Documente Academic
Documente Profesional
Documente Cultură
Course Outline
o Essential Terminology
o
Hacking Concepts
o
o Who Is a Hacker?
o Hacker Classes
o Hacktivism
Hacking Phases
Page | 1 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Types of Attacks
o Misconfiguration Attacks
o Application-Level Attacks
Defense in Depth
Vulnerability Research
Page | 2
Footprinting Concepts
o Footprinting Terminology
o What is Footprinting?
Why Footprinting?
Objectives of Footprinting
Footprinting Threats
o
Footprinting Threats
Footprinting Methodology
o
People Search
o Website Footprinting
o Email Footprinting
o Competitive Intelligence
Competitive Intelligence - When Did this Company Begin? How did it develop?
Page | 3 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
o WHOIS Footprinting
WHOIS Lookup
o DNS Footprinting
o Network Footprinting
Traceroute
Traceroute Analysis
Traceroute Tools
o Footprinting through
Footprinting Tools
Page | 4 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Page | 5
Ping Sweep
Three-Way Handshake
Hping2 / Hping3
Hping Commands
Scanning Techniques
Xmas Scan
FIN Scan
Ethical Hacking and Countermeasures Copyright by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
NULL Scan
IDLE Scan
UDP Scanning
Scanning Tools
Do Not Scan These IP Addresses (Unless you want to get into trouble)
o Banner Grabbing
Vulnerability Scanning
Page | 6
o Prepare Proxies
Page | 7
Proxy Servers
Proxy Chaining
Proxy Tools
HTTP
Tunneling Tool:
Super Network Tunnel
SSH Tunneling
Anonymizers
G-Zapper
Anonymizers
Spoofing IP Address
IP Spoofing Countermeasures
Enumeration Concepts
What is Enumeration?
NetBIOS Enumeration
o
NetBIOS Enumeration
SNMP Enumeration
o Working of SNMP
LDAP Enumeration
NTP Enumeration
NTP Enumeration
SMTP Enumeration
SMTP Enumeration
DNS Enumeration
o
Enumeration Countermeasures
SMB Enumeration Countermeasures
Enumeration Pen Testing
Page | 9
o Cracking Passwords
Password Cracking
Password Complexity
Non-Electronic Attacks
Default Passwords
Microsoft Authentication
LM Hash Generation
Kerberos Authentication
Salting
L0phtCrack
Ophcrack
RainbowCrack
o Escalating Privileges
Page | 10
Privilege Escalation
o Executing Applications
Page | 11
Executing Applications
Keylogger
Acoustic/CAM Keylogger
Keyloggers
Hardware Keyloggers
Spyware
Types of Spywares
Desktop Spyware
Desktop Spyware
USB Spyware
USB Spyware
Audio Spyware
Video Spyware
Video Spyware
Print Spyware
Print Spyware
Telephone/Cellphone Spyware
Telephone/Cellphone Spyware
GPS Spyware
GPS Spyware
Anti-Keylogger
Anti-Keylogger
Anti-Spywares
o Hiding Files
Page | 12
Rootkits
Types of Rootkits
Page | 13
Rootkit: Fu
Rootkit: KBeast
Detecting Rootkits
Anti-Rootkit: Stinger
Anti-Rootkit: UnHackMe
Anti-Rootkits
What Is Steganography?
Application of Steganography
Classification of Steganography
Technical Steganography
Linguistic Steganography
Steganography Techniques
Types of Steganography
Image Steganography
Video Steganography
Audio Steganography
Steganalysis
o Covering Tracks
Covering Tracks
o Penetration Testing
Password Cracking
Page | 14
Privilege Escalation
Executing Applications
Hiding Files
Covering Tracks
Trojan Concepts
o
What is a Trojan?
o Purpose of Trojans
Trojan Infection
o Wrappers
Types of Trojans
o
o Document Trojans
o Defacement Trojans
E-mail Trojans
o Botnet Trojans
Page | 15
VNC Trojans
HTTP/HTTPS Trojans
ICMP Tunneling
E-banking Trojans
Notification Trojans
Page | 16
Trojan Detection
o Trojan Countermeasures
Page | 17
Backdoor Countermeasures
o
Anti-Trojan Software
o
o Anti-Trojan Softwares
Pen Testing for Trojans and Backdoors
Types of Viruses
o Macro Viruses
Cluster Viruses
o Stealth/Tunneling Viruses
o Encryption Viruses
Polymorphic Code
Metamorphic Viruses
Companion/Camouflage Viruses
Shell Viruses
Anti-virus Tools
Sniffing Concepts
o Wiretapping
o
Page | 19
Lawful Interception
Packet Sniffing
Sniffing Threats
SPAN Port
MAC Attacks
o
MAC Flooding
DHCP Attacks
o
ARP Poisoning
MAC Spoofing/Duplicating
IRDP Spoofing
Page | 21
Page | 22
Insider Attack
Disgruntled Employee
Identify Theft
STEP 2
Comparison
STEP 3
DoS/DDoS Concepts
o
Cyber Criminals
o SYN Attack
SYN Flooding
Peer-to-Peer Attacks
Page | 24
Botnet Ecosystem
o DDoS Attack
o
o Detection Techniques
o
Activity Profiling
Wavelet Analysis
Post-Attack Forensics
Page | 25
o Session Sniffing
o Man-in-the-Middle Attack
o Client-side Attacks
o Session Fixation
Page | 26
Man-in-the-Browser Attack
Sequence Numbers
TCP/IP Hijacking
RST Hijacking
Blind Hijacking
UDP Hijacking
Counter-measures
o
IPSec
Modes of IPsec
IPsec Architecture
o Components of IPsec
IPsec Implementation
Webserver Concepts
o
Page | 27
Website Defacement
o Webserver Misconfiguration
Man-in-the-Middle Attack
Page | 28
Metasploit Architecture
Countermeasures: Protocols
Countermeasures: Accounts
o How to Defend against HTTP Response Splitting and Web Cache Poisoning
Patch Management
Page | 29 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
o Vulnerability Stack
o Invalidated Input
o Parameter/Form Tampering
o Directory Traversal
o Security Misconfiguration
o Injection Flaws
Cookie/Session Poisoning
o
Page | 31
Username Enumeration
Authorization Attack
Injection Attacks
Page | 32
Encoding Schemes
Security Tools
Page | 33
Information Gathering
Authentication Testing
Authorization Testing
AJAX Testing
o SQL Injection
Scenario
o Example 2: BadProductList.aspx
o Advanced Enumeration
Evasion Techniques
o Evading IDS
o How to Defend Against SQL Injection Attacks: Use Type-Safe SQL Parameters
Page | 36 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Wireless Concepts
o
Wireless Networks
o Wireless Terminologies
Wireless Standards
Wi-Fi Chalking
o WEP Encryption
o What is WPA?
o Temporal Keys
What is WPA2?
o WEP Issues
o
Page | 37
Client Mis-association
Unauthorized Association
AP MAC Spoofing
Denial-of-Service Attack
o Wi-Fi Discovery
Page | 38
o GPS Mapping
Aircrack-ng Suite
Fragmentation Attack
Man-in-the-Middle Attack
Evil Twin
Page | 39
o Wardriving Tools
RF Monitoring Tools
Bluetooth Hacking
o Bluetooth Stack
o
Bluetooth Threats
Page | 40
o
o
o Terminology
Hacking Android
OS
o Android OS
o Android Vulnerabilities
Android OS Architecture
Android Rooting
o Security News
o
Apple iOS
Jailbreaking iOS
Types of Jailbreaking
Jailbreaking Techniques
Page | 42
o Windows Phone 8
Email Exploits
Telephony Attacks
o MDM Solutions
Mobile Security Guidelines and Tools
Page | 43
o Firewall
o Types of Firewall
o Application-Level Firewall
Firewall Architecture
o Honeypot
Page | 44
Types of Honeypots
Snort Rules
Firewalls
o Honeypot Tools
Evading IDS
o Insertion Attack
Page | 45
Evasion
Obfuscating
Session Splicing
Fragmentation Attack
Overlapping Fragments
Time-To-Live Attacks
Urgency Flag
Polymorphic Shellcode
ASCII Shellcode
Application-Layer Attacks
Evading Firewalls
o IP Address Spoofing
o Source Routing
Tiny Fragments
Detecting Honeypots
Detecting Honeypots
Countermeasures
Penetration Testing
o Buffer Overflows
o Why Are Programs and Applications Vulnerable to Buffer Overflows?
o Understanding Stacks
Page | 46
Understanding Heap
Stack Operations
Shellcode
o No Operations (NOPs)
Buffer Overflow Methodology
Programming Countermeasures
o /GS http://microsoft.com
Cryptography Concepts
o Cryptography
Types of Cryptography
Encryption Algorithms
o Ciphers
Page | 48
o Cryptography Tools
Public Key Infrastructure(PKI)
o Certification Authorities
Email Encryption
o Digital Signature
o
Brute-Force Attack
Cryptanalysis Tools
o Security Assessments
o Security Audit
Page | 49
Vulnerability Assessment
Penetration Testing
Testing Points
Testing Locations
o Automated Testing
Manual Testing
Attack Phase
Page | 50 Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
Enumerating Devices
Wireless Testing
Social Engineering
Page | 51
Terms of Engagement
Project Scope