CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Course Content
Course Description: The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in. The CEH, is the first part of a 3 part EC-Council Information Security Track which helps you master hacking technologies. You will become a hacker, but an ethical one!
As the security mindset in any organization must not be limited to the silos of a certain vendor, technologies or pieces of equipment.
This course was designed to provide you with the tools and techniques used by hackers and information security professionals alike to break into an organization. As we put it, “To beat a hacker, you need to think like a hacker”. This course will immerse you into the Hacker Mindset so that you will be able to defend against future attacks. It puts you in the driver’s seat of a hands-on environment with a systematic ethical hacking process.
Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be thought the Five Phases of Ethical Hacking and thought how you can approach your target and succeed at breaking in every time! The ve phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks.
The tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the Certified Ethical Hacker Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious hackers use, identify weaknesses and x the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization.
Throughout the CEH course, you will be immersed in a hacker's mindset, evaluating not just logical, but physical security.
www.tcworkshop.com Pages 1 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Target Student: This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of their network infrastructure.
Prerequisites: N/A
Topics:
Module 1: Introduction to Ethical Hacking . Application-Level Attacks Internet is Integral Part of Business and Examples of Personal Life - What Happens Online in 60 Application-Level Seconds Attacks Information Security Overview . Shrink Wrap Code Attacks o Case Study o Information Warfare . eBay Data Breach Hacking Concepts, Types, and Phases . Google Play Hack o What is Hacking . The Home Depot Data o Who is a Hacker? Breach o Hacker Classes o Year of the Mega Breach o Hacking Phases o Data Breach Statistics . Reconnaissance o Malware Trends in 2014 . Scanning o Essential Terminology . Gaining Access o Elements of Information Security . Maintaining Access o The Security, Functionality, and . Clearing Tracks Usability Triangle Ethical Hacking Concepts and Scope Information Security Threats and Attack o What is Ethical Hacking? Vectors o Why Ethical Hacking is Necessary o Motives, Goals, and Objectives of o Scope and Limitations of Ethical Information Security Attacks Hacking o Top Information Security Attack o Skills of an Ethical Hacker Vectors Information Security Controls o Information Security Threat o Information Assurance (IA) Categories o Information Security Management o Types of Attacks on a System Program . Operating System Attacks o Threat Modeling Examples of OS o Enterprise Information Security Vulnerabilities Architecture (EISA) . Misconfiguration Attacks o Network Security Zoning www.tcworkshop.com Pages 2 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Defense in Depth o ISO/IEC 27001:2013 o Information Security Policies o Health Insurance Portability and . Types of Security Policies Accountability Act (HIPAA) . Examples of Security Policies o Sarbanes Oxley Act (SOX) . Privacy Policies at o The Digital Millennium Copyright Workplace Act (DMCA) and Federal . Steps to Create and Information Security Management Implement Security Policies Act (FISMA) . HR/Legal Implications of o Cyber Law in Different Countries Security Policy Enforcement o Physical Security Module 02: Footprinting and Reconnaissance . Physical Security Controls Footprinting Concepts o Incident Management o What is Footprinting? . Incident Management o Objectives of Footprinting Process Footprinting Methodology . Responsibilities of an o Footprinting through Search Incident Response Team Engines o What is Vulnerability Assessment? . Finding Company’s Public . Types of Vulnerability and Restricted Websites Assessment . Determining the Operating . Network Vulnerability System Assessment Methodology . Collect Location Information . Vulnerability Research . People Search: Social . Vulnerability Research Networking Services Websites . People Search Online o Penetration Testing Services . Why Penetration Testing . Gather Information from . Comparing Security Audit, Financial Services Vulnerability Assessment, . Footprinting through Job and Penetration Testing Sites . Blue Teaming/Red Teaming . Monitoring Target Using . Types of Penetration Testing Alerts . Phases of Penetration Testing . Information Gathering Using . Security Testing Groups, Forums, and Blogs Methodology o Footprinting using Advanced . Penetration Testing Google Hacking Techniques Methodology . Google Advance Search Information Security Laws and Standards Operators o Payment Card Industry Data . Finding Resources Using Security Standard (PCI-DSS) Google Advance Operator www.tcworkshop.com Pages 3 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Google Hacking Database . Competitive Intelligence - (GHDB) What Expert Opinions Say . Information Gathering Using About the Company Google Advanced Search . Monitoring Website Traffic o Footprinting through Social of Target Company Networking Sites . Tracking Online Reputation . Collect Information through of the Target Social Engineering on Social Tools for Tracking Networking Sites Online Reputation of . Information Available on the Target Social Networking Sites o WHOIS Footprinting o Website Footprinting . WHOIS Lookup . Website Footprinting using . WHOIS Lookup Result Web Spiders Analysis . Mirroring Entire Website . WHOIS Lookup Tools Website Mirroring . WHOIS Lookup Tools for Tools Mobile . Extract Website Information o DNS Footprinting from http://www.archive.org . Extracting DNS Information . Monitoring Web Updates . DNS Interrogation Tools Using Website Watcher o Network Footprinting Web Updates . Locate the Network Range Monitoring Tools . Traceroute o Email Footprinting . Traceroute Analysis . Tracking Email . Traceroute Tools Communications o Footprinting through Social Collecting Engineering Information from . Footprinting through Social Email Header Engineering Email Tracking Tools . Collect Information Using o Competitive Intelligence Eavesdropping, Shoulder . Competitive Intelligence Surfing, and Dumpster Gathering Diving . Competitive Intelligence - Footprinting Tools When Did this Company o Footprinting Tool Begin? How Did it Develop? . Maltego . Competitive Intelligence - . Recon-ng What Are the Company's o Additional Footprinting Tools Plans?
www.tcworkshop.com Pages 4 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Footprinting Countermeasures IDLE/IPID Header Footprinting Penetration Testing Scan o Footprinting Pen Testing IDLE Scan: Step 1 o Footprinting Pen Testing Report Templates IDLE Scan: Step 2 and 3 Module 03: Scanning Networks UDP Scanning Overview of Network Scanning ICMP Echo o TCP Communication Flags Scanning/List Scan o TCP/IP Communication . Scanning Tool: NetScan o Creating Custom Packet Using TCP Tools Pro Flags . Scanning Tools CEH Scanning Methodology . Scanning Tools for Mobile o Check for Live Systems . Port Scanning . Checking for Live Systems - Countermeasures ICMP Scanning o Scanning Beyond IDS . Ping Sweep . IDS Evasion Techniques Ping Sweep Tools . SYN/FIN Scanning Using IP o Check for Open Ports Fragments . SSDP Scanning o Banner Grabbing . Scanning IPv6 Network . Banner Grabbing Tools . Scanning Tool . Banner Grabbing Nmap Countermeasures Hping2 / Hping3 Disabling or Hping Commands Changing Banner . Scanning Techniques Hiding File TCP Connect / Full Extensions from Web Open Scan Pages Stealth Scan (Half- o Scan for Vulnerability open Scan) . Vulnerability Scanning Inverse TCP Flag . Vulnerability Scanning Tool Scanning Nessus Xmas Scan GAFI LanGuard ACK Flag Probe Qualys FreeScan Scanning . Network Vulnerability Scanners . Vulnerability Scanning Tools for Mobile
www.tcworkshop.com Pages 5 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Draw Network Diagrams Module 04: Enumeration . Drawing Network Diagrams Enumeration Concepts . Network Discovery Tool o What is Enumeration? Network Topology o Techniques for Enumeration Mapper o Services and Ports to Enumerate OpManager and NetBIOS Enumeration NetworkView o NetBIOS Enumeration Tool . Network Discovery and . SuperScan Mapping Tools . Hyena . Network Discovery Tools for . Winfingerprint Mobile . NetBIOS Enumerator and o Prepare Proxies Nsauditor Network Security . Proxy Servers Auditor . Proxy Chaining o Enumerating User Accounts . Proxy Tool o Enumerating Shared Resources Proxy Switcher Using Net View Proxy Workbench SNMP Enumeration TOR and CyberGhost o Working of SNMP . Proxy Tools o Management Information Base . Proxy Tools for Mobile (MIB) . Free Proxy Servers o SNMP Enumeration Tool . Introduction to Anonymizers . OpUtils Censorship . Engineer’s Toolset Circumvention Tool: o SNMP Enumeration Tools Tails LDAP Enumeration G-Zapper o LDAP Enumeration Tool: Softerra Anonymizers LDAP Administrator Anonymizers for o LDAP Enumeration Tools Mobile NTP Enumeration . Spoofing IP Address o NTP Enumeration Commands . IP Spoofing Detection o NTP Enumeration Tools Techniques SMTP Enumeration Direct TTL Probes o SMTP Enumeration Tool: IP Identification NetScanTools Pro Number o Telnet Enumeration . TCP Flow Control Method o DNS Zone Transfer Enumeration . IP Spoofing Using NSLookup Countermeasures Enumeration Countermeasures o Scanning Pen Testing SMB Enumeration Countermeasures Enumeration Pen Testing www.tcworkshop.com Pages 6 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Module 05: System Hacking . How Hash Passwords Are Information at Hand Before System Hacking Stored in Windows SAM? Stage NTLM System Hacking: Goals Authentication CEH Hacking Methodology (CHM) Process CEH System Hacking Steps Kerberos o CrackingPasswords Authentication . Password Cracking . Password Salting . Types of Password Attacks . pwdump7 and fgdump . Non-Electronic Attacks . Password Cracking Tools . Active Online Attack L0phtCrack and Dictionary, Brute Ophcrack Forcing and Rule- Cain & Abel and based Attack RainbowCrack Password Guessing . Password Cracking Tools . Default Passwords . Password Cracking Tool for . Active Online Attack: Mobile: FlexiSPY Password Trojan/Spyware/Keyl Grabber ogger . How to Defend against Example of Active Password Cracking Online Attack Using . Implement and Enforce USB Drive Strong Security Policy Hash Injection Attack . CEH System Hacking Steps Passive Online Attack o Escalating Privileges Wire Sniffing . Privilege Escalation Man-in-the-Middle . Privilege Escalation Using and Replay Attack DLL Hijacking . Offline Attack . Privilege Escalation Tool: Rainbow Attacks Active@ Password Changer Tools to Create . Privilege Escalation Tools Rainbow Tables: rtgen and . How to Defend Against Winrtgen Privilege Escalation Distributed Network o Executing Applications Attack . RemoteExec . Elcomsoft Distributed . PDQ Deploy Password Recovery . DameWare Remote Support . Microsoft Authentication
www.tcworkshop.com Pages 7 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Keylogger . How to Defend Against Types of Keystroke Spyware Loggers Anti-Spyware: Hardware Keyloggers SUPERAntiSpyware Keylogger: All In One Anti-Spyware Keylogger o Hiding Files Keyloggers for . Rootkits Windows Types of Rootkits Keylogger for Mac: How Rootkit Works Amac Keylogger for Rootkit Mac Avatar Keyloggers for MAC Necurs . Spyware Azazel Spyware: Spytech ZeroAccess SpyAgent . Detecting Rootkits Spyware: Power Spy Steps for Detecting 2014 Rootkits What Does the How to Defend Spyware Do? against Rootkits Spyware Anti-Rootkit: Stinger USB Spyware: and UnHackMe USBSpy Anti-Rootkits Audio Spyware: Spy . NTFS Data Stream Voice Recorder and How to Create NTFS Sound Snooper Streams Video Spyware: NTFS Stream WebCam Recorder Manipulation Cellphone Spyware: How to Defend Mobile Spy against NTFS Streams Telephone/Cellphone NTFS Stream Spyware Detector: GPS Spyware: StreamArmor SPYPhone NTFS Stream GPS Spyware Detectors . How to Defend Against . What Is Steganography? Keyloggers Classification of Anti-Keylogger: Steganography Zemana AntiLogger Types of Anti-Keylogger Steganography based on Cover Medium www.tcworkshop.com Pages 8 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Whitespace . Steganalysis Steganography Tool: SNOW Steganalysis Image Methods/Attacks on Steganography Steganography Least Significant Detecting Text and Bit Insertion Image Steganography Masking and Detecting Audio and Filtering Video Steganography Algorithms and Steganography Transformation Detection Tool: Image Gargoyle Steganography: QuickStego Investigator™ Image Forensic Pro Steganography Tools Steganography Document Detection Tools Steganography: wbStego o Covering Tracks Document . Covering Tracks Steganography Tools . Disabling Auditing: Video Auditpol Steganography . Clearing Logs Video . Manually Clearing Event Steganography: OmniHide Logs PRO and Masker . Ways to Clear Online Tracks Video . Covering Tracks Tool: Steganography Tools CCleaner Audio . Covering Tracks Tool: MRU- Steganography Blaster Audio . Track Covering Tools Steganography: DeepSound o Penetration Testing Audio . Password Cracking Steganography Tools . Privilege Escalation Folder . Executing Applications Steganography: Invisible . Hiding Files Secrets 4 . Covering Tracks Folder Steganography Tools Spam/Email Steganography: Spam Mimic Steganography Tools for Mobile Phones www.tcworkshop.com Pages 9 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Module 06: Malware Threats . Proxy Server Trojan: Introduction to Malware W3bPrOxy Tr0j4nCr34t0r o Different Ways a Malware can Get (Funny Name) into a System o FTP Trojans o Common Techniques Attackers Use o VNC Trojans to Distribute Malware on the Web . VNC Trojans: WinVNC and Trojan Concepts VNC Stealer o Financial Loss Due to Trojans o HTTP/HTTPS Trojans o What is a Trojan? . HTTP Trojan: HTTP RAT o How Hackers Use Trojans o Shttpd Trojan - HTTPS (SSL) o Common Ports used by Trojans o ICMP Tunneling o How to Infect Systems Using a o Remote Access Trojans Trojan . Optix Pro and MoSucker o Wrappers . BlackHole RAT and SSH - o Dark Horse Trojan Virus Maker R.A.T o Trojan Horse Construction Kit . njRAT and Xtreme RAT o Crypters: AIO FUD Crypter, Hidden . SpyGate – RAT and Punisher Sight Crypter, and Galaxy Crypter RAT o Crypters: Criogenic Crypter, Heaven . DarkComet RAT, Pandora Crypter, and SwayzCryptor RAT, and HellSpy RAT o How Attackers Deploy a Trojan . ProRat and Theef o Exploit Kit . Hell Raiser . Exploit Kit: Infinity . Atelier Web Remote . Exploit Kits: Phoenix Exploit Commander Kit and Blackhole Exploit Kit o Covert Channel Trojan: CCTT . Exploit Kits: Bleedinglife and o E-banking Trojans Crimepack . Working of E-banking o Evading Anti-Virus Techniques Trojans Types of Trojans . E-banking Trojan o Command Shell Trojans ZeuS and SpyEye o Defacement Trojans Citadel Builder and o Defacement Trojans: Restorator Ice IX o Botnet Trojans o Destructive Trojans: M4sT3r Trojan . Tor-based Botnet Trojans: o Notification Trojans ChewBacca o Data Hiding Trojans (Encrypted . Botnet Trojans: Skynet and Trojans) CyberGate o Proxy Server Trojans
www.tcworkshop.com Pages 10 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Virus and Worms Concepts . Sonic Bat - Batch File Virus o Introduction to Viruses Creator and Poison Virus o Stages of Virus Life Maker o Working of Viruses: o Computer Worms . Infection Phase . How Is a Worm Different . Attack Phase from a Virus? o Why Do People Create Computer . Computer Worms: Ghost Eye Viruses Worm o Indications of Virus Attack . Worm Maker: Internet Worm o Virus Hoaxes and Fake Antiviruses Maker Thing o Ransomware Malware Reverse Engineering o Types of Viruses o What is Sheep Dip Computer? . System or Boot Sector o Anti-Virus Sensor Systems Viruses o Malware Analysis Procedure: . File and Multipartite Viruses Preparing Testbed . Macro Viruses o Malware Analysis Procedure . Cluster Viruses o Malware Analysis Tool: IDA Pro . Stealth/Tunneling Viruses o Online Malware Testing: VirusTotal . Encryption Viruses o Online Malware Analysis Services . Polymorphic Code o Trojan Analysis: Neverquest . Metamorphic Viruses o Virus Analysis: Ransom . File Overwriting or Cavity Cryptolocker Viruses o Worm Analysis: Darlloz (Internet of . Sparse Infector Viruses Things (IoT) Worm) . Companion/Camouflage Malware Detection Viruses o How to Detect Trojans . Shell Viruses . Scanning for Suspicious . File Extension Viruses Ports . Add-on and Intrusive Tools: TCPView and Viruses CurrPorts . Transient and Terminate and . Scanning for Suspicious Stay Resident Viruses Processes o Writing a Simple Virus Program Process Monitoring . Sam’s Virus Generator and Tool: What's Running JPS Virus Maker Process Monitoring . Andreinick05's Batch Virus Tools Maker and DeadLine’s Virus Maker
www.tcworkshop.com Pages 11 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Scanning for Suspicious . Scanning for Suspicious Registry Entries Network Activities Registry Entry . Detecting Trojans and Monitoring Tool: Worms with Capsa Network RegScanner Analyzer Registry Entry o Virus Detection Methods Monitoring Tools Countermeasures . Scanning for Suspicious o Trojan Countermeasures Device Drivers o Backdoor Countermeasures Device Drivers o Virus and Worms Countermeasures Monitoring Tool: Anti-Malware Software DriverView o Anti-Trojan Software Device Drivers . TrojanHunter Monitoring Tools . Emsisoft Anti-Malware . Scanning for Suspicious o Anti-Trojan Software Windows Services o Companion Antivirus: Immunet Windows Services o Anti-virus Tools Monitoring Tool: Penetration Testing Windows Service o Pen Testing for Trojans and Manager (SrvMan) Backdoors Windows Services o Penetration Testing for Virus Monitoring Tools . Scanning for Suspicious Module 07: Sniffing Startup Programs Sniffing Concepts Windows 8 Startup o Network Sniffing and Threats Registry Entries o How a Sniffer Works Startup Programs o Types of Sniffing Monitoring Tool: . Passive Sniffing Security AutoRun . Active Sniffing Startup Programs o How an Attacker Hacks the Monitoring Tools Network Using Sniffers . Scanning for Suspicious Files o Protocols Vulnerable to Sniffing and Folders o Sniffing in the Data Link Layer of Files and Folder the OSI Model Integrity Checker: o Hardware Protocol Analyzer FastSum and o Hardware Protocol Analyzers WinMD5 o SPAN Port Files and Folder o Wiretapping Integrity Checker o Lawful Interception o Wiretapping Case Study: PRISM www.tcworkshop.com Pages 12 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
MAC Attacks Spoofing Attack o MAC Address/CAM Table o MAC Spoofing/Duplicating o How CAM Works o MAC Spoofing Technique: Windows o What Happens When CAM Table Is o MAC Spoofing Tool: SMAC Full? o IRDP Spoofing o MAC Flooding o How to Defend Against MAC o Mac Flooding Switches with macof Spoofing o Switch Port Stealing DNS Poisoning o How to Defend against MAC o DNS Poisoning Techniques Attacks o Intranet DNS Spoofing DHCP Attacks o Internet DNS Spoofing o How DHCP Works o Proxy Server DNS Poisoning o DHCP Request/Reply Messages o DNS Cache Poisoning o IPv4 DHCP Packet Format o How to Defend Against DNS o DHCP Starvation Attack Spoofing o DHCP Starvation Attack Tools Sniffing Tools o Rogue DHCP Server Attack o Sniffing Tool: Wireshark o How to Defend Against DHCP o Follow TCP Stream in Wireshark Starvation and Rogue Server Attack o Display Filters in Wireshark ARP Poisoning o Additional Wireshark Filters o What Is Address Resolution Protocol o Sniffing Tool (ARP)? . SteelCentral Packet Analyzer o ARP Spoofing Attack . Tcpdump/Windump o How Does ARP Spoofing Work o Packet Sniffing Tool: Capsa Network o Threats of ARP Poisoning Analyzer o ARP Poisoning Tool o Network Packet Analyzer . Cain & Abel and . OmniPeek Network WinArpAttacker Analyzer . Ufasoft Snif . Observer o How to Defend Against ARP . Sniff-O-Matic Poisoning o TCP/IP Packet Crafter: Colasoft o Configuring DHCP Snooping and Packet Builder Dynamic ARP Inspection on Cisco o Network Packet Analyzer: RSA Switches NetWitness Investigator o ARP Spoofing Detection: XArp o Additional Sniffing Tools o Packet Sniffing Tools for Mobile: Wi.cap. Network Sniffer Pro and FaceNiff
www.tcworkshop.com Pages 13 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Counter measures . Eavesdropping and Shoulder o How to Defend Against Sniffing Surfing Sniffing Detection Techniques . Dumpster Diving o How to Detect Sniffing . Reverse Social Engineering, o Sniffer Detection Technique Piggybacking, and Tailgating . Ping Method o Watch these Movies . ARP Method o Watch this Movie . DNS Method o Computer-based Social Engineering o Promiscuous Detection Tool . Phishing . PromqryUI . Spear Phishing . Nmap o Mobile-based Social Engineering Sniffing Pen Testing . Publishing Malicious Apps . Repackaging Legitimate Module 08: Social Engineering Apps Social Engineering Concepts . Fake Security Applications o What is Social Engineering? . Using SMS o Behaviors Vulnerable to Attacks o Insider Attack o Factors that Make Companies o Disgruntled Employee Vulnerable to Attacks o Preventing Insider Threats o Why Is Social Engineering Effective? o Common Social Engineering Targets o Warning Signs of an Attack and Defense Strategies o Phases in a Social Engineering Impersonation on Social Networking Sites Attack o Social Engineering Through Social Engineering Techniques Impersonation on Social Networking o Types of Social Engineering Sites . Human-based Social o Social Engineering on Facebook Engineering o Social Engineering on LinkedIn and . Impersonation Twitter Impersonation o Risks of Social Networking to Scenario Corporate Networks Over-Helpfulness Identity Theft of Help Desk o Identity Theft Statistics Third-party o Identify Theft Authorization o How to Steal an Identity Tech Support . STEP 1 Internal . STEP 2 Employee/Client/Vendor . Comparison Repairman . STEP 3 Trusted o Real Steven Gets Huge Credit Card Authority Figure Statement www.tcworkshop.com Pages 14 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Identity Theft - Serious Problem o Organized Cyber Crime: Social Engineering Countermeasures Organizational Chart o How to Detect Phishing Emails o Botnet o Anti-Phishing Toolbar o A Typical Botnet Setup . Netcraft o Botnet Ecosystem . PhishTank o Scanning Methods for Finding o Identity Theft Countermeasures Vulnerable Machines Penetration Testing o How Malicious Code Propagates? o Social Engineering Pen Testing o Botnet Trojan . Using Emails . Blackshades NET . Using Phone . Cythosia Botnet and . In Person Andromeda Bot . Social Engineering Toolkit . PlugBot (SET) DDoS Case Study o DDoS Attack Module 09: Denial-of-Service o Hackers Advertise Links to DoS/DDoS Concepts Download Botnet o DDoS Attack Trends DoS/DDoS Attack Tools o What is a Denial of Service Attack? o Pandora DDoS Bot Toolkit o What Are Distributed Denial of o Dereil and HOIC Service Attacks? o DoS HTTP and BanglaDos o How Distributed Denial of Service o DoS and DDoS Attack Tools Attacks Work o DoS and DDoS Attack Tool for DoS/DDoS Attack Techniques Mobile o Basic Categories of DoS/DDoS . AnDOSid Attack Vectors . Low Orbit Ion Cannon o DoS/DDoS Attack Techniques (LOIC) . Bandwidth Attacks Counter-measures . Service Request Floods o Detection Techniques . SYN Attack o Activity Profiling . SYN Flooding o Wavelet Analysis . ICMP Flood Attack o Sequential Change-Point Detection . Peer-to-Peer Attacks o DoS/DDoS Countermeasure . Permanent Denial-of-Service Strategies Attack o DDoS Attack Countermeasures . Application Level Flood . Protect Secondary Victims Attacks . Detect and Neutralize . Distributed Reflection Denial Handlers of Service (DRDoS) . Detect Potential Attacks Botnets . Deflect Attacks www.tcworkshop.com Pages 15 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Mitigate Attacks o Compromising Session IDs Using o Post-Attack Forensics Client-side Attacks o Techniques to Defend against o Compromising Session IDs Using Botnets Client-side Attacks: Cross-site Script o DoS/DDoS Countermeasures Attack o DoS/DDoS Protection at ISP Level o Compromising Session IDs Using o Enabling TCP Intercept on Cisco IOS Client-side Attacks: Cross-site Software Request Forgery Attack o Advanced DDoS Protection o Compromising Session IDs Using Appliances Session Replay Attack DoS/DDoS Protection Tools o Compromising Session IDs Using o DoS/DDoS Protection Tool: Session Fixation FortGuard Anti-DDoS Firewall 2014 o Session Fixation Attack o DoS/DDoS Protection Tools o Session Hijacking Using Proxy DoS/DDoS Attack Penetration Testing Servers Network-level Session Hijacking Module 10: Session Hijacking o The 3-Way Handshake Session Hijacking Concepts o TCP/IP Hijacking o What is Session Hijacking? o TCP/IP Hijacking Process o Why Session Hijacking is o IP Spoofing: Source Routed Packets Successful? o RST Hijacking o Session Hijacking Process o Blind Hijacking o Packet Analysis of a Local Session o MiTM Attack Using Forged ICMP Hijack and ARP Spoofing o Types of Session Hijacking o UDP Hijacking o Session Hijacking in OSI Model Session Hijacking Tools o Spoofing vs. Hijacking o Session Hijacking Tool Application Level Session Hijacking . Zaproxy o Compromising Session IDs using . Burp Suite and Hijack Sniffing o Session Hijacking Tools o Compromising Session IDs by o Session Hijacking Tools for Mobile: Predicting Session Token DroidSheep and DroidSniff o How to Predict a Session Token Counter-measures o Compromising Session IDs Using o Session Hijacking Detection Man-in-the-Middle Attack Methods o Compromising Session IDs Using o Protecting against Session Hijacking Man-in-the-Browser Attack o Steps to Perform Man-in-the- Browser Attack
www.tcworkshop.com Pages 16 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Methods to Prevent Session o Webserver Password Cracking Hijacking . Webserver Password . To be Followed by Web Cracking Techniques Developers o Web Application Attacks . To be Followed by Web Attack Methodology Users o Webserver Attack Methodology o Approaches Vulnerable to Session . Information Gathering Hijacking and their Preventative . Information Gathering from Solutions Robots.txt File o IPSec . Webserver Footprinting o Modes of IPsec o Webserver Footprinting Tools o IPsec Architecture o Enumerating Webserver o IPsec Authentication and Information Using Nmap Confidentiality o Webserver Attack Methodology o Components of IPsec . Mirroring a Website Session Hijacking Pen Testing . Vulnerability Scanning . Session Hijacking Module 11: Hacking Webservers . Hacking Web Passwords Webserver Concepts Webserver Attack Tools o Web Server Security Issue o Metasploit o Why Web Servers Are . Metasploit Architecture Compromised . Metasploit Exploit Module o Impact of Webserver Attacks . Metasploit Payload Module o Open Source Webserver . Metasploit Auxiliary Module Architecture . Metasploit NOPS Module o IIS Webserver Architecture o Webserver Attack Tools: Wfetch Webserver Attacks o Web Password Cracking Tool: THC- o DoS/DDoS Attacks Hydra and Brutus o DNS Server Hijacking Counter-measures o DNS Amplification Attack o Place Web Servers in Separate o Directory Traversal Attacks Secure Server Security Segment on o Man-in-the-Middle/Sniffing Attack Network o Phishing Attacks o Countermeasures o Website Defacement . Patches and Updates o Webserver Misconfiguration . Protocols . Webserver Misconfiguration . Accounts Example . Files and Directories o HTTP Response Splitting Attack o Detecting Web Server Hacking o Web Cache Poisoning Attack Attempts o SSH Bruteforce Attack www.tcworkshop.com Pages 17 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o How to Defend Against Web Server Module 12: Hacking Web Applications Attacks Web App Concepts o How to Defend against HTTP o Introduction to Web Applications Response Splitting and Web Cache o How Web Applications Work? Poisoning o Web Application Architecture o How to Defend against DNS o Web 2.0 Applications Hijacking o Vulnerability Stack Patch Management Web App Threats o Patches and Hotfixes o Unvalidated Input o What Is Patch Management? o Parameter/Form Tampering o Identifying Appropriate Sources for o Directory Traversal Updates and Patches o Security Misconfiguration o Installation of a Patch o Injection Flaws o Implementation and Verification of o SQL Injection Attacks a Security Patch or Upgrade o Command Injection Attacks o Patch Management Tool: Microsoft . Command Injection Example Baseline Security Analyzer (MBSA) o File Injection Attack o Patch Management Tools o What is LDAP Injection? Webserver Security Tools . How LDAP Injection Works? o Web Application Security Scanner: o Hidden Field Manipulation Attack Syhunt Dynamic and N-Stalker Web o Cross-Site Scripting (XSS) Attacks Application Security Scanner . How XSS Attacks Work o Web Server Security Scanner: Wikto . Cross-Site Scripting Attack and Acunetix Web Vulnerability Scenario: Attack via Email Scanner . XSS Example: Attack via o Web Server Malware Infection Email Monitoring Tool . XSS Example: Stealing Users' . HackAlert Cookies . QualysGuard Malware . XSS Example: Sending an Detection Unauthorized Request o Webserver Security Tools . XSS Attack in Blog Posting Webserver Pen Testing . XSS Attack in Comment o Web Server Pen Testing Tool Field . CORE Impact® Pro . Websites Vulnerable to XSS . Immunity CANVAS Attack . Arachni o Cross-Site Request Forgery (CSRF) Attack . How CSRF Attacks Work?
www.tcworkshop.com Pages 18 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Web Application Denial-of-Service o Analyze Web Applications (DoS) Attack . Identify Entry Points for o Denial of Service (DoS) Examples User Input o Buffer Overflow Attacks . Identify Server-Side o Cookie/Session Poisoning Technologies . How Cookie Poisoning . Identify Server-Side Works? Functionality o Session Fixation Attack . Map the Attack Surface o CAPTCHA Attacks o Attack Authentication Mechanism o Insufficient Transport Layer . Username Enumeration Protection . Password Attacks o Improper Error Handling Password o Insecure Cryptographic Storage Functionality Exploits o Broken Authentication and Session Password Guessing Management Brute-forcing o Unvalidated Redirects and Forwards . Session Attacks: Session ID o Web Services Architecture Prediction/ Brute-forcing o Web Services Attack . Cookie Exploitation: Cookie o Web Services Footprinting Attack Poisoning o Web Services XML Poisoning o Authorization Attack Schemes Web App Hacking Methodology . Authorization Attack o Footprint Web Infrastructure . HTTP Request Tampering . Server Discovery . Authorization Attack: Cookie . Service Discovery Parameter Tampering . Server Identification/Banner o Attack Session Management Grabbing Mechanism Detecting Web App . Session Management Attack Firewalls and Proxies . Attacking Session Token on Target Site Generation Mechanism . Hidden Content Discovery . Attacking Session Tokens . Web Spidering Using Burp Handling Mechanism: Suite Session Token Sniffing . Web Crawling Using o Perform Injection Attacks Mozenda Web Agent Builder . Injection Attacks/Input o Attack Web Servers Validation Attacks . Hacking Web Servers o Attack Data Connectivity . Web Server Hacking Tool: . Connection String Injection WebInspect . Connection String Parameter Pollution (CSPP) Attacks . Connection Pool DoS www.tcworkshop.com Pages 19 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Attack Web App Client . VampireScan o Attack Web Services o Web Application Security Tools . Web Services Probing o Web Application Firewall Attacks . dotDefender . Web Service Attacks . ServerDefender VP SOAP Injection o Web Application Firewall XML Injection Web App Pen Testing . Web Services Parsing Attacks o Web Application Pen Testing . Web Service Attack Tool: . Information Gathering soapUI and XMLSpy . Configuration Management Web Application Hacking Tools Testing o Web Application Hacking Tools . Authentication Testing . Burp Suite Professional . Session Management Testing . CookieDigger . Authorization Testing . WebScarab . Data Validation Testing o Web Application Hacking Tools . Denial of Service Testing Countermeasures . Web Services Testing o Encoding Schemes . AJAX Testing o How to Defend Against SQL o Web Application Pen Testing Injection Attacks? Framework o How to Defend Against Command . Kali Linux Injection Flaws? . Metasploit o How to Defend Against XSS . Browser Exploitation Attacks? Framework (BeEF) o How to Defend Against DoS Attack? . PowerSploit o How to Defend Against Web Services Attack? Module 13: SQL Injection o Guidelines for Secure CAPTCHA SQL Injection Concepts Implementation o What is SQL Injection? o Web Application Countermeasures o Why Bother about SQL Injection? o How to Defend Against Web o How Web Applications Work? Application Attacks? o SQL Injection and Server-side Security Tools Technologies o Web Application Security Tool o Understanding HTTP Post Request . Acunetix Web Vulnerability o Example: Normal SQL Query Scanner o Understanding an SQL Injection . Watcher Web Security Tool Query . Netsparker . Code Analysis . N-Stalker Web Application Security Scanner www.tcworkshop.com Pages 20 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Example of a Web App Vulnerable . Bypass Website Logins Using to SQL Injection SQL Injection . BadProductList.aspx . Perform Blind SQL Injection . Attack Analysis – Exploitation (MySQL) o Example of SQL Injection . Blind SQL Injection . Updating Table Extract Database User . Adding New Records Extract Database . Identifying the Table Name Name . Deleting a Table Extract Column Types of SQL Injection Name o Error Based SQL Injection Extract Data from o Union SQL Injection ROWS o Blind SQL Injection . Perform Double Blind SQL o No Error Messages Returned Injection - Classical o Blind SQL Injection: WAITFOR Exploitation (MySQL) DELAY (YES or NO Response) Perform Blind SQL o Boolean Exploitation Technique Injection Using Out of SQL Injection Methodology Band Exploitation o Information Gathering and SQL Technique Injection Vulnerability Detection . Exploiting Second-Order . Information Gathering SQL Injection . Identifying Data Entry Paths o Advanced SQL Injection . Extracting Information . Database, Table, and Column through Error Messages Enumeration . Testing for SQL Injection . Advanced Enumeration . Additional Methods to . Features of Different DBMSs Detect SQL Injection . Creating Database Accounts . SQL Injection Black Box Pen . Password Grabbing Testing . Grabbing SQL Server Hashes . Source Code Review to . Extracting SQL Hashes (In a Detect SQL Injection Single Statement) Vulnerabilities . Transfer Database to o Launch SQL Injection Attacks Attacker's Machine . Perform Union SQL Injection . Interacting with the . Perform Error Based SQL Operating System Injection . Interacting with the File . Perform Error Based SQL System Injection: Using Stored . Network Reconnaissance Procedure Injection Using SQL Injection
www.tcworkshop.com Pages 21 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Network Reconnaissance Module 14: Hacking Wireless Networks Full Query Wireless Concepts SQL Injection Tools o Wireless Terminologies o BSQLHacker o Wireless Networks o Marathon Tool o Wi-Fi Networks at Home and Public o SQL Power Injector Places o Havij o Wireless Technology Statistics o SQL Injection Tools o Types of Wireless Networks o SQL Injection Tool for Mobile o Wireless Standards . DroidSQLi o Service Set Identifier (SSID) . sqlmapchik o Wi-Fi Authentication Modes Evasion Techniques o Wi-Fi Authentication Process Using o Evading IDS a Centralized Authentication Server o Types of Signature Evasion o Wi-Fi Chalking Techniques . Wi-Fi Chalking Symbols o Evasion Technique o Types of Wireless Antenna . Sophisticated Matches . Parabolic Grid Antenna . Hex Encoding Wireless Encryption . Manipulating White Spaces o Types of Wireless Encryption . In-line Comment . WEP Encryption . Char Encoding How WEP Works? . String Concatenation . What is WPA? . Obfuscated Codes How WPA Works? Counter-measures Temporal Keys o How to Defend Against SQL . What is WPA2? Injection Attacks? How WPA2 Works? o How to Defend Against SQL o WEP vs. WPA vs. WPA2 Injection Attacks: Use Type-Safe o WEP Issues SQL Parameters o Weak Initialization Vectors (IV) o How to Defend Against SQL o How to Break WEP Encryption? Injection Attacks o How to Break WPA Encryption? o SQL Injection Detection Tool o How to Defend Against WPA . dotDefender Cracking? . IBM Security AppScan Wireless Threats . WebCruiser o Access Control Attacks o Snort Rule to Detect SQL Injection o Integrity Attacks Attacks o Confidentiality Attacks o SQL Injection Detection Tools o Availability Attacks o Authentication Attacks o Rogue Access Point Attack www.tcworkshop.com Pages 22 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Client Mis-association OmniPeek Network o Misconfigured Access Point Attack Analyzer o Unauthorized Association CommView for Wi-Fi o Ad Hoc Connection Attack . What is Spectrum Analysis? o HoneySpot Access Point Attack . Wi-Fi Packet Sniffers o AP MAC Spoofing o Launch Wireless Attacks o Denial-of-Service Attack . Aircrack-ng Suite o Jamming Signal Attack . How to Reveal Hidden SSIDs o Wi-Fi Jamming Devices Fragmentation Attack Wireless Hacking Methodology . How to Launch MAC o Wi-Fi Discovery Spoofing Attack? . Footprint the Wireless Denial of Service: Network Deauthentication and . Find Wi-Fi Networks to Disassociation Attack Attacks . Wi-Fi Discovery Tool Man-in-the-Middle inSSIDer and Attack NetSurveyor MITM Attack Using Vistumbler and Aircrack-ng NetStumbler Wireless ARP . Wi-Fi Discovery Tools Poisoning Attack . Mobile-based Wi-Fi Rogue Access Point Discovery Tool Evil Twin o GPS Mapping How to Set Up a . GPS Mapping Tool Fake Hotspot (Evil Twin)? WIGLE o Crack Wi-Fi Encryption Skyhook . How to Crack WEP Using . Wi-Fi Hotspot Finder Aircrack Wi-Fi Finder . How to Crack WPA-PSK WeFi Using Aircrack . How to Discover Wi-Fi . WPA Cracking Tool: Network Using Wardriving? KisMAC o Wireless Traffic Analysis . WEP Cracking Using Cain & . Wireless Cards and Chipsets Abel . Wi-Fi USB Dongle: AirPcap . WPA Brute Forcing Using . Wi-Fi Packet Sniffer Cain & Abel Wireshark with . WPA Cracking Tool: AirPcap Elcomsoft Wireless Security SteelCentral Packet Auditor Analyzer . WEP/WPA Cracking Tools www.tcworkshop.com Pages 23 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. WEP/WPA Cracking Tool for o Bluetooth Security Tool: Bluetooth Mobile: Penetrate Pro Firewall Wireless Hacking Tools o Wi-Fi Security Tools for Mobile: Wifi o Wi-Fi Sniffer: Kismet Protector, WiFiGuard, and Wifi o Wardriving Tools Inspector o RF Monitoring Tools Wi-Fi Pen Testing o Wi-Fi Traffic Analyzer Tools o Wireless Penetration Testing o Wi-Fi Raw Packet Capturing and o Wireless Penetration Testing Spectrum Analyzing Tools Framework o Wireless Hacking Tools for Mobile: o Wi-Fi Pen Testing Framework HackWifi and Backtrack Simulator o Pen Testing LEAP Encrypted Bluetooth Hacking WLAN o Bluetooth Stack o Pen Testing WPA/WPA2 Encrypted o Bluetooth Threats WLAN o How to BlueJack a Victim? o Pen Testing WEP Encrypted WLAN o Bluetooth Hacking Tool o Pen Testing Unencrypted WLAN . Super Bluetooth Hack . PhoneSnoop Module 15: Hacking Mobile Platforms . BlueScanner Mobile Platform Attack Vectors o Bluetooth Hacking Tools o Vulnerable Areas in Mobile Business Counter-measures Environment o How to Defend Against Bluetooth o OWASP Mobile Top 10 Risks Hacking? o Anatomy of a Mobile Attack o How to Detect and Block Rogue AP? o How a Hacker can Profit from o Wireless Security Layers Mobile when Successfully o How to Defend Against Wireless Compromised Attacks? o Mobile Attack Vectors Wireless Security Tools o Mobile Platform Vulnerabilities and o Wireless Intrusion Prevention Risks Systems o Security Issues Arising from App o Wireless IPS Deployment Stores o Wi-Fi Security Auditing Tool o App Sandboxing Issues . AirMagnet WiFi Analyzer o Mobile Spam . Motorola’s AirDefense o SMS Phishing Attack (SMiShing) Services Platform (ADSP) (Targeted Attack Scan) . Adaptive Wireless IPS . Why SMS Phishing is . Aruba RFProtect Effective? o Wi-Fi Intrusion Prevention System . SMS Phishing Attack o Wi-Fi Predictive Planning Tools Examples o Wi-Fi Vulnerability Scanning Tools www.tcworkshop.com Pages 24 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Pairing Mobile Devices on Open Hacking iOS Bluetooth and Wi-Fi Connections o Apple iOS Hacking Android OS o Jailbreaking iOS o Android OS . Types of Jailbreaking o Android OS Architecture . Jailbreaking Techniques o Android Device Administration API . App Platform for Jailbroaken o Android Vulnerabilities Devices: Cydia o Android Rooting . Jailbreaking Tool: Pangu . Rooting Android Phones . Untethered Jailbreaking of using SuperOneClick iOS 7.1.1/7.1.2 Using Pangu . Rooting Android Phones for Mac Using Superboot . Jailbreaking Tools . Android Rooting Tools Redsn0w and o Hacking Networks Using Network Absinthe Spoofer evasi0n7 and o Session Hijacking Using DroidSheep GeekSn0w o Android-based Sniffer Sn0wbreeze and . FaceNiff PwnageTool . Packet Sniffer, LimeRa1n and tPacketCapture, and Blackra1n Android PCAP o Guidelines for Securing iOS Devices o Android Trojan o iOS Device Tracking Tools . ZitMo (ZeuS-in-the-Mobile) Hacking Windows Phone OS . FakeToken and TRAMP.A o Windows Phone 8 Architecture . Fakedefender and Obad o Secure Boot Process . FakeInst and OpFake o Guidelines for Securing Windows . AndroRAT and Dendroid OS Devices o Securing Android Devices o Windows OS Device Tracking Tool: o Google Apps Device Policy FollowMee GPS Tracker o Remote Wipe Service: Remote Wipe Hacking BlackBerry o Android Security Tool o BlackBerry Operating System . DroidSheep Guard o BlackBerry Enterprise Solution . TrustGo Mobile Security and Architecture Sophos Mobile Security o Blackberry Attack Vectors . 360 Security, AVL, and Avira . Malicious Code Signing Antivirus Security . JAD File Exploits and o Android Vulnerability Scanner: X- Memory/ Processes Ray Manipulations o Android Device Tracking Tools . Short Message Service (SMS) Exploits www.tcworkshop.com Pages 25 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
. Email Exploits Mobile Pen Testing . PIM Data Attacks and o Android Phone Pen Testing TCP/IP Connections o iPhone Pen Testing Vulnerabilities o Windows Phone Pen Testing o Guidelines for Securing BlackBerry o BlackBerry Pen Testing Devices o Mobile Pen Testing Toolkit o BlackBerry Device Tracking Tools: . zANTI MobileTracker and Position Logic . dSploit Blackberry Tracker . Hackode (The Hacker's o Mobile Spyware: mSpy and Toolbox) StealthGenie o Mobile Spyware Module 16: Evading IDS, Firewalls, and Mobile Device Management (MDM) Honeypots o MDM Solution: MaaS360 Mobile IDS, Firewall and Honeypot Concepts Device Management (MDM) o Intrusion Detection Systems (IDS) o MDM Solutions and their Placement o Bring Your Own Device (BYOD) . How IDS Works? . BYOD Risks . Ways to Detect an Intrusion . BYOD Policy . General Indications of Implementation Intrusions . BYOD Security Guidelines . General Indications of for Administrator System Intrusions . BYOD Security Guidelines . Types of Intrusion Detection for Employee Systems Mobile Security Guidelines and Tools . System Integrity Verifiers o General Guidelines for Mobile (SIV) Platform Security o Firewall o Mobile Device Security Guidelines . Firewall Architecture for Administrator . DeMilitarized Zone (DMZ) o SMS Phishing Countermeasures . Types of Firewall o Mobile Protection Tool Packet Filtering . BullGuard Mobile Security Firewall . Lookout Circuit-Level . WISeID Gateway Firewall . zIPS Application-Level o Mobile Protection Tools Firewall o Mobile Anti-Spyware Stateful Multilayer Inspection Firewall
www.tcworkshop.com Pages 26 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
o Honeypot o ASCII Shellcode . Types of Honeypots o Application-Layer Attacks IDS, Firewall and Honeypot System o Desynchronization - Pre Connection o Intrusion Detection Tool: Snort SYN o Snort Rules o Desynchronization - Post . Rule Actions and IP Connection SYN Protocols o Other Types of Evasion . The Direction Operator and Evading Firewalls IP Addresses o Firewall Identification . Port Numbers . Port Scanning o Intrusion Detection Systems: . Firewalking Tipping Point . Banner Grabbing o Intrusion Detection Tools o IP Address Spoofing o Intrusion Detection Tools for Mobile o Source Routing o Firewall o Tiny Fragments . ZoneAlarm PRO Firewall o Bypass Blocked Sites Using IP 2015 Address in Place of URL . Comodo Firewall o Bypass Blocked Sites Using o Firewalls Anonymous Website Surfing Sites o Firewalls for Mobile: Android o Bypass a Firewall Using Proxy Firewall and Firewall iP Server o Firewalls for Mobile o Bypassing Firewall through ICMP o Honeypot Tool: KFSensor and Tunneling Method SPECTER o Bypassing Firewall through ACK o Honeypot Tools Tunneling Method o Honeypot Tool for Mobile: HosTaGe o Bypassing Firewall through HTTP Evading IDS Tunneling Method o Insertion Attack o Why do I Need HTTP Tunneling o Evasion o HTTP Tunneling Tools o Denial-of-Service Attack (DoS) . HTTPort and HTTHost o Obfuscating . Super Network Tunnel o False Positive Generation . HTTP-Tunnel o Session Splicing o Bypassing Firewall through SSH o Unicode Evasion Technique Tunneling Method o Fragmentation Attack o SSH Tunneling Tool: Bitvise . Overlapping Fragments o Bypassing Firewall through External o Time-To-Live Attacks Systems o Invalid RST Packets o Bypassing Firewall through MITM o Urgency Flag Attack o Polymorphic Shellcode o Bypassing Firewall through Content www.tcworkshop.com Pages 27 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
IDS/Firewall Evading Tools o Domain Name System (DNS) o IDS/Firewall Evasion Tool Attacks . Traffic IQ Professional o Side Channel Attacks or Cross-guest . tcp-over-dns VM Breaches o IDS/Firewall Evasion Tools . Side Channel Attack o Packet Fragment Generator: Colasoft Countermeasures Packet Builder . SQL Injection Attacks o Packet Fragment Generators o Cryptanalysis Attacks Detecting Honeypots . Cryptanalysis Attack o Detecting Honeypots Countermeasures o Honeypot Detecting Tool: Send-Safe o Wrapping Attack Honeypot Hunter o Denial-of-Service (DoS) and IDS/Firewall Evasion Counter-measures Distributed Denial-of-Service o Countermeasures (DDoS) Attacks Penetration Testing Cloud Security o Firewall/IDS Penetration Testing o Cloud Security Control Layers o Firewall Penetration Testing o Cloud Security is the Responsibility o IDS Penetration Testing of both Cloud Provider and Consumer Module 17: Cloud Computing o Cloud Computing Security Introduction to Cloud Computing Considerations o Types of Cloud Computing Services o Placement of Security Controls in o Separation of Responsibilities in the Cloud Cloud o Best Practices for Securing Cloud o Cloud Deployment Models o NIST Recommendations for Cloud o NIST Cloud Computing Reference Security Architecture o Organization/Provider Cloud o Cloud Computing Benefits Security Compliance Checklist o Understanding Virtualization Cloud Security Tools o Benefits of Virtualization in Cloud o Core CloudInspect Cloud Computing Threats o CloudPassage Halo Cloud Computing Attacks o Cloud Security Tools o Service Hijacking using Social Cloud Penetration Testing Engineering Attacks o What is Cloud Pen Testing? o Service Hijacking using Network o Key Considerations for Pen Testing Sniffing in the Cloud o Session Hijacking using XSS Attack o Scope of Cloud Pen Testing o Session Hijacking using Session o Cloud Penetration Testing Riding o Recommendations for Cloud Testing
www.tcworkshop.com Pages 28 of 29 800.639.3535 CEH: Certified Ethical Hacker Course ID #: 1275-100-ZZ-W Hours: 35
Module 18: Cryptography o Certification Authorities Market Survey 2014: The Year of Encryption o Signed Certificate (CA) Vs. Self Case Study: Heartbleed Signed Certificate Case Study: Poodlebleed Email Encryption Cryptography Concepts o Digital Signature o Cryptography o SSL (Secure Sockets Layer) o Types of Cryptography o Transport Layer Security (TLS) o Government Access to Keys (GAK) o Cryptography Toolkit Encryption Algorithms . OpenSSL o Ciphers . Keyczar o Data Encryption Standard (DES) o Pretty Good Privacy (PGP) o Advanced Encryption Standard Disk Encryption (AES) o Disk Encryption Tools: Symantec o RC4, RC5, RC6 Algorithms Drive Encryption and GiliSoft Full o The DSA and Related Signature Disk Encryption Schemes o Disk Encryption Tools o RSA (Rivest Shamir Adleman) Cryptography Attacks . The RSA Signature Scheme o Code Breaking Methodologies . Example of RSA Algorithm o Brute-Force Attack o Message Digest (One-way Hash) o Meet-in-the-Middle Attack on Functions Digital Signature Schemes . Message Digest Function: o Side Channel Attack MD5 . Side Channel Attack - o Secure Hashing Algorithm (SHA) Scenario o What is SSH (Secure Shell)? Cryptanalysis Tools Cryptography Tools o Cryptanalysis Tool: CrypTool o MD5 Hash Calculators: HashCalc, o Cryptanalysis Tools MD5 Calculator and HashMyFiles o Online MD5 Decryption Tool o Hash Calculators for Mobile: MD5 Hash Calculator, Hash Droid, and Hash Calculator o Cryptography Tool . Advanced Encryption Package 2014 . BCTextEncoder o Cryptography Tools o Cryptography Tools for Mobile: Secret Space Encryptor, CryptoSymm, and Cipher Sender Public Key Infrastructure(PKI) www.tcworkshop.com Pages 29 of 29 800.639.3535