Certified Ethical Hacking

---

Lesson 1: Introduction to Ethical Hacking
Essential Terminologies and Elements of Security
The Security, Functionality, and Ease of Use Triangle
Types of Attacks
Vulnerability Research Tools and Websites

---

Lesson 2: Foot-printing
Revisiting Reconnaissance and defining Foot-printing
Information Gathering Methodology
Foot-printing through Job Sites and Passive Information Gathering
Competitive Intelligence Gathering
Public and Private Websites
Tools and steps to perform Foot-printing:

---

Lesson 3: Scanning
Types, Definitions, and methods of Scanning
Port Scanning, Network Scanning, Vulnerability Scanning, and checking for live systems
Checking for open ports
War Dialer Technique: PhoneSweep, THC Scan, SandTrap Tool
Banner grabbing/OS Fingerprinting: OS, Active Stack, and Passive Fingerprinting
Active Banner Grabbing Using Telnet
Active Stack Fingerprinting
Disabling or Changing Banner
Identify Service
Vulnerability scanning
Draw network diagrams of Vulnerable hosts
Prepare proxies
Anonymizers
SSL Proxy Tool
HTTP Tunneling Techniques

---

Lesson 4: Enumeration
Overview of System Hacking Cycle
What is Enumeration, as well as Steps and Techniques for Enumeration
Netbios Null Sessions - Null Session Countermeasures – Tools
Tools: DumpSec, Netview, Nbtstat, SuperScan4, Enum, sid2user, user2sid, and GetAcct
PSTools
SNMP Enumeration
Management Information Base
UNIX and SNMP UNIX Enumeration
SNMP Enumeration Countermeasures
Enumerate Systems Using Default Passwords

---

Lesson 5: System Hacking
Cracking Passwords and Password Types
Types of Password Attacks
Passive and Active Online Wire Sniffing Password Guessing Attacks
Offline Attacks - Dictionary, Hybrid, Brute-force, and Pre-computed Hash Attacks
Non-Technical Attacks

---

Lesson 6: Trojans and Backdoors
Overt and Covert Channels
Working of Trojans
Different Types of Trojans
What Do Trojan Creators Look For?
Different Ways a Trojan Can Get into a System
Indications of a Trojan Attack
Ports Used by Trojans
How to determine which Ports are “Listening”?
Classic Trojans Found in the Wild

---

Lesson 7: Sniffers
Protocols Vulnerable to Sniffing
Types of Sniffing
DNS Poisoning Techniques
Interactive TCP Relay
How to Detect Sniffing?
AntiSniff Tool
ArpWatch Tool
Countermeasures

---

Lesson 8: Denial of Service
Goal, Impact and the Modes of Attack
Botnets – uses and types
Characteristics of DDoS Attacks
Amplification Attack
Reflective DNS Attacks
Worms
Mitigate or Stop the Effects of DDoS Attacks
Deflect Attacks
Post-attack Forensics
Packet Traceback

---

Lesson 9: Social Engineering
Office Workers
Types of Social Engineering - Human-based,Computer-based
Preventing Insider Threat
Common Targets of Social Engineering
Factors that make Companies Vulnerable to Attacks
Warning Signs of an Attack
Phases in a Social Engineering Attack
Countermeasures
Policies and Procedures - Checklist
Phishing Attacks and Identity Theft
Hidden Frames, URL Obfuscation/URL Encoding Techniques
DNS Cache Poisoning Attack

---

Lesson 10: Session Hijacking
Types of Session Hijacking
TCP Concepts 3-Way Handshake
TCP/IP Hijacking, RST Hijacking
Protecting against Session Hijacking
Countermeasure: IP Security

---

Lesson 11: Hacking Web Servers
How Web Servers Work, are compromised and defaced
Apache Vulnerability
Attacks Against IIS
Countermeasures
File System Traversal Countermeasures
Increasing Web Server Security
Web Server Protection Checklist

---

Lesson 12: Web Application Vulnerabilities
Web Application Setup & Hacking
Web Application Threats
Cross-Site Scripting/XSS Flaws, Countermeasures
SQL Injection
Command Injection Flaws, Countermeasures
Cookie/Session Poisoning, Countermeasures
Parameter/Form Tampering
Buffer Overflow, Countermeasures
Directory Traversal/Forceful Browsing, Countermeasures
Cryptographic Interception
Cookie Snooping
Authentication Hijacking, Countermeasures
Log Tampering
Error Message Interception
Attack Obfuscation
Platform Exploits
DMZ Protocol Attacks, Countermeasures
Security Management Exploits
Web Services Attacks
Zero-Day Attacks
Network Access Attacks
TCP Fragmentation

---

Lesson 13: Web-based Password Cracking Techniques
Authentication Mechanisms
Passwords
Countermeasures

---

Lesson 14: SQL Injection
SQL Injection Techniques
How to Test for SQL Injection Vulnerability?
Executing Operating System Commands
Getting Output of SQL Query
Getting Data from the Database Using ODBC Error Message
How to Mine all Column Names of a Table?
How to Retrieve any Data?
How to Update/Insert Data into Database?
Automated SQL Injection Tool
SQL Injection in Oracle
SQL Injection in MySql Database
Attack against SQL Servers
SQL Server Resolution Service (SSRS)
Osql L- Probing
SQL Injection Countermeasures
Preventing SQL Injection Attacks
SQL Injection Blocking Tool: SQLBlock

---

Lesson 15: Hacking Wireless Networks
Types of Wireless Networks
Wireless Access Points
SSID
Beacon Frames
How to Access a WLAN
Authentication and Association, Authentication Modes
Authentication and (Dis)Association Attacks
Rogue Access Points
WEP, WPA, and WPA2
Steps for Hacking Wireless Networks
Temporal Key Integrity Protocol (TKIP)
LEAP: The Lightweight Extensible Authentication Protocol
MAC Sniffing and AP Spoofing
Man-in-the-Middle Attack (MITM)
Denial-of-Service Attacks
Dos Attack Tool: Fatajack

---

Lesson 16: Virus and Worms
Working of Virus
How is a Worm different from a Virus?
Hardware Threats, Software Threats
Modes of Virus Infection
Stages of Virus Life
Virus Classification
How does a Virus Infect?
Storage Patterns of a Virus
System Sector Viruses, Stealth Virus, Bootable CD-ROM Virus
Virus Databases

---

Lesson 17: Physical Security
Physical Security Breach Incidents
Understanding Physical Security
What Is the Need for Physical Security?
Who Is Accountable for Physical Security?
Factors Affecting Physical Security
Physical Security Checklist
Information Security
EPS (Electronic Physical Security)
Wireless Security
Blocking the Use of USB Storage Devices

---

Lesson 18: Linux Hacking
Linux Distributions
Basic Commands of Linux
Directories in Linux
Compiling the Linux Kernel
Linux Vulnerabilities
Password Cracking in Linux
Firewall in Linux: IPTables
Linux Loadable Kernel Modules
Linux Rootkits, Rootkit Countermeasures
Linux Security Countermeasures
Steps for Hardening Linux

---

Lesson 19: Evading IDS, Firewalls, and Honeypots
Intrusion Detection System (IDS)
IDS Placement
Ways to Detect an Intrusion
Types of Intrusion Detection Systems
System Integrity Verifiers (SIV)
Tripwire
Cisco Security Agent (CSA)
Signature Analysis
General Indications of Intrusion System Indications
General Indications of Intrusion File System Indications
General Indications of Intrusion Network Indications
Intrusion Detection Tools
Steps to Perform After an IDS Detects an Attack
Evading IDS Systems
Ways to Evade IDS
Tools to Evade IDS
IDS Evading Tool: ADMutate
Packet Generators
Firewall
Packet Filtering
Firewall Operations
Hardware Firewall
Software Firewall
Types of Firewalls
Firewall Identification
Firewalking
Banner Grabbing
Breaching Firewalls
Bypassing a Firewall Using HTTP Tunnel
Placing Backdoors Through Firewalls
Hiding behind a Covert Channel: LOKI
ACK Tunneling
Tools to Breach Firewalls
Common Tool for Testing Firewall & IDS
Honeypot
Types of Honeypots
Advantages and Disadvantages of a Honeypot
Where to Place a Honeypot ?
Physical and Virtual Honeypots
Tools to Detect Honeypots
What to do When Hacked?

---

Lesson 20: Buffer Overflows
Knowledge Required to Program Buffer Overflow Exploits
Types of Buffer Overflows
How to Detect Buffer Overflows in a Program
Attacking a Real Program
NOPS
How to Mutate a Buffer Overflow Exploit
Defense Against Buffer Overflows
Tool to Defend Buffer Overflow
Vulnerability Search – ICAT
Simple Buffer Overflow in C
Code Analysis

---

Lesson 21: Cryptography
Public-key Cryptography
Working of Encryption
Digital Signature
RSA (Rivest Shamir Adleman)
RC4, RC5, RC6, Blowfish
Algorithms and Security
Brute-Force Attack
RSA Attacks
Message Digest Functions
One-way Bash Functions
MD5
SHA (Secure Hash Algorithm)
SSL (Secure Sockets Layer)
RC5
SSH (Secure Shell)
Government Access to Keys (GAK)
RSA Challenge
Distributed.net
Cleversafe Grid Builder
PGP (Pretty Good Privacy)
Code Breaking: Methodologies
Cryptography Attacks
Disk Encryption

---

Lesson 22: Penetration Testing
Introduction to Penetration Testing
Categories of Security Assessments
Vulnerability Assessment
Limitations of Vulnerability Assessment
Types of Penetration Testing
Risk Management
Do-it-Yourself Testing
Outsourcing Penetration Testing Services
Terms of Engagement
Project Scope
Pentest Service Level Agreements
Testing Points
Testing Locations
Automated Testing
Manual Testing
Using DNS Domain Name and IP Address Information
Enumerating Information about Hosts on Publicly-Available Networks
Testing Network-Filtering Devices
Enumerating Devices
Denial of Service Emulation
Evaluating Different Types of Pentest Tools
Asset Audit
Fault Trees and Attack Trees
GAP Analysis
Business Impact of Threat
Calculating Relative Criticality
Test Dependencies
Defect Tracking Tools
Disk Replication Tools
DNS Zone Transfer Testing Tools
Network Auditing Tools
Trace Route Tools and Services
Network Sniffing Tools
Denial-of-Service Emulation Tools
Traditional Load Testing Tools
System Software Assessment Tools
Operating System Protection Tools
Fingerprinting Tools
Port Scanning Tools
Directory and File Access Control Tools
File Share Scanning Tools
Password Directories
Password Guessing Tools
Link Checking Tools
Web Testing-based Scripting Tools
Buffer Overflow Protection Tools
File Encryption Tools
Database Assessment Tools
Keyboard Logging and Screen Reordering Tools
System Event Logging and Reviewing Tools
Tripwire and Checksum Tools
Mobile-Code Scanning Tools
Centralized Security Monitoring Tools
Web Log Analysis Tools
Forensic Data and Collection Tools
Security Assessment Tools
Multiple OS Management Tools
Phases of Penetration Testing
Penetration Testing Deliverables Templates