Page 1

EC-Council

EC-Council

Countermeasures Ethical Hacking and Hacking Ethical http://www.eccouncil.org http://www.eccouncil.org http://www.eccouncil.org Page 2 etfe tia Hacker Ethical Certified CEH

TM EC-Council Page 3 EC-Council ng ...... Page 178 Page ng ......

CEHv6 Exam Objectives ...... Page 193 Page ...... Objectives CEHv6 Exam Module Briefi Module CEHv6 Labs ...... Page 162 Page CEHv6 Labs ...... Classroom Lecture Hours ...... Page 159 Page ...... Hours Lecture Classroom Course Outline ...... Page 10 Page ...... Course Outline CEH Training Program ...... Page 9 Page ...... Program Training CEH CEHv6 Fact Sheet ...... Page 5 Page ...... Sheet CEHv6 Fact What is New in CEHv6? ...... Page 4 Page in CEHv6? ...... What is New Table of Contents Table http://www.eccouncil.org http://www.eccouncil.org Page 4 Master theHackingTechnologies. Lets’ Stop Menace. theHackers Become aCEH. EC-Council Page 5 EC-Council 2009. rd . The passing score is 70% The passing score . cation changes? cation CEH v6 Fact Sheet v6 Fact CEH ed for CEHv5 required to retake CEH v6 exam? to retake ed for CEHv5 required 150 questions with 4 hours 2008. The old CEHv5 exam will still be available until June 3 until June The old CEHv5 exam will still be available 2008. th ow of the content is the same except each module is refreshed with more content. more with each module is refreshed is the same except of the content ow No. For ECE credits, please visit http://www.eccouncil.org/ece.htm credits, ECE For No. 5. Will the users who are certifi the users who are Will 5. The exam will be 4. What is the duration of the exam? 4. The updated CEH v6 will cost USD 250. The updated CEH v6 will cost USD 3. How much will the new exam cost? 3. How The CEHv6 exam will be available at Prometric Prime, Prometric APTC and VUC Centers on and APTC Prometric Prime, Prometric at The CEHv6 exam will be available 5 November 2. Are there accompanying certifi there 2. Are The slides are updated to make them more presentable. There are over 67 modules in CEHv6. 67 modules over are There presentable. to make them more updated The slides are There are advanced modules added to the curriculum like Writing Windows Exploits, Reverse Reverse Exploits, Windows Writing to the curriculum like modules added advanced are There Skills. Writing Virus Advanced and Hacking Covert Engineering, 1. What is the nature of the course change? the nature What is 1. updated with tons of newCEHv6 has been hacking tools, new techniques and methodologies. hacking The fl http://www.eccouncil.org http://www.eccouncil.org Page 6 as amalicioushacker. knows how tolookfortheweaknesses andvulnerabilities intargetsystemsandusesthesameknowledge andtools integrity ofthenetwork infrastructure. ACertifi security offi vendor-neutral perspective. The Certifi The CEHProgram certifi organization, itislegal. pointisthatanEthicalThe mostimportant Hacker hasauthorizationtoprobe thetarget. and mostothercountries. When itisdoneby request andunderacontractbetween anEthical Hacker andan networks and/or computersystemsusingthesamemethodsasaHacker. Hacking isafelonyintheUnited States who isusuallyemployed anattempttopenetrate toundertake withtheorganizationandwhocanbetrusted The defi In otherwords, theymustpenetratetheirnetworks andassessthesecurityposture forvulnerabilitiesandexposure. information assets,theymustadopttheapproach of‘defense indepth’. not ensure thesecurityproofi If hackinginvolves creativity andthinking‘out-of-the-box’, thenvulnerabilitytestingandsecurityauditswill technology increasingly, informationassetshave evolved intocriticalcomponentsofsurvival. tocatchathief, bypractice oftrying thinkinglikeathief. Astechnologyadvances andorganizationdependon attacking thesystemhimself;allwhilestayingwithinlegallimits. This philosophystemsfrom theproven The goaloftheethicalhackeristohelporganizationtakepreemptive measures againstmaliciousattacksby and completelyerasetheirtrackswithin20minutes. widespread, butisbeingexecuted sofl Computers around theworldare systematicallybeingvictimized by rampanthacking. This hackingisnotonly Hackers nition ofanEthical similartoaPenetration Hacker isvery Tester. The Ethical Hacker isanindividual cers, auditors,securityprofessionals, siteadministrators,andanyone whoisconcerned aboutthe es individualsinthespecifi ng ofanorganization. To ensure thatorganizationshave adequatelyprotected their arehere.Whereyou? awlessly that the attackers compromise a system, steal everything ofvalueawlessly thattheattackerscompromise asystem,stealeverything ed Ethical Hacker certifi ed Ethical Hacker isaskilledprofessional whounderstandsand c network securitydisciplineofEthical Hacking from a cation will fortify theapplicationknowledgecation willfortify of EC-Council Page 7 EC-Council cation. site administrators, and cers, auditors, security professionals, ed Ethical Hacker exam 312-50 Hacker ed Ethical ows and Virus Creation. When a student leaves this intensive 5 day intensive this When a student leaves Creation. Virus and ows cation exam 312-50 will be conducted on the last day of training. Students cation exam 312-50 will be conducted on the last day of training. Students t security offi cantly benefi cantly ed Ethical Hacker certifi Hacker ed Ethical cation: anyone who is concerned about the integrity of the network infrastructure. who is concerned about the integrity of the network anyone Not anyone can be a student — the Accredited Training Centers (ATC) will make sure the applicants work for the applicants work will make sure (ATC) Centers Training student — the Accredited can be a anyone Not legitimate companies. Ethical Hacking and Countermeasures course mission is to educate, introduce and demonstrate hacking tools for and demonstrate course mission is to educate, introduce and Countermeasures Hacking Ethical stating an agreement will be asked to sign this course, you to attending Prior penetration testing purposes only. will not use such tools in an and you skills for illegal or malicious attacks will not use the newly acquired that you to the use or misuse of any computer system, and to indemnify EC-Council with respect attempt to compromise intent. of these tools, regardless Legal Agreement: Certifi The Certifi Duration: 5 days (9:00 – 5:00) This course will signifi This course prepares you for EC-Council Certifi you This course prepares Attend Who Should class they will have hands on understanding and experience in Ethical Hacking. in Ethical on understanding and experience hands class they will have Students will begin by understanding how perimeter defenses work and then be lead into scanning and attacking and then be lead into scanning defenses work perimeter understanding how will begin by Students intruders escalate privileges and what then learn how is harmed. Students network no real networks, their own Social Creation, Policy Detection, will also learn about Intrusion Students a system. to secure steps can be taken Overfl Buffer Attacks, DDoS Engineering, each student in-depth knowledge and practical experience with the current essential security systems. the current and practical experience with knowledge each student in-depth Course Description: Course test, to scan, how they will be shown where environment the student into an interactive This class will immerse gives environment The lab intensive systems. their own hack and secure Ethical Hacking and Countermeasures Training Program Training Countermeasures and Hacking Ethical need to pass the online Prometric exam to receive CEH certifi exam to receive need to pass the online Prometric http://www.eccouncil.org http://www.eccouncil.org Page 8 Module 1:Introduction toEthical Hacking Ethical Hacker Classes Security News: Suicide Hacker Hacker Classes Hacktivism o o o o Types ofHacker Attacks o o o o o What doesaMalicious Hacker do? Case Study The Security, Functionality andEaseofUse Triangle Elements ofSecurity Essential Terminologies Problem Defi Misconfi Shrink Wrap codeattacks Application-level attacks Operating System attacks Phase5-Covering Tracks Phase4-Maintaining Access Phase3-Gaining Access Phase2-Scanning Phase1-Reconnaissaance • nition -WhySecurity? guration attacks Reconnaissance Types Course Outline v6 EC-Council Page 9 EC-Council National Vulnerability Database (nvd.nist.gov) Database Vulnerability National (www.securitytracker.com) Securitytracker (www.securiteam.com) Securiteam (www.secunia.com) Secunia (www.hackerstrom.com) Tool Database Vulnerability Hackerstorm (www.hackerwatch.org) HackerWatch MILWORM • • • • • • • le of an Ethical Hacker le of an Ethical Why Hackers Need Vulnerability Research Vulnerability Need Why Hackers Tools Research Vulnerability Websites Research Vulnerability U.S. Securely Protect Yourself Against Cyber Trespass Act (SPY ACT) Act Trespass Against Cyber Yourself Protect U.S. Securely Law) (U.S. Federal Legal Perspective What do Ethical Hackers do Hackers do Ethical What be Ethical Can Hacking Hacker become an Ethical to How Profi Skill Research Vulnerability What is o o o Hacking to Conduct Ethical How It About Go They Do How Hacking to Ethical Approaches Testing Hacking Ethical Deliverables Hacking Ethical and Implications Computer Crimes Module 2: Hacking Laws 2: Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 10 Belgium Law Singapore’s Cyber Laws Germany’s Cyber Laws Argentina Laws Indian Law: THE INFORMTION TECHNOLOGY ACT Australia : The Cybercrime Act 2001 Japan’s Cyber Laws European Laws United Kingdom:Police andJustice Act 2006 United Kingdom’s Cyber Laws USA Patriot Act of2001 The Privacy Act Of 19745U.S.C.§552a Federal Information Security Management Act (FISMA) The Freedom ofInformation Act 5U.S.C.§552 Federal Managers Financial Integrity Act of1982 o o o o o o o o o o Indiana: Florida: Washington: 47 U.S.C.§605,unauthorized publicationoruseofcommunications 18 U.S.C.§1831 18 U.S.C.§2320 18 U.S.C.§2318 18 U.S.C.§1362 18 U.S.C.§1030 18 U.S.C.§1029 • • • • • IC 35-43 § 815.01to815.07 RCW 9A.52.110 Penalties Penalties EC-Council Page 11 EC-Council www.archive.org Finding Company’s URL Company’s Finding URL Internal Website of a Archive Extracting Info for Company’s Search Google THE COMPUTER CRIMES ACT 1997 CRIMES ACT THE COMPUTER

• • • • Unearthing Initial Information Initial Unearthing ning Footprinting ning Revisiting Reconnaissance Revisiting Defi Necessary Why is Footprinting Seek which Attackers and Information Areas Methodology Gathering Information o Brazilian Laws Brazilian Laws Canadian Laws France Laws German Laws Italian MALAYSIA: HONGKONG: TELECOMMUNICATIONS TELECOMMUNICATIONS HONGKONG: Korea: Laws Greece Laws Denmark Laws Netherlands Norway ORDINANCE Mexico SWITZERLAND Module 3: Footprinting Module http://www.eccouncil.org http://www.eccouncil.org Page 12 • • • • • Public andPrivate Websites Competitive Intelligence Gathering Passive Information Gathering Footprinting through Job Sites People Search Competitive Intelligence Tool: Web Investigator Intelligence Tool:Competitive Trellian Competitive Intelligence - Who Are The LeadingCompetitors? Competitive Intelligence - What Does Opinion Expert Say About The Company Competitive Intelligence - What Are This Company'sPlans Competitive Intelligence - Who Leads This Company Competitive Intelligence - When Did This CompanyBegin? How Did It Develop? CI Center Carratu International Companies Providing Competitive Intelligence Services Competitive Intelligence Resource Why Do You Need Competitive Intelligence? Yahoo Finance Google Finance Anacubis Switchboard People-Search-America.com Best PeopleSearch Satellite Picture ofaResidence Yahoo People Search EC-Council Page 13 EC-Council Types of DNS Records Types Sensepost Footprint Tools Footprint Sensepost Brother Big Suite BiLE Tool Alchemy Network Tool Administrative Advanced IP Suite My Tool Footprinting Wikto Whois Lookup Whois SmartWhois ActiveWhois LanWhois CountryWhois WhereIsIP Ip2country CallerIP Tool Extractor Data Web Tools Whois Online What is MyIP • DNS Enumerator SpiderFoot Nslookup DNS Information Extract Footprinting Tools Footprinting o o o o o o o o o o o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 14 o o o o o o o o o o Locate theNetwork Range Reggie Domain Status Reporter Domain Research Tool (DRT) Mozzle Domain Name Pro MSR Strider URL Tracer DomainInspect Domain Name Analyzer DomainKing Expired Domains • • • • • • • • • • • • • • Read Notify eMailTrackerPro VisualRoute Mail Tracker Touchgraph Prefi Layer Four Traceroute Maltego Path Analyzer Pro VisualRoute Trace NeoTrace 3D Traceroute Traceroute ARIN Necrosoft Advanced DIG x WhoIs widget Traceroute Analysis EC-Council Page 15 EC-Council c Directories Directories c E-mail Address Spider E-mail Address st ts to Fraudster Power E-mail Collector Tool E-mail Collector Power GEOSpider Tool Footprinting Geowhere EarthGoogle Engine Kartoo Search Engine) Search (Meta Dogpile WebFerret Tool: robots.txt The Ripper Web WTR - Watcher Website Locating Directory Listings Locating Directory Specifi Finding 1 o o o o o o o o o o Login Pages Fake to Create Steps Login Pages Fake to Create How Kit Phishing using Man-in-the-Middle Websites Faking Benefi Footprinting to Perform Steps What is Google hacking What is Google What a hacker can do with vulnerable site Anonymity with Caches Server as a Proxy Google Using Listings Directory o o E-Mail Spiders E-Mail o Module 4: Google Hacking 4: Google Module http://www.eccouncil.org http://www.eccouncil.org Page 16 o o o Locating Vulnerable Targets o Locating Public Exploit Sites intranet |help.desk inurl:temp |inurl:tmpinurl:backupinurl:bak –ext:html –ext:htm–ext:shtml–ext:asp–ext:php o admin |administrator password |passcode“your password is” username |useridemployee.ID |“your usernameis” login |logon error |warning intitle:index.of Site Operator Extension Walking o o Going Out onaLimb: Traversal Techniques o o Locating Targets Via CGIScanning Locating Targets Via Source Code Locating Targets Via Demonstration Pages Locating Exploits Via CommonCodeStrings admin login Incremental Substitution Directory Traversal Server Versioning Finding Specifi • • • • Vulnerable Web Application Examples “Powered by” Tags Fodder Are CommonQuery forFinding Web Applications Locating Source CodewithCommonStrings Searching forExploit CodewithNonstandard Extensions c Files EC-Council Page 17 EC-Council A Single CGI Scan-Style Query Scan-Style CGI A Single Pages 2.0 Error Apache • • Finding IIS 5.0 Servers IIS 5.0 Finding Titles Page IIS HTTP/1.1 Error IIS 5.0 to Find Used Message Error Found” Not “Object Server Web Apache Details Dangerous Provide ASP Dumps and Filenames Pathnames Reveal Errors Many Lots of Information Listings Reveal CGI Environment Page Web Default Apache Typical A NT 4.0/OP Windows of IIS 4.0 on Installations Locating Default Server Web Query for Pages Default Portal Default Access Web Outlook Passwords Can Reveal Registry Entries Windows and Hostnames! Cleartext Passwords, Usernames, Directory Listings Directory o Messages Error Software Server Web o o o Messages Error Software Application o o o Pages Default o o o o for Passwords Searching o o (GHDB) Database Hacking Google Tool SiteDigger Gooscan Scanner Goolink Scanner Goolag http://www.eccouncil.org http://www.eccouncil.org Page 18 Module 5:Scanning o o o CEH ScanningMethodology Objectives ofScanning Types ofScanning Scanning: Defi Google Cartography Google Protocol Google Hack Honeypot Tool: Google Hacks Stealth Scan Syn Stealth/Half Open Scan Checking forlive systems-ICMPScanning • • • • • • • • • • • • nition Three WayHandshake TCP CommunicationFlags NMAP Output Format NMAP ScanOptions Nmap: ScanMethods Nmap Firewalk Output Firewalk Commands Firewalk Tool Ping Sweep HPing2 IP Angry EC-Council Page 19 EC-Council Ftp Bounce Attack • Xmas Scan Xmas Scan Fin Scan Null Scan Idle Scan Scanning/List ICMP Echo Scan Open Connect/Full TCP FTP Bounce Scan IP Fragments Using SYN/FIN Scanning UDP Scanning Scanning Ident Reverse RPC Scan Scan Window Scan Blaster Strobe Plus, Portscan Scan IPSec Pro Tools Netscan WUPS – UDP Scanner Superscan IPScanner Scanner Inventory Network Global Pack Suite Tools Net Scan Floppy Steps FloppyScan of FloppyScan E-mail Results o o o o o o o o o o o o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 20 o o o o o o o o o o o o o o o o o o o o o o o o o Port Detective Antiy Ports WotWeb Advanced Serial Port Monitor Advanced Serial Data Logger Active Network Monitor Advanced IPScanner OstroSoft Internet Tools AUTAPF SolarWinds Engineer’s Toolset NetBruteScanner LANView HoverIP LanSpy MegaPing P-Ping Tools NetGadgets NetworkActiv Scanner Advanced Port Scanner YAPS: Yet AnotherPort Scanner Infi ike-scan IPEye Atelier Web Security Port Scanner(AWSPS) Atelier WebPorts Traffi ltrator Network Security Scanner c Analyzer (AWPTA) EC-Council Page 21 EC-Council Active Stack Fingerprinting Stack Active Fingerprinting Passive Xprobe2 Ringv2 Netcraft • • • • • Roadkil’s Detector Roadkil’s Explorer Storage Portable Dialing Why War Wardialing Tool Dialing War – Phonesweep THC Scan ToneLoc ModemScan Tool Sandtrap Countermeasures: Dialing War OS Fingerprinting Telnet Using Grabbing Banner Active GET REQUESTS Tool Grabbing P0f – Banner Windows p0f for Tool Grabbing Httprint Banner HTTP Miart Header Tool: Fingerprinting Stack for Active Tools or Changing Banner Disabling o o Technique Dialer War o o o o o o o Grabbing Banner o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 22 o o o o o Draw Network Diagrams of Vulnerable Hosts o o o o o o o o o o o Vulnerability Scanning o o o o LANState Ipsonar LANsurveyor Friendly Pinger Cheops NIKTO PacketTrap’s pt360 Tool Suite Nagios Retina Security Administrator’s Tool forAnalyzingNetworks (SATAN) GFI Languard Nessus ISS Security Scanner SAINT Qualys Web Based Scanner Bidiblah Automated Scanner Tool: PageXchanger Hiding File Extensions Tool: ServerMask IIS Lockdown Tool IPCheck Server Monitor Insightix Visibility SAFEsuite Internet Scanner, IdentTCPScan EC-Council Page 23 EC-Council ng: Browzar ng: c Grapher c ng Anonymously ng Surfi Anonymizer Primedius StealthSurfer Anonymous Surfi Browser Torpark GetAnonymous IP Privacy (A4Proxy) Anonymity 4 Proxy Psiphon Psiphon Connectivity Using AnalogX Proxy • • • • • • • • • • • PRTG Traffi PRTG Proxy Servers Proxy Servers Proxy Free for Attack of Proxies Use SocksChain Workbench Proxy Tool Proxymanager Tool Helper Proxy Super Based) (Proxy Tool Browser Happy Multiproxy Chaining Software Proxy Tor Tools Proxy Additional Anonymizers Preparing Proxies Preparing o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 24 Module 6:Enumeration What isEnumeration? ofSystem HackingOverview Cycle Tool: SentryPC Scanning Countermeasures o o o o o Spoofi Tunneling HTTP Techniques How toRun SSLProxy SSL Proxy Tool Google Cookies ng IPAddress • • • • • • • • • • • • • • Despoof Tool Detection ofIPSpoofi Spoofi HTTPort HTTP-Tunnel How toRun Httptunnel Httptunnel for Windows Why Do INeed HTTP Tunneling G-Zapper Proxomitron JAP ProxySwitcher Lite Proxy+ NetProxy ng IPAddress Using Source Routing ng EC-Council Page 25 EC-Council Nbtstat Enumeration Tool Nbtstat Enumeration SuperScan Tool Enum GetAcct • • • • Enumerating User Accounts User Enumerating Countermeasure Session Null So What’s the Big Deal the Big What’s So Tool DumpSec Netview Using Enumeration NetBIOS o o PsExec PsFile PsGetSid PsKill PsInfo PsList On PsLogged PsLogList PsPasswd PsService PsShutdown PsSuspend Techniques for Enumeration Techniques Sessions Null NetBIOS o o o PS Tools o o o o o o o o o o o o (SNMP) Enumeration Protocol Management Network Simple http://www.eccouncil.org http://www.eccouncil.org Page 26 o o o o o o o o Tools: Enumerate Systems Using Default Password IP ToolsScanner How To Enumerate Web Application Directories inIISUsing DirectoryServices o Winfi o o Web enumeration o SMTP enumeration NTP enumeration o o o LDAP enumeration o o o o o o o o FREENETENUMERATOR NetViewX NBTScan Windows Active Directory Attack Tool Lynx Asnumber Smtpscan Softerra LDAPBrowser LdapMiner JXplorer SNMP Enumeration Countermeasures SNMP UNIXEnumeration UNIX Enumeration Getif SNMP MIBBrowser SNScan SolarWinds SNMPutil Example Management Information Base (MIB) ngerprint EC-Council Page 27 EC-Council ng Attack Attack

Brute force Attack force Brute Hashes Pre-computed attacks Hybrid Attack/ Attack/Rule-based Syllable Attack network Distributed Rainbow ine Attacks ine http://www.defaultpassword.com/ http://www.cirt.net/cgi-bin/passwd.pl http://www.virus.org/index.php? Passive Online Attack: Wire Sniffi Wire Attack: Online Passive attacks and replay Man-in-the-middle Attack: Online Passive Guessing Password Attack: Online Active Offl Attacks Non-Technical • • • • • CEH hacking Cycle Default Password Database Password Default Password Types Password Attack of Password Types Terminal Service Agent Terminal TXNDS Unicornscan Amap Netenum o Part 1- Cracking Password 1- Cracking Part o o o o o o o o Enumeration to Perform Steps Module 7: System Hacking 7: System Module http://www.eccouncil.org http://www.eccouncil.org Page 28 o o o o o o o Microsoft Authentication Performing Automated Password Guessing Administrator Password Guessing Permanent Account Lockout-Employee Privilege Abuse Password Mitigation Abcom PDFPassword Cracker PDF Password Cracker • • • • • • • • • • • • • • • • NetBIOS DoS Attack Hacking Tool:NBTDeputy Hacking Tool:KerbCrack Tool: Rainbowcrack PWdump2 andPwdump3 Salting ManagerWhat isLAN Hash? Kerberos Authentication NTLM AndLMAuthentication On The Wire LM, NTLMv1,andNTLMv2 Hacking Tool:LOphtcrack SmbCrack Tool:Legion Smbbf (SMBPassive Brute Force Tool) Tool: NAT Automatic Password Cracking Algorithm Manual Password crackingAlgorithm LM Hash LM “Hash” Generation EC-Council Page 29 EC-Council ng Hacking Tool: John the Ripper John Tool: Hacking • Password Sniffi Password Credentials? SMB Sniff to How Attacks SMB Replay SMBProxy Tool: Attack Replay SMB Signing LCP Tool: SID&User Tool: 2 Ophcrack Tool: Crack Tool: PassView Access Tool: Asterisk Logger Tool: Generator CHAOS Tool: Asterisk Key Tool: Decoder Password Database MS Access Tool: Recovery Password Countermeasures Cracking Password Database in SAM Hash LAN Manager Store Not Do Compatibility Backward LM Hash LM HASH to Disable How Tool Estimate Brute-Force Password Utility Syskey AccountAudit Cycle CEH Hacking Escalation Privilege o o o o o o o o o o o o o o o o o o o o o Privileges Part2-Escalating o o http://www.eccouncil.org http://www.eccouncil.org Page 30 o o o o o o o o o o o o o o o o o o o Part3-Executing applications o o IKS Software Keylogger SpyToctor FTPKeylogger Actual Spy Invisible Keylogger Perfect Keylogger Spy-Keylogger Quick Keylogger Powered Keylogger Ardamax Keylogger Handy Keylogger Revealer Keylogger Pro E-mail Keylogger Keystroke Loggers Emsa FlexInfo Pro Tool: AlchemyRemote Executor Ras NMap Tool: remoexec Tool: psexec CEH Hacking Cycle o Active@ Password Changer Cracking NT/2000 passwords Privilege Escalation Tool: x.exe • • Change Recovery ConsolePassword -Method 2 Change Recovery ConsolePassword -Method 1 EC-Council Page 31 EC-Council Ghost Keylogger Ghost Logger Key Hardware Tool: Hacking What is Spyware? Spector Spyware: Spy Remote Agent Spy Tech Spy Software 007 Spy Buddy Spy Spy Ace Spy Keystroke Monitor Activity eBlaster Tool: Hacking Recorder Voice Stealth Keylogger Stealth Logger Website Stealth Video Surveillance Watcher Digi Program Capture Screen Spy Desktop Spy Telephone Tool Spy Monitor Print Redirector E-Mail Stealth Professional Wiretap Software: Spy FlexiSpy Software: Spy PC PhoneHome Countermeasures Keylogger Anti Keylogger o o o o o o o o o o o o o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 32 o o o o o o o o o Part4-Hiding fi WinCleaner AntiSpyware Spyware Terminator Spy Sweeper Spy Hunter -Spyware Remover Privacy Keyboard Advanced AntiKeylogger RootKits Hiding Files CEH Hacking Cycle • • • • • • • • • • • • • • • les RootkitRevealer Patchfi Rootkit Countermeasures Rootkit: Vanquish Rootkit: Nuclear AFX Rootkit Rootkit: Fu Sony Rootkit CaseStudy Rootkit Detection Tools Steps forDetecting Rootkits Detecting Rootkits Rootkits inLinux Planting theNT/2000Rootkit Hacking Tool: NT/2000Rootkit Why rootkits nder EC-Council Page 33 EC-Council les les cant Bit Insertion in Image fi in Image Insertion Bit cant Algorithms and transformation Process of Hiding Information in Image Files in Image Information of Hiding Process fi in Image and Filtering Masking Least Signifi Streams Merge Tool: Folders Invisible Secrets Invisible Tool: Hide : Image Tool Files Stealth Tool: Steganography Tool: Tool Steganography Masker Stego Hermetic System an Operating DCPP – Hide Camera/Shy Tool: www.spammimic.com Mp3Stego Tool: Snow.exe Tool: NTFS Stream Manipulation NTFS Stream Countermeasures NTFS Streams Tools) and ADS (ADS Spy Detectors NTFS Stream USB Dumper Tool: Hacking Techniques Steganography • • • • • • • • • • • • • • • • • • What is Steganography? Creating Alternate Data Streams Alternate Data Creating NTFS Streams? Create to How o o o http://www.eccouncil.org http://www.eccouncil.org Page 34 • • • • • • • • • • • • • • • • • • • • • • • • • SIDS Stegdetect Steganalysis Methods/Attacks onSteganography Steganalysis Case Study: Al-Qaida membersDistributing Propaganda to Volunteers usingSteganography Video Steganography FoxHole Isosteg C Steganography Steganos Security Suite Tool: Stegomagic Tool: StegoNote Tool: Cloak Tool: Hydan Tool: Data Stash Tool: OutGuess Tool: wbStego Tool: JPHIDE andJPSEEK Tool: Gifshuffl Steganography Tool: Pretty Good Envelop Tool: Steganos Steganography Tool:Steghide Steganography Tool:S- Tools Steganography Tool:Blindside Steganography Tool: Fort Knox e EC-Council Page 35 EC-Council Remote Access Trojans Trojans Access Remote High-Level View High-Level dskprobe.exe Tool: Tool Detection Stego Watch- Stego StegSpy • • • • CEH Hacking Cycle CEH Hacking Tracks Covering Auditing Disabling Log Clearing the Event elsave.exe Tool: Winzapper Tool: Hacking Eliminator Evidence Traceless Tool: Pro Eraser Tracks Tool: Armor Tools ZeroTracks Tool: PhatBooster Overt and Covert Channels Overt and Covert Trojans of Working of Trojans Types Different Part5-Covering Tracks Part5-Covering o o o o o o o o o o o o Effect on Business Effect Trojan? What is a o o o Module 8: Trojans and Backdoors Trojans 8: Module http://www.eccouncil.org http://www.eccouncil.org Page 36 o o o Trojans o Ports Used by Trojans Indications ofa Trojan Attack o o o o o o o o o o o o Different Ways a Trojan canGet intoaSystem What do Trojan Creators Lookfor? Tetris Defacing Application: Restorator Tool: Icon Plus RemoteByMail Packaging Tool:WordPad One Exe Maker / YAB /Pretator Wrappers Wrapping Tools Wrapper Covert Program Wrappers SARS TrojanNotifi Proxy Server Trojan MoSucker Trojan Trojan: iCmd How toDetermine whichPorts are Listening Security Software Disablers FTP Trojans Proxy Trojans Denial-of-Service (DoS) Attack Trojans Destructive Trojans Data-Sending Trojans cation EC-Council Page 37 EC-Council HTTP Trojans Http through Attack Trojan (HTTP RAT) Trojan HTTP - HTTP Server Trojan Shttpd Trojans Connecting Reverse Connecting) (Reverse Trojan RAT Nuclear Trojan Destructive BadLuck Tool: ICMP Tunneling Trojan ICMP Backdoor Trojan QAZ by Hacked Network Microsoft (AVP) Backdoor.Theef T2W (TrojanToWorm) RAT Biorante DownTroj Turkojan Trojan.Satellite-RAT Yakoza B4 DarkLabel Trojan.Hav-Rat Ivy Poison Rapid Hacker SharK HackerzRat TYO Trojan 1337 Fun o o o o o o o o o o o o o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 38 o o o o o o o o o o o o o o o o o o o o o o Classic Trojans Found inthe Wild o o Net-Devil DaCryptic Girl Dark ProRat Troya Biohazard RAT Skiddie Rat DJI RAT Webcam Trojan VNC Trojan FTP Trojan- TinyFTPD ZombieRat ConsoleDevil SINner RubyRAT Public Mhacker-PS AceRat OD Client ProAgent Optix PRO VicSpy Criminal Rat Beta Trojan: NetBus Trojan: Tini EC-Council Page 39 EC-Council

ce 2000 ce ce ce Plug-ins ce Trojan: RECUB Trojan: Trojan: Netcat Trojan: Client/Server Netcat Commands Netcat Beast Trojan: Phatbot Trojan: Amitis Trojan: Spy Senna Trojan: QAZ Trojan: Orifi Back Trojan: Trojan: Back Oriffi Back Trojan: Back Oriffi Back SubSeven Trojan: Trojan Telnet CyberSpy Trojan: Trojan Telnet Subroot Trojan: 9 2.0 BETA Rule! Let Me Trojan: Dick Donald Trojan: o Netstat fPort TCPView o o o o o o o o o o o o o o o o Loki Tool: Hacking Loki Countermeasures Commander Remote Web Atelier Construction Kit Horse Trojan Trojans? to Detect How o o o http://www.eccouncil.org http://www.eccouncil.org Page 40 Microsoft WindowsDefender MD5 Checksum.exe System File Verifi Tripwire Backdoor Countermeasures Evading Anti-Trojan/Anti-Virus using Stealth Tools Sample Codefor Trojan Client/Server Evading Anti-Virus Techniques SPYWAREfi Trojan Remover: Spyware Doctor Trojan Remover: XoftspySE Comodo BOClean TrojanHunter Anti-Trojan Software o o o o o o o o o o o o Startup List Checker) (System Hijack This Autoruns What’sRegistry- Running MS Confi Tool: What’sRunning Inzider-Tracks Processes andPorts Super System Helper Tool Check forRunning Processes: What’s onMy Computer Delete Suspicious Device Drivers Process Viewer CurrPorts Tool ghter guration Utility cation EC-Council Page 41 EC-Council cation Mode of Virus Infection Virus of Mode Infection Phase Infection Phase Attack virus Sector System Virus Stealth Virus Bootable CD-Rom How to Avoid a Trojan Infection Trojan a Avoid to How History Virus Virus Characteristics of Virus of Working o o Viruses Computer Why people create Attack Virus-like of a Symptoms Hoaxes Virus Chain Letters Virus a from Different Worm is a How Attack Virus of a Indications Threats Hardware Threats Software Damage Virus Infect? Virus a Does How Virus of Patterns Storage o o o Stages of Virus Life Virus of Stages Classifi Virus Module 9: Viruses and Worms Virusesand 9: Module http://www.eccouncil.org http://www.eccouncil.org Page 42 o o o o o o o o o o o o o o o o o Top 10 Viruses- 2008 Latest Viruses Analysis Klez Virus Famous Virus/Worms –JS/Spth Famous Virus/Worms –Melissa Famous Virus/Worms –ILove You Virus File Extension Virus Companion Virus Sparse Infector Virus Cavity Virus Metamorphic Virus Polymorphic Code W32/WBoy.a PHP.Neworld MonteCarlo Family Java.StrangeBrew HappyBox Bad Boy Disk Killer Worm.SymbOS.Lasco.a Virus:W32/Divvi Virus:W32/Virut Virus: Win32.AutoRun.ah • • Encryption witha Encryption Variable Key Self -Modifi cation EC-Council Page 43 EC-Council ExeBug.d W32/Voterai.worm.e W32/Lecivio.worm W32/Lurka.a W32/Vora.worm!p2p Antivirus AVG Antivirus Norton McAfee Socketsheild BitDefender ESET Nod32 CA Anti-Virus Anti-Virus F-Secure Kaspersky Anti-Virus Antivirus F-Prot Antivirus Platinum Panda Virus avast! Cleaner o o o o o Program Virus a Simple Writing ConstructionVirus Kits Methods Detection Virus Response Incident Virus Dip? What is Sheep Tool – IDA Pro Analysis Virus is better than Cure Prevention Software Anti-Virus o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 44 Module 10:Sniffers o o o o o What isARP o o Types ofSniffi Tcpdump Commands Tcpdump Cain andAbel Following the TCP Stream in Wireshark Display Filters in Wireshark Wireshark The Dude Sniffer Tool: Network View –ScanstheNetwork forDevices Protocols Vulnerable toSniffi Defi o o Virus Databases Popular Anti-Virus Packages nition -Sniffi MAC Duplicating Attack MAC Duplicating ARP Poising How doesARPSpoofi ARP Spoofi Active Sniffi Passive Sniffi NormanControl Virus ClamWin ng ng Attack ng ng ng ng Work ng EC-Council Page 45 EC-Council ood ng Linux Tool: Macof Linux Tool: Etherfl Tool: Windows Ettercap ArpSpyX Flooding for MAC Tools ng • • • ng Tools (dsniff package) Tools ng MAC Flooding MAC Tools for ARP Spoofi for Tools Threats of ARP Poisoning of ARP Threats Tool Attack Irs-Arp Tool ARPWorks Nemesis Tool: Linux tool: Arpspoof Dnssppoof Linux Tool: Dsniff Linux Tool: Filesnarf Linux Tool: Mailsnarf Linux Tool: Msgsnarf Linux Tool: Sshmitm Linux Tool: Tcpkill Linux Tool: Tcpnice Linux Tool: Urlsnarf Linux Tool: Webspy Linux Tool: Webmitm Linux Tool: o o o o o o IP-based sniffi Linux Sniffi o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 46 o o o o o o o o o o o o o o o o Features ofRawSniffi Raw Sniffi Interactive Replay Attacks RelayInteractive TCP o o o o DNS Poisoning Techniques Tool: Windump Tool: Snort Maa Tec Network Analyzer Network Probe EtherApe Ntop NetSetMan Tool SMAC Packet Crafter Craft Custom TCP/IP Packets Session Capture Sniffer: NWreader Session Capture Sniffer: NetWitness SmartSniff MSN Sniffer Win Sniffer Ace Password Sniffer Sniffer:HTTP EffeTech DNS CachePoisoning Proxy Server DNSPoisoning Internet DNSSpoofi Intranet DNSSpoofi ng Tools ng Tools ng (Remote Network) ng (LocalNetwork) EC-Council Page 47 EC-Council ng c Analyzer c Tool: Etherpeek Etherpeek Tool: NetIntercept Colasoft EtherLook Traffi Ports AW Colasoft Capsa Network Analyzer Analyzer Colasoft Capsa Network CommView Sniffem NetResident IP Sniffer Sniphere IE HTTP Analyzer BillSniff URL Snooper Sniffer Packet EtherDetect HTTP Sniffer EffeTech AnalogX Packetmon Colasoft MSN Monitor IPgrab Analyzer EtherScan Antisniff Tool Tool Arpwatch PromiScan proDETECT o o o o o o o o o o o o o o o o o o o Sniffi to Detect How Countermeasures o o o o http://www.eccouncil.org http://www.eccouncil.org Page 48 Module 11:Social Engineering o o o Social Engineering Threats o o o o o o Types ofSocial Engineering Offi “Rebecca” and“Jessica” Human Weakness What isSocial Engineering? ce Workers Personal approaches Telephone Online Common Targets ofSocial Engineering Preventing Insider Threat Disgruntled Employee Insider Attack Computer Based Social Engineering Human-Based Social Engineering • • • • • • • • Movies to Watch forReverse Engineering Oracle Snoops Microsoft’s Trash Bins Dumpster Diving Example Human-Based Social Engineering: Dumpster Diving Human-Based Social Engineering: Shoulder Surfi Human-Based Social Engineering: Eavesdropping More Social Engineering Examples Technical Support Example ng EC-Council Page 49 EC-Council Defenses Against Social Engineering Threats Engineering Social Against Defenses Phishing Introduction Orkut Orkut on Orkut Impersonating worm MW.Orc Facebook on Facebook Impersonating MySpace on MySpace Impersonating Identity to Steal How Comparison Original Theft Identity http://www.consumer.gov/idtheft/ o to Attacks Vulnerable Companies that make Factors Effective Engineering Why is Social of an Attack Signs Warning Toolbar Anti-Phishing : Netcraft Tool Attack Engineering in a Social Phases to Attacks Vulnerable Behaviors on the Organization Impact Countermeasures Procedures and Policies - Checklist Policies Security Module 12: Phishing Module Impersonating Orkut, Facebook, MySpace Facebook, Orkut, Impersonating http://www.eccouncil.org http://www.eccouncil.org Page 50 o o o o o o o o Anti-Phishing Tools Anti-Phishing Phishing Statistics: Feb’ 2008 o o o o o o o o o o Types ofPhishing Attacks Process ofPhishing Phishing Methods Reasons forSuccessful Phishing GralicWrap ThreatFire TrustWatch Toolbar Phishing Sweeper Enterprise SpoofGuard GFI MailEssentials NetCraft PhishTank SiteChecker Search Engine Phishing Content-Injection Phishing DNS-Based Phishing Malware-Based Phishing Deceptive Phishing Client-side Vulnerabilities Hidden Attacks Cross-site ScriptingAttacks URL Obfuscation Attacks Man-in-the-Middle Attacks EC-Council Page 51 EC-Council Web Email Email Web Exploit Reaper o o Spyware Doctor Spyware Remover Spyware-Adware Zapper Track AdwareInspector Email-Tag.com Ways for Getting Email Account Information Account Email for Getting Ways Cookies Stealing Engineering Social Phishing Password e-mail Messages Fraudulent Vulnerabilities Redirector Email Stealth Advanced Tool: PassView Mail Tool: Master Recovery Password Email Tool: Password Mail Tool: Pro Finder Email Easy Spider Email Recovery MSN Password Hotmail Kernel Password Yahoo Forgotten Retrieve MegaHackerZ Passwords Hack Passwords Strong Creating o o o o Module 13: Hacking Email Accounts Email 13: Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 52 Module 14:Denial-of-Service Tool: SuperSecret Tool: Email Protector Tool: EmailSanitizer Tool: Email Security Tool: Email Protector Keep Me Signed In/ Remember Me Alternate Email Address Sign-in Seal Creating Strong Passwords: Trouble Signing In Creating Strong Passwords: ChangePassword o o o o o o o DoS Attack Classifi Types ofAttacks Impact andtheModes ofAttack Goal ofDoS What are Denial-of-Service Attacks Real World ScenarioofDoS Attacks DoS Attack Tools SYN Flooding SYN Attack Teardrop Attack Ping ofDeath Attack Buffer Overfl Smurf Attack ow Attack cation EC-Council Page 53 EC-Council cation Attack cation DoS Tool: Jolt2 Tool: DoS Bubonic.c Tool: DoS Land and LaTierra Tool: DoS Targa Tool: DoS Blast Tool: DoS Nemesy Tool: DoS Panther2 Tool: DoS Pinger Crazy Tool: DoS SomeTrouble Tool: DoS UDP Flood Tool: DoS FSMax Tool: DoS o o o o o o o o o o o RoBOT) Word the from Bot (Derived Botnets of Botnets Uses of Bots Types Agabot Analysis Of Infect? They Do How Infect They Do How Bot Nuclear Tool: Attack What is DDoS Attacks Characteristics of DDoS DDOS Unstoppable Model Agent Handler based Model IRC DDoS Taxonomy Attack DDoS Amplifi http://www.eccouncil.org http://www.eccouncil.org Page 54 Detect Potential Attacks Detect andNeutralize Handlers Preventing Secondary Victims Taxonomy ofDDoS Countermeasures DDoS Countermeasures Countermeasures forRefl Refl The Refl How toConductaDDoS Attack SCO AgainstMyDoom Worm MyDoom.B Spread ofSlammer Worm –30min Slammer Worm Worms o o o o o o o o DDoS Tools Refl Refl ection oftheExploit ective DNSAttacks Tool: ihateperl.pl ective DNSAttacks DDoS Tool:Mstream DDoS Tool: KnightandKaiten DDoS Tool: Trinity DDoS Tool:Shaft DDoS Tool:Stacheldraht DDoS Tool: TFN2K DDoS Tool: TribalNetworkFlood DDoS Tool: Trinoo ected DoS Attacks ected DoS EC-Council Page 55 EC-Council ng: Source Routed Packets Routed ng: Source v Hijacking ng RST Hijacking Tool: hijack_rst.sh Tool: RST Hijacking ect Attacks ect What is Session Hijacking? What is Session Spoofi Hijacking in Session Steps Hijacking of Session Types Levels Hijacking Session Hijacking Level Network Handshake The 3-Way Handshake Concepts 3-Way TCP Numbers Sequence Prediction Number Sequence hijacking TCP/IP IP Spoofi RST Hijacking o Hijacking Blind Sniffer Packet in the Middle: Man UDP Hijacking Hijacking Level Application Post-attack Forensics Post-attack Traceback Packet DoSHTTP Tool DoSHTTP Attacks of DDoS the Effects or Stop Mitigate Defl Module 15: Session Hijacking 15: Session Module

http://www.eccouncil.org http://www.eccouncil.org Page 56 Module 16:Hacking Web Servers Countermeasures: IPSec Protecting againstSession Hijacking Dangers that hijackingPose o o o o o o o o o Programs thatPerforms Session Hacking o Unicode o o Attacks againstIIS Apache Vulnerability o Web ServerDefacement How are Web Servers Compromised How WebServers Work Hjksuite Tool Dnshijacker Tool Paros Session HTTP Hijacking Tool Remote TCP Session Reset Utility (SOLARWINDS) Session Hijacking Tool: T-Sight IP watcher TTY-Watcher Hunt Juggernaut Unicode Directory Traversal Vulnerability IIS Directory Traversal (Unicode) Attack IIS Components How are Servers Defaced EC-Council Page 57 EC-Council xes and Patches xes Hacking Tool: IISxploit.exe Tool: Hacking Vulnerability Msw3prt IPP Vulnerability RPC DCOM ASP Trojan IIS Logs Log Analyzer Tool: Network CleanIISLog Tool: Hacking Mask Server Tool: IIS Security ip100 ServerMask CacheRight Tool: CustomError Tool: HttpZip Tool: LinkDeny Tool: AI ServerDefender Tool: ZipEnable Tool: w3compiler Tool: Yersinia What is Patch Management What is Patch Hacking Tool Tool Hacking o o o o o o o o o o o o o o o o o Framework Metasploit Tool: Professional CANVAS Immunity Tool: Impact Core Tool: MPack Tool: Neosploit Tool: Hotfi http://www.eccouncil.org http://www.eccouncil.org Page 58 o o o o Secure IIS Network Tool: Shadow Security Scanner Hacking Tool:WebInspect Network Tool: N-Stealth HTTP Vulnerability Scanner Network Tool:Whisker Online Vulnerability Search Engine Vulnerability Scanners o o o o o o o o o o o o o Patch Management Checklist Webserver Stress Tool Servers Alive GFI Network Server Monitor ServersCheck Monitoring Best Practices forPatch Management Opsware Server Automation System (SAS) BladeLogic Confi Confi BMC Patch Manager PatchLANDesk Manager IBM TivoliConfi Kaseya Patch Management Shavlik NetChk Protect cacls.exe utility Patch Management Tool: HFNetChk Patch Management Tool: qfecheck Solution: UpdateExpert gureSoft Enterprise Confi guration Manager guration Manager guration Manager (ECM) EC-Council Page 59 EC-Council ow Countermeasures Countermeasures An Example of XSS An Example Countermeasures Countermeasures Countermeasures Monitoring Tool: Secunia PSI Secunia Tool: Monitoring o o Browsing Traversal/Forceful Directory Cryptographic Interception Web Application Setup Application Web application Hacking Web Anatomy of an Attack Threats Application Web Scripting/XSS Flaws Cross-Site o o SQL Injection Flaws Command Injection o Poisoning Cookie/Session o Tampering Parameter/Form at Field Hidden Overfl Buffer o Countermeasures Security Server Web Increasing Checklist Protection Server Web Module 17: Web Application Vulnerabilities Application Web 17: Module http://www.eccouncil.org http://www.eccouncil.org Page 60 o o o o o o o o o o Hacking Tools TCP Fragmentation o o o Security Management Exploits o DMZ Protocol Attacks Platform Exploits Attack Obfuscation Error Message Interception Log Tampering o Authentication Hijacking Cookie Snooping WindowBomb SiteDigger Tool SSLDigger Tool CookieDigger Tool WSDigger Tool – Web Services Testing Tool SiteScope Tool BlackWidow WebSleuth Wget Instant Source Network Access Attacks Zero-Day Attacks Web Attacks Services Countermeasures Countermeasures EC-Council Page 61 EC-Council nition re AppScan AppScan re Basic Authentication Basic guring Payloads and Content Enumeration and Content Payloads guring • HTTP Authentication Burp: Positioning Payloads Positioning Burp: Confi Burp: WebWatchBot Tool: Mapper Tool: Burp: Password Guessing Guessing Password Burp: Proxy Burp Burpsuite cURL Tool: Hacking dotDefender Scanner Web Acunetix Scanner Application Web – AppScan AccessDiver Scanner Vulnerability Web Falcove Tool: NetBrute Tool: Monitor Web Emsa Tool: KeepNI Tool: Parosproxy Tool: WebScarab Tool: Watchfi Tool: Authentication Mechanisms Authentication o Authentication - Defi Authentication o o o o o o o o o o o o o o o o o o o Module 18: Web-Based Password Cracking Techniques Cracking Password Web-Based 18: Module http://www.eccouncil.org http://www.eccouncil.org Page 62 Modus Operandi ofanAttacker Using aPassword Cracker What isaPassword Cracker Windows XP:Remove Saved Passwords How Hackers Get Hold ofPasswords HadThe “Mary ALittleLamb” Formula Examples ofBad Passwords Protecting YourPassword Changing YourPassword Things toAvoid inPasswords How toSelect aGood Password Bill Gates attheRSAConference 2006 o o o o o o Biometrics Authentication RSA SecurID Token Forms-based Authentication Certifi Negotiate Authentication Integrated Windows (NTLM)Authentication cate-based Authentication • • Types ofBiometrics Authentication Digest Authentication Face Code: WebCam Based Biometrics Authentication System Face Recognition Afghan Woman Recognized After17 Years Retina Scanning basedIdentifiHand Geometry- Fingerprint-based Identifi cation cation EC-Council Page 63 EC-Council cation Password Guessing Password Query String Cookies Dictionary Maker (LC4) L0phtCrack the Ripper John Brutus ObiWaN Authforce Hydra Cain & Abel RAR Gammaprog WebCracker Bunga Munga PassList SnadBoy MessenPass Spy Password WEP Key Wireless RockXP Pro Spectator Password Passwordstate o o o o Available Crackers Password o o o o o o o o o o o o o o o o o o How Does a Password Cracker Work Cracker Password a Does How - Classifi Attacks http://www.eccouncil.org http://www.eccouncil.org Page 64 Module 19:SQLInjection How Does It Work How to Test forSQLInjection Vulnerability SQL injection Techniques Input ValidationAttack OLE DBErrors What If It Doesn’t Take Input What You Should LookFor Steps SQL injection forperforming Exploiting WebApplications What isSQLInjection o o o o o o o o o o o o Countermeasures My Password Manager PassReminder Easy WebPassword Password Safe Password Administrator WebPassword Tool: SniffPass Tool: Messenger Key Tool: Mail PassView Tool: Network Password Recovery Advanced Mailbox Password Recovery (AMBPR) Atomic Mailbox Password Cracker EC-Council Page 65 EC-Council Hacking Tool: SQLDict Tool: Hacking SQLExec Tool: Hacking sqlbf Tool: Auditing Password SQL Server SQLSmack Tool: Hacking SQL2.exe Tool: Hacking sqlmap sqlninja SQLIer SQL Injector Automagic BadLogin.aspx.cs BadProductList.aspx.cs Commands System Operating Executing of SQL Query Output Getting Message Error ODBC Using the Database from Data Getting Table of a all Column Names to Mine How Data any to Retrieve How into Database Data to Update/Insert How in Oracle SQL Injection Database in MySql SQL Injection Against SQL Servers Attacking Service (SSRS) Resolution SQL Server -L Probing Osql Tools Automated SQL Injection SQL AutoMagic Tool: SQL Injection Automated Tool SQL Injection Automated Absinthe o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 66 Module 20:Hacking Wireless Networks Wireless Standards Introduction to Wireless o Wireless ConceptsandDevices o o o o o o o o o o o Acunetix Web VulnerabilityScanner SQL Injection Blocking Tool: SQLBlock GoodLogin.aspx.cs Preventing SQLInjection Attacks SQL Injection Countermeasures o o Blind SQLInjection Related Technology and Carrier Networks Wireless Standard: 802.11n Wireless Standard: 802.11i Wireless Standard: 802.11g Wireless Standard: 802.11b–“WiFi” Wireless Standard: 802.11a Advantages andDisadvantages ofa Wireless Network Types of Wireless Network Effects of Wireless Attacks onBusiness Wired Network vs. Wireless Network Introduction to Wireless Networking Absinthe Blind SQLInjection Schema Blind SQLInjection: Countermeasure EC-Council Page 67 EC-Council Antennas – www.cantenna.com Cantenna Points Access Wireless SSID Frames Beacon the SSID a Secret Is WLAN up a Setting and Association Authentication Modes Authentication Process The 802.1X Authentication (WEP) Privacy Equivalent Wired WEP Issues Phase WEP - Authentication Authentication Key WEP - Shared WEP - Association Phase WEP Flaws WPA What is Vulnerabilities WPA and WPA2 WPA, WEP, 2 Access Protected Wi-Fi WPA2 Terminologies WarChalking Association Attacks and (Dis) Authentication o o o o o o o o o o o o o o o o o o o o Tools and Hacking Attacks o o o WEP and WPA WPA WEP and http://www.eccouncil.org http://www.eccouncil.org Page 68 o o o o o o o o o o o o o o o o o o o o o o o o o ClassicStumbler Tools toDetect Rogue Access Points: MiniStumbler Tools toDetect Rogue Access Points: Netstumbler Tools toGenerate Rogue Access Points: Fake AP Rogue Access Points Evil Twin:Attack 802.11 Specifi WPA-PSK Cracking Tool: CowPatty Tool: Wepdecrypt Attacking WEP with WEPCrack on Windows usingPERL Interpreter Attacking WEP with WEPCrack on Windows usingCygwin Attacking WPA Networks Encrypted WEP Tool:WepLab WEP Tool:WEPCrack WEP Tool:AirSnort Aircrack-ng WEP Tool:Aircrack Stream Cipher XOR Encryption Pad-Collection Attacks AutomatedCrackers WEP Problems with WEP’s Key Stream andReuse Weak Keys (a.k.a. Weak IVs) Cracking WEP WEP Attack c Vulnerabilities EC-Council Page 69 EC-Council ng: Wellenreiter ng: ng ng and AP Spoofi Defeating MAC Address Filtering in Windows in Filtering Address MAC Defeating XP and 2000 Windows in Address Changing the MAC Manually Spoofi Address MAC to Detect Tool (MITM) Attack Man-in-the-Middle Attacks Denial-of-Service Fatajack Tool: Attack DoS Network Wireless a and Modifying Hijacking Jammers Phone Blocker Mobile Jammer: Phone Jammer Cell Phone Cellular Style Pocket Camera Jammer Wireless & Wi-Fi 2.4Ghz Jammer Cell Phone Digital Watt 3 Jammer Phone Cellular Mobile Digital Band Quad Watt 3 Jammer Phone Cellular Mobile Digital Band 20W Quad AirFart AirFart AP Radar Hotspotter Point Cloaked Access shtumble Tool: WarDriving (TKIP) Protocol Integrity Key Temporal Protocol Authentication Extensible Lightweight The LEAP: LEAP Attacks ASLEAP Tool: LEAP Attack of ASLEAP Working Sniffi MAC o o o o o o o o o o o o o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 70 Sniffi ng Tools o o o o o o o o o o o o o o o o o o o o o o o Scanning Tools Detecting a Wireless Network 40W Digital CellularMobile Phone Jammer Sniffi Sniffi Sniffi MAC Sniffi Sniffi Sniffi wlanScanner Simple WirelessScanner eEye Retina WiFI Scanning Tool:Wifi Scanning Tool:FinderWiFi Scanning Tool:AirTraf Scanning Tool: Wireless Security Auditor (WSA) Scanning Tool:Wavemon Scanning Tool: APScanner Scanning Tool: Netchaser V1.0 forPalm Tops Scanning Tool:WaveStumbler Scanning Tool:V1.16 Mognet Scanning Tool:MacStumbler Scanning Tool:Prismstumbler Scanning Tool:Kismet ng Tool: Drifnet ng Tool: Etherpeg ng Tool: vxSniffer ng Tool: NAI Wireless Sniffer ng Tool: AiroPeek ng Tool: WireShark Scanner EC-Council Page 71 EC-Council ng the Network ng the Network ng Tool: AirMagnet Tool: ng WinDump Tool: ng Ssidsniff Tool: ng Sniffi Sniffi THC-RUT Tool: Multiuse WinPcap Tool: AirPcap Tool: Pack the Developer’s from Program AirPcap: Example Monitor Network Microsoft Networks Wireless for Hacking Steps to Attack Networks 1: Find Step to Attack 2: Choose the Network Step 3: Analyzing the Network Step WEP Key the 4: Cracking Step 5: Sniffi Step System Detection Intrusion Wireless WIDZ: in Security Layer as Additional Radius: Used Networks Wireless Securing Checklist Security Network Wireless Passphrase WLAN Security: Security Wireless in Don’ts PPC WiFi for CommView Tool: WLAN Diagnostic Analyzer Handheld AirMagnet Tool: WLAN Diagnostic Sniffi o o o o o o o Networks Wireless Hacking o o o o o o o o o o o o Tools Security Wireless o o o Security Wireless http://www.eccouncil.org http://www.eccouncil.org Page 72 Module 21:Physical Security o o o o o o o o o o o Physical Security Checklist Factors AffectingPhysical Security Who Is Accountable forPhysical Security What Is theNeed forPhysical Security Physical Security Understanding Physical Security Security Facts o o o o Access Control Other Equipments Wireless Access Point Workstation Area Server Room Reception CCTV Cameras Physical Security Checklist:Premises Security Guards Gates Physical Security Checklist-Companysurroundings Tool: RogueScanner Google Secure Access AirDefense Guard (www.AirDefense.com) Auditing Tool: BSD-Airtools • Biometric Devices EC-Council Page 73 EC-Council

cation Techniques cation Lock Picking Tools Lock Picking Biometric Identifi Biometric Mechanisms Authentication Biometrics Challenges: Mechanism Authentication Fingerprints Faking cards Smart Token Security Maintenance Computer Equipment Wiretapping Access Remote Security Lapse of Physical Locks • • • • • • • • • • • Tools to Locate Stolen Laptops to Locate Stolen Tools Plate Patented Tamper-proof Unique, Stop's TrueCrypt Tool: Information Security Information Security) Physical EPS (Electronic Security Wireless for 2007 Theft Statistics Laptop Laptops and Recovered for Stolen Statistics Laptop Theft Loss Under Laptop theft: Data Tools Laptop Security Tracker Computer - XTool Tracker Laptop http://www.eccouncil.org http://www.eccouncil.org Page 74 Module 22:LinuxHacking Track Stick GPS Tracking Device Blocking theUse ofUSBStorage Devices Tool: DeviceLock Physical Security: LockDown USBPorts Spying Devices Spyware Technologies Challenges inEnsuring Physical Security TEMPEST Mantrap Laptop Security Countermeasures Make Files GCC Commands Compiling Programs inLinux How toInstall aKernel Patch Installing, Confi Directories inLinux Linux Basic Basic CommandsofLinux:Files & Directories Linux Live CD-ROMs Linux Distributions Why Linux o o Linux Networking Commands Linux File Structure guring, andCompilingLinuxKernel EC-Council Page 75 EC-Council t Make Install Command Install Make Linux Vulnerabilities Chrooting Why is Linux Hacked Programs Vulnerable to Patches to Apply How Scanning Networks Nmap in Linux Nessus Scanning Tool: Tools Scan Detection Port in Linux: Xcrack Cracking Password in Linux: IPTables Firewall Command IPTables Defense System Linux Operating Basic Assistant) Research Auditor's SARA (Security Netcat Linux Tool: tcpdump Linux Tool: Snort Linux Tool: SAINT Linux Tool: Wireshark Linux Tool: Sentry Port Abacus Tool: Linux Collection DSniff Tool: Linux Hping2 Linux Tool: Sniffi Linux Tool: Linux Tool: Nemesis Linux Tool: LSOF Linux Tool: http://www.eccouncil.org http://www.eccouncil.org Page 76 Module 23:Evading IDS,Firewalls andDetecting Honey Pots Steps forHardening Linux Linux Security Countermeasures Linux Security Auditing Tool (LSAT) Linux Tools: Logand Traffi Linux Tools:Encryption Linux Tools:Security Testing Tools Advanced Intrusion Detection Environment (AIDE) Linux Tools: Application Security ‘chkrootkit’ Rootkit Countermeasures Rootkit: Beastkit Rootkits: Tuxit, Adore, Ramen Rootkits: Knark & Torn Hacking Tool: LinuxRootkits Linux LoadableKernel Modules Tool:Wrappers TCP Hacking Tool:Hunt Linux Tool: LIDS Linux Tool:IPTraf o Intrusion Detection System (IDS) Terminologies Introduction toIntrusion Detection System IDS Placement detects thefollowing Rootkits c Monitors EC-Council Page 77 EC-Council cations ers (SIVS) ers IDS Evading Tool: ADMutate Tool: IDS Evading guring Snort (snort.conf) guring Snort Snort Rules Snort Service as a Logs and to Run Log to the Event to up Snort Set Notifi for Eventlog EventTriggers.exe Using Snort 2003 Windows on Snort Running Console Snort Snort Testing Confi SnortSam IDS to Evade Ways IDS to Evade Tools • • • • • • • • • • • Steps to Perform after an IDS detects an attack after an IDS detects to Perform Steps IDS Systems Evading Ways to Detect an Intrusion to Detect Ways Systems Detection of Instruction Types Verifi Integrity System Tripwire Agent (CSA) Cisco Security Positive/Negative True/False, Analysis Signature Indications System of Intrusion: Indication General Indications System File of Intrusion: Indication General Indications Network of Intrusion: Indication General Tools Detection Intrusion o o o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 78 o o o o o o o o o o o o o o o o What isaFirewall? Hiding Behind aCovert Channel:LOKI Placing Backdoors through Firewalls Bypassing aFirewall usingHTTPTunnel Breaching Firewalls Banner Grabbing Firewalking Firewall Identifi Packet Filtering Firewall Types ofFirewall Software Firewall Hardware Firewall Firewall Operations How doesaFirewall work What can’t afi Packet Filtering What Does aFirewall Do • • • • • • • Stateful Multilayer Inspection Firewall Application Packet Filtering Firewall Application Level Firewall TCP Packet Filtering Firewall Circuit-Level Gateway IP Packet Filtering Firewall Packet Filtering Firewall rewall do cation Packet Generators EC-Council Page 79 EC-Council c IQ Professional rewalls Low-interaction honeypot Low-interaction honeypot Medium-interaction honeypot High-interaction Honeypot-SPECTER • IDS Testing Tool: TCPOpera TCPOpera Tool: IDS Testing Informer IDS testing tool: Firewall Tester Firewall Web Atelier Project The Honeynet of Honeypots Types of a Honeypot and Disadvantages Advantages to place Honeypots Where Honeypots Tool: NCovert Tool: Tunneling ACK fi to breach Tools Informer IDS testing tool: IDS Evasion Gateway Tool: IDS Testing (Emerald) Disturbances Live to Anomalous Responses Enabling Monitoring Event Tool: IDS BlackICE IDS Tool: (NIDES) Expert System Detection Intrusion Next-Generation Tool: IDS SecureHost IDS Tool: Snare IDS Tool: Traffi Tool: IDS Testing o o o What is Honeypot? o o o o o o o o and IDS Firewall Testing for Tool Common o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 80 Module 24:Buffer Overfl NOPs o How toDetect Buffer Overfl o Understanding AssemblyLanguage o o Types ofBuffer Overfl o o Types ofBuffer Overfl Understanding Heaps Understanding Stacks Knowledge Required toProgram Buffer Overfl Reasons forBuffer Overfl Buffer Overfl Why are Programs/Applications Vulnerable o What todowhenhacked Tools toDetect Honeypots Attacking aReal Program Shellcode Heap-based Buffer Overfl Heap Memory Buffer Overfl Stack Based Buffer Overfl A Simple Uncontrolled Overfl Physical and Virtual Honeypots • • • ows Sebek Honeypot –KFSensor Honeypot -honeyd ows: Heap-based Buffer Overfl ows: Stack-based Buffer Overfl ow Attacks ows ows inaProgram ows ow ow Bug ow ow oftheStack ow Exploits ow ow EC-Council Page 81 EC-Council ow: Return Address Defender (RAD) Defender Address Return ow: StackGuard ow: System Immunix ow: ow Exploit ow ows ow in C ow ow Protection Solution: Libsafe Solution: Protection ow Encryption Decryption of RSA Algorithm Example RSA Attacks RSA Challenge DES Overview Code Analysis Comparing Functions of libc and Libsafe Comparing Functions Tool to Defend Buffer Overfl Buffer to Defend Tool Overfl Buffer to Defend Tool Overfl Buffer to Defend Tool NIST Search: Vulnerability Valgrind Insure++ Introduction to Cryptography Introduction Techniques Classical Cryptographic o o Cryptographic Algorithms Adleman) Shamir RSA (Rivest o o o (DES) EncryptionData Standard o o o Overfl Buffer Simple Once the Stack is Smashed the Stack Once Overfl Buffer Against Defense o o o o o o Overfl Buffer How to Mutate a Buffer Overfl a Buffer Mutate to How Module 25: Cryptography Module http://www.eccouncil.org http://www.eccouncil.org Page 82 Advanced File Encryptor Magic Lantern Hacking Tool: PGPCrack CryptoHeaven Command LineScriptor CypherCalc PGP (Pretty Good Privacy) o Digital Certifi o o o o o o o Digital Signature Government Access toKeys (GAK) Disk Encryption Algorithms andSecurity o What isSSH? SSL (Secure Sockets Layer) SHA (Secure Hash Algorithm) o o Message Digest Functions o RC4, RC5, RC6, Blowfi Cleversafe Grid Builder http://www.cleversafe.com/ Challenges andOpportunities Digital Signature Algorithms:ECDSA,ElGamal Signature Scheme Digital Signature Algorithm:Signature Generation/Verifi Digital Signature Standard Digital Signature Applications Method ofDigital Signature Technology Components ofaDigital Signature SSH (Secure Shell) MD5 One-way Bash Functions RC5 cates sh cation EC-Council Page 83 EC-Council Encryption Engine Encrypt Files Encrypt PDF Encrypt Easy Encrypt my Folder Protect HTML Encrypt and Password Advanced Encrypt source HTML Encryption File Alive Omziff ABC CHAOS EncryptOnClick CryptoForge SafeCryptor CrypTool Tools Cryptography Microsoft Crypto Light Polar CryptoSafe Crypt Edit CrypSecure Cryptlib Crypto++ Library Methodologies Code Breaking: Cryptanalysis Cryptography Attacks Attack Brute-Force http://www.eccouncil.org http://www.eccouncil.org Page 84 Module 26:Penetration Testing Enumerating Devices Testing Network-fi Enumerating Information aboutHosts onPublicly Available Networks Using DNSDomain Name andIPAddress Information Manual Testing Automated Testing Testing Locations Testing points Pentest Level Service Agreements Project Scope Terms ofEngagement Outsourcing Penetration Testing Services Do-It-Yourself Testing Risk Management Types ofPenetration Testing Penetration Testing Limitations of Vulnerability Assessment Vulnerability Assessment Categories ofsecurityassessments Introduction toPenetration Testing (PT) Use Of Cryptography distributed.net UsingCracking S/MIME Encryption Idle CPU Time ltering Devices

EC-Council Page 85 EC-Council Denial-of-Service Emulation Denial-of-Service using Appscan Pentest HackerShield Scanner Cerberus Internet Using Pen-Test Scanner Cybercop Using Pen-Test Appliances Hardware FoundScan Using Pen-Test Nessus Using Pen-Test NetRecon Using Pen-Test SAINT Using Pen-Test Pro SecureNet Using Pen-Test SecureScan Using Pen-Test Analyzer SARA and Security SATAN, Using Pen-Test Analyzer STAT Using Pen-Test VigilENT Using Pentest WebInspect Using Pentest CredDigger Using Pentest Nsauditor Using Pentest Tools of Pen-Test Types Different Evaluating Asset Audit Trees and Attack Tree Fault GAP Analysis Threat Threat of Impact Business Threat Metrics Internal Threat Metrics External http://www.eccouncil.org http://www.eccouncil.org Page 86 System Event LoggingandReviewing Tools Keyboard Logging andScreen Reordering Tools Database Assessment Tools File Encryption Tools Buffer Overfl Web-Testing Based Scriptingtools Link Checking Tools Password Guessing Tools Password Directories File Share Scanning Tools Directory andFile Access Control Tools Port Scanning Tools Fingerprinting Tools Operating System Protection Tools System Software Assessment Tools Traditional Load Testing Tools Denial Emulation of Service Tools Network Sniffi Trace Route Tools andServices Network Auditing Tools Zone TransferDNS Testing Tools Disk Replication Tools Defect Tracking Tools:Bug Tracker Server Test Dependencies Calculating Relative Criticality ow protection Tools ng Tools EC-Council Page 87 EC-Council Activity: Perimeter Testing Perimeter Activity: Testing Application Web Activity: Testing Wireless Activity: Target Acquiring Activity: Escalating Privileges Activity: and Retract Implant Execute, Activity: Insider Attacks Insider Tripwire and Checksum Tools and Checksum Tripwire Tools Scanning Mobile-code Tools Monitoring Security Centralized Tools Log Analysis Web Tools and Collection Data Forensic Tools Assessment Security Tools OS Management Multiple Testing of Penetration Phases Phase Pre-attack Practices Best that can be Expected Results Reconnaissance Passive Reconnaissance Active Phase Attack o o o o o o and Activities Phase Attack Post Templates Deliverables Testing Penetration Module 27: Covert Hacking 27: Covert Module http://www.eccouncil.org http://www.eccouncil.org Page 88 o Covert ChannelHacking Tool: NCovert Covert ChannelHacking Tool: Web Shell Covert ChannelHacking Tool: MsnShell Covert ChannelHacking Tool: Firepass Covert ChannelHacking Tool: CCTT Covert ChannelHacking Tool: Active Port Forwarder o o o o o o o o Covert ChannelAttack Tools Reverse ConnectingAgents In-Direct Attack Example Direct Attack Example Reverse Shell (Reverse Telnet) Standard Direct Connection Advanced Covert Attacks Simple Covert Attacks Covert Channel:Attack Techniques Covert ChannelsScope Motivation ofaFirewall Bypass Why Do You Want toUse Covert Channel? Security Breach What isCovert Channel? Ncovert -How itworks TunnelingHTTP/S Attack Covert ChannelusingSSH(Advanced) Covert ChannelUsing SSH DNS TunnelingCountermeasures DNS TunnelClient Covert ChannelUsing DNS Tunneling DNS Tunneling Netcat EC-Council Page 89 EC-Council Directory Traversal Method Traversal Directory Function Traversal Directory Example Method dot” “dot Method dot” Code for a “dot Example for Infection a File Marking Mechanism Trigger Bombs/Payloads Logic Bombs Force Brute • • • • • • • • Virus Infection: Step I Step Infection: Virus II Step Infection: Virus III Step Infection: Virus IV Step Infection: Virus V Step Infection: Virus part of Replicator Functioning Replicator Writing Concealer Writing Dispatcher Bomb/Payload Writing o o o o o o o o o o Covert Channel Hacking via Spam E-mail Messages E-mail Spam via Hacking Channel Covert Hydan Introduction of Virus of Introduction Viruses of Types Attack Virus of a Symptoms Viruses Writing for Prerequisites and Utilities Tools Required Chart Flow Infection Virus Viruses Components of Module 28: Writing Virus Codes Writing 28: Module http://www.eccouncil.org http://www.eccouncil.org Page 90 Module Language 29:Assembly Tutorial Tips forBetter Virus Writing TestingCodes Virus External interrupts andInternalExternal interrupts interrupts Interrupt handler Interrupts Pentium Processor Instruction Pointer Original Registers Clock Cycle Compilers Machine Language CPU ASCII andUNICODE Characters Coding Computer memory nibble Hex Conversion Hex Example Hexadecimal Number AdditionBinary (CstandsforCanary) Decimal 0 to15inBinary Base 2System Base 10System EC-Council Page 91 EC-Council ne directive directive ne First.asm First.asm Data directives directives Data Labels and output Input C Interface Call a Program Creating assembly at all? learn Why should anyone o Assembling the code Compiling the C code Handlers Handlers Language Machine Language Assembly Assembler Language Vs High-level Assembly Language Compilers Assembly Language operands Instruction instruction MOV ADD instruction SUB instruction INC and DEC instructions Directive preprocessor equ directive %defi http://www.eccouncil.org http://www.eccouncil.org Page 92 Calculating addresses oflocalvariables Labels offunctions Saving registers Multi-module program General subprogram formwithlocalvariables Local variables onthestack General subprogram form The CALLandRETInstructions The Stack Usage ESP The SSsegment The Stack Subprogram Indirect addressing Do whileloops If statements Two’s Compliment Signed Magnitude Signed integers Working withIntegers Skeleton File Big andLittleEndian Representation Understanding anassemblylistingfi Linking theobjectfi les le EC-Council Page 93 EC-Council ow Format String String Format Exploits Bug Integer Race Condition Attack TCP/IP LibExploit Metasploit CANVAS Heap Corruption Heap o o o o Exploit Grade Commercial and The Proof-of-Concept Exploit Grade to Commercial of Concept Exploit Converting a Proof Methodologies Attack Exploits Binding Socket Writing for Exploit Tools o o o an Exploit Writing for Steps and Linux Exploits Windows Between Differences Shellcodes NULL Byte of Shellcodes Types Development for Shellcode Used Tools Exploits OverviewExploits and Shellcodes Exploits Writing for Prerequisites Writing of Exploit Purpose of Exploits Types Overfl Stack Module 30: Exploit Writing 30: Exploit Module http://www.eccouncil.org http://www.eccouncil.org Page 94 Module 31:Smashing theStack forFun andProfi Compiling thecodetoassembly Procedure Call(Procedure Prolog) Stack pointer Stack frame The Stack Region Why Do We Use AStack? What Is AStack? Memory Process Regions Data Region Stack Buffers StaticDynamic Variables Vs What isaBuffer? o o o o o o o o o Issues Involved With Shellcode Writing Steps for Writing aShellcode readelf strace ktrace objdump GDB NASM System callimplementation Null byte problem Addressing problem t EC-Council Page 95 EC-Council ows ows The code to spawn a shell in C system call execve() List of steps with exit call Call Statement Call Statement (RET) Address Return Word Size Stack Overfl Buffer Error violation? get a segmentation Why do we Error Segmentation Jump Instruction Parameters Key Guess Calculation Code Shell o start studying main: by We'll Lets try going on here. to understand what is execve() o exit.c o The code in Assembly JMP addressing Code using indexed calculation Offset shellcodeasm.c testsc.c Compile the code http://www.eccouncil.org http://www.eccouncil.org Page 96 Module 32: Windows Based Buffer Overfl Execution Flow o o EIP Register Analysis Windbg.exe Simple Proof ofConcept OpenDataSource Buffer Overfl Exploiting stackbasedbufferoverfl Writing Windows Based Exploits o o NOPs vulnerable.c sp.c Compiling thecode overfl Writing anExploit testsc2.c shellcodeasm2.c NULL byte Stack overfl Buffer Overfl EIP Location ofEIP Estimating theLocation Using NOPs ow1.c ow ow ow ow ow Vulnerability Details ow ow ow Exploit Writing EC-Council Page 97 EC-Council Positive Applications of Reverse Engineering of Reverse Applications Positive Engineering Reverse Ethical Case Study War World DMCA Act What is Disassembler? need to decompile? Why do you Tools Disassembler Professional But where can we jump to? jump to? can we where But Address Offset The Query jmp esp Finding Debug.exe listdlls.exe Msvcrt.dll Out.sql The payload ESP Limited Space address absolute API/function Windows Getting Address Memory Addresses Other Compile the program Code Final Module 33: Reverse Engineering 33: Reverse Module http://www.eccouncil.org http://www.eccouncil.org Page 98 Tool: JODE Java Decompiler Java Bytecode Decompilers .NET Obfuscator and.NETObfuscation Tool: Decompilers.NET Tool: Spices NET.Decompiler Tool: Refl Tool: LSWDotNet-Refl Salamander .NETDecompiler Tools forDecompiling .NETApplications Delphi Decompilers Tool: EXE To CDecompiler Tool: RECDecompiler Andromeda Decompiler What BoomerangCanDo? Tool: Boomerang Code Produced by thedccDecompiler inC Assembly Codeofcompute.exe Program Machine Codeofcompute.exe Prorgam Tool: dcc Machine Decompilers AssemblyCodetoC++code Convert Program Obfuscation Decompilers MachineConvert CodetoAssembly Tool: IDAPro ector ection-Browser EC-Council Page 99 EC-Council ow Vulnerability ow ow Vulnerability ow ow Vulnerability ow cationCenter Privilege Escalation Vulnerability Escalation cationCenter Privilege lesystem integer overfl Crafted URL Vulnerability Vulnerability URL Crafted Vulnerability Pointer Uninitialized CoreText overfl Integer ImageIO DirectoryService Vulnerability buffer overfl iChat UPnP Kernel “fpathconf()” System call Vulnerability call System “fpathconf()” Kernel UserNotifi in MAC Vulnerabilities Other ImageIO Memory Corruption Vulnerability Corruption Memory ImageIO Vulnerability Code Execution UFS fi Introduction to MAC OS to MAC Introduction in MAC Vulnerabilities o o o Tool: JREVERSEPRO Tool: SourceAgain Tool: ClassCracker Tool: Decompilers Python Tutorial Engineering Reverse Debugger OllyDbg Work? OllyDbg Does How Application Console a Simple Debugging o o o o o OS X Mac Can Crack Package Installer a Malformed How in MAC Viruses and Worm o o o Module 34: MAC OS X Hacking 34: MAC Module http://www.eccouncil.org http://www.eccouncil.org Page 100 Module 35:Hacking Routers, cableModems andFirewalls Analyzing theRouter Confi Hydra Brute-Forcing LoginServices MIBBrowserSolarwinds ADMsnmp Confi HTTP Identifying aRouter Network Devices o o o Countermeasures o o o o Mac Security Tools o o o o Anti-Viruses inMAC o Macro Viruses Inqtana.A OSX/Leap-A FileGuard IPNetsentryx ClamXav MacScan Norton Internet Security Endpoint Security andControl McAfee Virex forMacintosh VirusBarrier SING: Tool forIdentifying theRouter guration Arbitrary Administrativeguration Arbitrary Access Vulnerability g EC-Council Page 101 EC-Council rewalls.net rewalls.net Finding a Cisco Router a Cisco Router Finding into Cisco Router to Get How the Password Breaking Here Anyone Is Tracks Covering Looking Around ZUP OneStep: Cracking the Enable Password Password Enable the Cracking Abel Cain and Tool: Attack Router of a Implications Attacks of Router Types Topology Attack Router Attacks of Service (DoS) Denial Attacks “Mistreating” Packet Poisoning Table Routing Attacks vs. Persistent Attacks Hit-and-run Cisco Router o o o o o o Eigrp-tool Zebra Tool: 2 attacks and other layer CDP, for HSRP, Yersinia Tool: Torch Cisco Tool: SLcheck SMTP(port25) Using Monitoring HTTP(port 80) Monitoring Hacking Cable Modem o www.bypassfi http://www.eccouncil.org http://www.eccouncil.org Page 102 Module 36:Hacking Mobile Phones, PDAandHandheld Devices o o o o PDA o o o o o Blackberry o o o Spyware Malware Vulnerabilities inDifferent Mobile Phones What CanAHacker Do Threats Evolution ofMobile Threat Different OSStructure inMobile Phone Different OSinMobile Phone Waldo Beta 0.7(b) PDA Virus: Brador PDA Virus: HotSync Attack ActiveSync attacks PDA Security Issues Countermeasures BlackBerry Signing Authority Tool BlackBerry WirelessSecurity Attacks:Blackberry Blackjacking AttacksBlackberry Best Practices againstMalware Spyware: SymbOS/MultiDropper.CG Spyware: SymbOS/Htool-SMSSender.A.intd EC-Council Page 103 EC-Council Steps for AppSnapp for AppSnapp Steps • Tool to Unlock iPhone: iPhoneSimFree iPhoneSimFree iPhone: to Unlock Tool anySIM iPhone: to Unlock Tool using AnySIM iPhone your for Unlocking Steps iPhone Unlocked on your Button Voicemail the Activate Virus Podloso Lock-iT XP tool: Icon Security Devices to Mobile Due to Organizations Threats Organizations by Actions Security Skulls Duts Trojan Doomboot.A: PDA Security Tools: TigerSuite PDA PDA TigerSuite Tools: Security PDA for PDAs Policies Security of iPod Misuse Jailbreaking iFuntastic for jailbreaking: Tools Hacking for iPhone Prerequisite iFuntastic using Hacking iPhone Step by Step Hacking step iPhone by Step AppSnapp o o o o o o Security? to Enterprise a Breach It Is Mobile: o o Viruses o o o Antivirus o o iPod o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 104 Module 37:Bluetooth Hacking o o o o o o o o Security Attacks inBluetooth Devices Security Issues inBluetooth Bluetooth Introduction o o o o o o o Mobile Phone Security Tips Defending CellPhones andPDAsAgainstAttack o o Security Tools OnLine PIN Cracking Attack Man-In-Middle Attacks Short Pairing CodeAttacks BlueBug Attack Blue snarfi BlueSpam Tools forBluejacking Bluejacking BullGuard Mobile Antivirus F-Secure forPalm Antivirus OS Symantec AntiVirus SMobile VirusGuard BitDefender Mobile Security Airscanner MobileKaspersky Antivirus Mobile Security Tools: Virus ScanMobile Sprite Terminator ng EC-Council Page 105 EC-Council BTKeylogging attack BTKeylogging attack BTVoiceBugging Blueprinting of Death The Ping - Bluesmacking Attack Denial-of-Service Attack BlueDump BTScanner Bluesnarfer Bluediving Auditor Environment Bluetooth Transient BTcrack Blooover Hidattack Cabir Mabir Lasco BlueWatch BlueSweep Bluekey Edition Enterprise Security Mobile BlueFire BlueAuditor Scanner Network Bluetooth o o o o o o hacking tools Bluetooth o o o o o o o Viruses Bluetooth and Worms o o o tools Security Bluetooth o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 106 Module 38: VoIP Hacking o o o o o o o o Scanning o o o o o o o o o o Footprinting VoIP Hacking Steps What is VoIP Countermeasures UDP Scan TCP SYNScan Port Discovery ScanningandService SNMP Sweeps TCP Ping Scans ARP Pings ICMP Ping Sweeps Host/Device Discovery Steps toPerform Footprinting WHOIS andDNSAnalysis Resumes VoIP Vendors Phone Numbers andExtensions Job Listings Help Desk Organizational Structure andCorporateLocations Unearthing Information Information Sources EC-Council Page 107 EC-Council cation REGISTER Username Enumeration Enumeration REGISTER Username Enumeration INVITE Username Enumeration OPTIONS Username with sipsak OPTIONS Scanning Automated against SIP server and OPTIONS Scanning with SIPSCAN REGISTER, INVITE Automated SIPSCAN against SIP Phones OPTIONS Scanning Using Automated ng and Masquerading ng Attack ng • • • • • • Steps to Perform Enumeration to Perform Steps with Netcat Grabbing Banner Enumeration SIP User/Extension TFTP Enumerating Servers SNMP Enumeration Devices VoIP VxWorks Enumerating (DoS) Denial-of-Service Attack (DDoS) Denial-of-Service Distributed Attack Denial-of-Service Internal Scenarios Attack DoS Eavesdropping Spoofi Packet Host/Device Identifi Host/Device Attack Replay and Hijacking Call Redirection ARP Spoofi ARP Spoofi Enumeration o o o o o o the Network to Exploit Steps o o o o o o o o o o o http://www.eccouncil.org http://www.eccouncil.org Page 108 o o o o o o o o o o o o o o Signaling andMedia Manipulation What isFuzzing Application-Level Interception Techniques Man-In-The-Middle (MITM)Attack Interception through VoIP Signaling Manipulation Call Eavesdropping Performing Number and CallPattern Harvesting Tracking Sniffi DNS CachePoisoning Flooding Attacks SIP Attacks SIP Security Vulnerabilities H.323-Specifi InterceptionService ng TFTP Confi • • • • • • • • • • • c Attacks Registration Addition withadd_registrations Tool Registration Removal witherase_registrations Tool Commercial VoIP Fuzzing tools Why Fuzzing Additional Attacks withaRogue SIPProxy Randomly Redirect CallswithaRogue SIPProxy Dropping CallswithaRogue SIPProxy Replacing/Mixing Audio Listening to/Recording Calls SIP Rogue Application How toInsert Rogue Application guration File Transfers EC-Council Page 109 EC-Council Hazards of Electromagnetic Radiation of Electromagnetic Hazards Attacks Computer Network • • nition ng ng Replay attacks Replay Denial-of-service Business Process Risk Process Business Risk Intelligence Business Risk Privacy Risk Externality Sniffi Tracking Spoofi VoIP Phishing VoIP o o Against RFID Attacks Protection RFID Guardian RFID Malware RFID- Defi Systems Components of RFID RFID Collisions RFID Risks o o o o Issues RFID and Privacy Countermeasures Threats and Privacy RFID Security o o o o Tracks Covering Module 39: RFID Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 110 Module 40:Spamming o Spamming Tools Types ofSpam Attacks Top Spam Effected Countries: Statistics Worsen ISP:Statistics Spammer: Statistics How Spamming isperformed Techniques usedby Spammers Introduction o o o RFID Security o o o RFID Security Controls RFID Hacking Tool: RFDump o o o Vulnerabilities inRFID-enabledCredit Cards RFID Exploits Farelogic Worldcast Defending AgainstRFIDMalware How to Write anRFID Worm How to Write anRFID Virus Technical Controls Operational Controls Management Controls Eavesdropping Attack Replay Attack Skimming Attack EC-Council Page 111 EC-Council SpamAgent SpamAgent

AntispamSniper AntispamSniper Reader Spam (SA) Proxy Assassin Proxy Spam Free MailWasher Bully Spam 123 Hidden Sender 123 Hidden Man YL Mail Sendblaster Sender Direct Hotmailer Server Email Bulk PackPal IEmailer Email SPAM Stop AEVITA Desktop SpamExperts Pro SpamEater SpamWeasel Spytech Introduction to USB Devices to USB Devices Introduction Attack Electrical Attack Software o o o o o Countermeasures o o o o o o o Techniques Anti-Spam Tools Anti- Spamming o o o o o Module 41: Hacking USB Devices 41: Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 112 o o o o o o USB Security Tools o o o Hacking Tools o o o o o o o o o o o o Viruses and Worms USB Attack on Windows Advanced USBPro Monitor Remora USBFile Guard USB CopyNotify USB-Blocker USBDeview MyUSBonly USB Hacksaw USB Switchblade USB Dumper W32.DromHTTP W32/VBAut-B W32/QQRob-ADN W32/Hairy-A W32/LiarVB-A W32/SillyFDC-BK W32/SillyFD-AA W32/Dzan-C W32/Fujacks-E W32/Fujacks-AK W32/Hasnot-A W32/Madang-Fam EC-Council Page 113 EC-Council Attacking Oracle Oracle Attacking in Oracle Issues Security Attacks of Database Types Privileges DBA and Gain Database into an Oracle to Break How Beta Voyager Worm: Oracle Systems SQL Server to Exploit Tricks Hacker Ten is Hacked SQL Server How Query Analyzer odbcping Utility Professional ASPRunner Tool: FlexTracer Tool: Folder Password Expert USB Password Folder USBlyzer Pro USB PC Lock Torpark Chaser USB Virus Hacking Database server: Introduction server: Database Introduction Hacking Server Database Oracle Hacking o o o o o o SQL Server Hacking o o o o o Tools Security Checklist Administrator Practices: Best Security SQL Server Checklist Developer Practices: Best Security SQL Server o o o o o Countermeasures Countermeasures Module 42: Hacking Database Servers Database 42: Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 114 Module 43:Cyber Warfare- Hacking, Al-Qaida and Terrorism Electronic Jihad' App Offers Cyber Terrorism fortheMasses Electronic Jihad Table 1:How Websites Support Objectives ofterrorist/Extremist Groups Terror Web2.0 Cyber Terror Threat isGrowing, Says Reid Budget: Eye onCyber-Terrorism Attacks E.U. Urged toLaunchCoordinated Effort AgainstCybercrime Bush onCyber War: ‘a subjectIcanlearnalotabout’ NATO Threatens War withRussia Russia ‘hired botnets’ forEstoniaCyber-War Cyber Threat totheMilitary Propaganda: Hizballah Website Propaganda Research Recruitment Planning Cyber Support to Terrorist Operations Why Terrorists Use Cyber Techniques Al-Qaeda Net Attack 45 Muslim Doctors Planned US Terror Raids Cyber-Warfare Attacks Cyber Terrorism Over Internet EC-Council Page 115 EC-Council PopUp PopUp Key Features of Internet Filters Filters of Internet Features Key Filters and Cons of Internet Pros iProtectYou Porn Block Tool: FilterGate Tool: Adblock Tool: AdSubtract Tool: GalaxySpy Tool: Killer Up Pop AdsGone Tool: Anti Tool: Police Up Pop Tool: Blocker Ad Super Tool: Anti-AD Guard Tool: Nanny Net CyberSieve Filter Internet BSafe Lite Stop-the-Pop-Up Tool: WebCleaner Tool: AdCleaner Tool: o o o o o o o o o o o o o o o o o o o Introduction to Internet Filter Filter to Internet Introduction Tools Content Filtering Internet Cyber Jihad – Cyber Firesale Firesale – Cyber Jihad Cyber http://internet-haganah.com/haganah/ Module 44: Internet Content Filtering Techniques Content Filtering 44: Internet Module http://www.eccouncil.org http://www.eccouncil.org Page 116 Module 45:Privacy ontheInternet Internet Privacy Tools: Anonymizers Electronic Commerce Pros andConsofInternet Relay Chat Internet Relay Chat Downloading Freeware Web Bugs Web Browsers Google Privacy Policy How Google Stores Personal Information How Internet Cookies Work Examining Information inCookies Cookies Email privacy Spyware privacy Proxy privacy Internet privacy o o o o o o o Anonymizer Nyms Anonymizer Total Net Shield Anonymizer AnonymousSurfi Internet Safety Guidelines forChildren Tool: KDTSite Blocker Tool: LiveMark Family Tool: Adult Photo Blanker ng EC-Council Page 117 EC-Council ng rewall Firestarter Firestarter Anonymous Friend IP Easy Hide Agnitum fi Anonymizer Anti-Spyware Anonymizer Lite Shredder Digital Anonymizer Anonym Internet Steganos IP Map Invisible Anonymity Shield NetConceal Anonymous Guest ViewShield IP Hider Standard Surf Mask VIP Anonymity SmartHide Anonymity Gateway IP My Hide Anonymity Claros Optimizer Internet Max Shield Hotspot Toolbar Anonymous Browsing Browsing Invisible Time Cleaner Real Surfi Anonymous Web o o o o o o o o o o o o o o o o o o o o o o o o Internet Privacy Tools: Firewall Tools Tools Firewall Tools: Privacy Internet http://www.eccouncil.org http://www.eccouncil.org Page 118 Module 46:Securing LaptopComputers o o Tools Bluetooth inLaptops Protecting Laptops Through Face Recognition Fingerprint Reader Laptop Theft Laptop threats Percentage ofOrganizations Following the Security Measures Statistics onSecurity Statistics forStolen andRecovered Laptops Counter measures Best Practices Internet Privacy Tools: Others Laptop Security Tools Laptop Security o o o o o o o o o Netdefender Sunbelt Personal Firewall Tips forInternet Privacy Protecting Search Privacy Tracks eraser Historykill Cookiepal CookieCop Privacy Eraser EC-Council Page 119 EC-Council Laptop Alarm Laptop Flexysafe Lock Master eToken STOP-Lock Crypt True Tracker PC PAL Cryptex Multifactor Disk Dekart Private Laptop Anti-Theft Trace Inspice GOLD ZTRACE Pro SecureTrieve Tracker Laptop XTool Encrypted Disk XTool Asset Auditor XTool Delete Remote XTool o o o o o o o o o o o o o o o o o Thefts Laptop Physical from Securing for Laptops Security Hardware Data the Sensitive Protecting Threats Wireless Laptop Communications from Preventing Used Being Laptops from the Stolen Protecting Tips Security Module 47: Spying Technologies 47: Spying Module http://www.eccouncil.org http://www.eccouncil.org Page 120 Vendors Hosting Spy Devices Spying Devices Motives ofSpying Spying o o o o o o o o o o o o o o o o o o o o o Spy Detector Devices Spy Detectors GPS Devices Eavesdropper ListeningDevice Audio Spy Devices Spy Eye Side Telescope Spy Scope:Spy Telescope andMicroscope Spy Kit Wireless Spy Camera Spy Helicopter Toy Spy Binoculars Spy Pen Spy Watch Spy Goggle Spy Camera Spy Devices UnderwaterCamera Video Tiny Spy Video Cams Video Spy Devices Video Spy Spying Using Cams EC-Council Page 121 EC-Council Spy Gadgets Spy Directory Tools Spy Amazon.com Associates Spy Paramountzone Protection Surveillance Protection and Monitoring Network Pro-Computer Spy Net Pro SpyBoss CyberSpy SpyAgent Spytech ID Computer Spy e-Surveiller Software Spy KGB Spy O&K Work Spy WebCam Eye Golden Filter Spy Internet - S&D Spybot SpyCop Terminator Spyware XoftSpySE o o o o o o o o o o o o o o o o o o o o o Spying Tools Tools Spying Tools Anti-Spying Module 48: Corporate Espionage- Hacking Using Insiders Using 48: Corporate Espionage- Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 122 Module 49:Creating Security Policies Countermeasures o o Tools Key Findings from U.SSecret andCERT Service Coordination Center/SEIstudyonInsider Threat Facts Federal Employee Sentenced forHacking California Man Sentenced For Hacking Former Employees Abet Stealing Trade Secrets Former Forbes Employee Pleads Guilty Process ofHacking Techniques Used forCorporateEspionage Common Attacks carriedoutby Insiders Driving Force behindInsider Attack Privileged Access Different CategoriesofInsider Threat Insider Threat Information CorporateSpies Seek Introduction To CorporateEspionage Key Elements ofSecurity Policy Security policies o o Privatefi NetVizor Countermeasures Best Practices againstInsider Threat rewall w/Pest Patrol EC-Council Page 123 EC-Council Promiscuous Policy Promiscuous Policy Permissive Policy Prudent Policy Paranoid Policy Acceptable-Use Policy User-Account Policy Remote-Access Policy Information-Protection Policy Firewall-Management Policy Special-Access Policy Network-Connection Policy Business-Partner Policies Important Other Policies E-mail Security for Creating Practices Best cation of Security Policy of Security cation gurations of Security Policy of Security gurations o o o o o o o o o o o o o o ning the Purpose and Goals of Security Policy Security of and Goals ning the Purpose Role of Security Policy of Security Role Classifi Policy of Security Design Policy Contents of Security Confi Policies Security Implementing Policies of Security Types Statements Policy Policies Security of Information Set Document Basic Policy E-mail Security Defi http://www.eccouncil.org http://www.eccouncil.org Page 124 Module 50:Software Piracy and Warez Piracy Software Activation: Introduction Sample Policies Points toRemember While Writing aSecurity Policy Software LicensePolicy Software Security Policy o o o o o o o o o o o o o o o o o Software Piracy Ratein2006 Impacts ofpiracy Cracked Copies Pirated Copies Abusive Copies Piracy Over Internet Process ofSoftware Activation Software LicensePolicy User Identifi Internet Acceptable Use Policy Firewall Management policy Personal ComputerAcceptable Use Policy E-mail andInternet Usage Policies E-mail Security Policy Wireless Security Policy Remote Access Policy User Identifi cation andPassword Policy cation andPasswords Policy EC-Council Page 125 EC-Council Piracy Blocking Piracy Numbers CD Key Dongles Limited Installations Media Media Protected Numbers Serial Hidden (DRM) Right Management Digital for DVD Copy protection Warez Warez of Types Distribution Warez Methods Distribution o o o o o o o o o o o o Software Copy Protection Backgrounders Backgrounders Copy Protection Software Warez Crypkey Tool: EnTrial Tool: File Distribution Tool: EnTrial Dialog Initialization & Package Product Tool: EnTrial GUI Package Add Tool: EnTrial DF_ProtectionKit Tool: Killer Crack Tool: Logic Protect Tool: License Manager Software Tool: License Manager Quick Tool: WTM CD Protect Tool: http://www.eccouncil.org http://www.eccouncil.org Page 126 Module 51:Hacking andCheatingOnline Games Module 52:Hacking RSSandAtom Tips forSecure Online Gaming Best Practices forSecure Online Gaming Online Gaming Malware from 1997-2007 Stealing Online Game Passwords Example of populargameexploits Types ofExploits Cheating inOnline ComputerGames Threats inOnline Gaming Basics ofGame Hacking Online Games: Introduction o Risks by Zone Tracking ChangesinOpen Source Projects Monitoring theServer withFeeds Routing Feeds totheEmail Inbox Building aFeed Aggregator Areas Where RSSandAtom isUsed Introduction o Remote Zone risk Stealing Online Game Passwords: Social Engineering andPhishing EC-Council Page 127 EC-Council ng Vulnerability ng c Risks c Firefox Proof of Concept Information Leak Vulnerability Leak of Concept Information Proof Firefox Spoofi Firefox Vulnerability Password Login Data Or Form Saving With Concerns o o o o Perseptio FeedAgent FeedAgent Perseptio RssFeedEater Thingamablog RSS Builder RSS Submit FeedDemon FeedForAll FeedExpress Security RSS and Atom Local Zone Risk Zone Local Introduction Work Browsers Web How HTML Documents Access Browsers Web How for an URL Protocols Firefox Hacking Utilizing the Web Feeds Vulnerabilities Vulnerabilities Feeds Web the Utilizing the Feeds to Attack for Attacker Example Tools o o o o o o o o o o Specifi Reader Module 53: Hacking Web Browsers (Firefox, IE) (Firefox, Browsers Web 53: Hacking Module http://www.eccouncil.org http://www.eccouncil.org Page 128 Internet Explorer Security Hacking Internet Explorer Firefox Security o o o o o o o o o o o o o o o o o o o o o o Internet History Viewer: Cookie Viewer Cookies Cleaning Up Browsing History Specify Default Applications Per Site Privacy Actions AutomaticOverwrite Cookie Handling Privacy Trusted Sites Zone Custom Level Security Zones Getting Started Window Injection Vulnerability Redirection Information Disclosure Vulnerability Mozilla Firefox Security Features Clear Private Data Content Settings Security Settings Privacy Settings Getting Started Tool: CookieCuller Tools For CleaningUnwanted Cookies Blocking CookiesOptions EC-Council Page 129 EC-Council ow Vulnerability ow Internet Explorer Security Features Security Explorer Internet Vulnerability Pointer Invalid JavaScript Vulnerability Parsing Header BitTorrent Overfl Buffer Handling File Torrent Security and Privacy Features and Privacy Security Vulnerability Browser Safari Vulnerability Dos Remote Exhaustion Memory Browser Safari iPhone startedGetting Preferences AutoFill Features Security SSL Sessions Validates Improperly Navigator Netscape Vulnerability Security Navigator Netscape Started Getting Settings Privacy Settings Security Content Settings Data Clear Private o o o o o o o o o o o o o o o o o o Hacking Opera Opera Hacking Security Features of Opera of Opera Features Security Safari Hacking Safari Securing Netscape Hacking Netscape Securing http://www.eccouncil.org http://www.eccouncil.org Page 130 Module 54:Proxy Server Technologies NetProxy AnalogX Proxy TOR Proxy ChainingSoftware TOR Proxy ChainingSoftware How Does MultiProxy Work o o o o o o o o o o o Tools Use ofProxies forAttack Free Proxy Servers Socks Proxy Types ofProxy Server Working ofProxy Server Introduction: Proxy Server MultiProxy Super Proxy Helper Tool ProxyManager Tool Proxy Workbench ezProxy AllegroSurf SafeSquid Trilent FTPProxy Advanced FTPProxy Server UserGate Proxy Server WinGate EC-Council Page 131 EC-Council Security Platform Platform Security Security Data Pointsec Software: Check Point Cisco (IronPort) Appliance Content Inspection DBProtector Systems: CrossRoads Architecture DBProtector Strongbox DeviceWall Discovery Exeros GFiEndPointSecurity Software: GFi Platform Protection Data GuardianEdge (IDM) Manager Driven Identity ProCurve SecureSphere Imperva: o o o o o o o o o o o o Introduction: Data Loss Data Introduction: Loss Causes of Data Loss Data to Prevent How Loss Prevention Assessment for Data Impact Tools Proxy+ Lite ProxySwitcher JAP Tool: Proxomitron Tool SSL Proxy SSL Proxy to Run How Module 55: Data Loss Prevention 55: Data Module http://www.eccouncil.org http://www.eccouncil.org Page 132 Module 56:Hacking Global Positioning System (GPS) Areas ofConcern Wardriving Sharing Waypoints DaemonGpsd-GPS Service GPS Devices Manufacturers Terminologies Geographical Positioning System (GPS) o o o o o o o o o o o o o o o o Websense ContentProtection Suite VolumeShield AntiCopy Verdasys: Digital Guardian Varonis: DataPrivilege Symantec Database Security Sentrigo: Hedgehog Defi End-user Safe/Block List Summary Dashboard Proofpoint Platform Architecture Proofpoint Messaging Security Gateway Prism EventTracker Novell ZENworks Endpoint Security Management Marshal EndPoint WebMarshal MailMarshal ance Data Protection System EC-Council Page 133 EC-Council GPS Hidden Secrets GPS Hidden Garmin Commands in Startup Secret Reset Soft Reset/ Hard Firmware Screen Startup Vista eTrex the Garmin Bypassing GPS Firmware: Hacking Screen Startup Legend eTrex the Garmin Bypassing GPS Firmware: Hacking Screen Startup Venture eTrex the Garmin Bypassing GPS Firmware: Hacking GPS NMEA LOG Tool: GPS Diagnostic Tool: RECSIM III Tool: G7toWin Tool: G7toCE Tool: Guard GPS Security Tool: Functions Guard GPS Security UberTracker What is Computer Forensics Forensics for Computer Need o o o o o o o o o o o o o o o Computer Forensics Computer Forensics o o Sources of GPS Signal Errors of GPS Signal Sources Loss Signal to Mitigate Methods GPS Secrets Firmware Hacking Hacking Firmware GPS Tools Module 57: Computer Forensics and Incident Handling and Incident 57: Computer Forensics Module http://www.eccouncil.org http://www.eccouncil.org Page 134 o o o o What isCSIRT Vulnerability Resources Incident Reporting Whom toReport anIncident Estimating CostofanIncident Why don’t Organizations Report ComputerCrimes Incident Management o o o o o o o o o o o Incident Handling List ofComputerForensics Tools Key Steps inForensic Investigations Stages ofForensic Investigation in Tracking Cyber Criminals Objectives ofComputerForensics • • • • • • Procedure forHandling Incident Handling Incidents Incident Response Checklist Defi How toPrevent anIncident How toIdentify anIncident ofIncidents: HighCategory Level ofIncidents: MidCategory Level ofIncidents: LowCategory Level What isanIncident Present Networking Scenario ning theRelationship between Incident Response, Incident Handling, andIncident Management Stage 6:Follow-up Stage 5:Recovery Stage 4:Eradication Stage 3:Containment Stage 2:Identifi Stage 1:Preparation cation EC-Council Page 135 EC-Council cation c Procedures-I (Virus and Worm Incidents) Worm (Virus and Procedures-I c Incidents) (Hacker Procedures-II c Incidents) Physical Incidents, (Social Procedures-III c Step 1: Obtain Management Support and Buy-in and Buy-in Support Management 1: Obtain Step Plan Strategic Development the CSIRT 2: Determine Step Information Relevant 3: Gather Step Vision CSIRT your 4: Design Step Vision 5: Communicate the CSIRT Step Implementation CSIRT 6: Begin Step 7: Announce the CSIRT Step • • • • • • • rst.org/about/organization/teams/ CSIRT: Goals and Strategy and Goals CSIRT: Team Response needs an Incident Why an Organization Case Classifi CSIRT of Support and Level of Incidents Types Specifi Incident Specifi Incident Specifi Incident Case: Steps Handles CSIRT How of CSIRT Example a CSIRT for Creating Practices Best o o o o o o o o o o Credit Card Fraud Fraud Card Credit Fraud Card Credit Internet Over Fraud Card Credit World CERTs http://www.trusted-introducer.nl/teams/country.html http://www.trusted-introducer.nl/teams/country.html CERTs World http://www.fi World the Around IRTs E-Crime Statistics Card Credit o o o Module 58: Credit Card Frauds Card 58: Credit Module http://www.eccouncil.org http://www.eccouncil.org Page 136 Module 59:How toSteal Passwords o Password Stealing Trojans Password Stealing Techniques How toSteal Passwords Password Stealing o Best Practices: Ways toProtect Your Credit Cards o o o o o o o o o o o o Credit Card Fraud Detection o o Credit Card Generators MSN Hotmail Password Stealer Net Credit/Debit Card Fraud In The USAfterGross Charge-Offs Facts tobeNoted by Consumers What todoifyou are a Victim ofaFraud Pago Fraud Screening Process www.pago.de FraudLabs Limitations of3DSecure 3D Secure MaxMind Credit Card Fraud Detection Card Watch XCART: Online fraudScreening Service Credit Card Fraud Detection Technique: Fraud Screening Credit Card Fraud Detection Technique: Pattern Detection RockLegend’s !Credit Card Generator Credit Card Generator EC-Council Page 137 EC-Council AOL Password Stealer Password AOL Trojan-PSW.Win32.M2.14.a CrazyBilets Dripper Fente GWGhost Kesk Stealer pwd MTM Recorded Devil Password Thief Password Stealer Password Remote Finder Password POP3 Email Finder Password Instant MessenPass PstPassword PassView Desktop Remote IE PassView Password Messenger Yahoo Firewalls: Introduction Firewalls: Firewalls Hardware o o o o o o o o o Tools Stealing Password o o o o o o o o o Security Password for Improving Recommendations Practices Best Module 60: Firewall Technologies 60: Firewall Module http://www.eccouncil.org http://www.eccouncil.org Page 138 o o o o o o o o o o o Linux Firewalls o o o o o o o o o o Windows Firewalls o Software Firewalls Nortel Switched Firewall Check Point Firewall CISCO PIX 535Firewall CISCO PIX 525Firewall Cisco PIX 515EFirewall Cisco PIX 506EFirewall Cisco PIX 501Firewall Personal Firewall Hardware: Cisco’s PIX Personal Firewall Hardware: Linksys Netgear Firewall Hardware Firewall ZoneAlarm Comodo Personal Firewall PC Tools Firewall Plus InJoy Firewall Xeon Firewall Sunbelt Personal Firewall Kerio WinRouteFirewall Symantec Enterprise Firewall McAfee Personal Firewall Norton Personal Firewall Software Firewall EC-Council Page 139 EC-Council Account Policies Account Policy Password Policy Password - Policies Policy Password Vulnerability - History Password Enforce - Countermeasure History Password Enforce Impact - Potential History Password Enforce Vulnerability Age - Password Age - Countermeasure Password Maximum Impact Age - Potential Password Maximum Age Password Maximum KMyFirewall KMyFirewall Firestarter Guarddog Builder Firewall Buttress Flying X Firewall DoorStop X5 NetBarrier Intego Little Snitch Domain Level Policies Level Domain o o o o History Password Enforce o o o Age Password Maximum o o o o o o o o OS X Firewalls Mac o o o o Module 61: Threats and Countermeasures and Threats 61: Module http://www.eccouncil.org http://www.eccouncil.org Page 140 o o o o o o Account Lockout Threshold o o o o Account LockoutDuration o Account LockoutPolicy Store Password usingReversible forallUsers Encryption inthe Domain o o o o Passwords Must Meet ComplexityRequirements o o o o Minimum Password Length Minimum Password Age Minimum Password Age-Potential Impact Minimum Password Age-Countermeasure Minimum Password Age- Vulnerability Minimum Password Age Account Lockout Threshold - Vulnerability Account LockoutDuration Account LockoutDuration -Potential Impact Account LockoutDuration -Countermeasure Account LockoutDuration - Vulnerability Account LockoutPolicy -Policies Passwords mustMeet ComplexityRequirements Passwords mustMeet ComplexityRequirements -Potential Impact Passwords mustMeet ComplexityRequirements -Countermeasure Passwords mustMeet ComplexityRequirements - Vulnerability Minimum Password Length Minimum Password Length-Potential Impact Minimum Password Length-Countermeasure Minimum Password Length- Vulnerability EC-Council Page 141 EC-Council Account Lockout Threshold - Countermeasure Threshold Lockout Account Impact - Potential Threshold Lockout Account - Policies Policy Kerberos Ticket Lifetime for User Maximum Renewal Ticket Lifetime for User Maximum Settings Audit Logon Events Account Audit Management Account Audit Service Directory Access Audit Logon Events Audit Access Object Audit Change Policy Audit Use Privilege Audit Tracking Process Audit Events System Audit o o Counter After Lockout Account Reset Policy Kerberos o Restrictions Logon User Enforce Ticket Lifetime for Service Maximum o o for Computer Clock Synchronization Tolerance Maximum Policy Audit o o o o o o o o o o Rights User the Network this Computer from Access System of the Operating as Part Act to Domain Workstations Add http://www.eccouncil.org http://www.eccouncil.org Page 142 Log On asaService Log On asaBatch Job Lock Pages inMemory Load andUnload Device Drivers Increase SchedulingPriority Impersonate aClientafterAuthentication Generate Security Audits Force Shutdown from aRemote System Enable ComputerandUser Accounts tobe Trusted forDelegation Deny LogOn through Terminal Services Deny LogOn Locally Deny LogOn asaService Deny LogOn asaBatch Job Deny Access tothisComputerfrom theNetwork Debug Programs Create Permanent Shared Objects Create Global Objects Create a Token Object Create aPage File Change theSystem Time Bypass TraverseChecking Back Up Files andDirectories Allow LogOn through Terminal Services Allow LogOn Locally Adjust Memory Quotas foraProcess EC-Council Page 143 EC-Council nition Language (SDDL) nition Language (SDDL) DCOM: Machine Access/Launch Restrictions in Security Descriptor Defi Descriptor in Security Restrictions Access/Launch DCOM: Machine o Accounts: Administrator Account Status - Vulnerability - Status Account Administrator Accounts: Status Account Administrator Accounts: Status Account Guest Accounts: to Console Logon Only Passwords of Blank Use Limit Local Account Accounts: Account Administrator Rename Accounts: Account Guest Rename Accounts: Privilege and Restore of Backup the Use Audit Audit: Audits to Log Security if Unable Immediately System Down Shut Audit: le System Performance System le le Single Process Single le Devices: Allow Undock without having to Log On Undock Allow Devices: Profi Station Docking Computer from Remove Token Level a Process Replace and Directories Files Restore the System Down Shut Service Directory Data Synchronize Objects or Other Ownership of Files Take Options Security Status Account Administrator Accounts: o o o o o o Objects System of Global the Access Audit Audit: o o Defi Descriptor in Security Restrictions Access/Launch DCOM: Machine Manage Auditing and Security Log and Security Auditing Manage Values Environment Firmware Modify Tasks Maintenance Volume Perform Profi http://www.eccouncil.org http://www.eccouncil.org Page 144 Network Access: Allow AnonymousSID/Name Translation Microsoft Network Server: Disconnect ClientswhenLogonHours Expire Microsoft Network Server: AmountofIdle Time Required before Suspending Session Microsoft Network Client:Send Unencrypted Password to Third-party SMBServers Microsoft Network ClientandServer: Digitally Sign Communications(Four Related Settings) Interactive Logon:Smart Card Removal Behavior Interactive Logon:Require Smart Card Interactive Logon:Require Domain Controller Authentication toUnlock Workstation Interactive Logon:Prompt User toChangePassword before Expiration Interactive Logon:Number ofPrevious LogonstoCache Interactive Logon:Message Text forUsers Attempting toLogOn Interactive Logon:Do Not Require CTRL+ALT+DEL Interactive Logon:Do Not Display LastUser Name Domain Member: Require Strong (Windows 2000orLater)Session Key Domain Member: Maximum Machine Account Password Age Domain Member: Disable Machine Account Password Changes Domain Member: Digitally orSign Encrypt Secure ChannelData Domain Controller: Refuse Machine Account Password Changes Domain Controller: LDAPServer Signing Requirements Domain Controller: Allow Server Operators toSchedule Tasks Devices: Unsigned Driver Installation Behavior Devices: Restrict CD-ROM Access toLocallyLogged-onUser Only Devices: Restrict CD-ROM/Floppy Access toLocallyLogged-onUser Only Devices: Prevent Users from Installing Printer Drivers Devices: Allowed toFormat andEject Removable Media EC-Council Page 145 EC-Council cate Rules on Windows Executables for Software Restriction Policies Restriction for Software Executables Windows on cate Rules Network Access: Do Not Allow Anonymous Enumeration of SAM Accounts Anonymous Enumeration Allow Not Do Access: Network Authentication for Network Passports or .NET of Credentials Storage Allow Not Do Access: Network Users to Anonymous Apply Permissions Let Everyone Access: Network Anonymously that can be Accessed Pipes Named Access: Network Registry Paths Accessible Remotely Access: Network and Sub-paths Registry Paths Accessible Remotely Access: Network and Shares Pipes to Named Anonymous Access Restrict Access: Network Anonymously that can be Accessed Shares Access: Network for Local Accounts Model and Security Sharing Access: Network Change Password on Next Value Hash LAN Manager Store Not Do Security: Network Expire Logoff when Logon Hours Force Security: Network Level Authentication LAN Manager Security: Network Requirements LDAP Client Signing Security: Network RPC) Clients/Servers Secure for NTLM SSP based (Including Security Session Minimum Security: Network RPC) Clients Secure for NTLM SSP based (Including Security Session Minimum Security: Network Logon Administrative Automatic Console: Allow Recovery and all Folders to all Drives Copy and Access Floppy Console: Allow Recovery to Log On Having Without Down to be Shut System Allow Shutdown: File Page Memory Virtual Clear Shutdown: on the Computer Stored Keys for User Protection Key Strong Cryptography: Force System FIPS Compliant Algorithms for Encryption, and Signing Hashing, Cryptography: Use System Group of the Administrators Members by Created Objects Owner for Default Objects: System Subsystems for Non-Windows Case Insensitivity Require Objects: System Objects System of Internal Permissions Default Strengthen Objects: System Certifi Use Settings: System http://www.eccouncil.org http://www.eccouncil.org Page 146 Cryptographic Services Cryptographic Computer Browser COM+ System Application COM+ Event System Cluster ClipBook forNetWareClient Service Certifi Background Intelligent Transfer (BITS) Service Automatic Updates ASP .NETState Service Application Management Application Layer Gateway Service Application Experience LookupService System -Alerter Services Manually Editing Security Templates Do Not Set Permissions Objects onService Overview Services System Services o o o o o Event Log Delegating Access totheEvent Logs Retention Method forEvent Log Retain Event Logs Prevent LocalGuests Group from Accessing Event Logs Maximum Event LogSize cate Services

Service EC-Council Page 147 EC-Council DCOM Server Process Launcher Process DCOM Server DHCP Client DHCP Server System File Distributed Client Tracking Link Distributed Server Tracking Link Distributed Coordinator Transaction Distributed DNS Client DNS Server Service Reporting Error Log Event Compatibility Switching User Fast Service Fax Replication File for Macintosh Server File Service FTP Publishing and Support Help HTTP SSL Access Device Interface Human Access Database IAS Jet Service IIS Admin COM Service CD-Burning IMAPI Service Indexing Monitor Infrared Service Authentication Internet http://www.eccouncil.org http://www.eccouncil.org Page 148 Microsoft o o o Message Queuing Machine Debug Manager o Logical Disk Manager License LoggingService Kerberos Key Distribution Center IPSec Services IPSec Policy Agent(IPSec Service) IP Version 6Helper Service Intersite Messaging Network Provisioning Service Network LocationAwareness (NLA) Network DDEDSDM Network DDE Network Connections NetMeeting Remote Desktop Sharing Net Logon .NET Framework Support Service MSSQLServerADHelper MSSQL$UDDI Microsoft Software Shadow CopyProvider Messenger Message Queuing Triggers Message Queuing Down Level Clients Logical Disk Manager Administrative Service

POP3

Service EC-Council Page 149 EC-Council cation Remote Access Connection Manager Access Remote Manager Session Help Desktop Remote Call (RPC) Procedure Remote Call (RPC) Locator Procedure Remote Registry Service Remote Manager Server Remote Monitor Server Remote Notifi Storage Remote Server Storage Remote Network News Transfer Protocol (NNTP) Protocol Transfer News Network Provider Support NTLM Security Alerts Logs and Performance and Play Plug Number Serial Media Portable for Macintosh Server Print Spooler Print Storage Protected QoS RSVP Service Connection Manager Auto Access Remote o Service Administration Remote Manager Session Help o Installation Remote o o o o o o o Storage Removable Provider of Policy Set Resultant Access and Remote Routing http://www.eccouncil.org http://www.eccouncil.org Page 150 Web Element Manager WebClient Virtual Disk Service Upload Manager Uninterruptible Power Supply Trivial FTPDaemon o o Terminal Services Telnet TCP/IP Print Server TCP/IP NetBIOS Helper Service Task Scheduler System Restore Service System Event Notifi Special Administration ConsoleHelper Smart Card Services Simple TCP/IP Simple Mail Transport Protocol (SMTP) Shell Hardware Detection Server Security Center Security Accounts Manager Logon Secondary SAP Agent Terminal Session Services Directory Terminal Licensing Services cation EC-Council Page 151 EC-Council cations on Program Launch cations on Program guration Settings guration guration Windows Installer Windows Manager Resource System Windows Time Windows Make Proxy Settings Per-Machine (Rather than Per-User) (Rather than Per-User) Per-Machine Settings Proxy Make Sites to Add/Delete Users Allow Not Do Zones: Security Detection off Crash Turn Add-ons or Disable to Enable Users Allow Not Do Page Panel\Security Control Explorer\Internet Internet Page Panel\Advanced Control Explorer\Internet Internet Invalid is if the Signature Even or Install to Run Software Allow Workstation Service Publishing Web Wide World Policies Restriction Software Software of Malicious Threat The Templates 2003 Administrative Server Windows XP and Windows Computer Confi NetMeeting Sharing Desktop Remote Disable Computer Settings Explorer Internet Components Explorer of Internet Install Automatic Disable Updates Software Explorer Check for Internet Periodic Disable Notifi Shell Update Software Disable Windows Firewall /Internet Connection Sharing /Internet Firewall Windows o o o Service Auto-Discovery Proxy Web WinHTTP Confi Wireless http://www.eccouncil.org http://www.eccouncil.org Page 152 Do Not Allow COMPort Redirection Allow Time Zone Redirection Client/Server Data Redirection Sets Rules forRemote Control of Terminal User Services Sessions Do Not Allow LocalAdministrators toCustomize Permissions Deny LogOff ofanAdministrator LoggedintotheConsoleSession Terminal Services Prevent IISInstallation Internet Information Services Network Protocol Lockdown Restrict File Download Restrict ActiveX Install Scripted Window Security Restrictions MIME Sniffi Consistent MIMEHandling Local Machine Zone Lockdown Security MK Protocol Security Restriction BehaviorBinary Security Restriction Internet Explorer\Security Features Empty Temporary Internet Files Folder whenBrowser isClosed Do Not Save Pages Encrypted toDisk Check forSignatures On Downloaded Programs Check forServer Certifi Allow Third-party Browser Extensions Allow Active Contentfrom CDstoRun onUser Machines ng Safety Features cate Revocation EC-Council Page 153 EC-Council Explorer Explorer Messenger Messenger

gure Automatic Updates Automatic gure Do Not Allow Client Printer Redirection Redirection Printer Client Allow Not Do Redirection Port LPT Allow Not Do Redirection Drive Allow Not Do Encryption Security and Client Connection Encryption Level Set Connection On A Password Client For Always Prompt Policy RPC Security Security) (Require Server Secure Sessions Sessions Disconnected Limit For Time Set Client Only Original From Reconnection Allow Windows Turn Off Shell Protocol Protected Mode Protected Protocol Shell Off Turn Windows Windows Update Update Windows Confi Scheduled Installations Updates Automatic Reschedule System off Autoplay Turn List Once The Run Process Not Do Logon Logon At Screen Welcome Started The Getting Display Don't List The Legacy Run Process Not Do Policy Group Processing Policy Maintenance Explorer Internet http://www.eccouncil.org http://www.eccouncil.org Page 154 Enabledeadgwdetect: Allow Automatic Detection Of Dead Network Gateways (CouldLead To Dos) Disableipsourcerouting: IPSource Routing Protection Level (Protects AgainstPacket Spoofi TCP/IP-Related Entries Registry How toModify theSecurity Confi Additional Entries Registry System\Power Management Remove Security Tab Windows Explorer Notify Programs Antivirus When Opening Attachments Hide Mechanisms To Remove Zone Information Trust LogicFor File Attachments Inclusion ListFor Low File Types Inclusion ListFor Moderate RiskFile Types Inclusion ListFor High RiskFile Types Attachment Manager Disable Save This Program To Disk Option Browser Menus Distributed COM Internet CommunicationsManagement Report Errors Display Error Notifi Error Reporting Security Policy Processing PolicyRegistry Processing IP Security Policy Processing cation guration Editor User Interface ng) EC-Council Page 155 EC-Council gure Automatic Reboot from System Crashes System from Reboot Automatic gure Except Requests Release Name Netbios the Computer to Ignore Allow Security: Release Name Netbios gure Enableicmpredirect: Allow ICMP Redirects To Override OSPF Generated Routes Generated OSPF Override To Redirects ICMP Allow Enableicmpredirect: Recommended) (300,000 Is Milliseconds In Sent Are Packets Keep-alive Often How Keepalivetime: Against Dos) (Protects Level Protection Attack Syn Synattackprotect: Not Is Request When A Connection Retransmissions SYN-ACK Tcpmaxconnectresponseretransmissions: Acknowledged 5 Is (3 Recommended, Retransmitted Is Data Unacknowledged Times Many How Tcpmaxdataretransmissions: Default) Registry Entries Miscellaneous Confi Shares Administrative Enable Passwords of Dial-Up Saving Disable List the Browse Computer From Lists: Hide Browse Neighborhood Network the Computer from Hide Confi WINS from Servers (Recommended) Mode Search DLL Safe Enable Order: DLL Search Safe Enable will System Log at which the Event for the Security Threshold Percentage Warning: Capacity Log Near Security Warning a Generate SP1 With 2003 Server Windows SP2 And With XP Windows In Available Registry Entries RunInvalidSignatures XP with SP2 Windows in Available Registry Entries for XP Center Registry Entries Security StorageDevicePolicies\WriteProtect 2003 with SP1 Server Windows in Available Registry Entries UseBasicAuth DisableBasicOverClearChannel Countermeasures Additional the Accounts Securing http://www.eccouncil.org http://www.eccouncil.org Page 156 Module 62:Case Studies Confi Confi Disable Dr. Watson: Disable Automatic Execution ofDr. Watson System Debugger Disable NetBIOS andSMBonPublic Facing Interfaces Confi Data and Application Segmentation NTFS guring Windows Firewall gure IPsec Policies gure SNMPCommunityName EC-Council Page 157 EC-Council Classroom Lecture Hours Lecture Classroom Topics

1 hour Google Hacking Footprinting 1 hour Google hour Backdoors 20 minutes Scanning hour Hacking 1 Enumeration hours and 1 System hour 2 Trojans hours Hacking to Ethical Introduction Laws Hacking 1 hours 2 Sniffers 2 hour 45 minutes 1 Servers Techniques 45 minutes Vulnerabilities Hijacking Web 30 minutes Cracking Application Worms and Viruses Session 30 minutes Hacking minutes Password 45 Minutes Web hour Injection Engineering Social 30 Web-Based hour Theft and Identity Phishing 1 SQL hour Accounts Email Hacking 1 hour Denial-of-Service 1 1 45 Minutes Networks Wireless Hacking Classroom Lecture Hours Lecture Classroom http://www.eccouncil.org http://www.eccouncil.org Page 158 0mnts Internet ContentFiltering Techniques Cyber Warfare- Hacking, Al-Qaida and Terrorism Hacking Database Servers Hacking USBDevices 20 minutes Spamming 20 minutes RFIDHacking 45 Minutes VoIP Hacking 45 Minutes Bluetooth Hacking 45 Minutes Mobile Phone andHandheld Devices (PDAs)Hacking 45 Minutes Hacking Routers, CableModems andFirewalls 45 Minutes Mac OSXHacking 20 minutes Reverse Engineering 45 Minutes Windows Based Buffer Overfl 45 Minutes Smashing theStack forFun andProfi 45 Minutes Exploit Writing 20 minutes AssemblyLanguage Tutorial 20 minutes Writing Virus Codes 20 minutes Covert Hacking 20 minutes 20 minutes Cryptography 20 minutes Evading IDS,Firewalls andDetecting Honey Pots 20 minutes 1 LinuxHacking 20 minutes Physical Security hour 1 Penetration 1 hour hour 45 Minutes Testing Buffer 45 Minutes Overfl ows ow Exploit Writing t EC-Council Page 159 EC-Council 20 minutes 20 minutes 20 minutes 20 minutes 20 minutes Anonymous on Internet- Privacy 20 minutes Computers Laptop Securing 20 minutes Technologies Spying 20 minutes Insiders Using Hacking Corporate Espionage- 20 minutes Policies Security Creating 20 minutes Warez and Piracy Software 20 minutes Games and Cheating Online Hacking 45 Minutes RSS and Atom Hacking 20 minutes IE) (Firefox, Browsers Web Hacking 1 hour Technologies Server Proxy 20 minutes Loss Prevention Data 20 minutes (GPS) System Positioning Global Hacking 20 minutes 20 minutes Handling and Incident Computer Forensics Frauds Card Credit 20 minutes Passwords to Steal How Technologies Firewall and Countermeasures Threats Case Studies http://www.eccouncil.org http://www.eccouncil.org Page 160 Lab 1.6 Lab 1.5 Lab 1.4 Lab 1.3 Lab 1.2 Lab 1.1 Module 01Introduction toEthical Hacking (Labtime: 45minutes) Lab 3.8 Lab 3.7 Lab 3.6 Lab 3.5 Lab 3.4 Lab 3.3 Lab 3.2 Lab 3.1 Module 03–Footprinting (Labtime:45minutes) Lab 2.2 Lab 2.1 Lab 2.1 Module 02Hacking Laws(Self Do Labs) Read Ethical Hacking Agreement Visit various hackerwebsites Read Ethical Hacking Strategies andBenefi Differentiate Security vs.Safety Understand whatisethicalhacking? Go through Ethical Hacking document Use “Way Back Machine” to View Web History Use “My IPSuite” toFootprint aNetwork Address Use isIP”toFootprint “Where aNetwork Address Use Which ISPOwnsIPtoFootprint aNetwork Address Use NEOTRACE toFootprint a Website Use GEOSpider toFootprint a Website Use Web Data Extractor toFootprint a Website Use SamSpade Hacking Offences whitepaper Go through Visit USCybercrime Website

Florida ComputerCrime Act ts CEH v6Labs EC-Council Page 161 EC-Council private of stocks, mutual funds, public and nd the information to fi nance to get free stock quotes, up to date news, portfolio management resources, stock quotes, up to date news, portfolioto get free resources, management nance.google.com/fi nance.yahoo.com/ http://fi http://fi Use “Yahoo People” for Footprinting an Individual for Footprinting People” “Yahoo Use an Individual for Footprinting “Intellius” Use Earth Google Use Website a Mirror to track emails Tracker E-Mail Use Addresses for E-Mail the Internet Search Use Use “Kartoo Visual Browser” for Footprinting a Company’s Network Company’s a for Footprinting Browser” Visual “Kartoo Use Use Use NMAP to Portscan a Website a NMAP to Portscan Use AngryIP Hosts to Check for Live Use Windows Hping2 for Using Scan the Network Pro Tools NetScan Using Scan the Network 4 SuperScan Using Scan the Network Go through Advanced Google Searching Google Advanced through Go whitepaper Searching Field search for Google Operators Advanced through Go http://johnny.ihackstuff.com/index.php?module=prodreviews Website the Visit Use “Public Websites” for Footprinting Websites” “Public Use Making Searching Even Easier topic in Google Guide whitepaper Guide Easier topic in Google Even Searching Making Module 05 – Scanning (Lab time: 50 minutes) Module Lab 5.1 Lab 5.2 Lab 5.3 Lab 5.4 Lab 5.5 Lab 4.2 Module 04 – Google Hacking (Lab time: 20 minutes) Hacking 04 – Google Module Lab 4.1 Lab 4.3 Lab 4.4 Lab 4.5 Lab 3.12 Lab 3.13 Lab 3.14 Lab 3.15 Lab 3.16 Lab 3.17 and mortgage rates. message boards, data, international market Lab 3.9 Lab 3.11 Lab 3.10 Lab 3.18 companies. http://www.eccouncil.org http://www.eccouncil.org Page 162 Lab 5.11 Lab 5.10 Lab 5.9 Lab 5.8 Lab 5.7 Lab 5.6 Lab 7.7 Lab 7.6 Lab 7.5 Lab 7.4 Lab 7.3 Lab 7.2 Lab 7.1 Module 07–System Hacking (Labtime:1hour) Lab 6.7 Lab 6.6 Lab 6.5 Lab 6.4 Lab 6.3 Lab 6.2 Lab 6.1 Module 06-Enumeration (Labtime:30minutes) HTTP TunnelingHTTP Banner Grabbing Using Netcraft Banner Grabbing Using Telnet Scan theNetwork Using Floppyscan Use Desktop Spy toCapture Screen Images Use “Klogger” Keylogger E-Mail Keylogger Execute CommandsonRemote Computer Privilege EscalationUsing X.EXE Extract SAMHashes Using Pwdump Use L0phtcracktoBruteforce SAMPasswords Use FreeNetEnumerator tooltoenumerate computersonthetargetdomain. Use DumpSec tooltoreveal shares over anullsessionwiththetargetcomputer Use Winfi Use SNMPScanner Use SuperScan 4toEnumerate Users Use GetAcct toEnumerate Users Connect viaNull Session Use Port Detect tooltofi Use HoverIP NsLookupqueries, toperform Trace route, Ping, scanning. andport ngerprint toEnumerate Services

nd open/blocked ports onthetargetcomputer nd open/blockedports EC-Council Page 163 EC-Council le. Use MSCONFIG to View the Startup Programs the Startup View MSCONFIG to Use Signatures File Digital to Create MD5SUM Use Entries Startup Trojan Check the Registry for Use Process Viewer to View the Running Processes the Running View to Viewer Process Use Use Spammimic to Hide Messages Hide to Spammimic Use Information to Hide Snow Use Auditing to Enable/Disable Auditpol Use computers. network on remote programs execute to Executor Alchemy Remote Use it to an encrypted activity and save log fi user‘s to capture KeyLogger Ardamax Use Use Camera/Shy to View Hidden Files Hidden View to Camera/Shy Use Use Asterisk Key to view passwords hidden under asterisks. hidden to view passwords Asterisk Key Use Tini Trojan Tini Trojan NetBus Trojan Netcat Trojan Beast Wrappers Use Trojan Proxy Commander Web Atelier Connections the Network to Monitor TCPVIEW Use Computer on My What’s NTFS Streams and Process Files to Hide Rootkit Fu Use Lab 8.12 Lab 8.13 Lab 8.11 Lab 8.2 Lab 8.3 Lab 8.4 Lab 8.5 Lab 8.6 Lab 8.7 Lab 8.8 Lab 8.9 Lab 8.10 Module 08 Trojans and Backdoors (Lab time: 1 hour) and Backdoors Trojans 08 Module Lab 8.1 Lab 7.12 Lab 7.13 Lab 7.14 Lab 7.15 Lab 7.8 Lab 7.11 Lab 7.9 Lab 7.10 Lab 7.16 http://www.eccouncil.org http://www.eccouncil.org Page 164 usernames, usagestatisticsandmore. Lab 10.14 from machineonwhichPacketMon isinstalled,oracompletelydifferent machineonnetwork. Lab 10.13 Lab 10.12 Lab 10.11 Lab 10.10 Lab 10.9 Lab 10.8 Lab 10.7 Lab 10.6 Lab 10.5 Lab 10.4 Lab 10.3 Lab 10.2 Lab 10.1 Module 10–Sniffers (Labtime:45minutes) Lab 9.3 Lab 9.2 Lab 9.1 Module 09 and Viruses Worms (Labtime:25minutes) Lab 11.3 Lab 11. Lab 11.1 Module 11Social Engineering (Self Do Labs) Intrusion Detection Systems bypass techniqueswhitepaper Virus AnalysisUsing IDAPro Use Kits Virus Construction Write aSimple Virus Password Sniffer EffeTech Sniffer DNS Poisoning Mac Flooding Ettercap-NG (Next Generation) Ettercap Network View Use Windump toSniff theNetwork Use Ethereal toSniff theNetwork Identity Theft Assistance whitepaper Assistance Identity Theft Read Social Engineering Story Use Use SMAC –Spoofi Packet Crafter Can andAbel AnalogXPacketMon Tool Colasoft MSNMonitor ng MAC Address tocapture MSNMessenger conversations alongwithallrelated details,including tocapture IPpacketsthatpassthrough -whethertheyoriginated network interface

EC-Council Page 165 EC-Council Ping of Death Ping Bot ImageWolf Freak88 – Distributed Denial of Service Denial – Distributed Freak88 Nemesys Using Attack DoS Panther Using Attack DoS Attack DDOS Ping Sign-in Seal whitepaper Seal Sign-in Tricks Used in Fraudulent Emails whitepaper Emails in Fraudulent Used Tricks whitepaper Model Propagation Virus Email Phishing Attack – Fake Address Bar Address – Fake Attack Phishing Bar Status – Fake Attack Phishing toolbar – Fake Attack Phishing Conversion IP Address History Phishing through Go whitepaper Phishing Spy whitepaper Works Why Phishing Evolving Threat Environment whitepaper Environment Threat Evolving Module 15 – Session Hijacking (Lab time: 30 minutes) Hijacking 15 – Session Module Lab 14.1 Lab 14.2 Lab 14.3 Lab 14.4 Lab 14.5 Lab 14.6 Module 14 – Denial of Service 14 – Denial (Lab time: 45 minutes) Module Lab 13.4 Module 13 –Hacking Email Account (Self Do Labs) Do (Self Account Email 13 –Hacking Module Lab 13.1 Lab 13.2 Lab 13.3 Lab 12.2 Lab 12.3 Lab 12.4 Lab 12.5 Lab 12.6 Lab 12.7 Module 12 Phishing (Lab time: 30 minutes) (Lab 12 Phishing Module Lab 12.1 http://www.eccouncil.org http://www.eccouncil.org Page 166 Lab 16.9 Lab 16.8 Lab 16.7 Lab 16.6 Lab 16.5 Lab 16.4 Lab 16.3 Lab 16.2 Lab 16.1 Module 16Hacking Web Servers (Labtime:45minutes) Lab 15.2 Lab 15.1 Module 18– Web Based Password Cracking Techniques (Labtime: 45minutes) Lab 17.6 Lab 17.5 Lab 17.4 Lab 17.4 Lab 17.3 Lab 17.2 Lab 17.1 Module 17- Web Application Vulnerabilities (Labtime:45minutes)

Go through Web Server Attacks whitepaper Hack Proofi Microsoft Baseline Security Analyzer Nessus for Windows Vulnerability AssessmentUsing Shadow Security Scanner Metasploit Exploit RPC Exploit Exploit Windows 2000Server Unicode Vulnerability Using IISEXploit Session Hijacking Using Paros Session Hijacking Analysis SSL Digger Tool Site Scope Tool Unicode Strings Footprint a Website Using Access Diver Footprint a Website Using Wget Footprint a Website Using BlackWidow E-Shopping Using Hidden Values ng Your Webwhitepaper Server

CLIENT-SIDE ATTACKS EC-Council Page 167 EC-Council

Physical Security and Operations whitepaper and Operations Security Physical CD-ROM using BackTrack Hacking Ethical whitepaper System of the Linux Operating Evaluation Security MIT Document AiroPeek whitepaper WarDrive Juggybank SQL Injection Lab SQL Injection Juggybank Whitepaper SQL Injection ObiWan Password Cracking Tool Cracking Password ObiWan Tool Cracking Password Brutus Dictionary Maker Revelation – Password SnadBoy Cookie Spy SimulatorLab Time Recovery Password Password Easy Web Checker Password Microsoft Cracker RAR Password Lab 22.2 Lab 22.1 Lab 21.2 (Lab time: 40 minutes) 22 Linux Hacking Module Lab 21.1 Lab 20.2 (Lab time: 10 minutes) Security 21 Physical Module Module 20 Hacking Wireless Networks (Lab time: 25 minutes) Networks Wireless 20 Hacking Module Lab 20.1 Module 19 SQL Injection (Lab time: 45 minutes) 19 SQL Injection Module Lab 19.1 Lab 19.2 Lab 18.2 Lab 18.3 Lab 18.4 Lab 18.5 Lab 18.6 Lab 18.7 Lab 18.8 Lab 18.9 Lab 18.1 http://www.eccouncil.org http://www.eccouncil.org Page 168 Lab 24.3 Lab 24.2 Lab 23.3 Lab 23.2 Lab 23.1 Module 23–Evading IDS,Firewalls &Honeypot (Labtime:45minutes) Lab 22.3 Lab 26.4 Lab 26.3 Lab 26.2 Lab 26.1 Module 26Penetration Testing (Self Do Labs) Lab 25.3 Lab 25.2 Lab 25.1 Module (Self 25Cryptography Do Labs) Lab 20.1 Module 24Buffer Overfl Lab 23.4 Buffer Overfl Stack Overfl Install andrun Install andrun TrapServer Install Snort andrun Unreliable Guide To Hacking The LinuxKernel whitepaper Establishing Objectives whitepaper Network Vulnerability Scanningwhitepaper Penetration testingtodaywhitepaper Develop apenetrationtestplanwhitepaper Signature Generation andSignature Verifi How Digital Signature Technology Works whitepaper New Directions whitepaper inCryptography Compile andexecute Simple Buffer Overfl Install andrun ow andHeap Overfl ow Exploits whitepaper

KFSensor Atelier WebFirewall Tester ows (Labtime:45minutes) ow whitepaper cation whitepaper ow program EC-Council Page 169 EC-Council whitepaper

whitepaper

whitepaper

ng whitepaper ng whitepaper

whitepaper

cation whitepaper cation Access management whitepaper Access

example1.c example2.c example3.c shellcode.c exit.c testsc.c exploit.c Firewall Identifi Firewall Sniffi Router Compromised Read Security Hardening Guideline Hardening Security Settings Default Secure Architecture OS X Security Windows Risk… for Wide Poses OS X Hacking Mac Covert Channels whitepaper Channels Covert whitepaper Attacks) (Inside-Out Piercing Firewall whitepaper attack the principle enablers in a DDoS channels are Covert channels Covert Lab 35.2 Lab 35.3 Module 35 Hacking Routers, Cable Modems and Firewalls (Self Do Labs) Do (Self and Firewalls Modems Cable Routers, 35 Hacking Module Lab 35.1 Lab 34.2 Lab 34.3 Lab 34.4 Module 34 Mac OS X Hacking (Self Do Labs) Do (Self OS X Hacking 34 Mac Module Lab 34.1 Module 30 Writing Exploits (Lab time: 45 minutes) (Lab Exploits Writing 30 Module Lab 30.1: Lab 30.2: Lab 30.3: Lab 30.4: Lab 30.5: Lab 30.6: Lab 30.7: Lab 27.2 Lab 27.3 Lab 27.4 Lab 27.1 Module 27 Covert Hacking (Self Do Labs) Do (Self Hacking 27 Covert Module http://www.eccouncil.org http://www.eccouncil.org Page 170 Lab 36.10 Lab 36.9 Lab 36.8 Lab 36.7 Lab 36.6 Lab 36.5 Lab 36.4 Lab 36.3 Lab 36.2 Lab 36.1 Module 36Hacking Mobile Phones, PDAandHandheld Devices (Self Do Labs) Lab 35.5 Lab 35.4 Lab 38.1 Module 38 VoIP Hacking (Self Do Labs) Lab 37.5 Lab 37.4 Lab 37.3 Lab 37.2 Lab 37.1 Module 37Bluetooth Hacking (Self Do Labs) Increased useofmobiledevicesintheworkplace whitepaper Security issuesonmobiledeviceswhitepaper Understanding thethreats toyour mobileworkforce whitepaper The changingthreat landscapewhitepaper How tounlockaniPhone whitepaper iPhone hardware unlockwhitepaper iPhone keyboarding trickswhitepaper 10 reasons nottobuyaniphonewhitepaper totakingcontrolQuick ofaniPhone start whitepaper How toBuild aConsolePort whitepaper 8 Steps toprotect your Ciscorouter whitepaper Introduction to VoIP Security whitepaper Key Replay Attack onimproved whitepaper bluetoothencryption On-Line PIN crackingscriptwhitepaper onbluetoothtechnologywhitepaper Overview Key Agreement Protocol inBluetooth whitepaper Bluetooth introduction whitepaper Mobile Malware: Threats andPrevention whitepaper EC-Council Page 171 EC-Council lter whitepaper

whitepaper

whitepaper

Hacking information whitepaper Hacking RFID Background and Overview RFID Background tool to block spam Purgy tool SpamEater Agent Spam Spytech spam fi functionality with a Bayesian to extend Outlook reader Spam Introduction The RFID threat Internal Access whitepaper Access Internal whitepaper systems VoIP for considerations Security blocks whitepaper building VoIP security whitepaper VoIP for Reasons whitepaper network VoIP the Exploiting whitepaper Hacking VoIP with online Fun whitepaper security threats VoIP Common AEVITA Stop SPAM email tool SPAM Stop AEVITA Module 42 Hacking Database Servers (Self Do Labs) Do (Self Servers Database 42 Hacking Module Lab 41.1 Module 41 Hacking USB Devices (Self Do Labs) Do (Self USB Devices 41 Hacking Module Lab 40.3 Lab 40.4 Lab 40.5 Lab 40.2 Lab 39.2 (Lab time: 15 minutes) 40 – Spamming Module Lab 40.1 Lab 39.3 Module 39 RFID Hacking (Self Do Labs) Do (Self 39 RFID Hacking Module Lab 39.1 Lab 38.3 Lab 38.4 Lab 38.5 Lab 38.6 Lab 38.7 Lab 38.8 Lab 38.2 http://www.eccouncil.org http://www.eccouncil.org Page 172 Lab 43.5 Lab 43.4 Lab 43.3 Lab 43.1 Module 43Cyber Warfare- Hacking, Al-Qaida and Terrorism (Self Do Labs) Lab 42.2 Lab 42.1 Lab 45.5 Lab 45.3 Lab 45.1 Module 45–Privacy onInternet (Lab time:15minutes) Lab 44.3 Lab 44.2 Lab 44.1 Module 44-Internet ContentFiltering Techniques (Labtime:15 minutes) Lab 43.7 Lab 43.6 Lab 42.4 Lab 42.3 Cyberterrorism-What Is It and Who Does It? Three Methods ofComputerAttack Defi Cyber Terrorism Hacking Database Network Protocol SQL Server securityconceptswhitepaper TraceEraser Pro Privacy Eraser HistoryKill AdSubtract tool AdsGone popupkiller Ad Cleanertool Cyberwar Strategies Computers-the weapons ofthecyberterrorist Real-time databaseactivitymonitoring SQL Injection: Oracle versus Other Databases nition: Terrorism andCyber Terrorism

whitepaper

whitepaper

whitepaper

whitepaper

whitepaper whitepaper

whitepaper EC-Council Page 173 EC-Council whitepaper

whitepaper

whitepaper

whitepaper

Corporate Espionage whitepaper Modeling techniques whitepaper Modeling Spyware whitepaper Spyware Cryptex tool Software Protection Data disk multifactor Private whitepaper Laptop Computers your Securing Password Policy Password Policy Security Network Developing a Security Policy whitepaper Policy a Security Developing The insider threat whitepaper The insider threat Policy Access Remote whitepaper Guidelines Security Information Policy Security Firewall Internet Implementing The science of spying whitepaper the corporate spying whitepaper Stop Securing Your Windows Laptop whitepaper Windows Your Securing Lab 49.4 Lab 49.6 Lab 49.5 Lab 48.3 Lab 49.3 Lab 48.2 Labs) Do (Self Policies Security 49 Creating Module Lab 49.1 Lab 49.2 Lab 48.1 Lab 47.3 Labs) Do (Self Insiders Using 48 Corporate Espionage- Hacking Module Lab 47.2 Lab 47.1 Module 47 Spying Technologies (Self Do Labs) Do (Self Technologies 47 Spying Module Lab 46.2 Lab 46.3 Lab 46.4 Lab 46.5 Lab 46.1 Module 46 - Securing Laptop Computers (Lab time: 15 minutes) Computers Laptop 46 - Securing Module http://www.eccouncil.org http://www.eccouncil.org Page 174 Lab 50.4 Lab 50.3 Lab 50.2 Lab 50.1 Module 50-Software Piracy and Warez (Labtime:15minutes) Lab 54.1 Module 54Proxy Server Technologies (Self Do Labs) Lab 53.4 Lab 53.3 Lab 53.2 Lab 53.1 Module 53Hacking Web Browsers (Firefox, IE)(Self Do Labs) Lab 52.4 Lab 52.3 Lab 52.2 Lab 52.1 Module 52–Hacking RSSandAtom (Labtime:15minutes) Lab 51.1 Module 51Hacking andCheatingOnline Games (Self Do Labs) The ChallengesofRegulating Warez Trading whitepaper Software licensemanager Browser Based Attacks on Tor whitepaper Java Security Mechanisms whitepaper Firefox Hacks whitepaper FeedDemon Avoiding Online Game Risks Crack tool Quick License Manager Changing Proxy Server whitepaper Turning Firefox toanEthical Hacking Platform whitepaper RSS Submit RssFeedEater Perseptio FeedAgent

whitepaper EC-Council Page 175 EC-Council whitepaper

whitepaper

whitepaper

whitepaper

whitepaper

whitepaper

whitepaper

Ethics in computer forensics Ethics Capability Response Incident a Computer Security Organizing Computer Crime and the Emergence of Computer Forensics and the Emergence Computer Crime Marshal EndPoint Security EndPoint Marshal Console WebMarshal MailMarshal MailMarshal Proxy server Access Limitations whitepaper Limitations server Access Proxy whitepaper Patterns Proxy Reverse whitepaper for Proxy Socks Computer Forensics Data Loss Prevention Technology whitepaper Technology Loss Prevention Data loss whitepaper Data to Prevent How GPS GPS OpenSource GPS whitepaper to Introduction Maps GPS and Paper to Introduction Lab 57.2 Lab 57.3 Lab 57.4 Module 57 Computer Forensics and Incident Handling (Self Do Labs) Do (Self Handling and Incident 57 Computer Forensics Module Lab 57.1 Lab 55.5 Lab 56.1 Lab 56.4 Lab 55.3 Lab 55.4 Labs) Do (GPS) (Self System Positioning Global 56 Hacking Module Lab 56.3 Lab 56.2 Lab 55.2 Lab 55.1 Lab 54.3 Lab 54.4 15 minutes) Loss (Lab time: Data 55 Preventing Module Lab 54.2 http://www.eccouncil.org http://www.eccouncil.org Page 176 . Introduction toEthical Hacking 1. 3. Footprinting 2. Hacking Laws infrastructure forillegalactivities). their infrastructure againstexploitsby knowing theenemy(themalicioushacker(s),whoseektousethatvery will alsosufferadefeat.”It isthedutyofsystemadministratorsandnetwork securityprofessionals toguard As Sun Tzu putitinthe‘Art of War’, “If you know yourself butnottheenemy, gained,you victory forevery how malicioushackersexploitsystemsandtheprobable reasons behindtheattacks. mind thathackersbreak intoasystem forvarious reasons andpurposes. Therefore, tocomprehend itisimportant This moduleofferstoprofessionals anunderstandingofthesubject“Ethical Hacking”. It tobearin isimportant Module Brief: on theInternet. tools available tothehackerandmayrangefrom simplecodecompilationsoftware tosource codetextfi readers possessgoodprogramming skillsandare familiarwithvarious technical environments. There are several tools istosave ontimeandresources, anddefendresources inaproactive andeffi the vulnerability, andwhatcountermeasures shouldbeadvocated inthelightofthreat. The objective ofusing must lookforvulnerabilities,whatthreat thevulnerabilityposes,whatare thewaysinwhichacrackercanexploit Therefore, thefocusisnotondiverse detailsof‘how to’ hack,ratherthediscussionisfocusedonwhere one threads ofdiscussion. aspects ofhacking,rathertoemphasize onthevulnerability–threat –attackmethodstoolscountermeasures foreknown andallactivitymustbetreated asathreat. Note thatthefocusofthiscourseisnottoteachfi Note thatthere isno‘one way’ forhackerstoapproach asystem. The intentbehindtheiractivitiescannotbe Module Brief: Brazilian Law, CanadianLaws,France LawsandItalian Lawsare discussed. Indian Law: The Information Technology Act, Germany’s Cyber Laws,Singapore’s Cyber Laws, Belgium Law, Laws, United Kingdom’s Cyber Laws,European Laws,Japan’s Cyber Laws,Australia Cybercrime Act 2001,and This modulediscussesvarious Cyber Lawsthatare enforced incountriesaround theglobe.SPYACT, U.S.Federal Module Brief: Module Briefi ng cient manner. It isassumedthat EC-Council les available ner Page 177 eld rm EC-Council ed. The attacker can then strategize his/her attack factoring these his/her attack The attacker can then strategize ed. ngerprinting. It is strongly recommended that professionals possess a fi possess that professionals recommended is strongly It ngerprinting. les and methods for erasing evidences. ed his/her target system and does the initial reconnaissance, as discussed in the previous module as discussed in the previous his/her target system and does the initial reconnaissance, ed lapses can be identifi guration Module Brief: Module Module Brief: Module of enumeration. aspects different details It of hacking to the reader. the enumeration phase This module introduces This is the basis behind a system. way for hackers to approach one sure isn’t is urged to note that there The reader of approach in the light of the generic proposed they are suggested here, are stating that while countermeasures a system. hackers toward understanding of the various protocols such as TCP, UDP, ICMP, and IP to comprehend this module. Once an this module. Once and IP to comprehend ICMP, UDP, TCP, such as protocols understanding of the various attacker has identifi should be noted that getting a mode of entryon foot printing, he/she concentrates on into the target system. It the attacker learns where an extended form of reconnaissance can be scanning is not limited to intrusion alone. It about his/her target, such as what operating system is used, the services being runmore on the systems and that are whether any confi aspects. Module Brief: Module of the hacking techniques involved module, one can gain an in-depth understanding After completing this fi in scanning and, subsequently, Module Brief: Module fi a mix of few using operators in the search can be obtained by websites various information of Critical of Google. This module showcases how an attacker can gather vital information related to web servers to web and can gather vital information related an attacker how module showcases This of Google. on the websites. vulnerabilities present

The preceding modules dealt with the progressive intrusion that an attacker makes towards his/her target intrusion that an attacker makes towards modules dealt with the progressive The preceding should bear in mind that this does not indicate a culmination of the attack. After completing this system(s). One will be able to module, the professionals that of key loggers and other spy ware cracking tools, privilege escalating, role types of password various attacks, cracking, password methods of password deal with various attackers use for hiding fi the 7. System Hacking 7. System 6. Enumeration 5. Scanning 4. Google Hacking 4. Google http://www.eccouncil.org http://www.eccouncil.org Page 178 11. Social Engineering 10. Sniffers 9. Viruses and Worms Trojans andBackdoors 8. Trojans. infection? Type ofdifferent Trojans foundinthewild, Wrappers, Tools forhacking,ICMP Tunneling andAnti- popular Trojans theyuse.How andports are todeterminethatwhatports “listening” andHow toavoid a Trojan system andindicationsof Trojan attack,some Trojan onBusiness, Types of Trojan andwhat Trojan creators lookfor?Different typeofwaysa Trojan cangetintoa Trojans andbackdoors. This Module containsthefamiliaritywith Trojan defi On completion ofthismodule,professionals willbecomeadeptatdealingwithmaliciouscodeintheformof Module Brief: this module. The modulealsodiscussesthevarious countermeasures thatneedtobetakenagainstvirus. can infectoutsidemachinesonlywiththeassistanceofhumans. Writing asimplebutpowerful is showcased virus in isactivated infections.Once itwillinfectotherfi avirus to takeagainstvirus the mannerinwhichitaffectssystems. This modulewillenhancetheknowledge ofvarious countermeasures onehas most businessesworldwide. itsfunction;classifi This modulelooksintothe detailsofacomputervirus; isperceivedComputer virus asthreat atsomepointoftimehasinfected toboth businessandpersonnel.Avirus Module Brief: and advocates effective countermeasures, thepossibleways toextractinformationfrom anotherhumanbeing out thattheinformationcontainedinthischapterisfor purpose ofoverview. While itpointsoutfallacies If you have seenthemovie “War Games”, you’ve already seen socialengineeringinaction.It must bepointed Module Brief: modules regarding various network protocols forabetterunderstanding ofthismodule. the network from anomaloustraffi ofsniffersforanetwork administrator.highlights theimportance Various toolsandtechniquesusedinsecuring This modulewillexplainthefundamentalconceptsofsniffi Module Brief: c are explained.Professionals are advisedtoread thereferences citedinearlier ng anditsuseinhackingactivities. This module les onthecomputerwithitself, Virus nition anditsworking, Effect of EC-Council cation and Page 179 ng EC-Council their use in such attacks. y discussed to highlight methods, the three-way TCP handshake, and how attackers use these methods for the man-in-the-middle attacks. attackers use these methods for the man-in-the-middle handshake, and how TCP methods, the three-way an insight into the professionals been highlighted to give tools which can be used for this purpose have Various been discussed. session hijacking have to prevent the countermeasures concept of session hijacking. Finally, Module Brief: Module deals with spoofi use for session hijacking. It hacking technologies that attackers the various This module covers Module Brief: Module The module starts with a discussion on denial-of- aspects of denial-of-serviceThis module looks at various attacks. such attacks. cited to highlight the implications of service world scenarios are attacks. Real denial-of-service been included to bring into tools to launch such attacks have Distributed attacks and the various also been taken into such attacks have for preventing The countermeasures spotlight the technologies involved. been briefl and worms have Viruses consideration. Module Brief: Module Module Brief: Module them. attacks and tools to prevent phishing different This module showcases are only restricted by the ingenuity of the attacker’s mind. While this aspect makes it an art and the psychological it an art makes this aspect While the psychological and mind. the attacker’s the ingenuity of by only restricted are against social is no one defense line is that there a science, the bottom techniques makes it of some of these nature some of these advances. can circumvent only constant vigilance engineering; 16. Hacking Web Servers Web 16. Hacking 15. Session Hijacking 15. Session 14. Denial-of-Service 13. Accounts Email Hacking such attacks methods to hack email accounts and tools to prevent different This module reveals 12. Theft and Identity Phishing http://www.eccouncil.org http://www.eccouncil.org Page 180 8 Web-Based Password Cracking Techniques18. 17. Web Application Vulnerabilities around, under certain circumstances.around, undercertain familiarize theprofessionals withcommonlyusedauthenticationmethodsandhow thesemethodscanbeworked In thismodule,thetopicsincontextofweb-based authenticationwillbediscussed. The objective isto retina scan,voice recognition, orfi a usernameandpassword. It canalsoincludeanyothermethodofdemonstrating identity, card, suchasasmart Authentication isanyprocess by whichoneverifi Module Brief: have alsobeenhighlighted exploit thevulnerabilitiesin Web applications. The countermeasures anysuchattacks thatcanbetakentothwart applications have beendealtwith. The various toolsthatattackersusehave beendiscussedtoexplainthewaythey the various stepsinvolved inaplannedattack. The different typesofattacksthatcantakeplaceontheweb application. withadetaileddescriptionoftheweb server The modulestarts The anatomyoftheattackreveals applications. involved. Here, itshouldbementionedthatasingletoolcould usedtoexploitmultiplevulnerabilitiesinweb can beusedtocompromise theweb applicationshave beenincluded,inorder toshowcase thetechnologies applications. The attacksexploitingthesevulnerabilitieswillalsobehighlighted. The various hackingtoolsthat The mainobjective ofthismoduleistoshow thevarious kindsofvulnerabilitiesthatcanbediscovered inweb Module Brief: integrated components. discussions onvarious mailinglistssuchasBugtraq andsecuritybulletinsthatthird vendors issueforvarious party beyond the scopeofthismodule.Readers are encouragedtosupplementthismoduleby following vulnerability securityisavastnoted thatexploringweb domainandtodelve server intothefi This moduleattemptstohighlightthevarious It securityconcernsinthecontextofweb servers. mustbe extension ofthemselves. tothenormalfunctioningofanorganization.Mostimportant organizationsconsidertheirweb presence tobean more damageintermsofgoodwillthantheactualquantifi The Internet isprobably where securityorthelackofisseenmost.Often, abreach insecuritycauses Module Brief: ngerprints. es thatsomeoneiswhotheyclaimtobe. Typically, thisinvolves able loss. critically This makessecuringweb servers ner detailsofthediscussionis EC-Council Page 181 EC-Council rms concentrated more on network on network concentrated more rms Module Brief: Module who believed programmers by Backed of Linux was the true movement. The advent genesis of the open source into corporate world Linux made inroads reasons, for the right the proprietary away from movement in breaking operating system to an operating unreliable being labeled as an unfriendly, from computing. Linux has evolved friendly and used for supporting tem that is user many critical applications. sysPage Module Brief: Module most of the fi now, Until security is as important security. Physical as network has been an There environment. the loopholes in physically securing the organization’s security overlooking The importance cannot be of securing computing assets physically the globe. in laptop thefts across increase through of the need for physical security must be communicated to employees Awareness overemphasized. as but important simple any tampering of data as well steps to avoid These are security policies. appropriate to measures of physical security and advocate This module will look into the details access to systems. unauthorized physical security. be taken to strengthen Module Brief: Module less a wirePage hack network, a wireless with the basic tools to detect professionals This module will familiarize network. a wireless hacks, and ways to protect of wireless the business implications network, basics of attack on business, of wireless Concept, the effect Networking Wireless This module discusses about WLANWLAN, and getting into a to detect a up a and Setting Network Wireless types of Networks, Wireless countermeasures module also discusses various The Tools. and Hacking Attacks Wireless types of WLAN. Different attacks WIDZ and RADIUS model against wireless such as the Module Brief: Module attacker can exploit an how of SQL injection and to the concept will be introduced this module, professionals In techniques, Injection of SQL with a variety will familiar The professionals Internet. methodology on the this attack in Injection Scripts, SQL also focuses on SQL Injection The module access to a system. which is useful to gain against SQL Injection. and the countermeasures prevention in MySQL, SQL Injection Oracle, 22. Linux Hacking 22. Linux 21. Physical Security 21. Physical 20. Hacking Wireless Networks Wireless 20. Hacking 19. SQL Injection 19. SQL http://www.eccouncil.org http://www.eccouncil.org Page 182 25. Cryptography 24. Buffer Overfl Evading IDS,Firewalls andDetecting Honey Pots 23. stakeholders. good securitypoliciesandpracticesifanorganizationneeds to protect itsinformationassets and extendittoits signifi be exempted whileconductinge-commerce. It willalwayshave itsshare ofsecurityconcernsbecauseits methodologies, ifany, whichare relevant tothediscussion.It cannolonger istobenotedthat,encryption required techniquesandexploreThis modulewillalsoexplaintheeffort attacker tocrackthese encryption Internet through. cryptography, asasecuritymeasure, ishere tostay. overThis modulewillexplaintheuseofcryptography the Having dealtwithvarious securityconcernsandcountermeasures inthepreceding modules,itisobvious that Module Brief: buffer overfl Buffer overfl Various securityconcerns,attackmethodsandcountermeasures have beendiscussedinthepreceding modules. Module Brief: Honeypots. and Honeypots. Afterthecompletion ofthismodule,professionals willbefamiliarwithIDS,Firewalls and active protection allthemore relevant. This modulediscussesIntrusion Detection Systems (IDS),Firewalls Today, detectionand hackingandcomputersystemattacksare ofintrusion common,makingtheimportance Module Brief: related issues. to theircompromise by hackers. This modulewilllookintovarious aspectsofsecurityrelated toLinuxandother offered by theplatform.However, systemsleading todaythere isasmuchvulnerabilityinLinuxproprietary reasonsaround behindthisistheinherent One the globeare oftheprimary security hostedonLinuxservers. paves the way forsecurityrelated threats. Today, several servers crackers andisso,still. While Linuxhasevolved toarobust operatingsystem,thecomplexstructure ofLinux The securityissuesrelated toLinuxgains more attentionwhentheLinuxincreases. Linuxwasafavorite among cance ine-commerce. It cannotguaranteefoolproof securityonitsown basis.It mustbecombinedwith ow exploits. ow from attackshave timetotime. beenasource ofworry This modulelooksatdifferent aspects of ows EC-Council Page 183 EC-Council ow and many more are presented in this presented are and many more ow of genius or brilliance portrayedned originally a streak t ow Exploit Writing Exploit ow ow, DirectoryService, iChat UPnP buffer overfl DirectoryService, UPnP iChat ow, module which is used for hacking MAC OS X. Viruses and worms in MAC OS X are discussed in this module. OS X are and worms in MAC Viruses OS X. module which is used for hacking MAC and Control, Security Endpoint Sophos for Macintosh, Virex McAfee VirusBarrier, Anti-virus tools such as ClamXav, OS X security tools MacScan, MAC discussed with their features. are Security Internet and Norton Module Brief: Module Pointer, Uninitialized URL, CoreText OS X such as Crafted vulnerabilities in MAC This module showcases overfl Integer ImageIO Module Brief: Module were Professionals where in earlier modules, followed the approach from a departure marks This module as it was defi Hacking to think ‘out-of-the-box’. encouraged in the ability to conjure previously unknown ways of doing things. In this context, to advocate a methodology that context, to advocate this In ways of doing things. unknown previously in the ability to conjure as testing might come across ethical hacking or penetration hack through to simulate a real-world can be followed the fact arises from a methodology in penetration testing behind advocating reason the a contradiction. However, a system. when it comes to penetrating approach a common underlying that most hackers follow access to namely time, skilled resources, resources, testing, the tester is limited by the context of penetration In is in the of penetration testing The paradox in the penetration testing agreement. equipment etc. as outlined to other words, In indicate the absence of vulnerability. a target does not necessarily breach fact that inability to available resources must be able to apply his skills to the a penetration test, the tester from the returns maximize various The community gives as possible. as much reduced of the target is the attack area in such a manner that to frame a guideline of this module is The objective activities. or phases to indicate various names to these stages one an all-exhaustive no means The module is by test. can adopt while doing a penetration that a penetration tester is not necessary in that the test progress that a hacker can adopt. It as it is not possible to map all the approaches outlined. of the steps the order 32. Overfl Buffer Based Windows Engineering 33. Reverse 34. OS X Hacking Mac 27. Covert Hacking 27. Covert Codes Virus 28. Writing Tutorial Language 29. Assembly Writing 30. Exploit 31. and Profi for Fun the Stack Smashing 26. Penetration Testing 26. Penetration

http://www.eccouncil.org http://www.eccouncil.org Page 184 39. RFID Hacking 38. VoIP Hacking 37. Bluetooth Hacking Mobile Phone andHandheld DevicesHacking (PDAs) 36. Hacking Routers, Cable Modems andFirewalls 35. This moduleexplainsdifferent vulnerabilitiesinthenetworking devicesandhow toexploitthesame. Module Brief: VoIP attacksshowcased inthismodule. details ofRFIDsecurityandprivacy threats andprotection againstRFIDattacks. Writing asimplebutpowerful RFID technology, itscomponentsand theircollisionsare mentionedinthismodule. This modulelooksinto Module Brief: The Denial attack,Replay ofService Attack, ARPSpoofi Module Brief: Bluetooth enableddevicesare alsolisted. BlueSnarfi This moduleexplainsdifferent waystocompromise Bluetooth enableddevices.Bluejacking, BlueSpam, Module Brief: devices. mobile devices.iPhone andotherPDAhackingtoolsare showcased alongwithtoolsthatensure securitytothese This modulediscussesaboutthethreats tomobiledevices,vulnerabilitiesindevicesandattacksagainst Module Brief: IPNetsentryX, andFileGuard are discussedinthismodule. ng, BlueBug Attack, Blueprinting andotherattacksare dealtindetail. Worms thatinfect andviruses ng Attack, H.323-Specifi c Attack, SIPAttacks are few EC-Council Page 185 EC-Council Module Brief: Module issues This module also deals with the security database servers vulnerable to attacks. are This module depicts how attackers after getting the DBA privileges, attack the an idea how This module gives attacks. and type of Database database. Module Brief: Brief: Module devices attacks of USB and software issues. Electrical and their privacy USB devices This module discusses various USB devices are through viruses and worms which spread Windows, on mentioned in this module. USB Attack are and USB Switchblade, devices hacking tools such as USB Dumper, of the top USB discussed in this module. Some discussed. are USB Hacksaw USB Port Advanced Guard, USB File USB CopyNotify, USB-Blocker, USBDeview, such as MyUSBonly, Tools listed in this module. are user privacy and other USB security tools that protect Monitor Module Brief: Brief: Module anti-spam techniques used and different spammers the spamming attack methods used by This module deals with and the top statistical viewto stop the spam. A the top worst spam service tells about the top spammers, ISPs in this module. showcased and tools are anti-spam techniques Various spamming countries. RFID virus and worm are showcased in this module. Vulnerabilities in RFID-enabled credit cards and RFID and RFID cards credit in RFID-enabled Vulnerabilities in this module. showcased RFID virus worm are and discussed in this module. are security controls 42. Servers Database Hacking 41. USB Devices Hacking 40. Spamming http://www.eccouncil.org http://www.eccouncil.org Page 186 6 Securing LaptopComputers 46. Privacy onInternet- Anonymous 45. Internet ContentFiltering Techniques 44. Cyber Warfare- Hacking, Al-Qaida and 43. Terrorism protect laptopdata. This modulealsolistssecuritytipsthatwillbeadvantageous torestrict laptopthefts. Recognition). It shows thedifferent hardware laptopsecuritydevicesandthesoftware securitytoolsthathelpyou techniques thatcanbeusedtoprotect your Laptopfrom different thefts (Example: Fingerprint reader, Face Securing Laptopcomputersmodulefamiliarizes you withthedifferent typesoflaptopthreats. It features various Module Brief: tips foronlineprivacy. protect privacy whilesurfi electronic commerce, andweb bugsare discussed. This moduledemonstratesvarious anonymizer toolswhich and emailprivacy are mentionedinthismodule.Different privacy threats suchascookies,IRC, web browsers, This modulefamiliarizes thereader withprivacy threats ontheInternet andInternet privacy tools.Internet, proxy, Module Brief: guidelines forchildren are alsomentionedinthismodule. content accessover theInternet. Many toolstofi In today’s networked worldInternet fi Module Brief: “Mujahedeen Secrets Program” Encryption to spread terrorism over theInternet. This modulegives anideahow Terrorists useElectronic tool Jihad encryption andusetheirproprietary attacks onsensitive computernetworks, etc. This moduleshows thedifferent typesofCyber warfare attacks. these terrorist attacksontheInternet suchasDistributed Denial attacks,hatewebsites ofService andhateemails, This moduledefi Module Brief: nes Cyber terrorism, Cyber crimeandcriminalimpacts.It alsodescribesthecommonformsof ng.. This module alsodiscussesstepby stepprocedure ofprotecting search privacy and lters have become a necessary meanforOrganizations torestrictlters have specifi becomeanecessary lter Internet contentare discussedinthismodule.Internet safety EC-Council c Page 187 EC-Council types of security policies. cations of security policy and different Module Brief: Brief: Module in online gaming, cheating in online computer games, types of exploits, This module highlights basic threats Module Brief: Brief: Module use. or commercial for personal copying and distribution of software is illicit Piracy Software over and Piracy Blocking Piracy of Piracy, Impacts Piracy, Process, Activation This module explains about Software the crackers and by on the Internet made available and its types which are Warez the also introduces It the Internet software. used to protect tools which are also includes security It Warez. the techniques to distribute the Module Brief: Brief: Module your of infrastructures network security policies which help to protect This module explains about creating organization. of security policy, goals of security policy roles of security policy, This module also discusses the key elements classifi concepts of security policy, Module Brief: Module to these attacks Countermeasures type of insider attacks. corporate espionage and different This module discusses mentioned. are Module Brief: Module attacker against to extract an by that might be used the spying technologies to all the reader introduces The module these threats. tools to mitigate also lists anti-spying It information. sensitive 51. Games and Cheating Online Hacking 50. Warez and Piracy Software 49. Policies Security Creating 48. Insiders Using Hacking Corporate Espionage- 47. Spying Technologies 47. Spying http://www.eccouncil.org http://www.eccouncil.org Page 188 6 Hacking Global Positioning System (GPS) 56. Data LossPrevention 55. 54. Proxy Server Technologies Hacking Web Browsers (Firefox,53. IE) Hacking RSSandAtom 52. showcases various toolsthatcanprevent dataloss. tells abouthow thedatacanbelostandwaysthatare tobefollowed toprevent thedataloss. This module This moduleexplainsyou aboutthestepsthatneedtobetakenwhendataislostunexpectedly. This module Module Brief: technologies are mentionedinthismodule. This modulediscussestherole ofproxy server, anddifferent typesofproxy Different servers. proxy server Module Brief: present inOpera, Safari andNetscape are described. Different browser settingsandbrowser securityfeatures are mentionedinthismodule.Different vulnerabilities Hacking Firefox usingFirefox spoofi Module Brief taken tokeeptheRSSandAtom feedssecured are mentionedinthismodule. set oftoolsthatare usedtocreate andkeeptheRSSAtom feedsup-to-date.Security measures thatshouldbe explains abouttherisksinvolved likeRemote Zone Risks,LocalZone Risk,andReader Specifi a feedaggregator, how tomonitortheServer withFeeds, how totrackchangesinopensource projects. It also RSS andAtom feedsofferuserswithupdatedweb contentandnews. This modulebriefsyou onhow tobuild Module Brief: example ofpopulargameexploits,andstealingonlinepasswords. : ng, informationleakandpassword vulnerabilitiesare explained. c Risks.It listsa EC-Council Page 189 EC-Council rewall technologies. rewall Module Brief: Brief: Module against the same. countermeasures and effective tools to steal passwords This module lists different Module Brief: Brief: Module This module highlights effective frauds occur. card credit how and describes E-Crimes This module introduces fraud. card credit from users to protect card credit steps to be taken by Module Brief: Module a computers using data from and investigating of capturing, processing Computing is the science “Forensic is acceptable in a Court of Law.” discovered any evidence methodology whereby incident handling steps. and discusses computer forensics This module introduces Module Brief: Brief: Module European (WAAS), System Augmentation Area Wide GPS (DGPS), Differential introduces This module (LAAS), Geometric System Augmentation ServiceArea (EGNOS), Local Overlay Geostationary Navigation Startup Secret This module introduces (SNR). Ratio Noise to (GDOP), and Signal of Precision Dilution Tools. and Security Tools, GPS Waypoints, Hacking, Firmware Commands, Module Brief: Brief: Module fi that provide vendors This module lists various 60. Firewall Technologies 60. Firewall 59. Passwords to Steal How 58. Frauds Card Credit 57. Handling and Incident Computer Forensics http://www.eccouncil.org http://www.eccouncil.org Page 190 Delivery: Delivery: The CEHexamisavailable atPrometric and VUE centers Passing score: 70% Duration: 4hours No. ofquestions:150 Exam Code: 312-50 Hacking Laws Introduction toEthical Hacking • • • • • • • • • • • • • • Understand Federal Managers Financial Integrity Act of1982 Understand 18U.S.C.§1030USFederal Law Understand U.S.Securely Protect Yourself AgainstCyber Trespass Act (SPYACT) Understand theLegalimplicationsofhacking Describe thewaysinconductingethicalhacking What isvulnerabilityresearch? Defi List different typesofhackerclasses What ishacktivism? List the5stagesofethicalhacking? Identify different typesofhackingtechnologies Understand thedifferent phasesinvolved inethicalhacking Defi Understand Ethical Hacking terminology ne theskillsrequired tobecomeanethicalhacker ne theJob role ofanethicalhacker CEH v6Exam Objectives EC-Council Page 191 EC-Council ne the term port scanning and vulnerability scanning scanning, network Defi • hacking ne Google the term Footprinting ne Defi What a hacker can do with vulnerable site Server as a Proxy to use Google How (GHDB) Database Hacking What is Google Techniques Traversal Understand Defi methodology information gathering Describe intelligence competitive Describe DNS enumeration Understand Whois, ARIN lookup Understand types of DNS records different Identify is used in Footprinting traceroute how Understand e-mail tracking works how Understand spiders work web how Understand Understand The Freedom of Information Act 5 U.S.C. § 552 5 U.S.C. Act Information of Freedom The Understand (FISMA) Act Management Security Information Federal Understand 552a 1974 5 U.S.C. § Of Act Privacy The Understand of 2001 Act USA Patriot Understand • • • • • • • • • • • • • • • • • • Scanning Google Hacking Google Footprinting http://www.eccouncil.org http://www.eccouncil.org Page 192 System Hacking Enumeration • • • • • • • • • • • • • • • • • • • • • What are thestepsinvolved enumeration? inperforming What isSNMPenumeration? What ismeantby nullsessions What isEnumeration? Understand IPspoofi Understand tunnelingtechniques HTTP How doesanonymizers work Understand how proxy are usedinlaunchinganattack servers Understand bannergrabbingandOFfi Understand War dialingtechniques List TCP communicationfl Understand SYN,Stealth, XMAS,NULL, IDLEandFINscans Understand nmapcommandswitches Understand Ping Sweep techniques Understand theCEHscanningmethodology Understand how toHide fi Understanding keyloggersandotherspyware technologies Understand Escalatingprivileges Identifying various password crackingtools Understanding different typesofpasswords Understanding password crackingtechniques ng techniques les ag types ngerprinting techniques EC-Council Page 193 EC-Council ng ng Understanding rootkits Understanding technologies Steganography Understand and erase evidences tracks your to covering how Understand • • • Understand the protocol susceptible to sniffi the protocol Understand Understand active and passive sniffi passive and active Understand Understand the difference between an virus and a Worm an virus between and a the difference Understand Viruses the types of Understand and infects the system a virus spreads How antivirus techniques evasion Understand detection methods Virus Understand What is a Trojan? What is a channels? covert and overt What is meant by Trojans types of List the different attack? Trojan indications of a the What are works Trojan “Netcat” how Understand “wrapping” What is meant by work? Trojans connecting does reverse How Trojans? techniques in preventing the countermeasure What are techniques evading Trojan Understand • • • • • • • • • • • • • • • • Sniffers Viruses and Worms Viruses and Trojans and Backdoors and Trojans http://www.eccouncil.org http://www.eccouncil.org Page 194 Social Engineering Phishing andIdentity Theft • • • • • • • • • • • • • • • • • • • • Phishing countermeasures Understand thetypeofphishingattacks Understand thephishingprocess Understand different phishingmethods What are thereasons forsuccessfulphishing Social Engineering countermeasures Understand URLobfuscation Understand Online Scams Describe Phishing Attacks Understand Identity Theft Understand Insider attacks Understand Reverse Social Engineering Understand Dumpster Diving What are theCommon Types ofAttacks What isSocial Engineering? Describe sniffi Understand DNSspoofi Understand MAC fl Understand ethereal capture anddisplayfi Understand ARPpoisoning ng countermeasures ooding ng techniques lters EC-Council Page 195 EC-Council ng vs. Hijacking ooding List the types of web serverList the types of web vulnerabilities Servers Web the attacks Against Understand exploits IIS Unicode Understand Understand Spoofi Understand Hijacking List the types of Session Prediction Sequence Understand the steps in performing session hijacking What are session hijacking would prevent you how Describe Describe the DoS/DDoS countermeasures the DoS/DDoS Describe Understand the types of DoS Attacks the types of DoS Understand works attack DDoS how Understand work BOTs/BOTNETS how Understand ” attack What is “smurf What is “SYN” fl What are the different ways to get information of email account information of email ways to get the different What are stealing cookie understand by What do you phishing password Understand security Email • • • • • • • • • • • • • • • • • • Hacking Web Servers Web Hacking Session Hijacking Session Denial-of-Service Hacking Email Accounts Email Hacking http://www.eccouncil.org http://www.eccouncil.org Page 196 Web Application Vulnerabilities SQL Injection Web-Based Password Cracking Techniques • • • • • • • • • • • • • • • • • • • Describe SQLInjection countermeasures Understand SQLServer vulnerabilities Understand theSteps toconductSQL injection What isSQLinjection? Understand Password Cracking Countermeasures Understand Password Attacks -Classifi How doesaPassword Cracker work? What isaPassword Cracker? List theAuthentication types Understand Web Application Countermeasures Understand Google hacking Web applicationthreats Anatomy ofanattack Objectives ofweb applicationhacking Understanding how web applicationworks Describe Web Server hardening methods What isMetasploit Framework? Understand Web Application Scanner Understand patchmanagementtechniques cation EC-Council Page 197 EC-Council ng techniques and honeypot evasion rewall List the types of Intrusion Detection Systems and evasion techniques and evasion Systems Detection List the types of Intrusion List fi Understand how to compile a Linux Kernel how Understand GCC compilation commands Understand to install LKM modules how Understand methods Linux hardening Understand Physical security breach incidents security breach Physical physical security Understanding What is the need for physical security? Who is accountable for physical security? affecting physical security Factors Understand Rogue Access Points Access Rogue Understand hacking techniques Wireless Understand networks securing wireless the methods in Describe Overview of WEP, WPA authentication systems and cracking techniques systems and cracking authentication WPA OverviewWEP, of Spoofi MAC and SSID, Overview Sniffers of wireless • • • • • • • • • • • • • • • • Evading IDS, Firewalls and Detecting Honey Pots Honey and Detecting IDS, Firewalls Evading Linux Hacking Physical Security Physical Hacking Wireless Wireless Networks Hacking http://www.eccouncil.org http://www.eccouncil.org Page 198 Cryptography Buffer Overfl Penetration Testing • • • • • • • • • • • List theautomatedpenetrationtestingtools ofthePen-TestOverview deliverables ofthePen-TestOverview legal framework List thepenetrationtestingsteps ofpenetrationtestingmethodologies Overview ofMD5,SHA,RC4,Overview RC5, Blowfi Describe how publicandprivate keysare generated techniques andencryption ofcryptography Overview ofbufferoverflOverview Identify thedifferent typesofbufferoverfl ofstackbasedbufferoverflOverview ows ow mutationtechniques ows ows andmethodsofdetection sh algorithms EC-Council Page 199 EC-Council EC-Council in the United States and/or other countries. States United EC-Council in the IMPLIED, IN THIS SUMMARY. EC-Council and CEH logos is registered trademarks or trademarks of or trademarks trademarks is registered and CEH logos EC-Council THIS SUMMARY. IN IMPLIED, This document is for informational purposes only. EC-Council MAKES NO WARRANTIES, EXPRESS OR EXPRESS WARRANTIES, NO EC-Council MAKES purposes only. is for informational This document © 2008 EC-Council. All rights reserved. All rights © 2008 EC-Council. http://www.eccouncil.org