Monitor

o    Tool: KeepNI

o    Tool: Parosproxy

o    Tool: WebScarab

o    Tool: Watchfire AppScan

o    Tool: WebWatchBot

o    Tool: Mapper

 

Module 18: Web-Based Password Cracking Techniques

  • Authentication - Definition
  • Authentication Mechanisms

o    HTTP Authentication

·         Basic Authentication

·         Digest Authentication

o    Integrated Windows (NTLM) Authentication

o    Negotiate Authentication

o    Certificate-based Authentication

o    Forms-based Authentication

o    RSA SecurID Token

o    Biometrics Authentication

·         Types of Biometrics Authentication

Ø  Fingerprint-based Identification

Ø  Hand Geometry- based Identification

Ø  Retina Scanning

Ø  Afghan Woman Recognized After 17 Years

Ø  Face Recognition

Ø  Face Code: WebCam Based Biometrics Authentication System

  • Bill Gates at the RSA Conf